Bump slsa-framework/slsa-github-generator from 1.7.0 to 1.9.0

[dependabot]

Bumps slsa-framework/slsa-github-generator from 1.7.0 to 1.9.0.

Release notes

Sourced from slsa-framework/slsa-github-generator's releases.

v1.9.0

See the CHANGELOG for details.

v1.9.0-rc.0

This is an un-finalized pre-release.

See the CHANGELOG for details.

v1.8.0

See the CHANGELOG for details.

v1.8.0-rc.2

See the CHANGELOG for details.

v1.8.0-rc.1

See the CHANGELOG for details.

v1.8.0-rc.0

See the CHANGELOG for details.

Changelog

Sourced from slsa-framework/slsa-github-generator's changelog.

v1.9.0

Release [v1.9.0] includes bug fixes and new features.

See the full change list.

v1.9.0: BYOB framework (beta)

• New: A new framework to turn GitHub Actions into SLSA compliant builders.

v1.9.0: Maven builder (beta)

• New: A Maven builder to build Java projects and publish to Maven central.

v1.9.0: Gradle builder (beta)

• New: A Gradle builder to build Java projects and publish to Maven central.

v1.9.0: JReleaser builder

• New: A JReleaser builder that wraps the official JReleaser Action.

v1.8.0

Release [v1.8.0] includes bug fixes and new features.

See the full change list.

v1.8.0: Generic Generator

• Added: A new base64-subjects-as-file was added to allow for specifying a large subject list.

v1.8.0: Node.js Builder (beta)

• Fixed: Publishing for non-scoped packages was fixed (See #2359)
• Fixed: Documentation was updated to clarify that the GitHub Actions deployment event is not supported.
• Changed: The file extension for the generated provenance file was changed from .sigstore to .build.slsa in order to make it easier to identify provenance files regardless of file format.
• Fixed: The publish action was fixed to address an issue with the package name when using Node 16.

Commits

• 07e64b6 chore: v1.9.0 ref updates (#2673)
• 9bc0d59 chore: v1.9.0-rc.0 (#2669)
• 72aeffd fix: typo in maven builder (#2668)
• b6d7cbf chore: make build dirs of java builders unique (#2665)
• 7e31fad docs: v1.9.0-rc.0 changelogs (#2648)
• 5952cf4 docs: Update BYOB versions in docs (#2647)
• da5bdc7 chore: fix wrong output in gradle builder (#2646)
• 180a89c chore: fix nits in Gradle builder (#2645)
• f89a0f4 feat: update Gradle builder to accomodate for e2e test (#2636)
• 324ff12 feat: Add directory input to Maven builder (#2538)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)