Bump github.com/sigstore/rekor from 1.3.4 to 1.3.5

[dependabot[bot]]

Bumps github.com/sigstore/rekor from 1.3.4 to 1.3.5.

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.3.5

Changelog

• 488eb97 v1.3.5 changelog (#1987)
• 19cd558 output trace in slog and override correlation header name (#1986)
• a0453d5 give log timestamps nanosecond precision (#1985)
• 907f2b5 bump trillian images to v1.6.0 (#1984)
• 134ef83 remove trillian images from release process (#1983)
• 9865ca9 Added support for sha384/sha512 hash algorithms in hashedrekords (#1959)
• fc28ac1 Change Redis value for locking mechanism (#1957)
• fa9ab50 Bump sigstore/sigstore version, fix deprecated func (#1936)
• 6020532 Fix panic for DSSE canonicalization (#1923)
• fe04993 Drop conditional when verifying entry checkpoint (#1917)
• a6c25cc Remove timestamp from checkpoint (#1888)
• 64ab435 Additional unique index correction (#1885)

Thanks for all contributors!

What's Changed

• Additional unique index correction by @​sabre1041 in sigstore/rekor#1885
• Remove timestamp from checkpoint by @​haydentherapper in sigstore/rekor#1888
• Drop conditional when verifying entry checkpoint by @​haydentherapper in sigstore/rekor#1917
• Fix panic for DSSE canonicalization by @​haydentherapper in sigstore/rekor#1923
• update builder to use go1.21 by @​cpanato in sigstore/rekor#1956
• Change Redis value for locking mechanism by @​haydentherapper in sigstore/rekor#1957
• remove trillian images from release process by @​bobcallaway in sigstore/rekor#1983
• bump trillian images to v1.6.0 by @​bobcallaway in sigstore/rekor#1984
• give log timestamps nanosecond precision by @​bobcallaway in sigstore/rekor#1985
• output trace in slog and override correlation header name by @​bobcallaway in sigstore/rekor#1986
• v1.3.5 changelog by @​bobcallaway in sigstore/rekor#1987

New Contributors

• @​ret2libc made their first contribution in sigstore/rekor#1959

Full Changelog: https://github.com/sigstore/rekor/compare/v1.3.4...v1.3.5

Changelog

Sourced from github.com/sigstore/rekor's changelog.

v1.3.5

New Features

• output trace in slog and override correlation header name (#1986)
• give log timestamps nanosecond precision (#1985)
• Added support for sha384/sha512 hash algorithms in hashedrekords (#1959)
• Change Redis value for locking mechanism (#1957)

Bug Fixes

• Fix panic for DSSE canonicalization (#1923)
• Drop conditional when verifying entry checkpoint (#1917)
• Remove timestamp from checkpoint (#1888)
• Additional unique index correction (#1885)

Quality Enhancements

• bump trillian images to v1.6.0 (#1984)
• remove trillian images from release process (#1983)
• update builder to use go1.21

Contributors

• Andrew Block
• Bob Callaway
• Carlos Tadeu Panato Junior
• Hayden Blauzvern
• Riccardo Schirone

Commits

• 488eb97 v1.3.5 changelog (#1987)
• 19cd558 output trace in slog and override correlation header name (#1986)
• a0453d5 give log timestamps nanosecond precision (#1985)
• 907f2b5 bump trillian images to v1.6.0 (#1984)
• 134ef83 remove trillian images from release process (#1983)
• 63aa08f build(deps): Bump google.golang.org/api from 0.157.0 to 0.159.0
• 8ca4eba build(deps): Bump google/cloud-sdk from 460.0.0 to 461.0.0
• 14608f3 build(deps): Bump google.golang.org/grpc from 1.60.1 to 1.61.0
• 2b14bf9 build(deps): Bump golang from 5f5d61d to 76aadd9
• 74311c7 build(deps): Bump cloud.google.com/go/pubsub from 1.34.0 to 1.36.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)