chore: bump github.com/in-toto/go-witness from 0.6.0 to 0.7.0

[dependabot]

Bumps github.com/in-toto/go-witness from 0.6.0 to 0.7.0.

Release notes

Sourced from github.com/in-toto/go-witness's releases.

v0.7.0

What's Changed

• better concurrency support on Linux by @​joshdabosh in in-toto/go-witness#306
• improve SPDX and CycloneDX JSON SBOM format detection by @​joshdabosh in in-toto/go-witness#322
• fix: Passing kms provider options down to initialisation of functionaries by @​ChaosInTheCRD in in-toto/go-witness#292
• fix: golangci-lint failing due nil check by @​kairoaraujo in in-toto/go-witness#333
• add jenkins attestor by @​joshdabosh in in-toto/go-witness#323
• Adding functionality for dirhash in library by @​matglas in in-toto/go-witness#223
• test: add additional policy verification test by @​mikhailswift in in-toto/go-witness#341
• chore: Improve the git status speed. by @​matglas in in-toto/go-witness#359
• Test/more policy tests by @​mikhailswift in in-toto/go-witness#345
• address feedback from governance review by @​jkjell in in-toto/go-witness#394

New Contributors

• @​joshdabosh made their first contribution in in-toto/go-witness#306
• @​kairoaraujo made their first contribution in in-toto/go-witness#333

Full Changelog: in-toto/go-witness@v0.6.0...v0.7.0

Commits

• 42b2e21 chore: bump k8s.io/apimachinery from 0.30.6 to 0.30.7 (#390)
• 8d31979 chore: bump github/codeql-action from 3.27.4 to 3.27.6 (#395)
• 6c6360f chore: bump github.com/gabriel-vasile/mimetype from 1.4.6 to 1.4.7 (#389)
• 3eb6bd5 chore: bump actions/dependency-review-action from 4.4.0 to 4.5.0 (#392)
• c833c02 chore: bump step-security/harden-runner from 2.10.1 to 2.10.2 (#393)
• 7ae6a36 address feedback from governance review (#394)
• f96fb9c chore: bump github.com/sigstore/sigstore from 1.8.9 to 1.8.10 (#377)
• 0c3e426 chore: bump github/codeql-action from 3.27.0 to 3.27.4 (#388)
• c287314 chore: bump softprops/action-gh-release from 2.0.9 to 2.1.0 (#387)
• 63940cb chore: bump softprops/action-gh-release from 2.0.8 to 2.0.9 (#384)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)