Bump github.com/slsa-framework/slsa-verifier/v2 from 2.5.1 to 2.6.0 i…

…n /tooling (#3830)

Bumps [github.com/slsa-framework/slsa-verifier/v2](https://github.com/slsa-framework/slsa-verifier) from 2.5.1 to 2.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/slsa-framework/slsa-verifier/releases">github.com/slsa-framework/slsa-verifier/v2's releases</a>.</em></p>
<blockquote>
<h2>v2.6.0</h2>
<h2>What's Changed</h2>
<ul>
<li>chore: Update doc and digests for v2.5.1 by <a href="https://github.com/laurentsimon"><code>@�laurentsimon</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/748">slsa-framework/slsa-verifier#748</a></li>
<li>fix(deps): update module google.golang.org/protobuf to v1.33.0 [security] by <a href="https://github.com/renovate-bot"><code>@�renovate-bot</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/743">slsa-framework/slsa-verifier#743</a></li>
<li>fix(deps): update dependency org.apache.maven:maven-core to v3.9.6 by <a href="https://github.com/renovate-bot"><code>@�renovate-bot</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/718">slsa-framework/slsa-verifier#718</a></li>
<li>chore: Update <code>@�actions/github</code> v6  by <a href="https://github.com/laurentsimon"><code>@�laurentsimon</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/749">slsa-framework/slsa-verifier#749</a></li>
<li>fix: use sigstore/pkg/fulcioroots to lessen deps by <a href="https://github.com/ramonpetgrave64"><code>@�ramonpetgrave64</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/746">slsa-framework/slsa-verifier#746</a></li>
<li>feat: add ramonpetgrave64 as CODEOWNER by <a href="https://github.com/ramonpetgrave64"><code>@�ramonpetgrave64</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/750">slsa-framework/slsa-verifier#750</a></li>
<li>chore(deps): update gcr.io/distroless/base:nonroot docker digest to 1a8ece8 by <a href="https://github.com/renovate-bot"><code>@�renovate-bot</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/701">slsa-framework/slsa-verifier#701</a></li>
<li>chore(deps): update github-actions (major) by <a href="https://github.com/renovate-bot"><code>@�renovate-bot</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/719">slsa-framework/slsa-verifier#719</a></li>
<li>fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.6 by <a href="https://github.com/renovate-bot"><code>@�renovate-bot</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/751">slsa-framework/slsa-verifier#751</a></li>
<li>chore(deps): update npm dev (major) by <a href="https://github.com/ramonpetgrave64"><code>@�ramonpetgrave64</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/753">slsa-framework/slsa-verifier#753</a></li>
<li>fix(deps): update dependency org.apache.maven.plugin-tools:maven-plugin-annotations to v3.11.0 by <a href="https://github.com/renovate-bot"><code>@�renovate-bot</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/752">slsa-framework/slsa-verifier#752</a></li>
<li>feat: fixes <a href="https://redirect.github.com/slsa-framework/slsa-verifier/issues/547">#547</a>: add npm sigstore-tuf suport by <a href="https://github.com/ramonpetgrave64"><code>@�ramonpetgrave64</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/731">slsa-framework/slsa-verifier#731</a></li>
<li>fix(deps): update module github.com/sigstore/cosign/v2 to v2.2.4 [security] by <a href="https://github.com/renovate-bot"><code>@�renovate-bot</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/723">slsa-framework/slsa-verifier#723</a></li>
<li>chore(deps): update golang:1.21 docker digest to 81811f8 by <a href="https://github.com/renovate-bot"><code>@�renovate-bot</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/693">slsa-framework/slsa-verifier#693</a></li>
<li>chore: slsa-framework/[email protected]: add testdata by <a href="https://github.com/ramonpetgrave64"><code>@â��ramonpetgrave64</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/758">slsa-framework/slsa-verifier#758</a></li>
<li>chore(deps): update golang:1.21 docker digest to d83472f by <a href="https://github.com/renovate-bot"><code>@�renovate-bot</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/764">slsa-framework/slsa-verifier#764</a></li>
<li>chore(deps): update gcr.io/distroless/base:nonroot docker digest to 53745e9 by <a href="https://github.com/renovate-bot"><code>@�renovate-bot</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/763">slsa-framework/slsa-verifier#763</a></li>
<li>feat: workflow to update actions dist by <a href="https://github.com/ramonpetgrave64"><code>@�ramonpetgrave64</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/760">slsa-framework/slsa-verifier#760</a></li>
<li>fix(deps): update dependency <code>@�actions/core</code> to v1.10.1 by <a href="https://github.com/renovate-bot"><code>@�renovate-bot</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/717">slsa-framework/slsa-verifier#717</a></li>
