Bump github.com/sigstore/cosign/v2 from 2.0.3-0.20230425232139-17cc13812d8a to 2.1.0

[dependabot]

Bumps github.com/sigstore/cosign/v2 from 2.0.3-0.20230425232139-17cc13812d8a to 2.1.0.

Release notes

Sourced from github.com/sigstore/cosign/v2's releases.

v2.1.0

Breaking Change: The predicate is now a required flag in the attest commands, set via the --type flag.

Enhancements

• Verify sigs and attestations in parallel (#3066)
• Deep inspect attestations when filtering download (#3031)
• refactor bundle validation code, add support for DSSE rekor type (#3016)
• Allow overriding remote options (#3049)
• feat: adds no cert found on sig exit code (#3038)
• Make predicate a required flag in attest commands (#3033)
• Added support for attaching Time stamp authority Response in attach command (#3001)
• Add sign --sign-container-identity CLI (#2984)
• Feature: Allow cosign to sign digests before they are uploaded. (#2959)
• accepts attachment-tag-prefix for cosign copy (#3014)
• Feature: adds '--allow-insecure-registry' for cosign load (#3000)
• download attestation: support --platform flag (#2980)
• Cleanup: Add Digest to the SignedEntity interface. (#2960)
• verify command: support keyless verification using only a provided certificate chain with non-fulcio roots (#2845)
• verify: use workers to limit the paralellism when verifying images with --max-workers flag (#3069)

Bug Fixes

• Fix pkg/cosign/errors (#3050)
• fix: update doc to refer to github-actions oidc provider (#3040)
• fix: prefer GitHub OIDC provider if enabled (#3044)
• Fix --sig-only in cosign copy (#3074)

Documentation

• Fix links to sigstore/docs in markdown files (#3064)
• Update release readme (#2942)

Thanks to all contributors!

• Bob Callaway
• Carlos Tadeu Panato Junior
• Chok Yip Lau
• Chris Burns
• Dmitry Savintsev
• Enyinna Ochulor
• Hayden B
• Hector Fernandez
• Jakub Hrozek
• Jason Hall
• Jon Johnson
• Luiz Carvalho
• Matt Moore
• Mritunjay Kumar Sharma
• Mukuls77
• Ramkumar Chinchani
• Sascha Grunert

... (truncated)

Changelog

Sourced from github.com/sigstore/cosign/v2's changelog.

v2.1.0

Breaking Change: The predicate is now a required flag in the attest commands, set via the --type flag.

Enhancements

• Verify sigs and attestations in parallel (#3066)
• Deep inspect attestations when filtering download (#3031)
• refactor bundle validation code, add support for DSSE rekor type (#3016)
• Allow overriding remote options (#3049)
• feat: adds no cert found on sig exit code (#3038)
• Make predicate a required flag in attest commands (#3033)
• Added support for attaching Time stamp authority Response in attach command (#3001)
• Add sign --sign-container-identity CLI (#2984)
• Feature: Allow cosign to sign digests before they are uploaded. (#2959)
• accepts attachment-tag-prefix for cosign copy (#3014)
• Feature: adds '--allow-insecure-registry' for cosign load (#3000)
• download attestation: support --platform flag (#2980)
• Cleanup: Add Digest to the SignedEntity interface. (#2960)
• verify command: support keyless verification using only a provided certificate chain with non-fulcio roots (#2845)
• verify: use workers to limit the paralellism when verifying images with --max-workers flag (#3069)

Bug Fixes

• Fix pkg/cosign/errors (#3050)
• fix: update doc to refer to github-actions oidc provider (#3040)
• fix: prefer GitHub OIDC provider if enabled (#3044)
• Fix --sig-only in cosign copy (#3074)

Documentation

• Fix links to sigstore/docs in markdown files (#3064)
• Update release readme (#2942)

Thank you to our contributors!

• Bob Callaway
• Carlos Tadeu Panato Junior
• Chok Yip Lau
• Chris Burns
• Dmitry Savintsev
• Enyinna Ochulor
• Hayden B
• Hector Fernandez
• Jakub Hrozek
• Jason Hall
• Jon Johnson
• Luiz Carvalho
• Matt Moore
• Mritunjay Kumar Sharma
• Mukuls77
• Ramkumar Chinchani
• Sascha Grunert
• Yolanda Robla Mota

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)