Bump the all group with 6 updates

[dependabot[bot]]

Bumps the all group with 6 updates:

Package	From	To
cloud.google.com/go/storage	1.37.0	1.38.0
github.com/golangci/golangci-lint	1.55.2	1.56.1
github.com/google/go-containerregistry	0.18.0	0.19.0
github.com/sigstore/cosign/v2	2.2.2	2.2.3
github.com/sigstore/rekor	1.3.4	1.3.5
golang.org/x/crypto	0.18.0	0.19.0

Updates cloud.google.com/go/storage from 1.37.0 to 1.38.0

Release notes

Sourced from cloud.google.com/go/storage's releases.

storage: v1.38.0

1.38.0 (2024-02-12)

Features

• storage: Support auto-detection of access ID for external_account creds (#9208) (b958d44)
• storage: Support custom hostname for VirtualHostedStyle SignedURLs (#9348) (7eec40e)
• storage: Support universe domains (#9344) (29a7498)

Bug Fixes

• storage: Fix v4 url signing for hosts that specify ports (#9347) (f127b46)

Documentation

• storage: Indicate that gRPC is incompatible with universe domains (#9386) (e8bd85b)

Commits

• ef12dbd chore(main): release spanner 1.38.0 (#6606)
• ccd3614 feat(spanner/spannertest): add support for adding and dropping Foreign Keys (...
• bff16a7 feat(spanner/spansql): add support for coalesce expressions (#6461)
• e9a94c2 feat(bigquery): improve error when reading null values (#6566)
• 6b0ac0c feat(bigquery/storage/managedwriter): augment reconnection logic (#6609)
• 9f3c334 chore(logging): added extra variables on environment test runs (#6511)
• f8a307c chore(internal/gapicgen): fix print to not panic (#6583)
• a6004e7 feat(iam): start generating apiv2 (#6605)
• 59d162b fix(spanner): pass userAgent to cloud spanner requests (#6598)
• eedc632 feat(bigquery): add trace instrumentation support for individual rpcs (#6493)
• Additional commits viewable in compare view

Updates github.com/golangci/golangci-lint from 1.55.2 to 1.56.1

Release notes

Sourced from github.com/golangci/golangci-lint's releases.

v1.56.1

golangci-lint is a free and open-source project, built by people in their free time. Also, the linter authors are an important part of golangci-lint. If you use and appreciate golangci-lint please think to support us (golangci-lint maintainers and linters authors). :heart:

Changelog

• a25592b5 build(deps): bump github.com/Antonboom/testifylint from 1.1.0 to 1.1.1 (#4359)
• 828b6b4a build(deps): bump github.com/kisielk/errcheck from 1.6.3 to 1.7.0 (#4358)
• ca7b7a42 build(deps): bump github.com/mgechev/revive from 1.3.6 to 1.3.7 (#4355)
• b525f2b8 govet: disable loopclosure with go1.22 (#4357)

v1.56.0

golangci-lint is a free and open-source project, built by people in their free time. Also, the linter authors are an important part of golangci-lint. If you use and appreciate golangci-lint please think to support us (golangci-lint maintainers and linters authors). :heart:

Changelog

• bc169eb6 build(deps): bump actions/cache from 3 to 4 (#4329)
• 390acc9f build(deps): bump actions/setup-go from 4 to 5 (#4250)
• 42001943 build(deps): bump github.com/Antonboom/testifylint from 0.2.3 to 1.0.1 (#4186)
• a12dde07 build(deps): bump github.com/Antonboom/testifylint from 1.0.1 to 1.0.2 (#4193)
• 7656f82c build(deps): bump github.com/Antonboom/testifylint from 1.0.2 to 1.1.0 (#4330)
• 1a00b409 build(deps): bump github.com/GaijinEntertainment/go-exhaustruct/v3 from 3.1.0 to 3.2.0 (#4304)
• affa7d11 build(deps): bump github.com/OpenPeeDeeP/depguard/v2 from 2.1.0 to 2.2.0 (#4207)
• 553161d9 build(deps): bump github.com/alecthomas/go-check-sumtype from 0.1.3 to 0.1.4 (#4317)
• e32f2f3f build(deps): bump github.com/bombsimon/wsl/v4 from 3.4.0 to 4.2.0 (#4215)
• 6e09a205 build(deps): bump github.com/butuzov/ireturn from 0.2.2 to 0.3.0 (#4352)
• 2b7c777b build(deps): bump github.com/catenacyber/perfsprint from 0.2.0 to 0.3.0 (#4157)
• be5c2e93 build(deps): bump github.com/catenacyber/perfsprint from 0.3.0 to 0.3.1 (#4199)
• 84442f26 build(deps): bump github.com/catenacyber/perfsprint from 0.3.1 to 0.4.0 (#4236)
• 5083ba8c build(deps): bump github.com/catenacyber/perfsprint from 0.4.0 to 0.5.0 (#4258)
• 4ea9468c build(deps): bump github.com/catenacyber/perfsprint from 0.5.0 to 0.6.0 (#4346)
• 1ead82ff build(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 in /tools (#4307)
• 815556a8 build(deps): bump github.com/daixiang0/gci from 0.11.2 to 0.12.0 (#4260)
• 0264eaa5 build(deps): bump github.com/daixiang0/gci from 0.12.0 to 0.12.1 (#4293)
• da3eb313 build(deps): bump github.com/fatih/color from 1.15.0 to 1.16.0 (#4194)
• 97cb9054 build(deps): bump github.com/ghostiam/protogetter from 0.2.3 to 0.3.1 (#4167)
• 2640ed7c build(deps): bump github.com/ghostiam/protogetter from 0.3.1 to 0.3.3 (#4185)
• 3ff41630 build(deps): bump github.com/ghostiam/protogetter from 0.3.3 to 0.3.4 (#4327)
• 87d55d9c build(deps): bump github.com/go-critic/go-critic from 0.10.0 to 0.11.0 (#4295)
• 790c1632 build(deps): bump github.com/go-critic/go-critic from 0.9.0 to 0.10.0 (#4249)
• 32dd629c build(deps): bump github.com/go-git/go-git/v5 from 5.4.2 to 5.11.0 in /tools (#4288)
• 77cfc00d build(deps): bump github.com/gordonklaus/ineffassign from 0.0.0-20230610083614-0e73809eb601 to 0.1.0 (#4173)
• 53e2c534 build(deps): bump github.com/jgautheron/goconst from 1.6.0 to 1.7.0 (#4200)
• 1bb8c57d build(deps): bump github.com/jjti/go-spancheck from 0.4.2 to 0.5.2 (#4316)
• 77ffe366 build(deps): bump github.com/kunwardeep/paralleltest from 1.0.8 to 1.0.9 (#4256)
• 8301163c build(deps): bump github.com/mgechev/revive from 1.3.4 to 1.3.5 (#4305)
• 057c296c build(deps): bump github.com/mgechev/revive from 1.3.5 to 1.3.6 (#4314)
• b3146552 build(deps): bump github.com/nishanths/exhaustive from 0.11.0 to 0.12.0 (#4195)

... (truncated)

Changelog

Sourced from github.com/golangci/golangci-lint's changelog.

v1.56.1

1. updated linters
   • errcheck: from 1.6.3 to 1.7.0
   • govet: disable loopclosure with go1.22
   • revive: from 1.3.6 to 1.3.7
   • testifylint: from 1.1.0 to 1.1.1

v1.56.0

1. new linters
   • feat: add spancheck linter https://github.com/jjti/go-spancheck
2. updated linters
   • depguard: from 2.1.0 to 2.2.0
   • exhaustive: from 0.11.0 to 0.12.0
   • exhaustruct: from 3.1.0 to 3.2.0
   • gci: from 0.11.2 to 0.12.1
   • ginkgolinter: from 0.14.1 to 0.15.2
   • go-check-sumtype: from 0.1.3 to 0.1.4
   • go-critic: from 0.9.0 to 0.11.0
   • go-errorlint: from 1.4.5 to 1.4.8
   • go-spancheck: from 0.4.2 to 0.5.2
   • goconst: from 1.6.0 to 1.7.0
   • godot: from 1.4.15 to 1.4.16
   • gofumpt: from 0.5.0 to 0.6.0
   • inamedparam: from 0.1.2 to 0.1.3
   • ineffassign: from 0.0.0-20230610083614-0e73809eb601 to 0.1.0
   • ireturn: from 0.2.2 to 0.3.0
   • misspell: add mode option
   • musttag: from v0.7.2 to v0.8.0
   • paralleltest: from 1.0.8 to 1.0.9
   • perfsprint: from 0.2.0 to 0.6.0
   • protogetter: from 0.2.3 to 0.3.4
   • revive: from 1.3.4 to 1.3.6
   • sloglint: add static-msg option
   • sloglint: from 0.1.2 to 0.4.0
   • testifylint: from 0.2.3 to 1.1.0
   • unparam: from 20221223090309-7455f1af531d to 20240104100049-c549a3470d14
   • whitespace: update after moving to the analysis package
   • wsl: from 3.4.0 to 4.2.0
   • zerologlint: from 0.1.3 to 0.1.5
3. misc.
   • 🎉 go1.22 support
   • Implement stats per linter with a flag
   • fix: make versioning inside Docker image consistent with binaries
   • fix: parse Go RC version
4. Documentation
   • Add missing fields to .golangci.reference.yml
   • Fix noctx description
   • Improve .golangci.reference.yml defaults