<li>chore: fix pr-title-checker by <a href="https://github.com/ianlewis"><code>@�ianlewis</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/770">slsa-framework/slsa-verifier#770</a></li>
<li>chore: Update Renovate config by <a href="https://github.com/ianlewis"><code>@�ianlewis</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/769">slsa-framework/slsa-verifier#769</a></li>
<li>fix: use pr_number as env variable by <a href="https://github.com/ramonpetgrave64"><code>@�ramonpetgrave64</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/771">slsa-framework/slsa-verifier#771</a></li>
<li>fix: signoff commit by <a href="https://github.com/ramonpetgrave64"><code>@�ramonpetgrave64</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/767">slsa-framework/slsa-verifier#767</a></li>
<li>chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 by <a href="https://github.com/dependabot"><code>@�dependabot</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/781">slsa-framework/slsa-verifier#781</a></li>
<li>chore(deps): bump github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.7 by <a href="https://github.com/dependabot"><code>@�dependabot</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/782">slsa-framework/slsa-verifier#782</a></li>
<li>chore(deps): bump undici from 5.28.3 to 5.28.4 in /actions/installer by <a href="https://github.com/dependabot"><code>@�dependabot</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/779">slsa-framework/slsa-verifier#779</a></li>
<li>chore(deps-dev): bump braces from 3.0.2 to 3.0.3 in /actions/installer by <a href="https://github.com/dependabot"><code>@�dependabot</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/780">slsa-framework/slsa-verifier#780</a></li>
<li>chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates by <a href="https://github.com/dependabot"><code>@�dependabot</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/784">slsa-framework/slsa-verifier#784</a></li>
<li>fix(deps): update golang.org/x/exp digest to 7f521ea by <a href="https://github.com/renovate-bot"><code>@�renovate-bot</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/775">slsa-framework/slsa-verifier#775</a></li>
<li>fix: make download-artifacts.sh more flexible by <a href="https://github.com/ramonpetgrave64"><code>@�ramonpetgrave64</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/761">slsa-framework/slsa-verifier#761</a></li>
<li>chore(deps): update golang:1.21 docker digest to b405b62 by <a href="https://github.com/renovate-bot"><code>@�renovate-bot</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/774">slsa-framework/slsa-verifier#774</a></li>
<li>chore(deps): update npm dev by <a href="https://github.com/renovate-bot"><code>@�renovate-bot</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/650">slsa-framework/slsa-verifier#650</a></li>
<li>fix(deps): update dependency org.apache.maven:maven-core to v3.9.8 by <a href="https://github.com/renovate-bot"><code>@�renovate-bot</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/787">slsa-framework/slsa-verifier#787</a></li>
<li>chore(deps): update github-actions by <a href="https://github.com/renovate-bot"><code>@�renovate-bot</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/786">slsa-framework/slsa-verifier#786</a></li>
<li>feat: vsa support by <a href="https://github.com/ramonpetgrave64"><code>@�ramonpetgrave64</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/777">slsa-framework/slsa-verifier#777</a></li>
<li>fix: use tag for the builder in the release workflow by <a href="https://github.com/ramonpetgrave64"><code>@�ramonpetgrave64</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/788">slsa-framework/slsa-verifier#788</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/slsa-framework/slsa-verifier/compare/v2.5.1...v2.6.0">https://github.com/slsa-framework/slsa-verifier/compare/v2.5.1...v2.6.0</a></p>
<h2>v2.6.0-rc.1</h2>
<p><strong>This is a pre-release. DO NOT install</strong></p>
<h2>What's Changed</h2>
<ul>
<li>chore: Update doc and digests for v2.5.1 by <a href="https://github.com/laurentsimon"><code>@�laurentsimon</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/748">slsa-framework/slsa-verifier#748</a></li>
<li>fix(deps): update module google.golang.org/protobuf to v1.33.0 [security] by <a href="https://github.com/renovate-bot"><code>@�renovate-bot</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/743">slsa-framework/slsa-verifier#743</a></li>
<li>fix(deps): update dependency org.apache.maven:maven-core to v3.9.6 by <a href="https://github.com/renovate-bot"><code>@�renovate-bot</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/718">slsa-framework/slsa-verifier#718</a></li>
