community/cosign: upgrade to 1.10.0
https://github.com/sigstore/cosign/releases/tag/v1.10.0
Enhancements
- Add env subcommand. (#2051)
- feat: cert-extensions verify (#1626)
- sign-blob: bundle should work independently (#2016)
- Add --oidc-provider flag to specify which provider to use for ambient credentials (#1998)
- Use pkg/fulcioroots and pkg/tuf from sigstore/sigstore (#1866)
- Add --platform flag to cosign sbom download (#1975)
- Route deprectated -version to subcommand (#1854)
- Add cyclonedx predicate type for attestations (#1977)
- Updated Azure kms commands. (#1972)
- Add spdxjson predicate type for attestations (#1974)
- Drop tuf client dependency on GCS client library (#1967)
- feat(fulcioroots): singleton error pattern (#1965)
- tuf: improve TUF client concurrency and caching (#1953)
- Separate RegExp matching of issuer/subject from strict (#1956)
Documention
- update design doc link (#2077)
- specs: fix list formatting on SIGNATURE_SPEC (#2030)
- public-key: fix command description (#2024)
- docs(readme): add installation steps for container image for cosign binary (#1986)
- Add Cloudsmith Container Registry to tested registry list (#1966)
Bug Fixes
- Fix OIDC test (#2050)
- Use cosign.ConfirmPrompt more consistently (#2039)
- chore: add note about SIGSTORE_REKOR_PUBLIC_KEY (#2040)
- Fix #1378 create new attestation signature in replace mode if not existent (#2014)
- encrypt values to create the github action secret (#1990)
- fix/update post build job (#1983)
- fix typos (#1982)
Edited by Patrycja Rosa