Bump dev.sigstore:sigstore-java from 1.3.0 to 2.0.0

[dependabot]

Bumps dev.sigstore:sigstore-java from 1.3.0 to 2.0.0.

Release notes

Sourced from dev.sigstore:sigstore-java's releases.

v2.0.0

See CHANGELOG.md for more details.

v2.0.0-rc2

See CHANGELOG.md for more details.

What's Changed

• Updates after 2.0.0-rc1 release by @​loosebazooka in sigstore/sigstore-java#1050
• Update README.md by @​loosebazooka in sigstore/sigstore-java#1051
• Update google-github-actions/get-secretmanager-secrets action to v2.2.4 by @​renovate[bot] in sigstore/sigstore-java#1057
• Update dependency org.assertj:assertj-core to v3.27.4 by @​renovate[bot] in sigstore/sigstore-java#1056
• Update dependency com.github.autostyle:com.github.autostyle.gradle.plugin to v4.0.1 by @​renovate[bot] in sigstore/sigstore-java#1054
• Update sigstore/community digest to ff42fd8 by @​renovate[bot] in sigstore/sigstore-java#1053
• Update dependency com.gradleup.nmcp:com.gradleup.nmcp.gradle.plugin to v1.0.3 by @​renovate[bot] in sigstore/sigstore-java#1055
• Update google-github-actions/auth digest to dac4e13 by @​renovate[bot] in sigstore/sigstore-java#1052
• Group gradleup.nmcp in renovate.json by @​loosebazooka in sigstore/sigstore-java#1058
• Update conformance with new xfail by @​loosebazooka in sigstore/sigstore-java#1060
• tuf Updater: fix snapshot version rollback case by @​jku in sigstore/sigstore-java#1061
• cli: Add working directory and enable Rekor v2 by @​aaronlew02 in sigstore/sigstore-java#1062
• Use HTTP server for TUF conformance testing by @​aaronlew02 in sigstore/sigstore-java#1045
• ref: Simplify hashedrekord and DSSE parsing exceptions by @​aaronlew02 in sigstore/sigstore-java#1064
• fix: Reject unsupported DSSE version by @​aaronlew02 in sigstore/sigstore-java#1063
• Fix userAgent string in requests by @​loosebazooka in sigstore/sigstore-java#1066
• Add Rekor v2 types to RekorTypes by @​aaronlew02 in sigstore/sigstore-java#1073
• Handle null inputs parsing rekor entry by @​loosebazooka in sigstore/sigstore-java#1074
• Catch json parse error from gson by @​loosebazooka in sigstore/sigstore-java#1075
• chore(deps): update sigstore/community digest to d7264e2 by @​renovate[bot] in sigstore/sigstore-java#1067
• chore(deps): update google-github-actions/auth action to v2.1.13 by @​renovate[bot] in sigstore/sigstore-java#1068
• chore(deps): update gradle/actions action to v4.4.3 by @​renovate[bot] in sigstore/sigstore-java#1070
• chore(deps): update google-github-actions/get-secretmanager-secrets action to v2.2.5 by @​renovate[bot] in sigstore/sigstore-java#1069
• chore(deps): update sigstore/sigstore-conformance action to v0.0.20 by @​renovate[bot] in sigstore/sigstore-java#1071
• fix(deps): update jetty monorepo to v11.0.26 - autoclosed by @​renovate[bot] in sigstore/sigstore-java#1072
• chore(deps): update sigstore/sigstore-conformance action to v0.0.21 by @​renovate[bot] in sigstore/sigstore-java#1078
• chore(deps): update sigstore/community digest to f539f57 by @​renovate[bot] in sigstore/sigstore-java#1077
• fix(deps): update dependency com.google.code.gson:gson to v2.13.2 by @​renovate[bot] in sigstore/sigstore-java#1079
• fix(deps): update dependency org.assertj:assertj-core to v3.27.6 by @​renovate[bot] in sigstore/sigstore-java#1080
• chore(deps): update actions/checkout action to v4.3.0 by @​renovate[bot] in sigstore/sigstore-java#1081
• chore(deps): update dependency go to 1.25.x by @​renovate[bot] in sigstore/sigstore-java#1082
• remove oidc config from gradle plugin by @​loosebazooka in sigstore/sigstore-java#1076
• fix(deps): update dependency com.google.guava:guava to v33.5.0-jre by @​renovate[bot] in sigstore/sigstore-java#1090
• fix(deps): update dependency com.google.errorprone:error_prone_core to v2.42.0 by @​renovate[bot] in sigstore/sigstore-java#1089
• fix(deps): update bouncycastle to v1.82 by @​renovate[bot] in sigstore/sigstore-java#1087
• chore(deps): update sigstore/community digest to f09be1d by @​renovate[bot] in sigstore/sigstore-java#1085
• chore(deps): update gradle/actions action to v4.4.4 by @​renovate[bot] in sigstore/sigstore-java#1086
• fix(deps): update dependency com.code-intelligence:jazzer-api to v0.26.0 by @​renovate[bot] in sigstore/sigstore-java#1088

