* Bump sigstore/cosign-installer from 2.3.0 to 2.4.0

Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/536b37ec5d5b543420bdfd9b744c5965bd4d8730...7e0881f8fe90b25e305bbf0309761e9314607e25

)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* updatge version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

Signed-off-by: cpanato <ctadeu@gmail.com>

* Print total tree size, including inactive shards

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* Rename TreeSize to ActiveTreeSize

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* Allow retrieving entryIDs or UUIDs

Fixes a bug where only 64 char UUIDs were allowed. Also adds in an integration test.

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* Confirm there are two entries returned in sharding e2e test

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* Fix regex

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* Code review comments

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* Bump github.com/spf13/viper from 1.11.0 to 1.12.0

Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.11.0 to 1.12.0.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.11.0...v1.12.0

)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update cloud.google.com/go/storage / cloud.google.com/go/iam

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

Bumps [github.com/go-openapi/validate](https://github.com/go-openapi/validate) from 0.21.0 to 0.22.0.
- [Release notes](https://github.com/go-openapi/validate/releases)
- [Commits](https://github.com/go-openapi/validate/compare/v0.21.0...v0.22.0

)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/validate
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

ED25519 signatures are not supported with the hashedrekord type, though they are
supported with rekord. The reason is that ED25519 computes the digest as part of
its algorithm, so the original artifact is needed to verify a signature.

The previous error message was very unclear, complaining about a nil
message.

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

Signed-off-by: cpanato <ctadeu@gmail.com>

Signed-off-by: cpanato <ctadeu@gmail.com>

* Bump github/codeql-action from 2.1.11 to 2.1.12

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.11 to 2.1.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/a3a6c128d771b6b9bdebb1c9d0583ebd2728a108...27ea8f8fe5977c00f5b37e076ab846c5bd783b96

)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* Bump ossf/scorecard-action from 1.1.0 to 1.1.1

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](https://github.com/ossf/scorecard-action/compare/5c8bc69dc88b65c66584e07611df79d3579b0377...3e15ea8318eee9b333819ec77a36aca8d39df13e

)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.46.2 to 1.47.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.46.2...v1.47.0

)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/secure-systems-lab/go-securesystemslib](https://github.com/secure-systems-lab/go-securesystemslib) from 0.3.1 to 0.4.0.
- [Release notes](https://github.com/secure-systems-lab/go-securesystemslib/releases)
- [Commits](https://github.com/secure-systems-lab/go-securesystemslib/compare/v0.3.1...v0.4.0

)

---
updated-dependencies:
- dependency-name: github.com/secure-systems-lab/go-securesystemslib
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

This way the e2e tests can be run again production to make sure it's running as expected. This will be useful for the upcoming cluster migration.

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

Bumps [gopkg.in/ini.v1](https://github.com/go-ini/ini) from 1.66.5 to 1.66.6.
- [Release notes](https://github.com/go-ini/ini/releases)
- [Commits](https://github.com/go-ini/ini/compare/v1.66.5...v1.66.6

)

---
updated-dependencies:
- dependency-name: gopkg.in/ini.v1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update go-tuf and sigstore/sigstore to non-vulnerable go-tuf version.

Signed-off-by: Daniel Haus <dhaus@redhat.com>

* Fix build issue.

Signed-off-by: Daniel Haus <dhaus@redhat.com>

Bumps [gopkg.in/ini.v1](https://github.com/go-ini/ini) from 1.66.4 to 1.66.5.
- [Release notes](https://github.com/go-ini/ini/releases)
- [Commits](https://github.com/go-ini/ini/compare/v1.66.4...v1.66.5

)

---
updated-dependencies:
- dependency-name: gopkg.in/ini.v1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* add changelog for 0.7.0 release

Signed-off-by: cpanato <ctadeu@gmail.com>

* update changelog

Signed-off-by: cpanato <ctadeu@gmail.com>

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/fcdc43634adb5f7ae75a9d7a9b9361790f7293e2...b22fbbc2921299758641fab08929b4ac52b32923

