Update sigstore/gh-action-sigstore-python action to v3.3.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
sigstore/gh-action-sigstore-python	action	minor	v3.0.1 → v3.3.0

---

Release Notes

sigstore/gh-action-sigstore-python (sigstore/gh-action-sigstore-python)

v3.3.0

Compare Source

What's Changed

• Dependency updates. Most importantly used sigstore-python is now version 4.2.0

Full Changelog: sigstore/gh-action-sigstore-python@v3.2.0...v3.3.0

v3.2.0

Compare Source

gh-action-sigstore-python action now manages the used Python version internally, improving reliability.

Changed

• Manage Python version internally (#​242, #​258)
• Dependency updates

v3.1.0

Compare Source

gh-action-sigstore-python is now compatible with Rekor v2
transparency log (but produced signature bundles still contain Rekor v1 entries by default).

Changed

• The action now uses sigstore-python 4.1. All other dependencies are also updated
  (#​220)

Fixed

• Fixed incompatibility with Python 3.14 by upgrading dependencies
  (#​225)

Added

• rekor-version argument was added to control the Rekor transparency log
  version when signing. The default version in the gh-action-sigstore-python
  3.x series will remain 1 (except when using staging: true).
  (#​228)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cr-gpt]

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 2d1177f.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Package	Version	Score	Details
actions/sigstore/gh-action-sigstore-python	3.3.0	🟢 8.5	Details Check Score Reason Code-Review ⚠️ -1 Found no human activity in the last 30 changesets Maintained 🟢 10 30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases 🟢 8 5 out of the last 5 releases have a total of 5 signed artifacts. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected SAST 🟢 10 SAST tool is run on all commits

Scanned Files

• .github/workflows/manual.yml