Bump slsa-framework/slsa-verifier from 2.5.1 to 2.6.0

[dependabot]

Bumps slsa-framework/slsa-verifier from 2.5.1 to 2.6.0.

Release notes

Sourced from slsa-framework/slsa-verifier's releases.

v2.6.0

What's Changed

• chore: Update doc and digests for v2.5.1 by @​laurentsimon in slsa-framework/slsa-verifier#748
• fix(deps): update module google.golang.org/protobuf to v1.33.0 [security] by @​renovate-bot in slsa-framework/slsa-verifier#743
• fix(deps): update dependency org.apache.maven:maven-core to v3.9.6 by @​renovate-bot in slsa-framework/slsa-verifier#718
• chore: Update @​actions/github v6 by @​laurentsimon in slsa-framework/slsa-verifier#749
• fix: use sigstore/pkg/fulcioroots to lessen deps by @​ramonpetgrave64 in slsa-framework/slsa-verifier#746
• feat: add ramonpetgrave64 as CODEOWNER by @​ramonpetgrave64 in slsa-framework/slsa-verifier#750
• chore(deps): update gcr.io/distroless/base:nonroot docker digest to 1a8ece8 by @​renovate-bot in slsa-framework/slsa-verifier#701
• chore(deps): update github-actions (major) by @​renovate-bot in slsa-framework/slsa-verifier#719
• fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.6 by @​renovate-bot in slsa-framework/slsa-verifier#751
• chore(deps): update npm dev (major) by @​ramonpetgrave64 in slsa-framework/slsa-verifier#753
• fix(deps): update dependency org.apache.maven.plugin-tools:maven-plugin-annotations to v3.11.0 by @​renovate-bot in slsa-framework/slsa-verifier#752
• feat: fixes #547: add npm sigstore-tuf suport by @​ramonpetgrave64 in slsa-framework/slsa-verifier#731
• fix(deps): update module github.com/sigstore/cosign/v2 to v2.2.4 [security] by @​renovate-bot in slsa-framework/slsa-verifier#723
• chore(deps): update golang:1.21 docker digest to 81811f8 by @​renovate-bot in slsa-framework/slsa-verifier#693
• chore: slsa-framework/slsa-github-generator@v2.0.0: add testdata by @​ramonpetgrave64 in slsa-framework/slsa-verifier#758
• chore(deps): update golang:1.21 docker digest to d83472f by @​renovate-bot in slsa-framework/slsa-verifier#764
• chore(deps): update gcr.io/distroless/base:nonroot docker digest to 53745e9 by @​renovate-bot in slsa-framework/slsa-verifier#763
• feat: workflow to update actions dist by @​ramonpetgrave64 in slsa-framework/slsa-verifier#760
• fix(deps): update dependency @​actions/core to v1.10.1 by @​renovate-bot in slsa-framework/slsa-verifier#717
• chore: fix pr-title-checker by @​ianlewis in slsa-framework/slsa-verifier#770
• chore: Update Renovate config by @​ianlewis in slsa-framework/slsa-verifier#769
• fix: use pr_number as env variable by @​ramonpetgrave64 in slsa-framework/slsa-verifier#771
• fix: signoff commit by @​ramonpetgrave64 in slsa-framework/slsa-verifier#767
• chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 by @​dependabot in slsa-framework/slsa-verifier#781
• chore(deps): bump github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.7 by @​dependabot in slsa-framework/slsa-verifier#782
• chore(deps): bump undici from 5.28.3 to 5.28.4 in /actions/installer by @​dependabot in slsa-framework/slsa-verifier#779
• chore(deps-dev): bump braces from 3.0.2 to 3.0.3 in /actions/installer by @​dependabot in slsa-framework/slsa-verifier#780
• chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates by @​dependabot in slsa-framework/slsa-verifier#784
• fix(deps): update golang.org/x/exp digest to 7f521ea by @​renovate-bot in slsa-framework/slsa-verifier#775
• fix: make download-artifacts.sh more flexible by @​ramonpetgrave64 in slsa-framework/slsa-verifier#761
• chore(deps): update golang:1.21 docker digest to b405b62 by @​renovate-bot in slsa-framework/slsa-verifier#774
• chore(deps): update npm dev by @​renovate-bot in slsa-framework/slsa-verifier#650
• fix(deps): update dependency org.apache.maven:maven-core to v3.9.8 by @​renovate-bot in slsa-framework/slsa-verifier#787
• chore(deps): update github-actions by @​renovate-bot in slsa-framework/slsa-verifier#786
• feat: vsa support by @​ramonpetgrave64 in slsa-framework/slsa-verifier#777
• fix: use tag for the builder in the release workflow by @​ramonpetgrave64 in slsa-framework/slsa-verifier#788

Full Changelog: slsa-framework/slsa-verifier@v2.5.1...v2.6.0

v2.6.0-rc.1

This is a pre-release. DO NOT install

What's Changed

• chore: Update doc and digests for v2.5.1 by @​laurentsimon in slsa-framework/slsa-verifier#748
• fix(deps): update module google.golang.org/protobuf to v1.33.0 [security] by @​renovate-bot in slsa-framework/slsa-verifier#743
• fix(deps): update dependency org.apache.maven:maven-core to v3.9.6 by @​renovate-bot in slsa-framework/slsa-verifier#718
• chore: Update @​actions/github v6 by @​laurentsimon in slsa-framework/slsa-verifier#749

... (truncated)

Commits

• 3714a2a fix: use tag for the builder in the release workflow (#788)
• 208ac12 feat: vsa support (#777)
• 1049da4 chore(deps): update github-actions (#786)
• 903cddc fix(deps): update dependency org.apache.maven:maven-core to v3.9.8 (#787)
• 4bab78a chore(deps): update npm dev (#650)
• 163abe5 chore(deps): update golang:1.21 docker digest to b405b62 (#774)
• 2f70fef fix: make download-artifacts.sh more flexible (#761)
• b69efee fix(deps): update golang.org/x/exp digest to 7f521ea (#775)
• 34ab203 chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates ...
• 9fb6f24 chore(deps-dev): bump braces from 3.0.2 to 3.0.3 in /actions/installer (#780)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)