build(deps): bump the go-deps group across 1 directory with 4 updates

[dependabot]

Bumps the go-deps group with 4 updates in the / directory: github.com/notaryproject/notation-core-go, github.com/notaryproject/notation-go, github.com/ory/dockertest/v3 and github.com/sigstore/sigstore.

Updates github.com/notaryproject/notation-core-go from 1.2.0 to 1.3.0

Release notes

Sourced from github.com/notaryproject/notation-core-go's releases.

v1.3.0

Vote PASSED [+4 -0]: #271

Updates

• Support of delta CRL during certificate revocation check.
• Upgraded go version to v1.23.0
• Error message fix and dependency updates.

What's Changed since v1.2.0

• feat: delta CRL by @​JeyJeyGao in notaryproject/notation-core-go#247
• bump: update go v1.23 by @​JeyJeyGao in notaryproject/notation-core-go#260
• build(deps): bump golang.org/x/crypto from 0.32.0 to 0.35.0 by @​dependabot in notaryproject/notation-core-go#261
• build(deps): bump apache/skywalking-eyes from 0.6.0 to 0.7.0 by @​dependabot in notaryproject/notation-core-go#258
• fix: use iterator instead of looping through multiple slices by @​JeyJeyGao in notaryproject/notation-core-go#259
• build(deps): bump golang.org/x/crypto from 0.35.0 to 0.36.0 by @​dependabot in notaryproject/notation-core-go#262
• build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 by @​dependabot in notaryproject/notation-core-go#263
• build(deps): bump github.com/fxamacker/cbor/v2 from 2.7.0 to 2.8.0 by @​dependabot in notaryproject/notation-core-go#265
• build(deps): bump golang.org/x/crypto from 0.36.0 to 0.37.0 by @​dependabot in notaryproject/notation-core-go#267
• fix: error message of SignatureAuthenticityError by @​Two-Hearts in notaryproject/notation-core-go#269

Full Changelog: notaryproject/notation-core-go@v1.2.0...v1.3.0

Commits

• ef87896 fix: error message of SignatureAuthenticityError (#269)
• 46726d8 build(deps): bump golang.org/x/crypto from 0.36.0 to 0.37.0 (#267)
• b85e8f7 build(deps): bump github.com/fxamacker/cbor/v2 from 2.7.0 to 2.8.0 (#265)
• 4d73532 build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#263)
• 6a378d5 build(deps): bump golang.org/x/crypto from 0.35.0 to 0.36.0 (#262)
• ea37e4e fix: use iterator instead of looping through multiple slices (#259)
• fcf4512 build(deps): bump apache/skywalking-eyes from 0.6.0 to 0.7.0 (#258)
• 9c4662f build(deps): bump golang.org/x/crypto from 0.32.0 to 0.35.0 (#261)
• 441bbe8 bump: update go v1.23 (#260)
• 7510083 feat: delta CRL (#247)
• See full diff in compare view

Updates github.com/notaryproject/notation-go from 1.3.0 to 1.3.2

Release notes

Sourced from github.com/notaryproject/notation-go's releases.

v1.3.2

Vote PASSED [+5 -0]: #538

Update

• Error message and dependency updates

What's Changed since notation-go v1.3.1

• bump: release v1.3.1 by @​Two-Hearts in notaryproject/notation-go#517
• backport: from main to release-1.3 branch by @​Two-Hearts in notaryproject/notation-go#536

Full Changelog: notaryproject/notation-go@v1.3.1...v1.3.2

New Contributors

• @​qba73 made their first contribution in notaryproject/notation-go#529

v1.3.1

Vote PASSED [+5 -0]: #517

Bug fix

• This patch release removes the timestamp check against signing time during authentic timestamp verification due to potential time skew and the unauthenticated nature of signing time field.

What's Changed

• bump: release v1.3.0 by @​Two-Hearts in notaryproject/notation-go#507
• fix: remove signing time check during authenticTimestamp by @​Two-Hearts in notaryproject/notation-go#514
• bump: bump up dependencies for release-1.3 branch by @​Two-Hearts in notaryproject/notation-go#516

Full Changelog: notaryproject/notation-go@v1.3.0...v1.3.1

Commits

• 34a1aba bump: release v1.3.2
• c447774 backport: from main to release-1.3 branch (#536)
• 727046d Merge pull request #517 from Two-Hearts/release-1.3
• 961cef1 bump: release v1.3.1
• f171fb0 bump: bump up dependencies for release-1.3 branch (#516)
• 540cc34 fix: remove signing time check during authenticTimestamp (#514)
• 1864576 Merge pull request #507 from Two-Hearts/release-1.3
• See full diff in compare view

Updates github.com/ory/dockertest/v3 from 3.11.0 to 3.12.0

Release notes

Sourced from github.com/ory/dockertest/v3's releases.

v3.12.0

What's Changed

• chore(deps): bump github.com/docker/cli from 26.1.4+incompatible to 27.1.2+incompatible by @​dependabot in ory/dockertest#524
• chore(deps): bump actions/checkout from 3 to 4 by @​dependabot in ory/dockertest#514
• chore(deps): bump actions/stale from 4 to 9 by @​dependabot in ory/dockertest#526
• chore(deps): bump github.com/opencontainers/runc from 1.1.13 to 1.1.15 by @​dependabot in ory/dockertest#538
• chore(deps): bump actions/checkout from 2 to 4 by @​dependabot in ory/dockertest#527
• feat: use creds helper by @​GuillaumeSmaha in ory/dockertest#520
• added AuthConfigs to BuildOptions and pass that to BuildImage by @​DGollings in ory/dockertest#488
• add multiple test container example by @​akoserwal in ory/dockertest#515
• fix: trying to bind to an outbound ip returns an empty list of port bindings by @​atzoum in ory/dockertest#533
• chore(deps): bump golang.org/x/sys from 0.21.0 to 0.28.0 by @​dependabot in ory/dockertest#548
• chore(deps): bump actions/stale from 4 to 9 by @​dependabot in ory/dockertest#550
• chore(deps): bump actions/checkout from 2 to 4 by @​dependabot in ory/dockertest#549
• chore(deps): bump actions/checkout from 2 to 4 by @​dependabot in ory/dockertest#555
• chore(deps): bump github.com/docker/cli from 27.1.2+incompatible to 27.4.1+incompatible by @​dependabot in ory/dockertest#553
• chore(deps): bump github.com/opencontainers/runc from 1.1.15 to 1.2.3 by @​dependabot in ory/dockertest#551
• chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 by @​dependabot in ory/dockertest#547
• feat: add support for BuildKit when building images by @​tmc in ory/dockertest#416
• chore(deps): bump actions/setup-node from 2.pre.beta to 4.1.0 by @​dependabot in ory/dockertest#539
• chore(deps): bump actions/stale from 4 to 9 by @​dependabot in ory/dockertest#554

New Contributors

• @​GuillaumeSmaha made their first contribution in ory/dockertest#520
• @​DGollings made their first contribution in ory/dockertest#488
• @​akoserwal made their first contribution in ory/dockertest#515
• @​atzoum made their first contribution in ory/dockertest#533

Full Changelog: ory/dockertest@v3.11.0...v3.12.0

Commits

• 8a76ff0 chore: update repository templates to ory/meta@bc60...
• 207b20a chore: update repository templates to ory/meta@83e7...
• fabf563 autogen: update license overview
• 4b1e539 chore: update repository templates to ory/meta@44ef...
• 46d1a7b chore: update repository templates to ory/meta@c091...
• 13e6e33 chore(deps): bump actions/stale from 4 to 9 (#554)
• 91b7d0b chore(deps): bump actions/setup-node from 2.pre.beta to 4.1.0 (#539)
• 28c8c5b chore(deps): bump github.com/containerd/continuity from 0.4.3 to 0.4.5 (#545)
• eec3a4f feat: add support for BuildKit when building images (#416)
• f6e65ba chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#547)
• Additional commits viewable in compare view

Updates github.com/sigstore/sigstore from 1.8.15 to 1.9.4

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.9.4

What's Changed

• Add a Name field to the TargetFile struct in sigstore/sigstore#2068
• Update to use Tink v2.3.0 API in sigstore/sigstore#2069

Full Changelog: sigstore/sigstore@v1.9.3...v1.9.4

v1.9.3

What's Changed

• add proto hash algorithm to registry by @​loosebazooka in sigstore/sigstore#2048

New Contributors

• @​loosebazooka made their first contribution in sigstore/sigstore#2048

Full Changelog: sigstore/sigstore@v1.9.2...v1.9.3

v1.9.2

What's Changed

• Add tink package by @​cmurphy in sigstore/sigstore#2024
• pkg/signature: add P384/P521 compatibility algo to algorithm registry by @​ret2libc in sigstore/sigstore#2037

New Contributors

• @​cmurphy made their first contribution in sigstore/sigstore#2024

Full Changelog: sigstore/sigstore@v1.9.1...v1.9.2

v1.9.1

What's Changed

• Implement default signing algorithms based on the key type by @​ret2libc in sigstore/sigstore#2014

Full Changelog: sigstore/sigstore@v1.9.0...v1.9.1

v1.9.0

What's Changed

• Update KMS policy for new plugin interface by @​haydentherapper in sigstore/sigstore#1987
• Update TUF root to latest v12 root by @​haydentherapper in sigstore/sigstore#1988
• build(deps): Bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.5 by @​dependabot in sigstore/sigstore#1994
• upgrade go-jose to v4 by @​cpanato in sigstore/sigstore#2000
• pkg/signature: expose Algorithm Details information by @​ret2libc in sigstore/sigstore#2001

Full Changelog: sigstore/sigstore@v1.8.15...v1.9.0

Commits

• 0c2ec3a Update to use Tink v2.3.0 API (#2069)
• 8f79f87 Add a Name field to the TargetFile struct (#2068)
• 0923918 Update signing algorithm policy (#2066)
• d49b18c build(deps): Bump cloud.google.com/go/kms (#2067)
• 844f42d build(deps): Bump golang.org/x/net in /pkg/signature/kms/hashivault (#2064)
• 2f15489 build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#2057)
• 6e3c093 build(deps): Bump golang.org/x/oauth2 from 0.28.0 to 0.29.0 (#2052)
• 20f1b38 build(deps): Bump github.com/tink-crypto/tink-go/v2 from 2.3.0 to 2.4.0 (#2053)
• ca90b6d build(deps): Bump github.com/coreos/go-oidc/v3 from 3.13.0 to 3.14.1 (#2055)
• fcf4f5d build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azcore (#2059)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.