build(deps): bump github.com/sigstore/cosign/v2 from 2.5.0 to 2.5.1

[dependabot]

Bumps github.com/sigstore/cosign/v2 from 2.5.0 to 2.5.1.

Release notes

Sourced from github.com/sigstore/cosign/v2's releases.

v2.5.1

Features

• Add Rekor v2 support for trusted-root create (#4242)
• Add baseUrl and Uri to trusted-root create command
• Upgrade to TUF v2 client with trusted root
• Don't verify SCT for a private PKI cert (#4225)
• Bump TSA library to relax EKU chain validation rules (#4219)

Bug Fixes

• Bump sigstore-go to pick up log index=0 fix (#4162)
• remove unused recursive flag on attest command (#4187)

Docs

• Fix indentation in verify-blob cmd examples (#4160)

Releases

• ensure we copy the latest tags on each release (#4157)

Changelog

Sourced from github.com/sigstore/cosign/v2's changelog.

v2.5.1

Features

• Add Rekor v2 support for trusted-root create (#4242)
• Add baseUrl and Uri to trusted-root create command
• Upgrade to TUF v2 client with trusted root
• Don't verify SCT for a private PKI cert (#4225)
• Bump TSA library to relax EKU chain validation rules (#4219)

Bug Fixes

• Bump sigstore-go to pick up log index=0 fix (#4162)
• remove unused recursive flag on attest command (#4187)

Docs

• Fix indentation in verify-blob cmd examples (#4160)

Releases

• ensure we copy the latest tags on each release (#4157)

Contributors

• arthurus-rex
• Babak K. Shandiz
• Bob Callaway
• Carlos Tadeu Panato Junior
• Colleen Murphy
• Dmitry Savintsev
• Emmanuel Ferdman
• Hayden B
• Ville Skyttä

Commits

• a7345fb Add Rekor v2 support for trusted-root create (#4242)
• 3df894e Add baseUrl and Uri to trusted-root create command
• fb26ffd update builder to use go1.24.4 (#4241)
• 5b82c30 Bump to sigstore-go v1.0, fix lint errors (#4240)
• a8fb9ee chore(deps): bump github.com/open-policy-agent/opa from 1.4.2 to 1.5.1 (#4233)
• 8bbd493 chore(deps): bump k8s.io/client-go from 0.28.3 to 0.33.1 (#4235)
• 32a2d62 Upgrade to TUF v2 client with trusted root
• 95bec1a Run reusable dependency review workflow from main (#4239)
• 9b508f5 chore(deps): bump google.golang.org/api from 0.234.0 to 0.236.0 (#4236)
• 08c0240 chore(deps): bump gitlab.com/gitlab-org/api/client-go (#4231)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)