From 8736f89291076ef66ce9477ef0ccfbea43001319 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc=20Sch=C3=A4fer?= <git@marcschaeferger.de>
Date: Sat, 16 May 2026 16:31:27 +0200
Subject: [PATCH] fix(security): update cosign to v3.0.6 and installer to 4.1.2

---
 .github/workflows/cicd.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
index e216efd..746f1b1 100644
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@@ -750,9 +750,9 @@ jobs:
           show-summary: true
 
       - name: Install cosign
-        uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
+        uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2
         with:
-          cosign-release: "v3.0.2"
+          cosign-release: v3.0.6
 
       - name: Sanity check cosign private key
         env: