Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.0.4 to 1.1.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](https://github.com/ossf/scorecard-action/compare/c1aec4ac820532bab364f02a81873c555a0ba3a1...5c8bc69dc88b65c66584e07611df79d3579b0377

)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* store attestations by digest instead of by UUID

Signed-off-by: Bob Callaway <bcallaway@google.com>

* fix typo

Signed-off-by: Bob Callaway <bcallaway@google.com>

* remove github.com/pkg/errors

Signed-off-by: Bob Callaway <bcallaway@google.com>

* Bump google-github-actions/auth from 0.7.3 to 0.8.0

Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 0.7.3 to 0.8.0.
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google-github-actions/auth/compare/81012c2689e66f7f020ed6d8ab43596a0f8b503a...ceee102ec2387dd9e844e01b530ccd4ec87ce955

)

---
updated-dependencies:
- dependency-name: google-github-actions/auth
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/39e692fa323107ef86d8fdac0067ce647f239bd7...a9c83d3af6b9031e20feba03b904645bb23d1dab

)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump goreleaser/goreleaser-action from 2.9.1 to 3

Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 2.9.1 to 3.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/b953231f81b8dfd023c58e0854a721e35037f28b...68acf3b1adf004ac9c2f0a4259e85c5f66e99bef

)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/6673cd052c4cd6fcf4b4e6e60ea986c889389535...3cea5372237819ed00197afe530f5a7ea3e805c8

)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* all: remove dependency on deprecated github.com/pkg/errors

$ pkgerrors -fix ./...
$ goimports -w .

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

* all: fix missing convert

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

* pkg/types/hashedrekord: fix lint sugggestion

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

* go.mod: go mod tidy

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

* pkg/types/hashedrekord: fix unconverted by pkgerrors

Signed-off-by: Koichi Shiraishi <zchee.io@gmail.com>

Accidentally deleted in previous PR

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 0.7.2 to 0.7.3.
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google-github-actions/auth/compare/dafc92490a98acbdec38e6eb649f05d55e632447...81012c2689e66f7f020ed6d8ab43596a0f8b503a

)

---
updated-dependencies:
- dependency-name: google-github-actions/auth
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

See #812 for more discussion.

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.10 to 2.1.11.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/2f58583a1b24a7d3c7034f6bf9fa506d23b1183b...a3a6c128d771b6b9bdebb1c9d0583ebd2728a108

)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 0.7.1 to 0.7.2.
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google-github-actions/auth/compare/b258a9f230b36c9fa86dfaa43d1906bd76399edb...dafc92490a98acbdec38e6eb649f05d55e632447

)

---
updated-dependencies:
- dependency-name: google-github-actions/auth
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.46.0 to 1.46.2.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.46.0...v1.46.2

)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 3f943b86c9a289f4e632c632695e2e0898d9d67d to 1. This release includes the previously tagged commit.
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/3f943b86c9a289f4e632c632695e2e0898d9d67d...39e692fa323107ef86d8fdac0067ce647f239bd7

)

---
updated-dependencies:
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/github-script](https://github.com/actions/github-script) from 6.0.0 to 6.1.0.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/9ac08808f993958e9de277fe43a64532a609130e...7a5c598405937d486b0331594b5da2b14db670da

)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

This closes a vector for denial of service.

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.12.1 to 1.12.2.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/v1.12.2/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.12.1...v1.12.2

)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: cpanato <ctadeu@gmail.com>

Bumps [github.com/google/trillian](https://github.com/google/trillian) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/google/trillian/releases)
- [Changelog](https://github.com/google/trillian/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/trillian/compare/v1.4.0...v1.4.1

)

---
updated-dependencies:
- dependency-name: github.com/google/trillian
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/google/trillian](https://github.com/google/trillian) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/google/trillian/releases)
- [Changelog](https://github.com/google/trillian/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/trillian/compare/v1.4.0...v1.4.1

)

---
updated-dependencies:
- dependency-name: github.com/google/trillian
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump actions/setup-go from 3.0.0 to 3.1.0

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/f6164bd8c8acb4a71fb2791a8b6c4024ff038dab...fcdc43634adb5f7ae75a9d7a9b9361790f7293e2