New Contributors

• @​jku made their first contribution in sigstore/sigstore-java#1061

Full Changelog: sigstore/sigstore-java@v2.0.0-rc1...v2.0.0-rc2

... (truncated)

Changelog

Sourced from dev.sigstore:sigstore-java's changelog.

Changelog

All notable changes to sigstore-java will be documented in this file.

The format is based on Keep a Changelog.

All versions prior to 1.0.0 are untracked

[Unreleased]

[2.0.0-rc2] - 2025-10-21

Fixed

• Fix TUF snapshot version rollback case: sigstore/sigstore-java#1061
• Fix userAgent string in requests: sigstore/sigstore-java#1066
• Handle parsing/format failures: sigstore/sigstore-java#1063, sigstore/sigstore-java#1064, sigstore/sigstore-java#1073, sigstore/sigstore-java#1074, sigstore/sigstore-java#1075

Changed

• Remove oidc config from gradle plugin: sigstore/sigstore-java#1076

[2.0.0-rc1] - 2025-08-14

Added

• Add support for rekor v2 logs sigstore/sigstore-java#990, sigstore/sigstore-java#1016, sigstore/sigstore-java#1017, sigstore/sigstore-java#1008, sigstore/sigstore-java#1031, sigstore/sigstore-java#1040
• Add support for timestamps sigstore/sigstore-java#960, sigstore/sigstore-java#975, sigstore/sigstore-java#977, sigstore/sigstore-java#978, sigstore/sigstore-java#979
• Library support for token string auth sigstore/sigstore-java#925
• ED25519 support in trusted_root sigstore/sigstore-java#983

Fixed

• Fixed windows support sigstore/sigstore-java#974
• Parsing json with unknown fields sigstore/sigstore-java#966

Changed

• Users can no longer specify signer object in KeylessSigner, use Algorithm Registry instead sigstore/sigstore-java#1027
• Users with custom sigstore infrastructure deployments must specify a SigningConfig to configure the KeylessSigner, individual urls for infrastructure pieces are removed sigstore/sigstore-java#956, sigstore/sigstore-java#965, sigstore/sigstore-java#981

Commits

• 411721f Merge pull request #1117 from sigstore/prep200
• 735ab10 Prepare for 2.0.0
• 69cbe67 Merge pull request #1010 from sigstore/renovate/maven
• f90015d Merge pull request #1115 from sigstore/fix-funky-exception
• b81ab3e Wrap json operations for checked exceptions
• e2f2f2b Merge pull request #1114 from sigstore/maven-badge
• 0ffa58e docs: Update Maven Central badge URL in README
• da48db2 Merge pull request #1109 from jku/run-tuf-conformance-in-parallel
• 6c19413 workflows: Run conformance in parallel
• 11c2d22 Merge pull request #1111 from sigstore/jetty-12
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[cstamas]

@dependabot rebase

[dependabot]

Looks like dev.sigstore:sigstore-java is up-to-date now, so this is no longer needed.