build(deps): Bump github.com/sigstore/cosign/v2 from 2.4.1 to 2.4.2 in /rootfs/cosign

[dependabot]

Bumps github.com/sigstore/cosign/v2 from 2.4.1 to 2.4.2.

Release notes

Sourced from github.com/sigstore/cosign/v2's releases.

v2.4.2

Features

• Updated open-policy-agent to 1.1.0 library (#4036)
  • Note that only Rego v0 policies are supported at this time
• Add UseSignedTimestamps to CheckOpts, refactor TSA options (#4006)
• Add support for verifying root checksum in cosign initialize (#3953)
• Detect if user supplied a valid protobuf bundle (#3931)
• Add a log message if user doesn't provide --trusted-root (#3933)
• Support mTLS towards container registry (#3922)
• Add bundle create helper command (#3901)
• Add trusted-root create helper command (#3876)

Bug Fixes

• fix: set tls config while retaining other fields from default http transport (#4007)
• policy fuzzer: ignore known panics (#3993)
• Fix for multiple WithRemote options (#3982)
• Add nightly conformance test workflow (#3979)
• Fix copy --only for signatures + update/align docs (#3904)

Documentation

• Remove usage.md from spec, point to client spec (#3918)
• move reference from gcr to ghcr (#3897)

Contributors

• AdamKorcz
• Aditya Sirish
• Bob Callaway
• Carlos Tadeu Panato Junior
• Cody Soyland
• Colleen Murphy
• Hayden B
• Jussi Kukkonen
• Marco Franssen
• Nianyu Shen
• Slavek Kabrda
• Søren Juul
• Warren Hodgkinson
• Zach Steindler

Changelog

Sourced from github.com/sigstore/cosign/v2's changelog.

v2.4.2

Features

• Updated open-policy-agent to 1.1.0 library (#4036)
  • Note that only Rego v0 policies are supported at this time
• Add UseSignedTimestamps to CheckOpts, refactor TSA options (#4006)
• Add support for verifying root checksum in cosign initialize (#3953)
• Detect if user supplied a valid protobuf bundle (#3931)
• Add a log message if user doesn't provide --trusted-root (#3933)
• Support mTLS towards container registry (#3922)
• Add bundle create helper command (#3901)
• Add trusted-root create helper command (#3876)

Bug Fixes

• fix: set tls config while retaining other fields from default http transport (#4007)
• policy fuzzer: ignore known panics (#3993)
• Fix for multiple WithRemote options (#3982)
• Add nightly conformance test workflow (#3979)
• Fix copy --only for signatures + update/align docs (#3904)

Documentation

• Remove usage.md from spec, point to client spec (#3918)
• move reference from gcr to ghcr (#3897)

Contributors

• AdamKorcz
• Aditya Sirish
• Bob Callaway
• Carlos Tadeu Panato Junior
• Cody Soyland
• Colleen Murphy
• Hayden B
• Jussi Kukkonen
• Marco Franssen
• Nianyu Shen
• Slavek Kabrda
• Søren Juul
• Warren Hodgkinson
• Zach Steindler

Commits

• b6df9c7 update v2.4.2 changelog (#4045)
• ff13ba4 chore(deps): bump github.com/open-policy-agent/opa from 0.68.0 to 1.1.0 (#4036)
• 4dc18dd test against newer k8s, scaffolding release (#4044)
• e4ff8e2 chore(deps): bump cuelang.org/go from 0.11.2 to 0.12.0 (#4035)
• cced656 fix warning message from golangci-lint (#4043)
• 486937b chore(deps): move github.com/xanzy/go-gitlab to gitlab.com/gitlab-org/api/cli...
• 9f142a5 chore(deps): bump github.com/sigstore/sigstore-go (#4034)
• 4937bca chore(deps): bump the gomod group across 1 directory with 2 updates (#4042)
• a71220e chore(deps): bump google.golang.org/api from 0.218.0 to 0.219.0 (#4038)
• fcf13eb chore(deps): bump sigs.k8s.io/release-utils from 0.9.0 to 0.11.0 (#4040)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)