chore(deps): bump the actions-weekly group across 1 directory with 4 updates

[dependabot]

Bumps the actions-weekly group with 4 updates in the / directory: sigstore/cosign-installer, actions/setup-node, crate-ci/typos and taiki-e/install-action.

Updates sigstore/cosign-installer from 4.1.1 to 4.1.2

Release notes

Sourced from sigstore/cosign-installer's releases.

v4.1.2

What's Changed

• Bump cosign to 3.0.6 in sigstore/cosign-installer#232

Commits

• 6f9f177 Bump cosign to 3.0.6 (#232)
• b5e753a Bump actions/github-script from 8.0.0 to 9.0.0 (#230)
• 115e4ce Bump actions/setup-go from 6.3.0 to 6.4.0 (#226)
• See full diff in compare view

Updates actions/setup-node from 6.3.0 to 6.4.0

Release notes

Sourced from actions/setup-node's releases.

v6.4.0

What's Changed

Dependency updates:

• Upgrade @​actions dependencies by @​Copilot in actions/setup-node#1525
• Update Node.js versions in versions.yml and bump package to v6.4.0 by @​priya-kinthali in actions/setup-node#1533

New Contributors

• @​Copilot made their first contribution in actions/setup-node#1525

Full Changelog: actions/setup-node@v6...v6.4.0

Commits

• 48b55a0 Update Node.js versions in versions.yml and bump package to v6.4.0 (#1533)
• ab72c7e Upgrade @​actions dependencies (#1525)
• See full diff in compare view

Updates crate-ci/typos from 1.45.0 to 1.46.1

Release notes

Sourced from crate-ci/typos's releases.

v1.46.1

[1.46.1] - 2026-05-08

Fixes

• Don't correct to confidentials

v1.46.0

[1.46.0] - 2026-04-30

Features

• Updated the dictionary with the April 2026 changes

v1.45.2

[1.45.2] - 2026-04-27

Fixes

• Ignore ssh ed25519 public keys

v1.45.1

[1.45.1] - 2026-04-13

Fixes

• (action) Use a temp dir for caching

Changelog

Sourced from crate-ci/typos's changelog.

Change Log

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

[Unreleased] - ReleaseDate

[1.46.1] - 2026-05-08

Fixes

• Don't correct to confidentials

[1.46.0] - 2026-04-30

Features

• Updated the dictionary with the April 2026 changes

[1.45.2] - 2026-04-27

Fixes

• Ignore ssh ed25519 public keys

[1.45.1] - 2026-04-13

Fixes

• (action) Use a temp dir for caching

[1.45.0] - 2026-04-01

Features

• Updated the dictionary with the March 2026 changes

[1.44.0] - 2026-02-27

Features

• Updated the dictionary with the February 2026 changes

[1.43.5] - 2026-02-16

Fixes

• (pypi) Hopefully fix the sdist build

... (truncated)

Commits

• 5374cbf chore: Release
• 52448f5 docs: Update changelog
• 030c719 Merge pull request #1552 from epage/fixes
• 7a688c7 fix(dict): Confidentials isn't valid
• 3bcd3b3 Merge pull request #1548 from crate-ci/renovate/maturin-1.x
• 5294011 chore(deps): Update compatible (#1547)
• c3be360 chore(deps): Update dependency maturin to >=1.13,<1.14
• bbaefad chore: Release
• c19f54c chore: Release
• d65608b docs: Update changelog
• Additional commits viewable in compare view

Updates taiki-e/install-action from 2.75.5 to 2.77.2

Release notes

Sourced from taiki-e/install-action's releases.

2.77.2

• Update martin@latest to 1.9.0.

• Update wasm-bindgen@latest to 0.2.121.

• Update uv@latest to 0.11.11.

• Update mise@latest to 2026.5.1.

• Update prek@latest to 0.3.13.

• Update tombi@latest to 0.10.6.

2.77.1

• Support taiki-e/install-action@rust tag.

• Update tombi@latest to 0.10.3.

• Update martin@latest to 1.8.2.

2.77.0

• Support rust. (#1779)

  This installs rust using rustup.

  If rustup is not yet installed, this action downloads rustup-init for the current platform using HTTPS with tlsv1.2+, verifies SHA256 checksum, and then installs rustup using it.

  This also supports installing additional components at the same time by +<additional> syntax:

  - uses: taiki-e/install-action@v2
    with:
      # Install rust stable with rustfmt component and wasm32-wasip1 target.
      tool: rust+rustfmt+wasm32-wasip1
      # When installing another rust version:
      # tool: rust@nightly + rustfmt + wasm32-wasip1

• Fix issue where x86_64 binary will be installed on AArch64 Windows even when AArch64 Windows binary available.

• Update mise@latest to 2026.5.0.

• Diagnostic improvements.

2.76.0

• Support mdbook-d2. (#1737, thanks @​nhu)

• Support cargo-apple-runner. (#1731, thanks @​madsmtm)

• Support cargo-binstall on riscv64 Linux.

... (truncated)

Changelog

Sourced from taiki-e/install-action's changelog.

Changelog

All notable changes to this project will be documented in this file.

This project adheres to Semantic Versioning.

[Unreleased]

• Update cyclonedx@latest to 0.32.0.

• Update prek@latest to 0.4.0.

[2.78.1] - 2026-05-15

• Update mise@latest to 2026.5.7.

• Diagnostic improvements.

[2.78.0] - 2026-05-14

• Support cargo-mutants. (#1812, thanks @​jakewimmer)

• Update covgate@latest to 0.2.0.

• Update cargo-llvm-cov@latest to 0.8.7.

• Update uv@latest to 0.11.14.

• Update martin@latest to 1.9.1.

• Update tombi@latest to 0.11.4.

[2.77.7] - 2026-05-13

• Update mise@latest to 2026.5.6.

• Update cargo-deny@latest to 0.19.6.

[2.77.6] - 2026-05-11

• Fix wasm-pack installation failure.

• Update mise@latest to 2026.5.5.

• Update release-plz@latest to 0.3.158.

... (truncated)

Commits

• 3fa6878 Release 2.77.2
• ba61d93 Update tombi manifest
• 7d53289 Update osv-scanner manifest
• d8e028b Update mise manifest
• e5a3fb2 Update martin@latest to 1.9.0
• a6b6526 Update wasm-bindgen@latest to 0.2.121
• 8a488ab Update tombi@latest to 0.10.6
• 3828567 Update uv@latest to 0.11.11
• a5b83ca Update mise manifest
• ad848ff Update tombi@latest to 0.10.5
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

⚠️ Changelog not found.

A changelog entry is required before merging.

Add changelog

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.