chore(deps): update module github.com/sigstore/cosign/v2 to v2.5.1

[renovate-rancher]

This PR contains the following updates:

Package	Type	Update	Change
github.com/sigstore/cosign/v2	require	patch	v2.5.0 -> v2.5.1

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

sigstore/cosign (github.com/sigstore/cosign/v2)

v2.5.1

Compare Source

Features

• Add Rekor v2 support for trusted-root create (#​4242)
• Add baseUrl and Uri to trusted-root create command
• Upgrade to TUF v2 client with trusted root
• Don't verify SCT for a private PKI cert (#​4225)
• Bump TSA library to relax EKU chain validation rules (#​4219)

Bug Fixes

• Bump sigstore-go to pick up log index=0 fix (#​4162)
• remove unused recursive flag on attest command (#​4187)

Docs

• Fix indentation in verify-blob cmd examples (#​4160)

Releases

• ensure we copy the latest tags on each release (#​4157)

Contributors

• arthurus-rex
• Babak K. Shandiz
• Bob Callaway
• Carlos Tadeu Panato Junior
• Colleen Murphy
• Dmitry Savintsev
• Emmanuel Ferdman
• Hayden B
• Ville Skyttä

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[renovate-rancher]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 21 additional dependencies were updated

Details:

Package	Change
github.com/cyberphone/json-canonicalization	v0.0.0-20231011164504-785e29786b46 -> v0.0.0-20241213102144-19d51d7fe467
github.com/fsnotify/fsnotify	v1.8.0 -> v1.9.0
github.com/google/gnostic-models	v0.6.9-0.20230804172637-c7be7c783f49 -> v0.6.9
github.com/pelletier/go-toml/v2	v2.2.3 -> v2.2.4
github.com/sigstore/protobuf-specs	v0.4.1 -> v0.4.2
github.com/sigstore/sigstore-go	v0.7.1 -> v1.0.0
github.com/sigstore/timestamp-authority	v1.2.5 -> v1.2.8
github.com/theupdateframework/go-tuf/v2	v2.0.2 -> v2.1.1
gitlab.com/gitlab-org/api/client-go	v0.127.0 -> v0.129.0
golang.org/x/crypto	v0.37.0 -> v0.38.0
golang.org/x/exp	v0.0.0-20241108190413-2d47ceb2692f -> v0.0.0-20250408133849-7e4ce0ab07d0
golang.org/x/net	v0.38.0 -> v0.40.0
golang.org/x/term	v0.31.0 -> v0.32.0
golang.org/x/text	v0.24.0 -> v0.25.0
google.golang.org/genproto/googleapis/api	v0.0.0-20250303144028-a0af3efb3deb -> v0.0.0-20250519155744-55703ea1f237
k8s.io/api	v0.28.3 -> v0.33.1
k8s.io/apimachinery	v0.30.1 -> v0.33.1
k8s.io/client-go	v0.28.3 -> v0.33.1
k8s.io/kube-openapi	v0.0.0-20240228011516-70dd3763d340 -> v0.0.0-20250318190949-c8a335a9a2ff
sigs.k8s.io/json	v0.0.0-20221116044647-bc3834ca7abd -> v0.0.0-20241010143419-9aa6b5e7a4b3
sigs.k8s.io/structured-merge-diff/v4	v4.4.1 -> v4.6.0