From 771513de8f31ba4c667091b55d6b78a9ccbbdc40 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 4 Oct 2024 16:46:34 +0200
Subject: [PATCH] build(deps): bump github.com/sigstore/cosign/v2 from 2.4.0 to
 2.4.1 (#1331)

Bumps
[github.com/sigstore/cosign/v2](https://github.com/sigstore/cosign) from
2.4.0 to 2.4.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign/releases">github.com/sigstore/cosign/v2's
releases</a>.</em></p>
<blockquote>
<h2>v2.4.1</h2>
<h2>Changelog</h2>
<ul>
<li>9a4cfe1aae777984c07ce373d97a65428bbff734 update changelog for v2.4.1
(<a
href="https://redirect.github.com/sigstore/cosign/issues/3896">#3896</a>)</li>
<li>0bd0d91ff5532e6774c312d0d88d87b21b8ae267 chore(deps): bump
actions/checkout in the actions group (<a
href="https://redirect.github.com/sigstore/cosign/issues/3893">#3893</a>)</li>
<li>66af64ef9515a05ef609b5c20e9c3f8254e5f562 chore(deps): bump
github.com/theupdateframework/go-tuf/v2 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3895">#3895</a>)</li>
<li>677a262c3205c7bf8612f30b7b44bdf51bd68bac bump scaffolding release to
v0.7.11 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3887">#3887</a>)</li>
<li>77f71e0d7470e31ed4ed5653fe5a7c8e3b283606 Update README.md (<a
href="https://redirect.github.com/sigstore/cosign/issues/3886">#3886</a>)</li>
<li>43933130d2cae41d333e5148c54fc2fb7e77e712 Fix bug in attest-blob when
using a timestamp authority with new bundles (<a
href="https://redirect.github.com/sigstore/cosign/issues/3877">#3877</a>)</li>
<li>081dea1918e9536c1fe233aa2596301381967b3b fix: documentation link for
installation guide (<a
href="https://redirect.github.com/sigstore/cosign/issues/3884">#3884</a>)</li>
<li>780780b11e0998512c034317fd7e98776153e59d chore(deps): bump
github.com/xanzy/go-gitlab from 0.108.0 to 0.109.0 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3867">#3867</a>)</li>
<li>dee0b23f97cf9cc48a0edf985301c64014c984e0 chore(deps): bump
github.com/buildkite/agent/v3 from 3.79.0 to 3.81.0 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3874">#3874</a>)</li>
<li>4ffbf5f681dc94cf3cb7b57aa95a97f6d8e0c72d update to use go1.22.7 and
golangci-lint (<a
href="https://redirect.github.com/sigstore/cosign/issues/3864">#3864</a>)</li>
<li>4c35ffc40d58e09b89c24342024a0d15b2c756d5 chore(deps): bump
github.com/sigstore/sigstore-go from 0.6.0 to 0.6.1 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3863">#3863</a>)</li>
<li>081ad98a526de15a16ff2c0b2b25281e1eaeb05f use go1.22.6 to build
cosign (<a
href="https://redirect.github.com/sigstore/cosign/issues/3862">#3862</a>)</li>
<li>f90977c9f881cf6e0023391ea982440296c41979 chore(deps): bump
github.com/open-policy-agent/opa from 0.67.1 to 0.68.0 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3861">#3861</a>)</li>
<li>c1e508521d73805569b86f245fa35e74c0f607f5 chore(deps): bump
google.golang.org/api from 0.194.0 to 0.195.0 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3860">#3860</a>)</li>
<li>42fd5f2161f7e0cfd2f0abd6adcc7aa9e8fdc571 chore(deps): bump
github.com/mozillazg/docker-credential-acr-helper (<a
href="https://redirect.github.com/sigstore/cosign/issues/3859">#3859</a>)</li>
<li>4beb7f49ff2b0957804b6dafc87a06edfe7b416b chore(deps): bump
github.com/buildkite/agent/v3 from 3.78.0 to 3.79.0 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3858">#3858</a>)</li>
<li>247c9dcb8d7af3702deedde50f9b84ecfbde69db chore(deps): bump
go.step.sm/crypto in the gomod group (<a
href="https://redirect.github.com/sigstore/cosign/issues/3857">#3857</a>)</li>
<li>842d3cc86c35198aa74fda496e003721f75ea482 chore(deps): bump
actions/upload-artifact in the actions group (<a
href="https://redirect.github.com/sigstore/cosign/issues/3856">#3856</a>)</li>
<li>8defb0e72baa6c0385f4097723a3574e6d0406d0 chore(deps): bump
google.golang.org/api from 0.192.0 to 0.194.0 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3852">#3852</a>)</li>
<li>fe71244d19c12561dc88cce662959ffcfff2d29a chore(deps): bump