)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comments

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 03e2e3c45f9f937ffe65a1caa4c9960d420a31f9 to 2.1.10. This release includes the previously tagged commit.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/03e2e3c45f9f937ffe65a1caa4c9960d420a31f9...2f58583a1b24a7d3c7034f6bf9fa506d23b1183b

)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: cpanato <ctadeu@gmail.com>

* Bump golangci/golangci-lint-action from 3.1.0 to 3.2.0

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/b517f99ae23d86ecc4c0dec08dcf48d2336abc29...537aa1903e5d359d0b27dbc19ddd22c5087f3fbc

)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment and bump golangci-lint version

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* Bump github/codeql-action from 2.1.9 to 2.1.10

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.9 to 2.1.10.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/7502d6e991ca767d2db617bfd823a1ed925a0d59...03e2e3c45f9f937ffe65a1caa4c9960d420a31f9

)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* Get sharding details when configuring API

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* If tree length isn't provided then retrieve it

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.24.0 to 0.24.1.
- [Release notes](https://github.com/go-openapi/runtime/releases)
- [Commits](https://github.com/go-openapi/runtime/compare/v0.24.0...v0.24.1

)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/go-openapi/spec](https://github.com/go-openapi/spec) from 0.20.5 to 0.20.6.
- [Release notes](https://github.com/go-openapi/spec/releases)
- [Commits](https://github.com/go-openapi/spec/compare/v0.20.5...v0.20.6

)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/spec
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Asra Ali <asraa@google.com>

Bumps [github.com/go-playground/validator/v10](https://github.com/go-playground/validator) from 10.10.1 to 10.11.0.
- [Release notes](https://github.com/go-playground/validator/releases)
- [Commits](https://github.com/go-playground/validator/compare/v10.10.1...v10.11.0

)

---
updated-dependencies:
- dependency-name: github.com/go-playground/validator/v10
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

> Dependency Review GitHub Action in your repository to enforce dependency reviews on your pull requests.
> The action scans for vulnerable versions of dependencies introduced by package version changes in pull requests,
> and warns you about the associated security vulnerabilities.
> This gives you better visibility of what's changing in a pull request,
> and helps prevent vulnerabilities being added to your repository.

https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement


Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>

Bumps [github.com/go-openapi/runtime](https://github.com/go-openapi/runtime) from 0.23.3 to 0.24.0.
- [Release notes](https://github.com/go-openapi/runtime/releases)
- [Commits](https://github.com/go-openapi/runtime/compare/v0.23.3...v0.24.0

)

---
updated-dependencies:
- dependency-name: github.com/go-openapi/runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* add rekor index on materials

Signed-off-by: Asra Ali <asraa@google.com>

* update

Signed-off-by: Asra Ali <asraa@google.com>

* update

Signed-off-by: Asra Ali <asraa@google.com>

Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.7 to 0.5.8.
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](https://github.com/google/go-cmp/compare/v0.5.7...v0.5.8

)

---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump sigstore/cosign-installer from 2.2.1 to 2.3.0

Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.2.1 to 2.3.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/bb61838e7ee5bf314f85f2e219b3706835fa6306...536b37ec5d5b543420bdfd9b744c5965bd4d8730

)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* Bump github/codeql-action from 2.1.8 to 2.1.9

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.8 to 2.1.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/1ed1437484560351c5be56cf73a48a279d116b78...7502d6e991ca767d2db617bfd823a1ed925a0d59

)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.45.0 to 1.46.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.45.0...v1.46.0

)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump google-github-actions/auth from 0.7.0 to 0.7.1

Bumps [google-github-actions/auth](https://github.com/google-github-actions/auth) from 0.7.0 to 0.7.1.
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google-github-actions/auth/compare/50dbfd0907520dcccbd51e965728eb32e592b8fa...b258a9f230b36c9fa86dfaa43d1906bd76399edb

)

---
updated-dependencies:
- dependency-name: google-github-actions/auth
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* update version comment

Signed-off-by: cpanato <ctadeu@gmail.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: cpanato <ctadeu@gmail.com>

* Bump actions/checkout from 3.0.1 to 3.0.2

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/dcd71f646680f2efd8db4afa5ad64fdcba30e748...2541b1294d2704b0964813337f33b291d3f8596b

)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* add version comment

Signed-off-by: Asra Ali <asraa@google.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Asra Ali <asraa@google.com>