chore(deps): bump github.com/sigstore/timestamp-authority/v2 from 2.0.4 to 2.0.6 (#898)

Bumps
[github.com/sigstore/timestamp-authority/v2](https://github.com/sigstore/timestamp-authority)
from 2.0.4 to 2.0.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/timestamp-authority/releases">github.com/sigstore/timestamp-authority/v2's
releases</a>.</em></p>
<blockquote>
<h2>v2.0.6</h2>
<h2>What's Changed</h2>
<ul>
<li>Ensure correct certificate is used for TSA auth checks
(GHSA-xm5m-wgh2-rrg3) by <a
href="https://github.com/jku"><code>@​jku</code></a> in <a
href="https://redirect.github.com/sigstore/timestamp-authority/pull/1333">sigstore/timestamp-authority#1333</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/timestamp-authority/compare/v2.0.5...v2.0.6">https://github.com/sigstore/timestamp-authority/compare/v2.0.5...v2.0.6</a></p>
<h2>v2.0.5</h2>
<h2>What's Changed</h2>
<p>This release updates the chi middleware to resolve a panic.</p>
<ul>
<li>Update the semantics of the NTP monitoring so its clear in the
README in <a
href="https://redirect.github.com/sigstore/timestamp-authority/pull/1276">sigstore/timestamp-authority#1276</a></li>
<li>docs: note that CRL/OCSP checks are not performed in <a
href="https://redirect.github.com/sigstore/timestamp-authority/pull/1277">sigstore/timestamp-authority#1277</a></li>
<li>Increase default HTTP idle timeout in <a
href="https://redirect.github.com/sigstore/timestamp-authority/pull/1287">sigstore/timestamp-authority#1287</a></li>
<li>Upgrade chi middleware v4 -&gt; v5 in <a
href="https://redirect.github.com/sigstore/timestamp-authority/pull/1307">sigstore/timestamp-authority#1307</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/sigstore/timestamp-authority/compare/v2.0.4...v2.0.5">https://github.com/sigstore/timestamp-authority/compare/v2.0.4...v2.0.5</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/timestamp-authority/blob/main/CHANGELOG.md">github.com/sigstore/timestamp-authority/v2's
changelog</a>.</em></p>
<blockquote>
<h1>v2.0.5</h1>
<p>This release updates the chi middleware to resolve a panic.</p>
<h2>Bug Fixes</h2>
<ul>
<li>Upgrade chi middleware v4 -&gt; v5 (<a
href="https://redirect.github.com/sigstore/timestamp-authority/issues/1307">#1307</a>)</li>
</ul>
<h2>Docs</h2>
<ul>
<li>Update the semantics of the NTP monitoring so its clear in the
README (<a
href="https://redirect.github.com/sigstore/timestamp-authority/issues/1276">#1276</a>)</li>
<li>docs: note that CRL/OCSP checks are not performed (<a
href="https://redirect.github.com/sigstore/timestamp-authority/issues/1277">#1277</a>)</li>
</ul>
<h2>Misc</h2>
<ul>
<li>Increase default HTTP idle timeout (<a
href="https://redirect.github.com/sigstore/timestamp-authority/issues/1287">#1287</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sigstore/timestamp-authority/commit/9583b6186084a309cb6ccaf4323a29781901e962"><code>9583b61</code></a>
Ensure correct certificate is used for TSA auth checks
(GHSA-xm5m-wgh2-rrg3) ...</li>
<li><a
href="https://github.com/sigstore/timestamp-authority/commit/7aab8b4373e4ffdc6c7a1efa28856adf9f2efd40"><code>7aab8b4</code></a>
chore(deps): bump golang.org/x/net from 0.51.0 to 0.52.0 (<a
href="https://redirect.github.com/sigstore/timestamp-authority/issues/1322">#1322</a>)</li>
<li><a
href="https://github.com/sigstore/timestamp-authority/commit/48c7b2c9ed18208534c857533b7753d04fefd370"><code>48c7b2c</code></a>
chore(deps): bump codecov/codecov-action from 5.5.3 to 6.0.0 (<a
href="https://redirect.github.com/sigstore/timestamp-authority/issues/1327">#1327</a>)</li>
<li><a
href="https://github.com/sigstore/timestamp-authority/commit/49ca4e4f265d5a65bfc9d49615e1553359e1e181"><code>49ca4e4</code></a>
chore(deps): bump the gomod group with 2 updates (<a
href="https://redirect.github.com/sigstore/timestamp-authority/issues/1326">#1326</a>)</li>
<li><a
href="https://github.com/sigstore/timestamp-authority/commit/5812ba002dafc8b5d10b19bc4e1da54d21aa159c"><code>5812ba0</code></a>
chore(deps): bump go.step.sm/crypto from 0.76.2 to 0.77.2 (<a
href="https://redirect.github.com/sigstore/timestamp-authority/issues/1328">#1328</a>)</li>
<li><a
href="https://github.com/sigstore/timestamp-authority/commit/6a334a895dc81be7b8c889e85c329cf85870ff10"><code>6a334a8</code></a>
chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 (<a
href="https://redirect.github.com/sigstore/timestamp-authority/issues/1329">#1329</a>)</li>
<li><a
href="https://github.com/sigstore/timestamp-authority/commit/d799204b84ac6ca1fcd98b35e6bf457a2944d55c"><code>d799204</code></a>
chore(deps): bump actions/upload-artifact in the actions group (<a
href="https://redirect.github.com/sigstore/timestamp-authority/issues/1332">#1332</a>)</li>
<li><a
href="https://github.com/sigstore/timestamp-authority/commit/b9ce1025213a9101052aeaa5c2310c6ff8351173"><code>b9ce102</code></a>
chore(deps): bump golang from 1.26.0 to 1.26.2 in the docker group (<a
href="https://redirect.github.com/sigstore/timestamp-authority/issues/1331">#1331</a>)</li>
<li><a
href="https://github.com/sigstore/timestamp-authority/commit/54bc0c1a0eaf516e088bf5fd90deee6fc88f3f60"><code>54bc0c1</code></a>
chore(deps): bump the gomod group across 1 directory with 6 updates (<a
href="https://redirect.github.com/sigstore/timestamp-authority/issues/1324">#1324</a>)</li>
<li><a
href="https://github.com/sigstore/timestamp-authority/commit/ffb897a2e26b43963429537a019972db30d1f066"><code>ffb897a</code></a>
chore(deps): bump the actions group across 1 directory with 4 updates
(<a
href="https://redirect.github.com/sigstore/timestamp-authority/issues/1325">#1325</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/sigstore/timestamp-authority/compare/v2.0.4...v2.0.6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/sigstore/timestamp-authority/v2&package-manager=go_modules&previous-version=2.0.4&new-version=2.0.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/open-component-model/ocm-controller/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: dependabot[bot]

