fix(deps): update module github.com/sigstore/rekor to v1.3.2

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
github.com/sigstore/rekor	require	minor	v1.2.2 -> v1.3.2

---

Release Notes

sigstore/rekor (github.com/sigstore/rekor)

v1.3.2

Compare Source

• move to go 1.21.3 to pick up fixes for CVE-2023-39325

Bug Fixes

• build(deps): Bump golang.org/x/net from 0.16.0 to 0.17.0 (#​1753)
• build(deps): Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#​1755)
• build(deps): Bump google/cloud-sdk from 449.0.0 to 450.0.0 (#​1757)
• build(deps): Bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#​1754)
• update Dockerfile for go 1.21.3 (#​1752)
• update builder image to use go1.21.3 (#​1751)

Contributors

• Carlos Tadeu Panato Junior

v1.3.1

Compare Source

New Features

• enable GCP cloud profiling on rekor-server (#​1746)
• move index storage into interface (#​1741)
• add info to readme to denote additional documentation sources (#​1722)
• Add type of ed25519 key for TUF (#​1677)
• Allow parsing base64-encoded TUF metadata and root content (#​1671)

Quality Enhancements

• disable quota in trillian in test harness (#​1680)

Bug Fixes

• Update contact for code of conduct (#​1720)
• fix: typo (#​1711)
• Fix panic when parsing SSH SK pubkeys (#​1712)
• Correct index creation (#​1708)
• Update .ko.yaml (#​1682)
• docs: fixzes a small typo on the readme (#​1686)
• chore: fix backfill-redis Makefile target (#​1685)

Contributors

• Andres Galante
• Andrew Block
• Appu
• Bob Callaway
• Carlos Tadeu Panato Junior
• guangwu
• Hayden B
• jonvnadelberg
• Lance Ball

v1.3.0

Compare Source

New Features

• feat: Support publishing new log entries to Pub/Sub topics (#​1580)
• Change values of Identity.Raw, add fingerprints (#​1628)
• Extract all subjects from SANs for x509 verifier (#​1632)
• Fix type comment for Identity struct (#​1619)
• Refactor Identities API (#​1611)
• Refactor Verifiers to return multiple keys (#​1601)

Quality Enhancements

• set min go version to 1.21 (#​1651)
• Upgrade to go1.21 (#​1636)

Bug Fixes

• Update openapi.yaml (#​1655)
• pass transient errors through retrieveLogEntry (#​1653)
• return full entryID on HTTP 409 responses (#​1650)
• Update checkpoint link (#​1597)
• Use correct log index in inclusion proof (#​1599)
• remove instrumentation library (#​1595)
• pki: clean up fuzzer (#​1594)
• alpine: add max metadata size to fuzzer (#​1571)

Contributors

• AdamKorcz
• Appu
• Bob Callaway
• Carlos Tadeu Panato Junior
• Ceridwen Coghlan
• Hayden B
• James Alseth

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[mtrmac]

Like #2100 (comment) , this modifies no code relevant to this library, but it would require a bump of minimum supported Go version to 1.21.

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (v1.3.2). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

[rhatdan]

Should we make the bump now, since Fedora 37 is going away?

[mtrmac]

https://packages.fedoraproject.org/pkgs/golang/golang-bin/ says F38 has Go 1.20, this would bump it all the way to 1.21.

(I do look forward to bumping to Go 1.20 for CutPrefix/CutSuffix, and I wouldn’t mind doing that now, but I don’t see that it would help with this dependency.)