Update module github.com/sigstore/cosign/v2 to v2.4.3

[red-hat-konflux]

This PR contains the following updates:

Package	Type	Update	Change
github.com/sigstore/cosign/v2	require	patch	v2.4.1 -> v2.4.3

---

Release Notes

sigstore/cosign (github.com/sigstore/cosign/v2)

v2.4.3

Compare Source

Features

• Bump sigstore/sigstore to support KMS plugins (#​4073)
• Enable fetching signatures without remote get. (#​4047)
• Feat/file flag completion improvements (#​4028)
• Update builder to use go1.23.6 (#​4052)

Bug Fixes

• fix parsing error in --only for cosign copy (#​4049)

Cleanup

• Refactor verifyNewBundle into library function (#​4013)
• fix comment typo and imports order (#​4061)
• sync comment with parameter name in function signature (#​4063)
• sort properly Go imports (#​4071)

Contributors

• Bob Callaway
• Carlos Tadeu Panato Junior
• Cody Soyland
• Dmitry Savintsev
• Hayden B
• Tomasz Janiszewski
• Ville Skyttä

v2.4.2

Compare Source

Features

• Updated open-policy-agent to 1.1.0 library (#​4036)
  • Note that only Rego v0 policies are supported at this time
• Add UseSignedTimestamps to CheckOpts, refactor TSA options (#​4006)
• Add support for verifying root checksum in cosign initialize (#​3953)
• Detect if user supplied a valid protobuf bundle (#​3931)
• Add a log message if user doesn't provide --trusted-root (#​3933)
• Support mTLS towards container registry (#​3922)
• Add bundle create helper command (#​3901)
• Add trusted-root create helper command (#​3876)

Bug Fixes

• fix: set tls config while retaining other fields from default http transport (#​4007)
• policy fuzzer: ignore known panics (#​3993)
• Fix for multiple WithRemote options (#​3982)
• Add nightly conformance test workflow (#​3979)
• Fix copy --only for signatures + update/align docs (#​3904)

Documentation

• Remove usage.md from spec, point to client spec (#​3918)
• move reference from gcr to ghcr (#​3897)

Contributors

• AdamKorcz
• Aditya Sirish
• Bob Callaway
• Carlos Tadeu Panato Junior
• Cody Soyland
• Colleen Murphy
• Hayden B
• Jussi Kukkonen
• Marco Franssen
• Nianyu Shen
• Slavek Kabrda
• Søren Juul
• Warren Hodgkinson
• Zach Steindler

---

Configuration

📅 Schedule: Branch creation - "after 5am on sunday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

This PR has been generated by MintMaker (powered by Renovate Bot).