go.mod

@@ -128,8 +128,7 @@ require (
 	github.com/chainguard-dev/git-urls v1.0.2 // indirect
 	github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect
 	github.com/clbanning/mxj/v2 v2.7.0 // indirect
-	github.com/clipperhouse/stringish v0.1.1 // indirect
-	github.com/clipperhouse/uax29/v2 v2.3.0 // indirect
+	github.com/clipperhouse/uax29/v2 v2.6.0 // indirect
 	github.com/cloudflare/cfssl v1.6.5 // indirect
 	github.com/cloudflare/circl v1.6.3 // indirect
 	github.com/cockroachdb/apd/v3 v3.2.1 // indirect
@@ -235,8 +234,8 @@ require (
 	github.com/google/go-querystring v1.2.0 // indirect
 	github.com/google/s2a-go v0.1.9 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.3.12 // indirect
-	github.com/googleapis/gax-go/v2 v2.17.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.14 // indirect
+	github.com/googleapis/gax-go/v2 v2.19.0 // indirect
 	github.com/gorilla/handlers v1.5.2 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
@@ -263,7 +262,7 @@ require (
 	github.com/klauspost/compress v1.18.5 // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/klauspost/pgzip v1.2.6 // indirect
-	github.com/letsencrypt/boulder v0.20251110.0 // indirect
+	github.com/letsencrypt/boulder v0.20260223.0 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
 	github.com/magiconair/properties v1.8.10 // indirect
 	github.com/mandelsoft/filepath v0.0.0-20240223090642-3e2777258aa3 // indirect
@@ -327,9 +326,9 @@ require (
 	github.com/sigstore/protobuf-specs v0.5.0 // indirect
 	github.com/sigstore/rekor v1.5.1 // indirect
 	github.com/sigstore/rekor-tiles/v2 v2.2.0 // indirect
-	github.com/sigstore/sigstore v1.10.4 // indirect
+	github.com/sigstore/sigstore v1.10.5 // indirect
 	github.com/sigstore/sigstore-go v1.1.4 // indirect
-	github.com/sigstore/timestamp-authority/v2 v2.0.4 // indirect
+	github.com/sigstore/timestamp-authority/v2 v2.0.6 // indirect
 	github.com/sirupsen/logrus v1.9.4 // indirect
 	github.com/skeema/knownhosts v1.3.2 // indirect
 	github.com/spf13/afero v1.15.0 // indirect
@@ -393,17 +392,17 @@ require (
 	go.uber.org/zap v1.27.1 // indirect
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
-	golang.org/x/crypto v0.49.0 // indirect
+	golang.org/x/crypto v0.50.0 // indirect
 	golang.org/x/mod v0.35.0 // indirect
-	golang.org/x/net v0.52.0 // indirect
+	golang.org/x/net v0.53.0 // indirect
 	golang.org/x/oauth2 v0.36.0 // indirect
 	golang.org/x/sync v0.20.0 // indirect
 	golang.org/x/sys v0.43.0 // indirect
-	golang.org/x/term v0.41.0 // indirect
-	golang.org/x/text v0.35.0 // indirect
+	golang.org/x/term v0.42.0 // indirect
+	golang.org/x/text v0.36.0 // indirect
 	golang.org/x/time v0.15.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
-	google.golang.org/api v0.269.0 // indirect
+	google.golang.org/api v0.272.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 // indirect
 	google.golang.org/grpc v1.80.0 // indirect
@@ -424,6 +423,6 @@ require (
 	sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect
 	sigs.k8s.io/kustomize/kyaml v0.21.1 // indirect
 	sigs.k8s.io/randfill v1.0.0 // indirect
-	sigs.k8s.io/release-utils v0.12.3 // indirect
+	sigs.k8s.io/release-utils v0.12.4 // indirect
 	sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482 // indirect
 )