Bump github.com/sigstore/cosign from 1.13.0 to 1.13.1

[dependabot]

Bumps github.com/sigstore/cosign from 1.13.0 to 1.13.1.

Release notes

Sourced from github.com/sigstore/cosign's releases.

v1.13.1

What's Changed

• add changelog for v1.13.0 release by @​cpanato in sigstore/cosign#2310
• Fix option description: "sign" --> "verify" by @​ChristianCiach in sigstore/cosign#2306
• Update Dockerfile section of README by @​tetsuo-cpp in sigstore/cosign#2323
• Add '--cert-identity' flag to support subject alternate names for ver… by @​kpk47 in sigstore/cosign#2278
• Add attest-blob command by @​priyawadhwa in sigstore/cosign#2286
• Add --output-attestation flag to attest-blob and remove experimental signing by @​priyawadhwa in sigstore/cosign#2332
• Remove experimental flags from attest-blob and refactor by @​priyawadhwa in sigstore/cosign#2338
• Update warning when users sign images by tag. by @​znewman01 in sigstore/cosign#2313
• Add verify-blob-attestation command and tests by @​priyawadhwa in sigstore/cosign#2337
• Nits for #2337 by @​vaikas in sigstore/cosign#2342
• verify-blob-attestation: allow multiple subjects in in_toto attestation by @​priyawadhwa in sigstore/cosign#2341
• chore(deps): bump google-github-actions/setup-gcloud from 0.6.0 to 0.6.1 by @​dependabot in sigstore/cosign#2340
• Add CHANGELOG for v1.13.1 by @​priyawadhwa in sigstore/cosign#2349

New Contributors

• @​tetsuo-cpp made their first contribution in sigstore/cosign#2323
• @​kpk47 made their first contribution in sigstore/cosign#2278

Full Changelog: sigstore/cosign@v1.13.0...v1.13.1

Changelog

Sourced from github.com/sigstore/cosign's changelog.

v1.13.1

Enhancements

• verify-blob-attestation: allow multiple subjects in in_toto attestation (#2341)
• Add verify-blob-attestation command and tests (#2337)
• Add --output-attestation flag to attest-blob and remove experimental signing (#2332)
• Add attest-blob command (#2286)
• Add '--cert-identity' flag to support subject alternate names for ver… (#2278)
• Update Dockerfile section of README (#2323)

Bug Fixes

• Update warning when users sign images by tag. (#2313)

Others

• Remove experimental flags from attest-blob and refactor (#2338)

Contributors

• Alex Cameron
• Ville Aikas
• Zack Newman
• asraa
• kpk47
• priyawadhwa

Commits

• d1c6336 Add CHANGELOG for v1.13.1 (#2349)
• e79cb5c chore(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 (#2326)
• eba132f chore(deps): bump github.com/go-openapi/runtime from 0.24.1 to 0.24.2 (#2347)
• 2860144 chore(deps): bump google.golang.org/api from 0.98.0 to 0.99.0 (#2348)
• ef9cf9d chore(deps): bump google-github-actions/setup-gcloud from 0.6.1 to 0.6.2 (#2344)
• fc83e43 chore(deps): bump google-github-actions/auth from 0.8.2 to 0.8.3 (#2343)
• e652561 chore(deps): bump google-github-actions/setup-gcloud from 0.6.0 to 0.6.1 (#2340)
• d637a3b verify-blob-attestation: allow multiple subjects in in_toto attestation (#2341)
• a7ad7e7 Nits for #2337 (#2342)
• 797033c Add verify-blob-attestation command and tests (#2337)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov-commenter]

Codecov Report

Merging #864 (d5f8001) into main (600d003) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #864   +/-   ##
=======================================
  Coverage   51.29%   51.29%           
=======================================
  Files          44       44           
  Lines        3394     3394           
=======================================
  Hits         1741     1741           
  Misses       1426     1426           
  Partials      227      227           

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.