chore(deps): bump github.com/sigstore/sigstore-go from 0.5.1 to 0.6.0

[dependabot]

Bumps github.com/sigstore/sigstore-go from 0.5.1 to 0.6.0.

Release notes

Sourced from github.com/sigstore/sigstore-go's releases.

v0.6.0

As folks use sigstore-go in more cases, we continue to make fixes and do some minor API interface changes.

Because we are pre-1.0.0 these were made as breaking changes. After 1.0.0 we will provide deprecation notices and smoother migration paths. There may be more minor interface changes between now and v1.0.0.

Breaking Changes

• In pkg/bundle/bundle.go
  • ProtobufBundle is now Bundle
  • NewProtobufBundle is now NewBundle
• In pkg/bundle/signature_content.go
  • Use Statement() type was from github.com/in-toto/in-toto-golang/in_toto now comes from github.com/in-toto/attestation/go/v1

What's Changed

• feat: add support for additional transparency log key types by @​vishal-chdhry in sigstore/sigstore-go#197
• feat: use GetLogEntryByIndex to query rekor by @​vishal-chdhry in sigstore/sigstore-go#188
• feat: add validation of required fields in the bundle by @​vishal-chdhry in sigstore/sigstore-go#189
• Rename ProtobufBundle to Bundle by @​codysoyland in sigstore/sigstore-go#251
• Fix verify DSSE bundles (after signing) by @​steiza in sigstore/sigstore-go#258
• Fix crash with missing checkpoint by @​haydentherapper in sigstore/sigstore-go#260
• Add file pattern to CODEOWNERS by @​codysoyland in sigstore/sigstore-go#269
• Use example.com and remove trademark from tests by @​codysoyland in sigstore/sigstore-go#267
• Add deprecation message for ProtobufBundle by @​codysoyland in sigstore/sigstore-go#271
• Switch in-toto library to github.com/in-toto/attestation by @​codysoyland in sigstore/sigstore-go#274

Full Changelog: sigstore/sigstore-go@v0.5.1...v0.6.0

Commits

• 3f8dbc4 Bump golang.org/x/mod from 0.19.0 to 0.20.0 (#255)
• 060b639 Switch in-toto library to github.com/in-toto/attestation (#274)
• 81de309 Add deprecation message for ProtobufBundle (#271)
• aee58dc Bump golang.org/x/crypto from 0.25.0 to 0.26.0 (#261)
• f5d5d81 Bump github.com/sigstore/sigstore from 1.8.7 to 1.8.8 (#262)
• 2c9c0ed Bump github.com/sigstore/sigstore from 1.8.7 to 1.8.8 in /examples/oci-image-...
• aebc451 Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 (#254)
• e7a08c6 Bump github/codeql-action from 3.25.13 to 3.26.0 (#263)
• 54af3e8 Bump github.com/google/go-containerregistry (#264)
• 818101a Use example.com and remove trademark from tests (#267)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)