build(deps): bump github.com/sigstore/sigstore-go from 0.2.0 to 0.3.0

[dependabot]

Bumps github.com/sigstore/sigstore-go from 0.2.0 to 0.3.0.

Release notes

Sourced from github.com/sigstore/sigstore-go's releases.

v0.3.0

What's Changed

v0.3.0 includes support for the Sigstore Bundle v0.3. It also includes some improved interface method naming and several bug fixes and dependency updates.

• Bundle v0.3 support by @​steiza in sigstore/sigstore-go#101
• Improve method naming in TrustedMaterial interface by @​codysoyland in sigstore/sigstore-go#114
• Fix Windows embedded file path bug by @​malancas in sigstore/sigstore-go#103
• Added a flag to disable ct log verification by @​kommendorkapten in sigstore/sigstore-go#135
• Update embedded root to latest by @​haydentherapper in sigstore/sigstore-go#144

Full Changelog: sigstore/sigstore-go@v0.2.0...v0.3.0

Commits

• 998ff47 Allow bundles with version v0.3.x (all v0.3 point releases) (#147)
• 20c2ce9 Require inclusion proof for all bundle versions newer than v0.1 (#146)
• da232cf Update embedded root to latest (#144)
• 9bba214 Bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#139)
• ce28238 Bump github.com/sigstore/rekor from 1.3.5 to 1.3.6 (#140)
• e990093 Bump golang.org/x/mod from 0.16.0 to 0.17.0 (#138)
• fae1614 Bump github.com/sigstore/protobuf-specs (#137)
• 2a9419a Bump github.com/sigstore/protobuf-specs from 0.3.0 to 0.3.1 (#141)
• 355a088 Bump github/codeql-action from 3.24.9 to 3.24.10 (#142)
• 993044f Added a flag to disable ct log verification (#135)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[rdimitrov]

This is a breaking change thus why the build failed. We have to update the code to reflect it.

[coveralls]

coverage: 48.193% (+0.01%) from 48.181%
when pulling 984b0f9 on dependabot/go_modules/github.com/sigstore/sigstore-go-0.3.0
into 7a335b7 on main.

[puerco]

done

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.