github.com/xanzy/go-gitlab from 0.107.0 to 0.108.0 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3851">#3851</a>)</li>
<li>84e979df87efd744c97d051c8f64fc47a84645d9 chore(deps): bump the
actions group across 1 directory with 3 updates (<a
href="https://redirect.github.com/sigstore/cosign/issues/3853">#3853</a>)</li>
<li>198b8e497292009deb5e657973a302954d061734 chore(deps): bump
github.com/buildkite/agent/v3 from 3.77.0 to 3.78.0 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3850">#3850</a>)</li>
<li>282070958f0b92bbf8d0547e3bb85e13ef32031e chore(deps): bump
github.com/sigstore/fulcio in the gomod group (<a
href="https://redirect.github.com/sigstore/cosign/issues/3848">#3848</a>)</li>
<li>d712844a0677cb07bfadbca6f8e937dd4f47ea63 add oss-fuzz build script,
seeds and dictionaries (<a
href="https://redirect.github.com/sigstore/cosign/issues/3843">#3843</a>)</li>
<li>8a4f39046605e0072cda5da67a457fcb57b5e767 chore(deps): bump
github.com/sigstore/fulcio from 1.5.1 to 1.6.2 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3839">#3839</a>)</li>
<li>be4cdc231b5264cb62b2f9d03354900165e04cae chore(deps): bump
google.golang.org/api from 0.191.0 to 0.192.0 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3837">#3837</a>)</li>
<li>30c1d0f53bf9d646fe5d97c98c69dd4c16fad986 chore(deps): bump
github.com/sigstore/sigstore-go from 0.5.1 to 0.6.0 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3840">#3840</a>)</li>
<li>9c0c81cba077a75dcdc137f735e4721cd0ad7538 fuzzing: add fuzzers for
multiple packages (<a
href="https://redirect.github.com/sigstore/cosign/issues/3834">#3834</a>)</li>
<li>3694644fdcb3502770658f12167404f225695c15 chore(deps): bump the gomod
group with 2 updates (<a
href="https://redirect.github.com/sigstore/cosign/issues/3824">#3824</a>)</li>
<li>182f64b3d7ce0be64bbbd74f31f287d409802020 chore(deps): bump
github.com/buildkite/agent/v3 from 3.76.2 to 3.77.0 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3828">#3828</a>)</li>
<li>fa128457108cfb1c4f49f953fdf1818e34857003 chore(deps): bump
golang.org/x/crypto from 0.25.0 to 0.26.0 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3825">#3825</a>)</li>
<li>cddce0f1edc5c398ee63433b1e254b548b2c2782 chore(deps): bump
google.golang.org/api from 0.190.0 to 0.191.0 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3830">#3830</a>)</li>
<li>e99c1a536e595ce72c236ed11dc1acaaa3dca395 chore(deps): bump
github.com/docker/docker (<a
href="https://redirect.github.com/sigstore/cosign/issues/3823">#3823</a>)</li>
<li>b23586d6390d6a48ba4789848fe6ad89710afb7f Add changelog for v2.4.0
(<a
href="https://redirect.github.com/sigstore/cosign/issues/3821">#3821</a>)</li>
<li>cb338e9f788f7105f51ad153825ce2b5b39663d9 Add missing permission to
push containers (<a
href="https://redirect.github.com/sigstore/cosign/issues/3822">#3822</a>)</li>
</ul>
<h3>Thanks to all contributors!</h3>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/cosign/blob/main/CHANGELOG.md">github.com/sigstore/cosign/v2's
changelog</a>.</em></p>
<blockquote>
<h1>v2.4.1</h1>
<p>v2.4.1 largely contains bug fixes and updates dependencies.</p>
<h2>Features</h2>
<ul>
<li>Added fuzzing coverage to multiple packages</li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>Fix bug in attest-blob when using a timestamp authority with new
bundles (<a
href="https://redirect.github.com/sigstore/cosign/issues/3877">#3877</a>)</li>
<li>fix: documentation link for installation guide (<a
href="https://redirect.github.com/sigstore/cosign/issues/3884">#3884</a>)</li>
</ul>
<h2>Contributors</h2>
<ul>
<li>AdamKorcz</li>
<li>Bob Callaway</li>
<li>Carlos Tadeu Panato Junior</li>
<li>Hayden B</li>
<li>Hemil K</li>
<li>Sota Sugiura</li>
<li>Zach Steindler</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sigstore/cosign/commit/9a4cfe1aae777984c07ce373d97a65428bbff734"><code>9a4cfe1</code></a>
update changelog for v2.4.1 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3896">#3896</a>)</li>
<li><a
