Bump github.com/sigstore/sigstore-go from 0.6.2 to 0.7.0

[dependabot]

Bumps github.com/sigstore/sigstore-go from 0.6.2 to 0.7.0.

Release notes

Sourced from github.com/sigstore/sigstore-go's releases.

v0.7.0

Breaking Changes

• Removed WithOnlineVerification() configuration option, and online argument to VerifyArtifactTransparencyLog() by @​steiza in sigstore/sigstore-go#344

What's Changed

• Include URI for CA verified timestamps by @​cmurphy in sigstore/sigstore-go#270
• Add Windows to README as tested platform by @​steiza in sigstore/sigstore-go#299
• Check if entry has inclusion proof rather than entity by @​adityasaky in sigstore/sigstore-go#310
• Allow parsing of certificates from Fulcio if ctlog is disabled by @​codysoyland in sigstore/sigstore-go#288
• feat: add unit test for online tlog verification by @​vishal-chdhry in sigstore/sigstore-go#296
• update sigstore dependencies for oci-image-verification example by @​dmitris in sigstore/sigstore-go#319
• Update oci-image-verification.md by @​dmitris in sigstore/sigstore-go#320
• Add interface types for TimestampingAuthority and CertificateAuthority by @​codysoyland in sigstore/sigstore-go#300
• expand oci-image-verification example for private infra by @​dmitris in sigstore/sigstore-go#321
• Update BaseSignedEntity interface implementation by @​cmurphy in sigstore/sigstore-go#333
• ci: address zizmor's findings by @​woodruffw in sigstore/sigstore-go#336
• Simplify HasPublicKey interface method by @​codysoyland in sigstore/sigstore-go#348
• Rename GetCertificate to Certificate by @​codysoyland in sigstore/sigstore-go#349
• Adds a check to ensure SCT time is while a CT log key was valid by @​steiza in sigstore/sigstore-go#350
• Verify certificate validity with only current time, bump conformance tests by @​haydentherapper in sigstore/sigstore-go#277
• Update staging TUF root to latest by @​haydentherapper in sigstore/sigstore-go#354
• Update prod TUF root to v10 by @​haydentherapper in sigstore/sigstore-go#353
• Opt into Actions CodeQL public preview by @​steiza in sigstore/sigstore-go#362
• Refactor DoS limits to separate func by @​codysoyland in sigstore/sigstore-go#364
• Fix intoto unmarshal by @​codysoyland in sigstore/sigstore-go#366
• Add custom-certificate-validator example by @​codysoyland in sigstore/sigstore-go#351
• Add support for SigningConfig by @​haydentherapper in sigstore/sigstore-go#367
• Bump conformance to latest version by @​haydentherapper in sigstore/sigstore-go#377
• Support additional SigningConfig configurations by @​haydentherapper in sigstore/sigstore-go#379
• Use multi-directory configuration for dependabot by @​codysoyland in sigstore/sigstore-go#380
• Use glob support for directories key by @​codysoyland in sigstore/sigstore-go#383
• chore: relax go directive to permit 1.22.x by @​dnwe in sigstore/sigstore-go#384
• docs: minor edits to docs by @​trishankatdatadog in sigstore/sigstore-go#370

New Contributors

• @​dmitris made their first contribution in sigstore/sigstore-go#319
• @​woodruffw made their first contribution in sigstore/sigstore-go#336
• @​dnwe made their first contribution in sigstore/sigstore-go#384
• @​trishankatdatadog made their first contribution in sigstore/sigstore-go#370

Full Changelog: sigstore/sigstore-go@v0.6.2...v0.7.0

Commits

• 9c466a8 docs: minor edits to docs (#370)
• 729246f chore: relax go directive to permit 1.22.x (#384)
• 85b2bcb Bump github.com/google/go-containerregistry (#388)
• a6ff00c Bump golangci/golangci-lint-action from 6.1.1 to 6.2.0 (#386)
• 804847c Bump google.golang.org/protobuf from 1.36.2 to 1.36.3 (#381)
• 740b1e5 Bump github.com/google/certificate-transparency-go from 1.3.0 to 1.3.1 (#382)
• e28a624 Use glob support for directories key (#383)
• a4e799c Use multi-directory configuration for dependabot (#380)
• be174d6 Support additional SigningConfig configurations (#379)
• 5855f01 Bump github.com/sigstore/sigstore from 1.8.11 to 1.8.12 (#376)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[cpanato]

@dependabot rebase

[cpanato]

@dependabot rebase

[dependabot]

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.