chore(deps): bump github.com/google/go-containerregistry from 0.13.0 to 0.14.0

[dependabot]

Bumps github.com/google/go-containerregistry from 0.13.0 to 0.14.0.

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.14.0

Changelog

• 9306ebad Allow crane edit to generate non-image artifacts (#1545)
• de35f0f7 Allow setting Content-Type in crane edit manifest (#1551)
• 4b081f80 Avoid v1.Manifest in crane edit config (#1583)
• 1cfe1fc2 Bump aws-actions/configure-aws-credentials from 1.7.0 to 2.0.0 (#1593)
• da1008fb Bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 (#1548)
• 86be45fb Bump goreleaser/goreleaser-action from 4.1.0 to 4.1.1 (#1547)
• 62f183e5 Bump goreleaser/goreleaser-action from 4.1.1 to 4.2.0 (#1556)
• 1b8dc2ba Bump slsa-framework/slsa-github-generator from 1.2.2 to 1.5.0 (#1580)
• 11843ba2 Enforce proper sha256 usage (#1544)
• 2ceebaaf Implement crane index subcommand (#1561)
• 9f42e028 Set mediaType for empty.ImageIndex in RawManifest (#1562)
• 759b19f7 Support artifactType, for images whose config.mediaType is not a config (#1541)
• b3c23b4c Support for OCI 1.1+ referrers via API (#1546)
• 061ee6bf Support for OCI 1.1+ referrers via fallback tag (#1543)
• 67703048 Update descriptor "data" field (when valid) during "crane edit config" (#1584)
• 76bac933 Update release.yml (#1540)
• eb7d746c authn: also read mount secrets (#1560)
• e94d4089 bump deps using ./hack/bump-deps.sh (#1592)
• 4e95ae2b crane: add --flatten for index append (#1566)
• ff810c18 crane: add serve subcommand (#1586)
• 8ea5e0e8 crane: support --omit-digest-tags in crane ls (#1528)
• 824efc77 fix(mutate): also set timestamps only present in some formats (#1550)
• e04520bc fix: Fix the crane release url and add more steps (#1532)
• d8722327 hash: use generic instantiation (#1538)
• 57f010d2 replace manual slsa-verifier installation with action (#1585)
• 9cd098e3 skip tls verification if default transport is used with insecure option (#1559)
• 36249683 tarball: pass imageToTags (#1563)

Container Images

https://gcr.io/go-containerregistry/crane:v0.14.0 https://gcr.io/go-containerregistry/gcrane:v0.14.0

For example:

docker pull gcr.io/go-containerregistry/crane:v0.14.0
docker pull gcr.io/go-containerregistry/gcrane:v0.14.0

Commits

• 4b081f8 Avoid v1.Manifest in crane edit config (#1583)
• 1cfe1fc Bump aws-actions/configure-aws-credentials from 1.7.0 to 2.0.0 (#1593)
• e94d408 bump deps using ./hack/bump-deps.sh (#1592)
• ff810c1 crane: add serve subcommand (#1586)
• 57f010d replace manual slsa-verifier installation with action (#1585)
• 6770304 Update descriptor "data" field (when valid) during "crane edit config" (#1584)
• 1b8dc2b Bump slsa-framework/slsa-github-generator from 1.2.2 to 1.5.0 (#1580)
• 8ea5e0e crane: support --omit-digest-tags in crane ls (#1528)
• 4e95ae2 crane: add --flatten for index append (#1566)
• 4a0e0af docs: Update crane installation and verification instructions (#1567)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)