Bump dev.sigstore:sigstore-java from 2.0.0 to 2.1.0

[dependabot]

Bumps dev.sigstore:sigstore-java from 2.0.0 to 2.1.0.

Release notes

Sourced from dev.sigstore:sigstore-java's releases.

v2.1.0

See CHANGELOG.md for more details.

What's Changed

• Update versions after 2.0.0 release by @​loosebazooka in sigstore/sigstore-java#1118
• chore(deps): update sigstore/community digest to c0c5605 by @​renovate[bot] in sigstore/sigstore-java#1119
• fix(deps): update gradleup_nmcp to v1.3.0 by @​renovate[bot] in sigstore/sigstore-java#1124
• fix(deps): update dependency com.google.errorprone:error_prone_core to v2.45.0 by @​renovate[bot] in sigstore/sigstore-java#1123
• fix(deps): update dependency com.code-intelligence:jazzer-api to v0.28.0 by @​renovate[bot] in sigstore/sigstore-java#1122
• fix(deps): update bouncycastle to v1.83 by @​renovate[bot] in sigstore/sigstore-java#1121
• chore(deps): update actions/checkout action to v4.3.1 by @​renovate[bot] in sigstore/sigstore-java#1120
• ref(deps): Migrate UpdaterTest from Jetty to MockWebServer by @​aaronlew02 in sigstore/sigstore-java#1125
• workflows: schedule a weekly tuf-conformance run by @​jku in sigstore/sigstore-java#1126
• fix(deps): update dependency org.eclipse.jetty:jetty-server to v12.1.5 by @​renovate[bot] in sigstore/sigstore-java#1128
• fix(deps): update maven to v3.9.12 - autoclosed by @​renovate[bot] in sigstore/sigstore-java#1129
• chore(deps): update actions/setup-go action to v5.6.0 by @​renovate[bot] in sigstore/sigstore-java#1130
• chore(deps): update actions/setup-java action to v4.8.0 by @​renovate[bot] in sigstore/sigstore-java#1131
• fix(deps): update dependency org.mockito:mockito-bom to v5.21.0 by @​renovate[bot] in sigstore/sigstore-java#1132
• fix(deps): update dependency com.code-intelligence:jazzer-api to v0.29.1 by @​renovate[bot] in sigstore/sigstore-java#1133
• chore(deps): update sigstore/community digest to bafa89c by @​renovate[bot] in sigstore/sigstore-java#1127
• chore(deps): update actions/checkout action to v6 by @​renovate[bot] in sigstore/sigstore-java#1137
• fix(deps): update immutables to v2.12.0 by @​renovate[bot] in sigstore/sigstore-java#1135
• fix(deps): update gradleup_nmcp to v1.4.0 by @​renovate[bot] in sigstore/sigstore-java#1134
• Use StandardCharsets by @​loosebazooka in sigstore/sigstore-java#1138
• fix(test): Update sample bundle version from 0.2 to 0.1 by @​aaronlew02 in sigstore/sigstore-java#1141
• fix(deps): update protobuf_grpc by @​renovate[bot] in sigstore/sigstore-java#1136
• chore(deps): update actions/setup-go action to v6 by @​renovate[bot] in sigstore/sigstore-java#1139
• chore(deps): update actions/setup-java action to v5 by @​renovate[bot] in sigstore/sigstore-java#1140
• chore(deps): update actions/upload-artifact action to v6 by @​renovate[bot] in sigstore/sigstore-java#1142
• chore(deps): update google-github-actions/auth action to v3 by @​renovate[bot] in sigstore/sigstore-java#1143
• use full key fingerprints by @​loosebazooka in sigstore/sigstore-java#1147
• chore(deps): update google-github-actions/get-secretmanager-secrets action to v3 by @​renovate[bot] in sigstore/sigstore-java#1144
• Update conformance.yml to 0.0.25 by @​loosebazooka in sigstore/sigstore-java#1149
• chore(deps): update actions/setup-go action to v6.2.0 by @​renovate[bot] in sigstore/sigstore-java#1155
• fix(deps): update protobuf_grpc to v4.33.4 by @​renovate[bot] in sigstore/sigstore-java#1154
• fix(deps): update immutables to v2.12.1 by @​renovate[bot] in sigstore/sigstore-java#1153
• chore(deps): update sigstore/community digest to a959c6f by @​renovate[bot] in sigstore/sigstore-java#1150
• chore(deps): update gradle/actions action to v5 by @​renovate[bot] in sigstore/sigstore-java#1158
• fix(deps): update dependency net.ltgt.errorprone:net.ltgt.errorprone.gradle.plugin to v4.4.0 by @​renovate[bot] in sigstore/sigstore-java#1157
• fix(deps): update dependency com.diffplug.spotless:com.diffplug.spotless.gradle.plugin to v8 by @​renovate[bot] in sigstore/sigstore-java#1159
• fix(deps): update dependency com.google.errorprone:error_prone_core to v2.46.0 by @​renovate[bot] in sigstore/sigstore-java#1156
• fix(deps): update dependency org.junit:junit-bom to v5.14.2 by @​renovate[bot] in sigstore/sigstore-java#1151
• add nonce parameter to OIDC flow by @​bobcallaway in sigstore/sigstore-java#1148
• fix(deps): update dependency com.squareup.okhttp3:mockwebserver to v5 by @​renovate[bot] in sigstore/sigstore-java#1163
• fix(deps): update dependency com.github.vlsi.gradle-extensions:com.github.vlsi.gradle-extensions.gradle.plugin to v3 by @​renovate[bot] in sigstore/sigstore-java#1160
• fix(deps): update dependency com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin to v2 by @​renovate[bot] in sigstore/sigstore-java#1162
• fix(deps): update dependency com.google.http-client:google-http-client-bom to v2 by @​renovate[bot] in sigstore/sigstore-java#1161
• Add test for rekor v2 in prod by @​loosebazooka in sigstore/sigstore-java#1165
• Add prod attestation test by @​aaronlew02 in sigstore/sigstore-java#1167
• chore(deps): update plugin org.gradlex.build-parameters to v1.4.5 by @​renovate[bot] in sigstore/sigstore-java#1172

... (truncated)

Changelog

Sourced from dev.sigstore:sigstore-java's changelog.

[2.1.0] - 2026-05-21

Added

• Add HTTP Fulcio client: sigstore/sigstore-java#1176

Fixed

• Re-add and enhance SET verification in KeylessVerifier: sigstore/sigstore-java#1185

Commits

• 97d295e Merge pull request #1190 from sigstore/fix-nmcp-dependency
• 27bb927 add repositories for nmcp plugin to use
• b529335 Merge pull request #1185 from sigstore/set-verification
• 49c27f1 Add KeylessVerifier test for expired certificates
• 87e2876 Re-add and enhance SET verification in KeylessVerifier
• f6934e5 Merge pull request #1186 from sigstore/update-conformance
• 164ec97 Prioritize email over subject for SAN from OIDC token string
• 224cbcb Update conformance to latest
• 6d736e2 Merge pull request #1183 from sigstore/uri-resolve-replace
• c2d39da Replace URI.resolve with URIFormat.appendPath
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)