From 1d65d37e060e0a0f0fc2622933c5bfc3ef1d014d Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sat, 23 Mar 2024 01:34:39 +0000
Subject: [PATCH] chore(deps): update dependency sigstore/cosign to v2 (#460)

* chore(deps): update dependency sigstore/cosign to v2

* chore: fix .goreleaser.yml for Cosign v2

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Shunsuke Suzuki <suzuki.shunsuke.1989@gmail.com>
Co-authored-by: Shunsuke Suzuki <suzuki-shunsuke@users.noreply.github.com>
---
 .goreleaser.yml          |  3 +--
 aqua/aqua-checksums.json | 20 ++++++++++----------
 aqua/imports/cosign.yaml |  2 +-
 3 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/.goreleaser.yml b/.goreleaser.yml
index d2a68762..2d2bfdf7 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -24,10 +24,9 @@ signs:
     signature: ${artifact}.sig
     certificate: ${artifact}.pem
     output: true
-    env:
-      - COSIGN_EXPERIMENTAL=1
     args:
       - sign-blob
+      - "-y"
       - --output-signature
       - ${signature}
       - --output-certificate
diff --git a/aqua/aqua-checksums.json b/aqua/aqua-checksums.json
index 41a91175..ccc3d76a 100644
--- a/aqua/aqua-checksums.json
+++ b/aqua/aqua-checksums.json
@@ -131,28 +131,28 @@
       "algorithm": "sha256"
     },
     {
-      "id": "github_release/github.com/sigstore/cosign/v1.13.2/cosign-darwin-amd64",
-      "checksum": "5A77CF6F5411AC8038F3DD2EB96E54E879026F6038A5D6A385DE2351E17F34EF",
+      "id": "github_release/github.com/sigstore/cosign/v2.2.3/cosign-darwin-amd64",
+      "checksum": "2429F4B027FC311A6324E9DB6FB3A937D559DC61DE906A1C2D0D1E0671685E4C",
       "algorithm": "sha256"
     },
     {
-      "id": "github_release/github.com/sigstore/cosign/v1.13.2/cosign-darwin-arm64",
-      "checksum": "68703D61A1E8006E4EBEF4222B82C1214DF446795FF39CD081CA5D59384A5A60",
+      "id": "github_release/github.com/sigstore/cosign/v2.2.3/cosign-darwin-arm64",
+      "checksum": "3D95AB46D4C4CC55E6465758C238DC03F830CC8A1FC38BC7A33BC203E0FB2C3B",
       "algorithm": "sha256"
     },
     {
-      "id": "github_release/github.com/sigstore/cosign/v1.13.2/cosign-linux-amd64",
-      "checksum": "9B0F52ABB2E6D79529F37646E524A35A409DC811D2CDEC7EF5BE2DC5130489C0",
+      "id": "github_release/github.com/sigstore/cosign/v2.2.3/cosign-linux-amd64",
+      "checksum": "F669F41176CB1D58BB6A3FDB06E24861540CFDB5A571B4EC5EB2218B0DF5D304",
       "algorithm": "sha256"
     },
     {
-      "id": "github_release/github.com/sigstore/cosign/v1.13.2/cosign-linux-arm64",
-      "checksum": "3C109B66788686DD81F3E445439215532A8BB3E14A54EFB6B65382B0E3578F5E",
+      "id": "github_release/github.com/sigstore/cosign/v2.2.3/cosign-linux-arm64",
+      "checksum": "B088D676F0C0123B8C348E18D421CF966020EDC4977A486115A12643DEA99A3F",
       "algorithm": "sha256"
     },
     {
-      "id": "github_release/github.com/sigstore/cosign/v1.13.2/cosign-windows-amd64.exe",
-      "checksum": "F16868B69C85BBA30CBAF023885398A2A258002BAABB0709CCE1D60491171765",
+      "id": "github_release/github.com/sigstore/cosign/v2.2.3/cosign-windows-amd64.exe",
+      "checksum": "F7F272D56C580B0EC96F59BFE9F88EC5F42B6E195DF009CE3417428E0E0DEAD1",
       "algorithm": "sha256"
     },
     {
diff --git a/aqua/imports/cosign.yaml b/aqua/imports/cosign.yaml
index 198bf5dc..0ae542ca 100644
--- a/aqua/imports/cosign.yaml
+++ b/aqua/imports/cosign.yaml
@@ -1,2 +1,2 @@
 packages:
-  - name: sigstore/cosign@v1.13.6
+  - name: sigstore/cosign@v2.2.3