chore(deps): bump sigstore/gh-action-sigstore-python from 3.3.0 to 3.4.0

[dependabot]

Bumps sigstore/gh-action-sigstore-python from 3.3.0 to 3.4.0.

Release notes

Sourced from sigstore/gh-action-sigstore-python's releases.

v3.4.0

What's Changed

• Used sigstore package version is now 4.3.0
• Other dependency updates

Full Changelog: sigstore/gh-action-sigstore-python@v3.3.0...v3.4.0

Commits

• 5b79a39 build(deps): bump sigstore in the python-dependencies group (#408)
• 3d7f17b build(deps): bump idna in the python-dependencies group (#407)
• 2d128b7 build(deps): bump github/codeql-action in the actions group (#405)
• 06882d3 build(deps): bump the python-dependencies group with 3 updates (#406)
• bab6f77 build(deps): bump the actions group across 1 directory with 3 updates (#403)
• f98c429 build(deps): bump securesystemslib in the python-dependencies group (#404)
• db9196e build(deps): bump the python-dependencies group across 1 directory with 3 upd...
• 839093d build(deps): bump certifi from 2026.4.22 to 2026.5.20 in the python-dependenc...
• d9df9da build(deps): bump ast-serialize in the python-dependencies group (#397)
• 2f7a761 build(deps): bump github/codeql-action in the actions group (#395)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

OSSGuard Security Review

Check	Status	Severity	Details
Dependency Pinning	⚠️ Warn	Warning	Could not analyze workflow files
Security Policy	⚠️ Warn	Warning	No SECURITY.md found. Add a vulnerability disclosure policy. Run ossguard init . to generate one.
License	✅ Pass	Warning	Apache-2.0 license detected
Secrets Scan	⚠️ Warn	Error	Could not scan PR diff for secrets
Container Security	⚠️ Warn	Warning	Could not analyze Dockerfiles
CodeQL / SAST	⚠️ Warn	Warning	Could not analyze workflows for SAST configuration
Branch Protection	⚠️ Warn	Info	Could not check branch protection (may need admin permissions)
Dependency Review	⚠️ Warn	Info	Could not check dependency review configuration

---

1 passed | 7 warnings

Fix the issues above to improve your project's security posture. Learn more

_{Powered by OSSGuard}