build(deps): bump oras.land/oras-go/v2 from 2.0.0-rc.3 to 2.0.0-rc.5

[dependabot]

Bumps oras.land/oras-go/v2 from 2.0.0-rc.3 to 2.0.0-rc.5.

Release notes

Sourced from oras.land/oras-go/v2's releases.

v2.0.0-rc.5

New Features

• BREAKING CHANGE: Add ReferrerFinder to Repository interface

Bug Fixes

• fix #349: Potential dead lock in oras.Copy

Other Changes

• Improve the performance of using referrers tag schema when pushing and deleting manifest concurrently
• Revise the documentation of registry.Reference

Detailed Commits

• feat!: add ReferrerFinder to Repository interface by @​shizhMSFT in oras-project/oras-go#357
• fix: fix potential deadlock in oras.Copy by @​Wwwsylvia in oras-project/oras-go#359
• doc: revise doc of registry.Reference by @​nima in oras-project/oras-go#358
• perf: improve the performance of using referrers tag schema by @​Wwwsylvia in oras-project/oras-go#360

Full Changelog: oras-project/oras-go@v2.0.0-rc.4...v2.0.0-rc.5

v2.0.0-rc.4

New Features

• BREAKING CHANGE: Migrate to OCI Artifact from ORAS Artifact
  • Upgrade to image-spec v1.0.0-rc.2
  • Support OCI Artifact Manifest
  • Support Referrers API and its fallback Referrers Tag Schema
  • Support indexing referrers when pushing and deleting manifests with the subject field
• Add package registry/remote/errcode to support checking the error code returned by the registry/remote package
• Add content.VerifyReader for verifying the read content against the descriptor

Bug Fixes

• fix #303: Scrutinize references for digests posing as tags

Other Changes

• BREAKING CHANGE: Change the signature of Repository.Referrers()
• BREAKING CHANGE: Merge oras.PackArtifact() into oras.Pack()
• Improve error message on platform mismatch
• Improve error message for Repository.FetchReference()
• Increase test coverage
• Check license header in Github workflow
• Other minor fixes

Detailed Commits

... (truncated)

Commits

• 621970f perf: improve the performance of using referrers tag schema (#360)
• 74eeb52 doc: revise doc of registry.Reference (#358)
• 9e5b141 fix: fix potential deadlock in oras.Copy (#359)
• 7ee86b9 feat!: add ReferrerFinder to Repository interface (#357)
• f701e60 refactor: refactor functions related to querying referrers (#353)
• 7ab862c feat: include error code in error response (#352)
• aed5c43 feat: index referrers on manifest delete (#350)
• 05fb30a feat: index referrers on manifest push (#348)
• 1969551 refactor!: merge oras.PackArtifact() into oras.Pack() (#343)
• 5416ed6 refactor: update implementation of Referrers API (#340)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #65.