Bump oras.land/oras-go/v2 from 2.3.0 to 2.3.1 (#6994)

Bumps [oras.land/oras-go/v2](https://github.com/oras-project/oras-go)
from 2.3.0 to 2.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/oras-project/oras-go/releases">oras.land/oras-go/v2's
releases</a>.</em></p>
<blockquote>
<h2>v2.3.1</h2>
<h2>Bug Fixes</h2>
<ul>
<li>Fix <a
href="https://redirect.github.com/oras-project/oras-go/issues/592">#592</a>:
Referrers tag index is not updated when all referrers are removed and GC
is skipped</li>
<li>Fix <a
href="https://redirect.github.com/oras-project/oras-go/issues/600">#600</a>:
<code>sibling()</code> is copying a <code>sync.Mutex</code></li>
<li>Fix <a
href="https://redirect.github.com/oras-project/oras-go/issues/552">#552</a>:
<code>OnCopySkipped</code> is called unexpectedly on root node when
using <code>oras.Copy</code></li>
</ul>
<h2>Other Changes</h2>
<ul>
<li>Update the Go support window to [1.20, 1.21] (<a
href="https://redirect.github.com/oras-project/oras-go/issues/587">#587</a>)</li>
<li>Upgrade <code>image-spec</code> to <a
href="https://github.com/opencontainers/image-spec/releases/tag/v1.1.0-rc5"><code>v1.1.0-rc5</code></a>
(<a
href="https://redirect.github.com/oras-project/oras-go/issues/615">#615</a>)</li>
<li>Backport <a
href="https://redirect.github.com/oras-project/oras-go/issues/618">#618</a>:
Optimize the authentication workflow for
<code>Repository.Manifests().Delete()</code> (<a
href="https://redirect.github.com/oras-project/oras-go/issues/623">#623</a>)</li>
</ul>
<h2>Detailed Commits</h2>
<ul>
<li>Add SECURITY.md file by <a
href="https://github.com/TerryHowe"><code>@​TerryHowe</code></a> in <a
href="https://redirect.github.com/oras-project/oras-go/pull/579">oras-project/oras-go#579</a></li>
<li>build(deps): bump actions/checkout from 3 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/oras-project/oras-go/pull/585">oras-project/oras-go#585</a></li>
<li>build: bump go version by <a
href="https://github.com/Wwwsylvia"><code>@​Wwwsylvia</code></a> in <a
href="https://redirect.github.com/oras-project/oras-go/pull/587">oras-project/oras-go#587</a></li>
<li>fix: push an empty index when deleting the last referrer with
SkipReferrersGC by <a
href="https://github.com/Wwwsylvia"><code>@​Wwwsylvia</code></a> in <a
href="https://redirect.github.com/oras-project/oras-go/pull/593">oras-project/oras-go#593</a></li>
<li>fix: Avoid a copy of sync.Mutex in Repository by <a
href="https://github.com/ktarplee"><code>@​ktarplee</code></a> in <a
href="https://redirect.github.com/oras-project/oras-go/pull/603">oras-project/oras-go#603</a></li>
<li>fix: correctly handle OnCopySkipped by <a
href="https://github.com/Wwwsylvia"><code>@​Wwwsylvia</code></a> in <a
href="https://redirect.github.com/oras-project/oras-go/pull/609">oras-project/oras-go#609</a></li>
<li>build(deps): bump golang.org/x/sync from 0.3.0 to 0.4.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/oras-project/oras-go/pull/611">oras-project/oras-go#611</a></li>
<li>build: bump <code>github.com/opencontainers/image-spec</code> to
<code>v1.1.0-rc5</code> by <a
href="https://github.com/Wwwsylvia"><code>@​Wwwsylvia</code></a> in <a
href="https://redirect.github.com/oras-project/oras-go/pull/615">oras-project/oras-go#615</a></li>
<li>perf: reduce auth request count for manifest delete by <a
href="https://github.com/Wwwsylvia"><code>@​Wwwsylvia</code></a> in <a
href="https://redirect.github.com/oras-project/oras-go/pull/618">oras-project/oras-go#618</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/ktarplee"><code>@​ktarplee</code></a>
made their first contribution in <a
href="https://redirect.github.com/oras-project/oras-go/pull/603">oras-project/oras-go#603</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/oras-project/oras-go/compare/v2.3.0...v2.3.1">https://github.com/oras-project/oras-go/compare/v2.3.0...v2.3.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/oras-project/oras-go/commit/f29607202d5a72ee5325171bf7fc6698ccb4e45f"><code>f296072</code></a>
perf: reduce auth request count for manifest delete (<a
href="https://redirect.github.com/oras-project/oras-go/issues/623">#623</a>)</li>
<li><a
href="https://github.com/oras-project/oras-go/commit/f175957c938558190454f394dd23d98750d94da6"><code>f175957</code></a>
build: bump <code>github.com/opencontainers/image-spec</code> to
<code>v1.1.0-rc5</code> (<a
href="https://redirect.github.com/oras-project/oras-go/issues/615">#615</a>)</li>
<li><a
href="https://github.com/oras-project/oras-go/commit/e3f77d3dae8e8f9bb490b54bdcd4f1827bdffc1e"><code>e3f77d3</code></a>
build(deps): bump golang.org/x/sync from 0.3.0 to 0.4.0 (<a
href="https://redirect.github.com/oras-project/oras-go/issues/611">#611</a>)</li>
<li><a
href="https://github.com/oras-project/oras-go/commit/b5e74d8071cabf3669ef029f129e6c978fe69deb"><code>b5e74d8</code></a>
fix: correctly handle OnCopySkipped (<a
href="https://redirect.github.com/oras-project/oras-go/issues/609">#609</a>)</li>
<li><a
href="https://github.com/oras-project/oras-go/commit/eb31910a8083bb7972abe929ef8fc9f974c6730a"><code>eb31910</code></a>
fix: Avoid a copy of sync.Mutex in Repository (<a
href="https://redirect.github.com/oras-project/oras-go/issues/603">#603</a>)</li>
<li><a
href="https://github.com/oras-project/oras-go/commit/bfef8c5223fc87780f6480608bf6e31a03281509"><code>bfef8c5</code></a>
fix: push an empty index when deleting the last referrer with
SkipReferrersGC...</li>
<li><a
href="https://github.com/oras-project/oras-go/commit/f57076672c857112c48f710eece5de0f38e91dbb"><code>f570766</code></a>
build: bump go version (<a
href="https://redirect.github.com/oras-project/oras-go/issues/587">#587</a>)</li>
<li><a
href="https://github.com/oras-project/oras-go/commit/f10a5382f1cefca78f1c4c5d789447d7a3c465ad"><code>f10a538</code></a>
build(deps): bump actions/checkout from 3 to 4 (<a
href="https://redirect.github.com/oras-project/oras-go/issues/585">#585</a>)</li>
<li><a
href="https://github.com/oras-project/oras-go/commit/8ed8b383b2da39a6b8a9aa782a78783bdcc716d1"><code>8ed8b38</code></a>
Add SECURITY.md file (<a
href="https://redirect.github.com/oras-project/oras-go/issues/579">#579</a>)</li>
<li>See full diff in <a
href="https://github.com/oras-project/oras-go/compare/v2.3.0...v2.3.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oras.land/oras-go/v2&package-manager=go_modules&previous-version=2.3.0&new-version=2.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

go.mod

@@ -61,7 +61,7 @@ require (
 	k8s.io/kubectl v0.26.7
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b
 	oras.land/oras-go v1.2.4
-	oras.land/oras-go/v2 v2.3.0
+	oras.land/oras-go/v2 v2.3.1
 	sigs.k8s.io/controller-runtime v0.14.6
 	sigs.k8s.io/yaml v1.3.0
 )

go.sum

@@ -1412,8 +1412,8 @@ k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSn
 k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 oras.land/oras-go v1.2.4 h1:djpBY2/2Cs1PV87GSJlxv4voajVOMZxqqtq9AB8YNvY=
 oras.land/oras-go v1.2.4/go.mod h1:DYcGfb3YF1nKjcezfX2SNlDAeQFKSXmf+qrFmrh4324=
-oras.land/oras-go/v2 v2.3.0 h1:lqX1aXdN+DAmDTKjiDyvq85cIaI4RkIKp/PghWlAGIU=
-oras.land/oras-go/v2 v2.3.0/go.mod h1:GeAwLuC4G/JpNwkd+bSZ6SkDMGaaYglt6YK2WvZP7uQ=
+oras.land/oras-go/v2 v2.3.1 h1:lUC6q8RkeRReANEERLfH86iwGn55lbSWP20egdFHVec=
+oras.land/oras-go/v2 v2.3.1/go.mod h1:5AQXVEu1X/FKp1F9DMOb5ZItZBOa0y5dha0yCm4NR9c=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=