fix(deps): update module github.com/sigstore/rekor to v1.3.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
github.com/sigstore/rekor	require	minor	v1.2.2 -> v1.3.0

---

Release Notes

sigstore/rekor (github.com/sigstore/rekor)

v1.3.0

Compare Source

New Features

• feat: Support publishing new log entries to Pub/Sub topics (#​1580)
• Change values of Identity.Raw, add fingerprints (#​1628)
• Extract all subjects from SANs for x509 verifier (#​1632)
• Fix type comment for Identity struct (#​1619)
• Refactor Identities API (#​1611)
• Refactor Verifiers to return multiple keys (#​1601)

Quality Enhancements

• set min go version to 1.21 (#​1651)
• Upgrade to go1.21 (#​1636)

Bug Fixes

• Update openapi.yaml (#​1655)
• pass transient errors through retrieveLogEntry (#​1653)
• return full entryID on HTTP 409 responses (#​1650)
• Update checkpoint link (#​1597)
• Use correct log index in inclusion proof (#​1599)
• remove instrumentation library (#​1595)
• pki: clean up fuzzer (#​1594)
• alpine: add max metadata size to fuzzer (#​1571)

Contributors

• AdamKorcz
• Appu
• Bob Callaway
• Carlos Tadeu Panato Junior
• Ceridwen Coghlan
• Hayden B
• James Alseth

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[mtrmac]

Go 1.21 has changed the go.mod semantics, so that a go 1.21 line in go.mod requires every single user of a library to also use Go 1.21.

And Rekor has updated to Go 1.21 in sigstore/rekor#1651 , for a dependency in a server-side code we don’t include.

Luckily, for now, there are no code changes to the client between 1.2.2 and 1.3.0, so we don’t need to upgrade. But eventually this will become an issue.

[mtrmac]

Closing to avoid a Go bump to 1.21 for now.

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (v1.3.0). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.