<li>chore: Update <code>@�actions/github</code> v6  by <a href="https://github.com/laurentsimon"><code>@�laurentsimon</code></a> in <a href="https://redirect.github.com/slsa-framework/slsa-verifier/pull/749">slsa-framework/slsa-verifier#749</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/slsa-framework/slsa-verifier/commit/3714a2a4684014deb874a0e737dffa0ee02dd647"><code>3714a2a</code></a> fix: use tag for the builder in the release workflow (<a href="https://redirect.github.com/slsa-framework/slsa-verifier/issues/788">#788</a>)</li>
<li><a href="https://github.com/slsa-framework/slsa-verifier/commit/208ac12589fb119e1d15661af960c131e8fc9f47"><code>208ac12</code></a> feat: vsa support (<a href="https://redirect.github.com/slsa-framework/slsa-verifier/issues/777">#777</a>)</li>
<li><a href="https://github.com/slsa-framework/slsa-verifier/commit/1049da48419ca600ee73c2103db33918d9f5c368"><code>1049da4</code></a> chore(deps): update github-actions (<a href="https://redirect.github.com/slsa-framework/slsa-verifier/issues/786">#786</a>)</li>
<li><a href="https://github.com/slsa-framework/slsa-verifier/commit/903cddc5c33e1642e240ecc06f7872c7dd92baed"><code>903cddc</code></a> fix(deps): update dependency org.apache.maven:maven-core to v3.9.8 (<a href="https://redirect.github.com/slsa-framework/slsa-verifier/issues/787">#787</a>)</li>
<li><a href="https://github.com/slsa-framework/slsa-verifier/commit/4bab78a528bb08e847fa3bf648ead7417306e6c1"><code>4bab78a</code></a> chore(deps): update npm dev (<a href="https://redirect.github.com/slsa-framework/slsa-verifier/issues/650">#650</a>)</li>
<li><a href="https://github.com/slsa-framework/slsa-verifier/commit/163abe52e295ab4e02bed3204a3b81203ebd82d7"><code>163abe5</code></a> chore(deps): update golang:1.21 docker digest to b405b62 (<a href="https://redirect.github.com/slsa-framework/slsa-verifier/issues/774">#774</a>)</li>
<li><a href="https://github.com/slsa-framework/slsa-verifier/commit/2f70fef663b1143bf50d461680c6ac4a97b73af3"><code>2f70fef</code></a> fix: make download-artifacts.sh more flexible (<a href="https://redirect.github.com/slsa-framework/slsa-verifier/issues/761">#761</a>)</li>
<li><a href="https://github.com/slsa-framework/slsa-verifier/commit/b69efeea0bc4809d8fca48d01a1af6b29d35bf9b"><code>b69efee</code></a> fix(deps): update golang.org/x/exp digest to 7f521ea (<a href="https://redirect.github.com/slsa-framework/slsa-verifier/issues/775">#775</a>)</li>
<li><a href="https://github.com/slsa-framework/slsa-verifier/commit/34ab20367861aadacf33ecd19aa46bbf02b27b91"><code>34ab203</code></a> chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates ...</li>
<li><a href="https://github.com/slsa-framework/slsa-verifier/commit/9fb6f246f8057c33be53d7ba2bf3a4f4cef450c5"><code>9fb6f24</code></a> chore(deps-dev): bump braces from 3.0.2 to 3.0.3 in /actions/installer (<a href="https://redirect.github.com/slsa-framework/slsa-verifier/issues/780">#780</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/slsa-framework/slsa-verifier/compare/v2.5.1...v2.6.0">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/slsa-framework/slsa-verifier/v2&package-manager=go_modules&previous-version=2.5.1&new-version=2.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

tooling/go.mod

@@ -2,192 +2,112 @@ module cocoon-tooling
 
 go 1.18
 
-require github.com/slsa-framework/slsa-verifier/v2 v2.5.1
+require github.com/slsa-framework/slsa-verifier/v2 v2.6.0
 
 require (
-	cloud.google.com/go/compute v1.23.3 // indirect
-	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	filippo.io/edwards25519 v1.0.0 // indirect
-	github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 // indirect
-	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
-	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
-	github.com/Azure/go-autorest/autorest v0.11.29 // indirect
-	github.com/Azure/go-autorest/autorest/adal v0.9.22 // indirect
-	github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect
-	github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect
-	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
-	github.com/Azure/go-autorest/logger v0.2.1 // indirect
-	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 // indirect
-	github.com/ThalesIgnite/crypto11 v1.2.5 // indirect
-	github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 // indirect
-	github.com/alibabacloud-go/cr-20160607 v1.0.1 // indirect
-	github.com/alibabacloud-go/cr-20181201 v1.0.10 // indirect
-	github.com/alibabacloud-go/darabonba-openapi v0.1.18 // indirect
-	github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68 // indirect
-	github.com/alibabacloud-go/endpoint-util v1.1.1 // indirect
-	github.com/alibabacloud-go/openapi-util v0.0.11 // indirect
-	github.com/alibabacloud-go/tea v1.1.18 // indirect
-	github.com/alibabacloud-go/tea-utils v1.4.4 // indirect
