build(deps): bump github.com/sylabs/sif/v2 from 2.10.0 to 2.11.0

[dependabot]

Bumps github.com/sylabs/sif/v2 from 2.10.0 to 2.11.0.

Release notes

Sourced from github.com/sylabs/sif/v2's releases.

v2.11.0

This release allows a user to get/set arbitrary metadata stored directly in an object descriptor. Previously, metadata could only be utilized for a limited set of data types (DataCryptoMessage, DataPartition, DataSignature, DataSBOM.)

Specifically, the following APIs have been added:

• func OptMetadata: set metadata when creating an object Descriptor with func NewDescriptorInput.
• func (Descriptor) GetMetadata: get metadata from a Descriptor.

What's Changed

• build(deps): bump github.com/sigstore/sigstore from 1.5.2 to 1.6.0 by @​dependabot in sylabs/sif#267
• feat: custom metadata support by @​tri-adam in sylabs/sif#268
• fix: set descriptor timestamp(s) in SetPrimPart by @​tri-adam in sylabs/sif#272

Full Changelog: sylabs/sif@v2.10.0...v2.11.0

Commits

• 868c239 Merge pull request #272 from tri-adam/set-prim-fix
• 3d0d786 fix: set descriptor timestamp(s) in SetPrimPart
• 5a9464b Merge pull request #268 from tri-adam/get-set-metadata
• 6e2497e refactor: use interface types for custom metadata
• 59a5446 feat: custom metadata support
• a29fb45 build(deps): bump github.com/sigstore/sigstore from 1.5.2 to 1.6.0 (#267)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov-commenter]

Codecov Report

Merging #173 (4ef4240) into main (52ded07) will not change coverage.
The diff coverage is n/a.

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@ Coverage Diff @@ ## main #173 +/- ## ======================================= Coverage 34.78% 34.78% ======================================= Files 13 13 Lines 2018 2018 ======================================= Hits 702 702 Misses 1239 1239 Partials 77 77 

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.