Bump github.com/in-toto/in-toto-golang from 0.3.4-0.20220709202702-fa494aaa0add to 0.7.0

[dependabot[bot]]

Bumps github.com/in-toto/in-toto-golang from 0.3.4-0.20220709202702-fa494aaa0add to 0.7.0.

Release notes

Sourced from github.com/in-toto/in-toto-golang's releases.

v0.7.0

NOTE: This release changes the interface of DSSESigner.SignPayload and DSSESigner.Verify due to a change in go-securesystemslib.

For more information, see in-toto/in-toto-golang#206 and secure-systems-lab/go-securesystemslib#34.

v0.6.0

• Updates symlink handling to more closely mirror Python implementation (#194), adds parameter to InTotoRun and InTotoRecord APIs
• Various dependency updates
• Clean up of readme

v0.5.0

Since v0.4.0, we've welcomed Parth Patel (@​pxp928) as a maintainer of in-toto-golang!

• Adds Godoc documentation for SLSA Provenance v0.2 fields (@​wlynch)
• Updates CycloneDX predicate type (@​lehors)
• Adds ability to use InTotoRun without a command (@​shibumi, @​adityasaky)

v0.4.0

This release includes the changes introduced in v0.4.0-prerelease and some more changes. The changelog includes all the changes since v0.3.3.

• Removes DSSE code and moves it to https://github.com/secure-systems-lab/go-securesystemslib (@​shibumi)
• Uses go-securesystemslib for canonical JSON
• Adds SPIFFE integration (@​pxp928, @​mikhailswift)
• Re-organizes SLSA provenance formats based on versioning, adds v0.2 (@​priyawadhwa), makes provenance API version explicit (@​chuangw6)
• Adds CycloneDX predicate (@​puerco)

v0.4.0-prerelease

This is a prerelease of v0.4.0, cut from the next branch. v0.4.0 will follow when some next-only features are merged into master.

• Removes DSSE code and moves it to https://github.com/secure-systems-lab/go-securesystemslib (@​shibumi)
• Adds SPIFFE integration (@​pxp928, @​mikhailswift)
• Re-organizes SLSA provenance formats based on versioning, adds v0.2 (@​priyawadhwa)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

The following labels could not be found: kind/other, release-note-none.