-	github.com/alibabacloud-go/tea-xml v1.1.2 // indirect
-	github.com/aliyun/credentials-go v1.2.3 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.21.2 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.19.1 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.43 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.13 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.43 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.37 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.45 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.15.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.12.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.37 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.15.2 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.23.2 // indirect
-	github.com/aws/smithy-go v1.15.0 // indirect
-	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220228164355-396b2034c795 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
-	github.com/chrismellard/docker-credential-acr-env v0.0.0-20220119192733-fe33c00cee21 // indirect
-	github.com/clbanning/mxj/v2 v2.5.6 // indirect
-	github.com/cloudflare/circl v1.3.3 // indirect
 	github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
-	github.com/coreos/go-oidc/v3 v3.9.0 // indirect
-	github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 // indirect
-	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect
 	github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
-	github.com/digitorus/timestamp v0.0.0-20230821155606-d1ad5ca9624c // indirect
-	github.com/dimchansky/utfbom v1.1.1 // indirect
-	github.com/docker/cli v24.0.0+incompatible // indirect
+	github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect
+	github.com/docker/cli v24.0.7+incompatible // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect
-	github.com/docker/docker v24.0.7+incompatible // indirect
-	github.com/docker/docker-credential-helpers v0.7.0 // indirect
+	github.com/docker/docker v24.0.9+incompatible // indirect
+	github.com/docker/docker-credential-helpers v0.8.0 // indirect
 	github.com/docker/go v1.5.1-1 // indirect
-	github.com/emicklei/go-restful/v3 v3.10.2 // indirect
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/go-chi/chi v4.1.2+incompatible // indirect
-	github.com/go-jose/go-jose/v3 v3.0.1 // indirect
-	github.com/go-logr/logr v1.3.0 // indirect
+	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/go-openapi/analysis v0.21.5 // indirect
-	github.com/go-openapi/errors v0.21.0 // indirect
-	github.com/go-openapi/jsonpointer v0.20.1 // indirect
-	github.com/go-openapi/jsonreference v0.20.3 // indirect
-	github.com/go-openapi/loads v0.21.3 // indirect
-	github.com/go-openapi/runtime v0.27.0 // indirect
-	github.com/go-openapi/spec v0.20.12 // indirect
-	github.com/go-openapi/strfmt v0.22.0 // indirect
-	github.com/go-openapi/swag v0.22.8 // indirect
-	github.com/go-openapi/validate v0.22.4 // indirect
-	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/go-openapi/analysis v0.23.0 // indirect
+	github.com/go-openapi/errors v0.22.0 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/loads v0.22.0 // indirect
+	github.com/go-openapi/runtime v0.28.0 // indirect
+	github.com/go-openapi/spec v0.21.0 // indirect
+	github.com/go-openapi/strfmt v0.23.0 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
+	github.com/go-openapi/validate v0.24.0 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
-	github.com/google/certificate-transparency-go v1.1.6 // indirect
-	github.com/google/gnostic v0.5.7-v3refs // indirect
-	github.com/google/go-cmp v0.6.0 // indirect
-	github.com/google/go-containerregistry v0.18.0 // indirect
-	github.com/google/go-github/v53 v53.2.0 // indirect
-	github.com/google/go-querystring v1.1.0 // indirect
-	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/trillian v1.5.3 // indirect
-	github.com/google/uuid v1.5.0 // indirect
+	github.com/google/certificate-transparency-go v1.1.8 // indirect
+	github.com/google/go-containerregistry v0.19.1 // indirect
+	github.com/google/trillian v1.6.0 // indirect
+	github.com/google/uuid v1.6.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
-	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/imdario/mergo v0.3.16 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
+	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
+	github.com/in-toto/attestation v1.1.0 // indirect
 	github.com/in-toto/in-toto-golang v0.9.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b // indirect
-	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
-	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.17.0 // indirect
-	github.com/letsencrypt/boulder v0.0.0-20230907030200-6d76a0f91e1e // indirect
+	github.com/klauspost/compress v1.17.4 // indirect
