Bump sigstore/gh-action-sigstore-python from 3.0.1 to 3.1.0 (#1262)

Bumps
[sigstore/gh-action-sigstore-python](https://github.com/sigstore/gh-action-sigstore-python)
from 3.0.1 to 3.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/gh-action-sigstore-python/releases">sigstore/gh-action-sigstore-python's
releases</a>.</em></p>
<blockquote>
<h2>v3.1.0</h2>
<p><code>gh-action-sigstore-python</code> is now compatible with <a
href="https://blog.sigstore.dev/rekor-v2-ga/">Rekor v2</a>
transparency log (but produced signature bundles still contain Rekor v1
entries by default).</p>
<h3>Changed</h3>
<ul>
<li>The action now uses sigstore-python 4.1. All other dependencies are
also updated
(<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/pull/220">#220</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fixed incompatibility with Python 3.14 by upgrading dependencies
(<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/pull/225">#225</a>)</li>
</ul>
<h3>Added</h3>
<ul>
<li><code>rekor-version</code> argument was added to control the Rekor
transparency log
version when signing. The default version in the
gh-action-sigstore-python
3.x series will remain 1 (except when using <code>staging: true</code>).
(<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/pull/228">#228</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/gh-action-sigstore-python/blob/main/CHANGELOG.md">sigstore/gh-action-sigstore-python's
changelog</a>.</em></p>
<blockquote>
<h2>[3.1.0]</h2>
<p><code>gh-action-sigstore-python</code> is now compatible with <a
href="https://blog.sigstore.dev/rekor-v2-ga/">Rekor v2</a>
transparency log (but produced signature bundles still contain Rekor v1
entries by default).</p>
<h3>Changed</h3>
<ul>
<li>The action now uses sigstore-python 4.1. All other dependencies are
also updated
(<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/pull/220">#220</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fixed incompatibility with Python 3.14 by upgrading dependencies
(<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/pull/225">#225</a>)</li>
</ul>
<h3>Added</h3>
<ul>
<li><code>rekor-version</code> argument was added to control the Rekor
transparency log
version when signing. The default version in the
gh-action-sigstore-python
3.x series will remain 1 (except when using <code>staging: true</code>).
(<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/pull/228">#228</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sigstore/gh-action-sigstore-python/commit/f832326173235dcb00dd5d92cd3f353de3188e6c"><code>f832326</code></a>
Prepare 3.1.0 release (<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/230">#230</a>)</li>
<li><a
href="https://github.com/sigstore/gh-action-sigstore-python/commit/3385d3ad524c66915d8fcfa82f74b905058b2ad4"><code>3385d3a</code></a>
build(deps): bump astral-sh/setup-uv in the actions group (<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/232">#232</a>)</li>
<li><a
href="https://github.com/sigstore/gh-action-sigstore-python/commit/35fff1e5bf90fac1298692cee891e1f65fce1a93"><code>35fff1e</code></a>
Add rekor-version argument (<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/228">#228</a>)</li>
<li><a
href="https://github.com/sigstore/gh-action-sigstore-python/commit/be60bbea7f8770c9c9673a8fabafec00df7f458f"><code>be60bbe</code></a>
build(deps): bump github/codeql-action in the actions group (<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/231">#231</a>)</li>
<li><a
href="https://github.com/sigstore/gh-action-sigstore-python/commit/72e7431cf7415752b53e3e537861872efa4b59b1"><code>72e7431</code></a>
Actually upgrade dependencies (<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/225">#225</a>)</li>
<li><a
href="https://github.com/sigstore/gh-action-sigstore-python/commit/ccdc279cc26afbb1ce2849748d6263f076b7e3e3"><code>ccdc279</code></a>
ci, action: address zizmor findings, bump versions (<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/222">#222</a>)</li>
<li><a
href="https://github.com/sigstore/gh-action-sigstore-python/commit/709f8a40efe9f4d3bf38feb831ffc930b9688c93"><code>709f8a4</code></a>
build(deps): bump sigstore from 3.6.3 to 4.0.0 (<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/220">#220</a>)</li>
<li><a
href="https://github.com/sigstore/gh-action-sigstore-python/commit/5ce4031dd209da1deb84a18c41259d0c46478e48"><code>5ce4031</code></a>
requirements: Include main.in contents within dev.in (<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/221">#221</a>)</li>
<li><a
href="https://github.com/sigstore/gh-action-sigstore-python/commit/ea888adbde89b79cda7612fd09c99bdcc8b129b5"><code>ea888ad</code></a>
build(deps): bump the actions group with 3 updates (<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/218">#218</a>)</li>
<li><a
href="https://github.com/sigstore/gh-action-sigstore-python/commit/17565e2406fc237359e19a217a7b03242eb60c36"><code>17565e2</code></a>
build(deps): bump the python-dependencies group with 6 updates (<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/219">#219</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/sigstore/gh-action-sigstore-python/compare/v3.0.1...v3.1.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sigstore/gh-action-sigstore-python&package-manager=github_actions&previous-version=3.0.1&new-version=3.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: dependabot[bot]

.github/workflows/ci-cd.yml

@@ -587,7 +587,7 @@ jobs:
       uses: pypa/gh-action-pypi-publish@release/v1
 
     - name: Sign the dists with Sigstore
-      uses: sigstore/gh-action-sigstore-python@v3.0.1
+      uses: sigstore/gh-action-sigstore-python@v3.1.0
       with:
         inputs: >-
           ./dist/${{ needs.build-pure-python-dists.outputs.sdist-filename }}