Signed-off-by: Lily Sturmann <lsturman@redhat.com>

Signed-off-by: Andrew Block <andy.block@gmail.com>

The modtime setting was missing that was required for making goreleaser builds consistent.

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.20.0 to 0.21.0.
- [Release notes](https://github.com/go-openapi/runtime/releases)
- [Commits](https://github.com/go-openapi/runtime/compare/v0.20.0...v0.21.0

)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Jason Hall <jasonhall@redhat.com>

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>

Included -trimpath flag for able to have reproducible builds.

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

The CryptoPubKey function only returned the key value, but we should
retrieve it from the cert if set. This fixes the rest of #918.

Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>

Bumps [github.com/in-toto/in-toto-golang](https://github.com/in-toto/in-toto-golang) from 0.3.2 to 0.3.3.
- [Release notes](https://github.com/in-toto/in-toto-golang/releases)
- [Changelog](https://github.com/in-toto/in-toto-golang/blob/master/CHANGELOG.md)
- [Commits](https://github.com/in-toto/in-toto-golang/compare/v0.3.2...v0.3.3

)

---
updated-dependencies:
- dependency-name: github.com/in-toto/in-toto-golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/checkout](https://github.com/actions/checkout) from 2.3.4 to 2.3.5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2.3.4...v2.3.5

)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/mediocregopher/radix/v4](https://github.com/mediocregopher/radix) from 4.0.0-beta.1 to 4.0.0.
- [Release notes](https://github.com/mediocregopher/radix/releases)
- [Changelog](https://github.com/mediocregopher/radix/blob/v4.0.0/CHANGELOG.md)
- [Commits](https://github.com/mediocregopher/radix/compare/v4.0.0-beta.1...v4.0.0

)

---
updated-dependencies:
- dependency-name: github.com/mediocregopher/radix/v4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.19.31 to 0.20.0.
- [Release notes](https://github.com/go-openapi/runtime/releases)
- [Commits](https://github.com/go-openapi/runtime/compare/v0.19.31...v0.20.0

)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/go-openapi/spec](https://github.com/go-openapi/spec) from 0.20.3 to 0.20.4.
- [Release notes](https://github.com/go-openapi/spec/releases)
- [Commits](https://github.com/go-openapi/spec/compare/v0.20.3...v0.20.4

)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/spec
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>

Bumps [github.com/go-openapi/validate](https://github.com/go-openapi/validate) from 0.20.2 to 0.20.3.
- [Release notes](https://github.com/go-openapi/validate/releases)
- [Commits](https://github.com/go-openapi/validate/compare/v0.20.2...v0.20.3

)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/validate
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/go-openapi/strfmt](https://github.com/go-openapi/strfmt) from 0.20.2 to 0.20.3.
- [Release notes](https://github.com/go-openapi/strfmt/releases)
- [Commits](https://github.com/go-openapi/strfmt/compare/v0.20.2...v0.20.3

)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/strfmt
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/go-openapi/loads](https://github.com/go-openapi/loads) from 0.20.2 to 0.20.3.
- [Release notes](https://github.com/go-openapi/loads/releases)
- [Commits](https://github.com/go-openapi/loads/compare/v0.20.2...v0.20.3

)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/loads
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: axel simon <git@axelsimon.net>

Bumps golang from 1.17.1 to 1.17.2.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Asra Ali <asraa@google.com>

* update go tuf for rsa key impl

Signed-off-by: Asra Ali <asraa@google.com>

* fix

Signed-off-by: Asra Ali <asraa@google.com>

Each of the supported types has a Canonicalize() method that generates a
JSON representation of the entry. If the golang library were to make a
change to the order of keys when marshalling an object, it would cause
a duplicate entry in the log for a semantically equivalent object.

This change simply transforms the JSON into RFC8785-compliant
canonicalized JSON protecting against any changes in JSON libraries
going forward.

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

1. Switch DSSE provider to go-securesystemslib
2. Update in-toto and use newly renamed SLSA provenance predicate

Signed-off-by: Aditya Sirish <aditya@saky.in>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.40.0 to 1.41.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.40.0...v1.41.0

)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [golang.org/x/mod](https://github.com/golang/mod) from 0.5.0 to 0.5.1.
- [Release notes](https://github.com/golang/mod/releases)
- [Commits](https://github.com/golang/mod/compare/v0.5.0...v0.5.1

)

---
updated-dependencies:
- dependency-name: golang.org/x/mod
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.8.1 to 1.9.0.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.8.1...v1.9.0

)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Dan Luhring <dan.luhring@anchore.com>

This is part of the temporal sharding work. The flag is not
hooked up anywhere yet.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

Bumps [gopkg.in/ini.v1](https://github.com/go-ini/ini) from 1.63.0 to 1.63.2.
- [Release notes](https://github.com/go-ini/ini/releases)
- [Commits](https://github.com/go-ini/ini/compare/v1.63.0...v1.63.2

)

---
updated-dependencies:
- dependency-name: gopkg.in/ini.v1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/mitchellh/mapstructure](https://github.com/mitchellh/mapstructure) from 1.4.1 to 1.4.2.
- [Release notes](https://github.com/mitchellh/mapstructure/releases)
- [Changelog](https://github.com/mitchellh/mapstructure/blob/master/CHANGELOG.md)
- [Commits](https://github.com/mitchellh/mapstructure/compare/v1.4.1...v1.4.2

)

---
updated-dependencies:
- dependency-name: github.com/mitchellh/mapstructure
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Also suppresses a new warning about the pgp deprecation.

Replaces #427.

Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>
Signed-off-by: Dan Lorenc <dlorenc@google.com>

This is in preparation for supporting multiple logIDs (for sharding).

Signed-off-by: Dan Lorenc <dlorenc@google.com>

Bumps golang from 1.17.0 to 1.17.1.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.19.0 to 1.19.1.
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uber-go/zap/compare/v1.19.0...v1.19.1

)

---
updated-dependencies:
- dependency-name: go.uber.org/zap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [gopkg.in/ini.v1](https://github.com/go-ini/ini) from 1.62.0 to 1.63.0.
- [Release notes](https://github.com/go-ini/ini/releases)
- [Commits](https://github.com/go-ini/ini/compare/v1.62.0...v1.63.0

)

---
updated-dependencies:
- dependency-name: gopkg.in/ini.v1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

We get flooded with scapers so it makes it hard to find real errors in our logs.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.19.30 to 0.19.31.
- [Release notes](https://github.com/go-openapi/runtime/releases)
- [Commits](https://github.com/go-openapi/runtime/compare/v0.19.30...v0.19.31

)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>