+	github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/miekg/pkcs11 v1.1.1 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
-	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
-	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/mozillazg/docker-credential-acr-helper v0.3.0 // indirect
-	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
+	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
 	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/sagikazarmark/locafero v0.3.0 // indirect
+	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/sassoftware/relic v7.2.1+incompatible // indirect
 	github.com/secure-systems-lab/go-securesystemslib v0.8.0 // indirect
-	github.com/segmentio/ksuid v1.0.4 // indirect
 	github.com/shibumi/go-pathspec v1.3.0 // indirect
-	github.com/sigstore/cosign/v2 v2.2.0 // indirect
-	github.com/sigstore/fulcio v1.4.3 // indirect
-	github.com/sigstore/protobuf-specs v0.2.1 // indirect
-	github.com/sigstore/rekor v1.3.4 // indirect
-	github.com/sigstore/sigstore v1.8.1 // indirect
-	github.com/sigstore/timestamp-authority v1.1.2 // indirect
+	github.com/sigstore/cosign/v2 v2.2.4 // indirect
+	github.com/sigstore/fulcio v1.4.5 // indirect
+	github.com/sigstore/protobuf-specs v0.3.0 // indirect
+	github.com/sigstore/rekor v1.3.6 // indirect
+	github.com/sigstore/sigstore v1.8.3 // indirect
+	github.com/sigstore/sigstore-go v0.2.0 // indirect
+	github.com/sigstore/timestamp-authority v1.2.2 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
-	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
 	github.com/slsa-framework/slsa-github-generator v1.9.0 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
-	github.com/spf13/afero v1.10.0 // indirect
-	github.com/spf13/cast v1.5.1 // indirect
+	github.com/spf13/afero v1.11.0 // indirect
+	github.com/spf13/cast v1.6.0 // indirect
 	github.com/spf13/cobra v1.8.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/spf13/viper v1.17.0 // indirect
+	github.com/spf13/viper v1.18.2 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect
-	github.com/thales-e-security/pool v0.0.2 // indirect
 	github.com/theupdateframework/go-tuf v0.7.0 // indirect
+	github.com/theupdateframework/go-tuf/v2 v2.0.0-20240207172116-f5cf71290141 // indirect
 	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
-	github.com/tjfoc/gmsm v1.3.2 // indirect
 	github.com/transparency-dev/merkle v0.0.2 // indirect
-	github.com/vbatts/tar-split v0.11.3 // indirect
-	github.com/xanzy/go-gitlab v0.90.0 // indirect
-	go.mongodb.org/mongo-driver v1.13.1 // indirect
-	go.opentelemetry.io/otel v1.19.0 // indirect
-	go.opentelemetry.io/otel/metric v1.19.0 // indirect
-	go.opentelemetry.io/otel/trace v1.19.0 // indirect
-	go.step.sm/crypto v0.38.0 // indirect
+	github.com/vbatts/tar-split v0.11.5 // indirect
+	go.mongodb.org/mongo-driver v1.14.0 // indirect
+	go.opentelemetry.io/otel v1.24.0 // indirect
+	go.opentelemetry.io/otel/metric v1.24.0 // indirect
+	go.opentelemetry.io/otel/trace v1.24.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.26.0 // indirect
-	golang.org/x/crypto v0.18.0 // indirect
-	golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
-	golang.org/x/mod v0.14.0 // indirect
-	golang.org/x/net v0.20.0 // indirect
-	golang.org/x/oauth2 v0.16.0 // indirect
-	golang.org/x/sync v0.5.0 // indirect
-	golang.org/x/sys v0.16.0 // indirect
-	golang.org/x/term v0.16.0 // indirect
+	go.uber.org/zap v1.27.0 // indirect
+	golang.org/x/crypto v0.22.0 // indirect
+	golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 // indirect
+	golang.org/x/mod v0.18.0 // indirect
+	golang.org/x/net v0.23.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/sys v0.20.0 // indirect
+	golang.org/x/term v0.19.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	golang.org/x/time v0.5.0 // indirect
-	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f // indirect
-	google.golang.org/grpc v1.59.0 // indirect
-	google.golang.org/protobuf v1.32.0 // indirect
-	gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect
-	gopkg.in/inf.v0 v0.9.1 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240311173647-c811ad7063a7 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect
+	google.golang.org/grpc v1.62.1 // indirect
+	google.golang.org/protobuf v1.34.1 // indirect
+	gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
-	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/api v0.27.3 // indirect
-	k8s.io/apimachinery v0.27.3 // indirect
-	k8s.io/client-go v0.27.3 // indirect
-	k8s.io/klog/v2 v2.100.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
-	k8s.io/utils v0.0.0-20230505201702-9f6742963106 // indirect
-	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	k8s.io/klog/v2 v2.120.1 // indirect
 	sigs.k8s.io/release-utils v0.7.7 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )