🌱 Bump github.com/sigstore/cosign/v2 from 2.4.3 to 2.5.0

[dependabot]

Bumps github.com/sigstore/cosign/v2 from 2.4.3 to 2.5.0.

Release notes

Sourced from github.com/sigstore/cosign/v2's releases.

v2.5.0 includes an implementation of the new bundle specification, attesting and verifying OCI image attestations uploaded as OCI artifacts. This feature is currently gated behind the --new-bundle-format flag when running cosign attest.

Features

• Add support for new bundle specification for attesting/verifying OCI image attestations (#3889)
• Feat/non filename completions (#4115)
• Add TSA certificate related flags and fields for cosign attest (#4079)

Fixes

• cmd/cosign/cli: fix typo in ignoreTLogMessage (#4111)
• Fix replace with compliant image mediatype (#4077)

Changelog

Sourced from github.com/sigstore/cosign/v2's changelog.

v2.5.0

v2.5.0 includes an implementation of the new bundle specification, attesting and verifying OCI image attestations uploaded as OCI artifacts. This feature is currently gated behind the --new-bundle-format flag when running cosign attest.

Features

• Add support for new bundle specification for attesting/verifying OCI image attestations (#3889)
• Feat/non filename completions (#4115)
• Add TSA certificate related flags and fields for cosign attest (#4079)

Fixes

• cmd/cosign/cli: fix typo in ignoreTLogMessage (#4111)
• Fix replace with compliant image mediatype (#4077)

Contributors

• Bob Callaway
• Carlos Tadeu Panato Junior
• Cody Soyland
• Dmitry Savintsev
• Hayden B
• Ramon Petgrave
• Riccardo Schirone
• Stef Graces
• Ville Skyttä

Commits

• 38bb986 chore(deps): bump cuelang.org/go in the gomod group across 1 directory (#4154)
• 076da85 chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4149)
• e7099da chore(deps): bump github.com/buildkite/agent/v3 from 3.93.1 to 3.95.1 (#4139)
• c351ca8 chore(deps): bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 (#4147)
• 76d23ba Update sigstore-go to pick up bug fixes (#4150)
• c6c96ea chore(deps): bump golang.org/x/crypto from 0.36.0 to 0.37.0 (#4148)
• 6e7a9f9 Update golangci-lint to v2, update golangci-lint-action (#4143)
• 37bae90 Feat/non filename completions (#4115)
• 4c32996 chore(deps): bump the gomod group with 5 updates (#4129)
• 11b12fa chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#4125)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @spencerschrock.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[spencerschrock]

@dependabot squash and merge