Bump dev.sigstore:sigstore-java from 1.0.0 to 1.1.0 in /maven-resolver-generator-sigstore

[dependabot]

Bumps dev.sigstore:sigstore-java from 1.0.0 to 1.1.0.

Release notes

Sourced from dev.sigstore:sigstore-java's releases.

v1.1.0

See CHANGELOG.md for more details.

What's Changed

• update versions after 1.0.0 by @​loosebazooka in sigstore/sigstore-java#800
• Update dependency org.eclipse.jetty:jetty-server to v11.0.24 by @​renovate in sigstore/sigstore-java#803
• Update gradle/actions action to v4.0.1 by @​renovate in sigstore/sigstore-java#804
• Update dependency com.google.errorprone:error_prone_core to v2.31.0 by @​renovate in sigstore/sigstore-java#805
• Update dependency com.google.http-client:google-http-client-bom to v1.45.0 by @​renovate in sigstore/sigstore-java#806
• Update sigstore/community digest to af27ecc by @​renovate in sigstore/sigstore-java#801
• Update dependency com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin to v1.2.2 by @​renovate in sigstore/sigstore-java#802
• Update dependency com.google.guava:guava to v33.3.1-jre by @​renovate in sigstore/sigstore-java#815
• Update actions/checkout action to v4.2.0 by @​renovate in sigstore/sigstore-java#818
• Update actions/setup-java action to v4.4.0 by @​renovate in sigstore/sigstore-java#819
• Update dependency com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin to v1.3.0 by @​renovate in sigstore/sigstore-java#821
• Update dependency org.apache.maven.plugins:maven-gpg-plugin to v3.2.7 by @​renovate in sigstore/sigstore-java#816
• Update protobuf_grpc by @​renovate in sigstore/sigstore-java#824
• Update gradle/actions action to v4.1.0 by @​renovate in sigstore/sigstore-java#823
• Update dependency org.mockito:mockito-bom to v5.14.1 by @​renovate in sigstore/sigstore-java#822
• Update sigstore/community digest to 95ef39c by @​renovate in sigstore/sigstore-java#814
• Update dependency org.junit:junit-bom to v5.11.1 by @​renovate in sigstore/sigstore-java#817
• Move known roles in TUF by @​loosebazooka in sigstore/sigstore-java#826
• Separate meta fetching from target fetching by @​loosebazooka in sigstore/sigstore-java#827
• Non inferred file names by @​loosebazooka in sigstore/sigstore-java#828
• Update actions/checkout action to v4.2.1 by @​renovate in sigstore/sigstore-java#830
• Update dependency org.junit:junit-bom to v5.11.2 by @​renovate in sigstore/sigstore-java#831
• Update dependency org.mockito:mockito-bom to v5.14.2 by @​renovate in sigstore/sigstore-java#832
• Update dependency de.thetaphi.forbiddenapis:de.thetaphi.forbiddenapis.gradle.plugin to v3.8 by @​renovate in sigstore/sigstore-java#833
• Update dependency org.junit:junit-bom to v5.11.3 by @​renovate in sigstore/sigstore-java#835
• Update dependency net.ltgt.errorprone:net.ltgt.errorprone.gradle.plugin to v4.1.0 by @​renovate in sigstore/sigstore-java#834
• Update sigstore/community digest to dcc3c01 by @​renovate in sigstore/sigstore-java#829
• Store meta state in memory by @​loosebazooka in sigstore/sigstore-java#836
• Update tuf updater api surface by @​loosebazooka in sigstore/sigstore-java#839
• More tuf updates for conformance by @​loosebazooka in sigstore/sigstore-java#840
• Start adding tuf conformance by @​loosebazooka in sigstore/sigstore-java#838
• Update protobuf_grpc by @​renovate in sigstore/sigstore-java#842
• Update softprops/action-gh-release action to v2.1.0 by @​renovate in sigstore/sigstore-java#844
• Update actions/setup-go action to v5.1.0 by @​renovate in sigstore/sigstore-java#845
• Update staging and public good embedded starter roots by @​loosebazooka in sigstore/sigstore-java#848
• Add tuf specific key/signature handlers by @​loosebazooka in sigstore/sigstore-java#847
• Use tuf verifiers in updater by @​loosebazooka in sigstore/sigstore-java#849
• Cleanup by @​loosebazooka in sigstore/sigstore-java#850
• Update actions/checkout action to v4.2.2 by @​renovate in sigstore/sigstore-java#843
• Cleanup keys parsing, caller specifies type by @​loosebazooka in sigstore/sigstore-java#851
• Handle targets with path elements by @​loosebazooka in sigstore/sigstore-java#853
• Fix test_duplicate_sig_keyids by @​loosebazooka in sigstore/sigstore-java#852
• Rekor Entries should be reconstructed and compared by @​loosebazooka in sigstore/sigstore-java#856

Full Changelog: sigstore/sigstore-java@v1.0.0...v1.1.0

Changelog

Sourced from dev.sigstore:sigstore-java's changelog.

[1.1.0] - 2024-11-22

Added

• Update sigstore tuf roots to v10 for staging and public-good sigstore/sigstore-java#848
• Tuf conformance tests for tuf client spec conformance sigstore/sigstore-java#838

Changed

• Allow tuf updater to fetch meta without downloading targets sigstore/sigstore-java#839
• Allow tuf targets and metadata to be stored and fetched separately sigstore/sigstore-java#827

Fixed

• Fix handling of tuf targets in subdirectories sigstore/sigstore-java#853
• Fix tuf spec conformance for valid but duplicate signatures on a role sigstore/sigstore-java#852
• Fix handling of rsa-pss and ed25519 signatures in tuf metadata sigstore/sigstore-java#849

Security

• Ensure log entries in sigstore bundles are entries that correspond to the verification material (signature, artifact, public-key) provided to the verifier. sigstore/sigstore-java#856

Commits

• 2e59559 Merge pull request #856 from sigstore/rekor_types
• 1dd557b Rekor Entry should be reconstructued to match
• b440f06 Merge pull request #852 from sigstore/fix_tuf_dup_keys
• 602aa10 Fix test_duplicate_sig_keyids
• ebacd54 Merge pull request #853 from sigstore/fix_tuf_target_paths
• f525b83 Merge pull request #851 from sigstore/cleanup2
• fe49ee8 Handle targets with path elements
• d2c5e09 Merge pull request #843 from sigstore/renovate/actions-checkout-4.x
• 6cda7dc Cleanup keys parsing, caller specifies type
• 7402c14 Merge pull request #850 from sigstore/cleanup
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #613.