chore: Bump github.com/sigstore/cosign/v2 from 2.2.1 to 2.2.2

[dependabot]

Bumps github.com/sigstore/cosign/v2 from 2.2.1 to 2.2.2.

Release notes

Sourced from github.com/sigstore/cosign/v2's releases.

v2.2.2

v2.2.2 adds a new container with a shell, gcr.io/projectsigstore/cosign:vx.y.z-dev, in addition to the existing container gcr.io/projectsigstore/cosign:vx.y.z without a shell.

For private deployments, we have also added an alias for --insecure-skip-log, --private-infrastructure.

Bug Fixes

• chore(deps): bump github.com/sigstore/sigstore from 1.7.5 to 1.7.6 (#3411) which fixes a bug with using Azure KMS
• Don't require CT log keys if using a key/sk (#3415)
• Fix copy without any flag set (#3409)
• Update cosign generate cmd to not include newline (#3393)
• Fix idempotency error with signing (#3371)

Features

• Add --yes flag cosign import-key-pair to skip the overwrite confirmation. (#3383)
• Use the timeout flag value in verify* commands. (#3391)
• add --private-infrastructure flag (#3369)

Container Updates

• Bump builder image to use go1.21.4 and add new cosign image tags with shell (#3373)

Documentation

• Update SBOM_SPEC.md (#3358)

Contributors

• Carlos Tadeu Panato Junior
• Dylan Richardson
• Hayden B
• Lily Sturmann
• Nikos Fotiou
• Yonghe Zhao

Full Changelog: sigstore/cosign@v2.2.1...v2.2.2

Changelog

Sourced from github.com/sigstore/cosign/v2's changelog.

v2.2.2

v2.2.2 adds a new container with a shell, gcr.io/projectsigstore/cosign:vx.y.z-dev, in addition to the existing container gcr.io/projectsigstore/cosign:vx.y.z without a shell.

For private deployments, we have also added an alias for --insecure-skip-log, --private-infrastructure.

Bug Fixes

• chore(deps): bump github.com/sigstore/sigstore from 1.7.5 to 1.7.6 (#3411) which fixes a bug with using Azure KMS
• Don't require CT log keys if using a key/sk (#3415)
• Fix copy without any flag set (#3409)
• Update cosign generate cmd to not include newline (#3393)
• Fix idempotency error with signing (#3371)

Features

• Add --yes flag cosign import-key-pair to skip the overwrite confirmation. (#3383)
• Use the timeout flag value in verify* commands. (#3391)
• add --private-infrastructure flag (#3369)

Container Updates

• Bump builder image to use go1.21.4 and add new cosign image tags with shell (#3373)

Documentation

• Update SBOM_SPEC.md (#3358)

Contributors

• Carlos Tadeu Panato Junior
• Dylan Richardson
• Hayden B
• Lily Sturmann
• Nikos Fotiou
• Yonghe Zhao

Commits

• bf6b57b Add changelog for v2.2.2 (#3416)
• 3329d81 Don't require CT log keys if using a key/sk (#3415)
• d329bf7 chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws (#3414)
• 7d6326c chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp (#3413)
• b76592e chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault (...
• f262fd0 chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure (#3410)
• 0109fc2 chore(deps): bump github.com/sigstore/sigstore from 1.7.5 to 1.7.6 (#3411)
• 593b9f2 Fix copy without any flag set (#3409)
• 29ca73f chore(deps): bump mikefarah/yq from 4.40.3 to 4.40.4 (#3406)
• e72b82f chore(deps): bump github.com/go-openapi/strfmt from 0.21.7 to 0.21.8 (#3407)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (17775bc) 55.09% compared to head (7b5cdac) 55.32%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1210      +/-   ##
==========================================
+ Coverage   55.09%   55.32%   +0.23%     
==========================================
  Files         104       86      -18     
  Lines        6865     5806    -1059     
==========================================
- Hits         3782     3212     -570     
+ Misses       2751     2335     -416     
+ Partials      332      259      -73     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.