... (truncated)

Commits

• a25592b build(deps): bump github.com/Antonboom/testifylint from 1.1.0 to 1.1.1 (#4359)
• 828b6b4 build(deps): bump github.com/kisielk/errcheck from 1.6.3 to 1.7.0 (#4358)
• b525f2b govet: disable loopclosure with go1.22 (#4357)
• ca7b7a4 build(deps): bump github.com/mgechev/revive from 1.3.6 to 1.3.7 (#4355)
• 3d3a0bc dev: use matrix go version
• f6dc4d9 docs: Update documentation and assets (#4354)
• 1a00b40 build(deps): bump github.com/GaijinEntertainment/go-exhaustruct/v3 from 3.1.0...
• 192ee89 go1.22 support (#4272)
• 6e09a20 build(deps): bump github.com/butuzov/ireturn from 0.2.2 to 0.3.0 (#4352)
• a7c175b build(deps): bump peter-evans/create-pull-request from 5 to 6 (#4348)
• Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.18.0 to 0.19.0

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.19.0

What's Changed

• Work around docker v25 tarballs by @​jonjohnsonjr in google/go-containerregistry#1872

Full Changelog: https://github.com/google/go-containerregistry/compare/v0.18.0...v0.19.0

Commits

• 8dadbe7 Work around docker v25 tarballs (#1872)
• See full diff in compare view

Updates github.com/sigstore/cosign/v2 from 2.2.2 to 2.2.3

Release notes

Sourced from github.com/sigstore/cosign/v2's releases.

v2.2.3

Bug Fixes

• Fix race condition on verification with multiple signatures attached to image (#3486)
• fix(clean): Fix clean cmd for private registries (#3446)
• Fixed BYO PKI verification (#3427)

Features

• Allow for option in cosign attest and attest-blob to upload attestation as supported in Rekor (#3466)
• Add support for OpenVEX predicate type (#3405)

Documentation

• Resolves #3088: version sub-command expected behaviour documentation and testing (#3447)
• add examples for cosign attach signature cmd (#3468)

Misc

• Remove CertSubject function (#3467)
• Use local rekor and fulcio instances in e2e tests (#3478)

Full Changelog: https://github.com/sigstore/cosign/compare/v2.2.2...v2.2.3

Changelog

Sourced from github.com/sigstore/cosign/v2's changelog.

v2.2.3

Bug Fixes

• Fix race condition on verification with multiple signatures attached to image (#3486)
• fix(clean): Fix clean cmd for private registries (#3446)
• Fixed BYO PKI verification (#3427)

Features

• Allow for option in cosign attest and attest-blob to upload attestation as supported in Rekor (#3466)
• Add support for OpenVEX predicate type (#3405)

Documentation

• Resolves #3088: version sub-command expected behaviour documentation and testing (#3447)
• add examples for cosign attach signature cmd (#3468)

Misc

• Remove CertSubject function (#3467)
• Use local rekor and fulcio instances in e2e tests (#3478)

Contributors

• aalsabag
• Bob Callaway
• Carlos Tadeu Panato Junior
• Colleen Murphy
• Hayden B
• Mukuls77
• Omri Bornstein
• Puerco
• vivek kumar sahu

Commits

• 493e6e2 Add changelog for v2.2.3 (#3513)
• 628df78 chore(deps): bump cpanato/vault-installer from 0.0.2 to 1.0.0 (#3510)
• 7be8de0 chore(deps): bump google.golang.org/api from 0.157.0 to 0.159.0 (#3508)
• 554015c chore(deps): bump the actions group with 3 updates (#3509)
• 8395d97 chore(deps): bump github.com/go-openapi/runtime from 0.26.2 to 0.27.1 (#3507)
• 1c90a3a chore(deps): bump github.com/open-policy-agent/opa from 0.60.0 to 0.61.0 (#3505)
• 3f20bde chore(deps): bump github.com/buildkite/agent/v3 from 3.61.0 to 3.62.0 (#3506)
• 5d79ebf chore(deps): bump the gomod group with 2 updates (#3504)
• 381c657 fix cross test (#3502)
• a445167 Fix CI test failing (#3501)
• Additional commits viewable in compare view

