chore(deps): bump github.com/sigstore/rekor from 1.0.1 to 1.1.0

[dependabot]

Bumps github.com/sigstore/rekor from 1.0.1 to 1.1.0.

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.1.0

Functional Enhancements

• improve validation on intoto v0.0.2 type (#1351)
• add feature to limit HTTP request body length to process (#1334)
• add information about the file size limit (#1313)
• Add script to backfill Redis from Rekor (#1163)
• Feature: add search support for sha512 (#1142)

Quality Enhancements

• fuzzing: refactor OSS-Fuzz build script (#1377)
• Update cloudbuild for cosign 2.0 (#1375)
• Tests - Additional sharding tests (#1180)
• jar type: add fuzzer for 3rd-party dep (#1360)
• update cosign to 2.0.0 and builder image and also cosign flags (#1368)
• fuzzing: move alpine utils to fuzz utils (#1335)
• fuzzing: add seed for alpine fuzzer (#1342)
• jar: add v001 fuzzer (#1327)
• fuzzing: open writer later in fuzz utils (#1326)
• fuzzing: remove tar operations in alpine fuzzer (#1322)
• alpine: add v001 fuzzer (#1316)
• hashedrekord: add v001 fuzzer (#1315)
• fuzzing: add call to IndexKeys in multiple fuzzers (#1302)
• fuzzing: improve cose fuzzer (#1300)
• fuzzing: improve fuzz utils (#1298)
• fuzzing: improve alpine fuzzer (#1273)
• fuzzing: go mod edit go-fuzz-headers (#1272)
• fuzzing: add .options file (#1271)
• fuzzing: build helm fuzzer from correct dir (#1264)
• types: refactor multiple fuzzers (#1258)
• helm: add fuzzer for provenance unmarshalling (#1243)
• pki: add fuzzer (#1256)
• Fuzzing: Add more bug detectors (#1253)
• Refactor e2e - part 5 (#1236)
• Removed unused tool/deps (#1244)
• Fixed the invalid path (#1245)
• Run latest fuzzers in OSS-Fuzz (#1221)
• Fuzz tests - hashedrekord (#1224)
• Update builder (#1228)
• Revamping rekor e2e - part 4 of N (#1218)
• types: add fuzzers (#1225)
• jar type: add fuzzer (#1215)
• Revamping rekor e2e - part 3 of N (#1177)
• modify OSS-Fuzz build script (#1214)
• move over oss-fuzz build script (#1204)
• wrap redis client errors to aid debugging (#1176)
• don't test release candidate builds in harness (#1183)
• types/alpine: add fuzzer (#1200)
• logging tweaks to improve usability (#1235)
• Add backfill-redis to the release artifacts (#1174)

... (truncated)

Changelog

Sourced from github.com/sigstore/rekor's changelog.

v1.1.0

Functional Enhancements

• improve validation on intoto v0.0.2 type (#1351)
• add feature to limit HTTP request body length to process (#1334)
• add information about the file size limit (#1313)
• Add script to backfill Redis from Rekor (#1163)
• Feature: add search support for sha512 (#1142)

Quality Enhancements

• fuzzing: refactor OSS-Fuzz build script (#1377)
• Update cloudbuild for cosign 2.0 (#1375)
• Tests - Additional sharding tests (#1180)
• jar type: add fuzzer for 3rd-party dep (#1360)
• update cosign to 2.0.0 and builder image and also cosign flags (#1368)
• fuzzing: move alpine utils to fuzz utils (#1335)
• fuzzing: add seed for alpine fuzzer (#1342)
• jar: add v001 fuzzer (#1327)
• fuzzing: open writer later in fuzz utils (#1326)
• fuzzing: remove tar operations in alpine fuzzer (#1322)
• alpine: add v001 fuzzer (#1316)
• hashedrekord: add v001 fuzzer (#1315)
• fuzzing: add call to IndexKeys in multiple fuzzers (#1302)
• fuzzing: improve cose fuzzer (#1300)
• fuzzing: improve fuzz utils (#1298)
• fuzzing: improve alpine fuzzer (#1273)
• fuzzing: go mod edit go-fuzz-headers (#1272)
• fuzzing: add .options file (#1271)
• fuzzing: build helm fuzzer from correct dir (#1264)
• types: refactor multiple fuzzers (#1258)
• helm: add fuzzer for provenance unmarshalling (#1243)
• pki: add fuzzer (#1256)
• Fuzzing: Add more bug detectors (#1253)
• Refactor e2e - part 5 (#1236)
• Removed unused tool/deps (#1244)
• Fixed the invalid path (#1245)
• Run latest fuzzers in OSS-Fuzz (#1221)
• Fuzz tests - hashedrekord (#1224)
• Update builder (#1228)
• Revamping rekor e2e - part 4 of N (#1218)
• types: add fuzzers (#1225)
• jar type: add fuzzer (#1215)
• Revamping rekor e2e - part 3 of N (#1177)
• modify OSS-Fuzz build script (#1214)
• move over oss-fuzz build script (#1204)
• wrap redis client errors to aid debugging (#1176)
• don't test release candidate builds in harness (#1183)
• types/alpine: add fuzzer (#1200)
• logging tweaks to improve usability (#1235)
• Add backfill-redis to the release artifacts (#1174)

... (truncated)

Commits

• 4a65926 update CHANGELOG for v1.1.0 (#1409)
• 01a2321 remove goroutine usage from SearchLogQuery (#1407)
• abf7cee drop log messages regarding attestation storage to debug (#1408)
• 924d5b1 build(deps): bump golang from 1724dc3 to f709934 (#1402)
• 3f3f4a3 build(deps): bump github/codeql-action from 2.2.8 to 2.2.9 (#1403)
• ed4fc16 build(deps): bump github.com/go-openapi/strfmt from 0.21.5 to 0.21.7 (#1404)
• 14e3c4b build(deps): bump golang from 80950aa to 1724dc3 (#1400)
• a88f219 build(deps): bump go.step.sm/crypto from 0.27.0 to 0.28.0 (#1401)
• e72e127 build(deps): bump golang from 5990c4f to 80950aa (#1397)
• 607e029 build(deps): bump actions/checkout from 3.4.0 to 3.5.0 (#1398)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Merging #2850 (cd8a31c) into main (5b8af9c) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #2850   +/-   ##
=======================================
  Coverage   29.47%   29.47%           
=======================================
  Files         151      151           
  Lines        9678     9678           
=======================================
  Hits         2853     2853           
  Misses       6386     6386           
  Partials      439      439           

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.