)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.0.4 to 1.1.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](https://github.com/ossf/scorecard-action/compare/c1aec4ac820532bab364f02a81873c555a0ba3a1...5c8bc69dc88b65c66584e07611df79d3579b0377

)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* store attestations by digest instead of by UUID

Signed-off-by: Bob Callaway <bcallaway@google.com>

* fix typo

Signed-off-by: Bob Callaway <bcallaway@google.com>

* remove github.com/pkg/errors

Signed-off-by: Bob Callaway <bcallaway@google.com>

* Bump google-github-actions/auth from 0.7.3 to 0.8.0

Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 0.7.3 to 0.8.0.
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google-github-actions/auth/compare/81012c2689e66f7f020ed6d8ab43596a0f8b503a...ceee102ec2387dd9e844e01b530ccd4ec87ce955

)

---
updated-dependencies:
- dependency-name: google-github-actions/auth
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/39e692fa323107ef86d8fdac0067ce647f239bd7...a9c83d3af6b9031e20feba03b904645bb23d1dab

)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump goreleaser/goreleaser-action from 2.9.1 to 3

Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 2.9.1 to 3.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/b953231f81b8dfd023c58e0854a721e35037f28b...68acf3b1adf004ac9c2f0a4259e85c5f66e99bef

)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/6673cd052c4cd6fcf4b4e6e60ea986c889389535...3cea5372237819ed00197afe530f5a7ea3e805c8

)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* all: remove dependency on deprecated github.com/pkg/errors

$ pkgerrors -fix ./...
$ goimports -w .

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

* all: fix missing convert

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

* pkg/types/hashedrekord: fix lint sugggestion

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

* go.mod: go mod tidy

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

* pkg/types/hashedrekord: fix unconverted by pkgerrors

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

Accidentally deleted in previous PR

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 0.7.2 to 0.7.3.
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google-github-actions/auth/compare/dafc92490a98acbdec38e6eb649f05d55e632447...81012c2689e66f7f020ed6d8ab43596a0f8b503a

)

---
updated-dependencies:
- dependency-name: google-github-actions/auth
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

See #812 for more discussion.

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.10 to 2.1.11.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/2f58583a1b24a7d3c7034f6bf9fa506d23b1183b...a3a6c128d771b6b9bdebb1c9d0583ebd2728a108

)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 0.7.1 to 0.7.2.
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google-github-actions/auth/compare/b258a9f230b36c9fa86dfaa43d1906bd76399edb...dafc92490a98acbdec38e6eb649f05d55e632447

)

---
updated-dependencies:
- dependency-name: google-github-actions/auth
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.46.0 to 1.46.2.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.46.0...v1.46.2

)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3f943b86c9a289f4e632c632695e2e0898d9d67d to 1. This release includes the previously tagged commit.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/3f943b86c9a289f4e632c632695e2e0898d9d67d...39e692fa323107ef86d8fdac0067ce647f239bd7

)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/github-script](https://github.com/actions/github-script) from 6.0.0 to 6.1.0.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/9ac08808f993958e9de277fe43a64532a609130e...7a5c598405937d486b0331594b5da2b14db670da

)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

This closes a vector for denial of service.

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.12.1 to 1.12.2.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/v1.12.2/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.12.1...v1.12.2

)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: cpanato <ctadeu@gmail.com>

Bumps [github.com/google/trillian](https://github.com/google/trillian) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/google/trillian/releases)
- [Changelog](https://github.com/google/trillian/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/trillian/compare/v1.4.0...v1.4.1

)

---
updated-dependencies:
- dependency-name: github.com/google/trillian
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/google/trillian](https://github.com/google/trillian) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/google/trillian/releases)
- [Changelog](https://github.com/google/trillian/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/trillian/compare/v1.4.0...v1.4.1

)

---
updated-dependencies:
- dependency-name: github.com/google/trillian
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump actions/setup-go from 3.0.0 to 3.1.0

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/f6164bd8c8acb4a71fb2791a8b6c4024ff038dab...fcdc43634adb5f7ae75a9d7a9b9361790f7293e2

)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comments

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>