[red-hat-konflux]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 68 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.23.2 -> 1.23.7
github.com/coreos/go-oidc/v3	v3.11.0 -> v3.12.0
github.com/secure-systems-lab/go-securesystemslib	v0.8.0 -> v0.9.0
github.com/sigstore/fulcio	v1.6.5 -> v1.6.6
github.com/sigstore/protobuf-specs	v0.3.2 -> v0.4.0
github.com/sigstore/rekor	v1.3.6 -> v1.3.9
github.com/sigstore/sigstore	v1.8.10 -> v1.8.15
github.com/spf13/cobra	v1.8.1 -> v1.9.1
github.com/spf13/pflag	v1.0.5 -> v1.0.6
golang.org/x/crypto	v0.28.0 -> v0.33.0
golang.org/x/oauth2	v0.23.0 -> v0.26.0
golang.org/x/xerrors	v0.0.0-20231012003039-104605ab7028 -> v0.0.0-20240716161551-93cc26a95ae9
google.golang.org/protobuf	v1.35.1 -> v1.36.5
cloud.google.com/go/auth	v0.9.5 -> v0.14.1
cloud.google.com/go/auth/oauth2adapt	v0.2.4 -> v0.2.7
github.com/aws/aws-sdk-go-v2	v1.31.0 -> v1.36.1
github.com/aws/aws-sdk-go-v2/config	v1.27.37 -> v1.29.6
github.com/aws/aws-sdk-go-v2/credentials	v1.17.35 -> v1.17.59
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	v1.16.14 -> v1.16.28
github.com/aws/aws-sdk-go-v2/internal/configsources	v1.3.18 -> v1.3.32
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	v2.6.18 -> v2.6.32
github.com/aws/aws-sdk-go-v2/internal/ini	v1.8.1 -> v1.8.2
github.com/aws/aws-sdk-go-v2/service/ecr	v1.28.5 -> v1.40.3
github.com/aws/aws-sdk-go-v2/service/ecrpublic	v1.23.10 -> v1.31.2
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	v1.11.5 -> v1.12.2
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	v1.11.20 -> v1.12.13
github.com/aws/aws-sdk-go-v2/service/sso	v1.23.1 -> v1.24.15
github.com/aws/aws-sdk-go-v2/service/ssooidc	v1.27.1 -> v1.28.14
github.com/aws/aws-sdk-go-v2/service/sts	v1.31.1 -> v1.33.14
github.com/buildkite/agent/v3	v3.81.0 -> v3.92.1
github.com/buildkite/go-pipeline	v0.13.1 -> v0.13.3
github.com/buildkite/interpolate	v0.1.3 -> v0.1.5
github.com/buildkite/roko	v1.2.0 -> v1.3.1
github.com/containerd/stargz-snapshotter/estargz	v0.15.1 -> v0.16.3
github.com/cpuguy83/go-md2man/v2	v2.0.4 -> v2.0.6
github.com/docker/cli	v27.1.1+incompatible -> v27.5.0+incompatible
github.com/fsnotify/fsnotify	v1.7.0 -> v1.8.0
github.com/golang-jwt/jwt/v4	v4.5.0 -> v4.5.1
github.com/google/certificate-transparency-go	v1.2.1 -> v1.3.1
github.com/google/go-containerregistry	v0.20.2 -> v0.20.3
github.com/google/s2a-go	v0.1.8 -> v0.1.9
github.com/google/trillian	v1.6.0 -> v1.7.1
github.com/jmespath/go-jmespath	v0.4.0 -> v0.4.1-0.20220621161143-b0104c826a24
github.com/klauspost/compress	v1.17.9 -> v1.17.11
github.com/magiconair/properties	v1.8.7 -> v1.8.9
github.com/mitchellh/mapstructure	v1.5.0 -> v1.5.1-0.20231216201459-8508981c8b6c
github.com/pelletier/go-toml/v2	v2.2.2 -> v2.2.3
github.com/spiffe/go-spiffe/v2	v2.4.0 -> v2.5.0
github.com/vbatts/tar-split	v0.11.5 -> v0.11.6
github.com/zeebo/errs	v1.3.0 -> v1.4.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	v0.55.0 -> v0.59.0
go.opentelemetry.io/otel	v1.30.0 -> v1.34.0
go.opentelemetry.io/otel/metric	v1.30.0 -> v1.34.0
go.opentelemetry.io/otel/trace	v1.30.0 -> v1.34.0
go.step.sm/crypto	v0.53.0 -> v0.57.0
golang.org/x/exp	v0.0.0-20240909161429-701f63a606c0 -> v0.0.0-20241108190413-2d47ceb2692f
golang.org/x/mod	v0.21.0 -> v0.22.0
golang.org/x/net	v0.29.0 -> v0.35.0
golang.org/x/sync	v0.8.0 -> v0.11.0
golang.org/x/sys	v0.26.0 -> v0.30.0
golang.org/x/term	v0.25.0 -> v0.29.0
golang.org/x/text	v0.19.0 -> v0.22.0
golang.org/x/time	v0.6.0 -> v0.10.0
google.golang.org/api	v0.199.0 -> v0.221.0
google.golang.org/genproto/googleapis/api	v0.0.0-20240903143218-8af14fe29dc1 -> v0.0.0-20250115164207-1a7da9e5054f
google.golang.org/genproto/googleapis/rpc	v0.0.0-20240903143218-8af14fe29dc1 -> v0.0.0-20250207221924-e9438ea467c6
google.golang.org/grpc	v1.67.1 -> v1.70.0
k8s.io/klog/v2	v2.130.0 -> v2.130.1
sigs.k8s.io/release-utils	v0.8.5 -> v0.11.0

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: red-hat-konflux[bot]

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment