Bump dev.sigstore:sigstore-java from 1.2.0 to 1.3.0

[dependabot]

Bumps dev.sigstore:sigstore-java from 1.2.0 to 1.3.0.

Release notes

Sourced from dev.sigstore:sigstore-java's releases.

v1.3.0

See CHANGELOG.md for more details.

New Feature

• Add support for verifying dsse-intoto by @​loosebazooka in sigstore/sigstore-java#855

What's Changed

• Update bouncycastle to v1.79 by @​renovate in sigstore/sigstore-java#864
• Update actions/setup-java action to v4.5.0 by @​renovate in sigstore/sigstore-java#863
• Update protobuf_grpc by @​renovate in sigstore/sigstore-java#861
• Update sigstore/community digest to ee857ea by @​renovate in sigstore/sigstore-java#841
• Update dependency com.google.http-client:google-http-client-bom to v1.45.1 by @​renovate in sigstore/sigstore-java#860
• Add tests for downloadTarget by @​loosebazooka in sigstore/sigstore-java#854
• Update sigstore/sigstore-conformance action to v0.0.13 by @​renovate in sigstore/sigstore-java#862
• Import dsse/hashrekord types from rekor by @​loosebazooka in sigstore/sigstore-java#867
• Parse DSSE bundles and Intoto payloads by @​loosebazooka in sigstore/sigstore-java#868
• Update conformance to 0.0.14 by @​loosebazooka in sigstore/sigstore-java#869
• Reorganize message signature checks by @​loosebazooka in sigstore/sigstore-java#872
• Change payload type to byte[] by @​loosebazooka in sigstore/sigstore-java#873
• Update dependency com.code-intelligence:jazzer-api to v0.23.0 by @​renovate in sigstore/sigstore-java#879
• Update actions/setup-go action to v5.2.0 - autoclosed by @​renovate in sigstore/sigstore-java#877
• Update dependency org.junit:junit-bom to v5.11.4 by @​renovate in sigstore/sigstore-java#876
• Update dependency com.google.http-client:google-http-client-bom to v1.45.3 by @​renovate in sigstore/sigstore-java#875
• Update sigstore/community digest to 859cddd by @​renovate in sigstore/sigstore-java#874
• Update actions/setup-java action to v4.6.0 by @​renovate in sigstore/sigstore-java#878
• Update gradle/actions action to v4.2.2 by @​renovate in sigstore/sigstore-java#883
• Update dependency org.assertj:assertj-core to v3.27.2 by @​renovate in sigstore/sigstore-java#882
• Update protobuf_grpc by @​renovate in sigstore/sigstore-java#884
• Update softprops/action-gh-release action to v2.2.0 by @​renovate in sigstore/sigstore-java#885
• Update dependency com.google.guava:guava to v33.4.0-jre by @​renovate in sigstore/sigstore-java#880
• Update dependency com.google.oauth-client:google-oauth-client-bom to v1.37.0 by @​renovate in sigstore/sigstore-java#881
• Update sigstore/sigstore-conformance action to v0.0.16 by @​renovate in sigstore/sigstore-java#891
• address CI issues reported by zizmor by @​bobcallaway in sigstore/sigstore-java#892
• Update sigstore/community digest to 9ce4322 by @​renovate in sigstore/sigstore-java#886
• Update dependency commons-codec:commons-codec to v1.17.2 - autoclosed by @​renovate in sigstore/sigstore-java#887
• Update dependency dev.sigstore:protobuf-specs to v0.3.3 by @​renovate in sigstore/sigstore-java#888
• Update dependency org.assertj:assertj-core to v3.27.3 by @​renovate in sigstore/sigstore-java#889
• Update protobuf_grpc by @​renovate in sigstore/sigstore-java#890
• Update actions/setup-go action to v5.3.0 by @​renovate in sigstore/sigstore-java#896
• Update actions/setup-java action to v4.7.0 by @​renovate in sigstore/sigstore-java#897
• Update bouncycastle to v1.80 by @​renovate in sigstore/sigstore-java#898
• Update dependency com.code-intelligence:jazzer-api to v0.24.0 by @​renovate in sigstore/sigstore-java#899
• Update dependency com.google.code.gson:gson to v2.12.1 by @​renovate in sigstore/sigstore-java#900
• Update dependency com.google.http-client:google-http-client-bom to v1.46.1 by @​renovate in sigstore/sigstore-java#901
• Doc should say .sigstore.json instead of .sigstore.java by @​thomasleplus in sigstore/sigstore-java#906

New Contributors

• @​thomasleplus made their first contribution in sigstore/sigstore-java#906

Full Changelog: sigstore/sigstore-java@v1.2.0...v1.3.0

Changelog

Sourced from dev.sigstore:sigstore-java's changelog.

Changelog

All notable changes to sigstore-java will be documented in this file.

The format is based on Keep a Changelog.

All versions prior to 1.0.0 are untracked

[Unreleased]

Commits

• dc444d3 Merge pull request #906 from thomasleplus/main
• 964f8b7 Fix typo
• ea34dca Merge pull request #901 from sigstore/renovate/com.google.http-client-google-...
• abc5b3b Merge pull request #900 from sigstore/renovate/com.google.code.gson-gson-2.x
• e7bd1d3 Merge pull request #899 from sigstore/renovate/com.code-intelligence-jazzer-a...
• 0e1a6e8 Update dependency com.google.http-client:google-http-client-bom to v1.46.1
• ec6e766 Update dependency com.google.code.gson:gson to v2.12.1
• 17d4f0e Merge pull request #898 from sigstore/renovate/bouncycastle
• 74ab8f3 Merge pull request #897 from sigstore/renovate/actions-setup-java-4.x
• 5520aef Merge pull request #896 from sigstore/renovate/actions-setup-go-5.x
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[jira-importer]

Resolve #1359