href="https://github.com/sigstore/cosign/commit/0bd0d91ff5532e6774c312d0d88d87b21b8ae267"><code>0bd0d91</code></a>
chore(deps): bump actions/checkout in the actions group (<a
href="https://redirect.github.com/sigstore/cosign/issues/3893">#3893</a>)</li>
<li><a
href="https://github.com/sigstore/cosign/commit/66af64ef9515a05ef609b5c20e9c3f8254e5f562"><code>66af64e</code></a>
chore(deps): bump github.com/theupdateframework/go-tuf/v2 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3895">#3895</a>)</li>
<li><a
href="https://github.com/sigstore/cosign/commit/677a262c3205c7bf8612f30b7b44bdf51bd68bac"><code>677a262</code></a>
bump scaffolding release to v0.7.11 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3887">#3887</a>)</li>
<li><a
href="https://github.com/sigstore/cosign/commit/77f71e0d7470e31ed4ed5653fe5a7c8e3b283606"><code>77f71e0</code></a>
Update README.md (<a
href="https://redirect.github.com/sigstore/cosign/issues/3886">#3886</a>)</li>
<li><a
href="https://github.com/sigstore/cosign/commit/43933130d2cae41d333e5148c54fc2fb7e77e712"><code>4393313</code></a>
Fix bug in attest-blob when using a timestamp authority with new bundles
(<a
href="https://redirect.github.com/sigstore/cosign/issues/3877">#3877</a>)</li>
<li><a
href="https://github.com/sigstore/cosign/commit/081dea1918e9536c1fe233aa2596301381967b3b"><code>081dea1</code></a>
fix: documentation link for installation guide (<a
href="https://redirect.github.com/sigstore/cosign/issues/3884">#3884</a>)</li>
<li><a
href="https://github.com/sigstore/cosign/commit/780780b11e0998512c034317fd7e98776153e59d"><code>780780b</code></a>
chore(deps): bump github.com/xanzy/go-gitlab from 0.108.0 to 0.109.0 (<a
href="https://redirect.github.com/sigstore/cosign/issues/3867">#3867</a>)</li>
<li><a
href="https://github.com/sigstore/cosign/commit/dee0b23f97cf9cc48a0edf985301c64014c984e0"><code>dee0b23</code></a>
chore(deps): bump github.com/buildkite/agent/v3 from 3.79.0 to 3.81.0
(<a
href="https://redirect.github.com/sigstore/cosign/issues/3874">#3874</a>)</li>
<li><a
href="https://github.com/sigstore/cosign/commit/4ffbf5f681dc94cf3cb7b57aa95a97f6d8e0c72d"><code>4ffbf5f</code></a>
update to use go1.22.7 and golangci-lint (<a
href="https://redirect.github.com/sigstore/cosign/issues/3864">#3864</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/sigstore/cosign/compare/v2.4.0...v2.4.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/cosign/v2&package-manager=go_modules&previous-version=2.4.0&new-version=2.4.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index c4a3120c..b1c494a0 100644
--- a/go.mod
+++ b/go.mod
@@ -17,7 +17,7 @@ require (
 	github.com/klauspost/pgzip v1.2.6
 	github.com/package-url/packageurl-go v0.1.3
 	github.com/psanford/memfs v0.0.0-20230130182539-4dbf7e3e865e
-	github.com/sigstore/cosign/v2 v2.4.0
+	github.com/sigstore/cosign/v2 v2.4.1
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966
 	github.com/spf13/cobra v1.8.1
 	github.com/stretchr/testify v1.9.0
diff --git a/go.sum b/go.sum
index 613874a4..ee206868 100644
--- a/go.sum
+++ b/go.sum
@@ -317,8 +317,8 @@ github.com/secure-systems-lab/go-securesystemslib v0.8.0 h1:mr5An6X45Kb2nddcFlbm
 github.com/secure-systems-lab/go-securesystemslib v0.8.0/go.mod h1:UH2VZVuJfCYR8WgMlCU1uFsOUU+KeyrTWcSS73NBOzU=
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8=
 github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
-github.com/sigstore/cosign/v2 v2.4.0 h1:2NdidNgClg+oXr/fDIr37E/BE6j00gqgUhSiBK2kjSQ=
-github.com/sigstore/cosign/v2 v2.4.0/go.mod h1:j+fH1DCUkcn92qp6ezDj4JbGMri6eG1nLJC+hs64rvc=
+github.com/sigstore/cosign/v2 v2.4.1 h1:b8UXEfJFks3hmTwyxrRNrn6racpmccUycBHxDMkEPvU=
+github.com/sigstore/cosign/v2 v2.4.1/go.mod h1:GvzjBeUKigI+XYnsoVQDmMAsMMc6engxztRSuxE+x9I=
 github.com/sigstore/protobuf-specs v0.3.2 h1:nCVARCN+fHjlNCk3ThNXwrZRqIommIeNKWwQvORuRQo=
 github.com/sigstore/protobuf-specs v0.3.2/go.mod h1:RZ0uOdJR4OB3tLQeAyWoJFbNCBFrPQdcokntde4zRBA=
 github.com/sigstore/rekor v1.3.6 h1:QvpMMJVWAp69a3CHzdrLelqEqpTM3ByQRt5B5Kspbi8=