Updates github.com/sigstore/rekor from 1.3.4 to 1.3.5

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.3.5

Changelog

• 488eb97 v1.3.5 changelog (#1987)
• 19cd558 output trace in slog and override correlation header name (#1986)
• a0453d5 give log timestamps nanosecond precision (#1985)
• 907f2b5 bump trillian images to v1.6.0 (#1984)
• 134ef83 remove trillian images from release process (#1983)
• 9865ca9 Added support for sha384/sha512 hash algorithms in hashedrekords (#1959)
• fc28ac1 Change Redis value for locking mechanism (#1957)
• fa9ab50 Bump sigstore/sigstore version, fix deprecated func (#1936)
• 6020532 Fix panic for DSSE canonicalization (#1923)
• fe04993 Drop conditional when verifying entry checkpoint (#1917)
• a6c25cc Remove timestamp from checkpoint (#1888)
• 64ab435 Additional unique index correction (#1885)

Thanks for all contributors!

What's Changed

• Additional unique index correction by @​sabre1041 in sigstore/rekor#1885
• Remove timestamp from checkpoint by @​haydentherapper in sigstore/rekor#1888
• Drop conditional when verifying entry checkpoint by @​haydentherapper in sigstore/rekor#1917
• Fix panic for DSSE canonicalization by @​haydentherapper in sigstore/rekor#1923
• update builder to use go1.21 by @​cpanato in sigstore/rekor#1956
• Change Redis value for locking mechanism by @​haydentherapper in sigstore/rekor#1957
• remove trillian images from release process by @​bobcallaway in sigstore/rekor#1983
• bump trillian images to v1.6.0 by @​bobcallaway in sigstore/rekor#1984
• give log timestamps nanosecond precision by @​bobcallaway in sigstore/rekor#1985
• output trace in slog and override correlation header name by @​bobcallaway in sigstore/rekor#1986
• v1.3.5 changelog by @​bobcallaway in sigstore/rekor#1987

New Contributors

• @​ret2libc made their first contribution in sigstore/rekor#1959

Full Changelog: https://github.com/sigstore/rekor/compare/v1.3.4...v1.3.5

Changelog

Sourced from github.com/sigstore/rekor's changelog.

v1.3.5

New Features

• output trace in slog and override correlation header name (#1986)
• give log timestamps nanosecond precision (#1985)
• Added support for sha384/sha512 hash algorithms in hashedrekords (#1959)
• Change Redis value for locking mechanism (#1957)

Bug Fixes

• Fix panic for DSSE canonicalization (#1923)
• Drop conditional when verifying entry checkpoint (#1917)
• Remove timestamp from checkpoint (#1888)
• Additional unique index correction (#1885)

Quality Enhancements

• bump trillian images to v1.6.0 (#1984)
• remove trillian images from release process (#1983)
• update builder to use go1.21

Contributors

• Andrew Block
• Bob Callaway
• Carlos Tadeu Panato Junior
• Hayden Blauzvern
• Riccardo Schirone

Commits

• 488eb97 v1.3.5 changelog (#1987)
• 19cd558 output trace in slog and override correlation header name (#1986)
• a0453d5 give log timestamps nanosecond precision (#1985)
• 907f2b5 bump trillian images to v1.6.0 (#1984)
• 134ef83 remove trillian images from release process (#1983)
• 63aa08f build(deps): Bump google.golang.org/api from 0.157.0 to 0.159.0
• 8ca4eba build(deps): Bump google/cloud-sdk from 460.0.0 to 461.0.0
• 14608f3 build(deps): Bump google.golang.org/grpc from 1.60.1 to 1.61.0
• 2b14bf9 build(deps): Bump golang from 5f5d61d to 76aadd9
• 74311c7 build(deps): Bump cloud.google.com/go/pubsub from 1.34.0 to 1.36.0
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.18.0 to 0.19.0

Commits

• 405cb3b go.mod: update golang.org/x dependencies
• 913d3ae x509roots/fallback: update bundle
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[tekton-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: To complete the pull request process, please assign lcarva after the PR has been reviewed. You can assign the PR to them by writing /assign @lcarva in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files: - **[OWNERS](https://github.com/tektoncd/chains/blob/main/OWNERS)** Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[tekton-robot]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a tektoncd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

[tekton-robot]

@dependabot[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-tekton-chains-unit-tests	72cb644a63b2c8fd89778df72e28fa2cc39f1a46	link	true	/test pull-tekton-chains-unit-tests
pull-tekton-chains-build-tests	72cb644a63b2c8fd89778df72e28fa2cc39f1a46	link	true	/test pull-tekton-chains-build-tests
pull-tekton-chains-integration-tests	72cb644a63b2c8fd89778df72e28fa2cc39f1a46	link	true	/test pull-tekton-chains-integration-tests

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).

[dependabot[bot]]

Looks like these dependencies are updatable in another way, so this is no longer needed.