build(deps): bump oras.land/oras-go/v2 from 2.2.0 to 2.2.1 (#332)

Bumps [oras.land/oras-go/v2](https://github.com/oras-project/oras-go)
from 2.2.0 to 2.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/oras-project/oras-go/releases">oras.land/oras-go/v2's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.1</h2>
<h2>Bug Fixes</h2>
<ul>
<li>Fix the bug where the &quot;blobs&quot; directory was not being
ensured during the initialization of <a
href="https://pkg.go.dev/oras.land/oras-go/v2@v2.2.0/content/oci#Store"><code>oci.Store</code></a>
(<a
href="https://redirect.github.com/oras-project/oras-go/issues/520">#520</a>)</li>
</ul>
<h2>Other Changes</h2>
<ul>
<li>Improve error messages</li>
<li>Upgrade <code>image-spec</code> to <a
href="https://github.com/opencontainers/image-spec/releases/tag/v1.1.0-rc4"><code>v1.1.0-rc4</code></a>
to mitigate the missing annotation keys issue</li>
</ul>
<blockquote>
<p><strong>Note</strong>: <code>oras-go</code> remains on
<code>distribution-spec</code> <a
href="https://github.com/opencontainers/distribution-spec/releases/tag/v1.1.0-rc1">v1.1.0-rc1</a>
and has not implemented <a
href="https://github.com/opencontainers/distribution-spec/releases/tag/v1.1.0-rc2">v1.1.0-rc2</a>
yet.</p>
</blockquote>
<h2>Detailed Commits</h2>
<ul>
<li>build(deps): bump golang.org/x/sync from 0.2.0 to 0.3.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/oras-project/oras-go/pull/524">oras-project/oras-go#524</a></li>
<li>fix(oci): create blobs dir and define blobs dir name constant by <a
href="https://github.com/sparr"><code>@​sparr</code></a> in <a
href="https://redirect.github.com/oras-project/oras-go/pull/520">oras-project/oras-go#520</a></li>
<li>fix: improve errors for <code>ReadAll</code> and
<code>loadIndexfile</code> by <a
href="https://github.com/sparr"><code>@​sparr</code></a> in <a
href="https://redirect.github.com/oras-project/oras-go/pull/526">oras-project/oras-go#526</a></li>
<li>refactor: upgrade go mod to <code>image-spec v1.1.0-rc4</code> and
fix the missing types by <a
href="https://github.com/Wwwsylvia"><code>@​Wwwsylvia</code></a> in <a
href="https://redirect.github.com/oras-project/oras-go/pull/536">oras-project/oras-go#536</a></li>
<li>chore: enable workflows for release branches by <a
href="https://github.com/Wwwsylvia"><code>@​Wwwsylvia</code></a> in <a
href="https://redirect.github.com/oras-project/oras-go/pull/537">oras-project/oras-go#537</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/sparr"><code>@​sparr</code></a> made
their first contribution in <a
href="https://redirect.github.com/oras-project/oras-go/pull/520">oras-project/oras-go#520</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/oras-project/oras-go/compare/v2.2.0...v2.2.1">https://github.com/oras-project/oras-go/compare/v2.2.0...v2.2.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/oras-project/oras-go/commit/a1527322f433953b7ed68b954312d1eb92aeea9f"><code>a152732</code></a>
chore: enable workflows for release branches (<a
href="https://redirect.github.com/oras-project/oras-go/issues/537">#537</a>)</li>
<li><a
href="https://github.com/oras-project/oras-go/commit/cd01930ccd9b99b4706a8584c52b24eb01014e51"><code>cd01930</code></a>
refactor: upgrade go mod to <code>image-spec v1.1.0-rc4</code> and fix
the missing types...</li>
<li><a
href="https://github.com/oras-project/oras-go/commit/f3d7906854cbf2a17f60f4d5454536bff5332004"><code>f3d7906</code></a>
fix: improve errors for <code>ReadAll</code> and
<code>loadIndexfile</code> (<a
href="https://redirect.github.com/oras-project/oras-go/issues/526">#526</a>)</li>
<li><a
href="https://github.com/oras-project/oras-go/commit/94805254ef1eb24b7e7cea46eec5841f0924d4d0"><code>9480525</code></a>
fix(oci): create blobs dir and define blobs dir name constant (<a
href="https://redirect.github.com/oras-project/oras-go/issues/520">#520</a>)</li>
<li><a
href="https://github.com/oras-project/oras-go/commit/f1c44e178f47ce1d0fab90991bae0d53a4bda7e1"><code>f1c44e1</code></a>
build(deps): bump golang.org/x/sync from 0.2.0 to 0.3.0 (<a
href="https://redirect.github.com/oras-project/oras-go/issues/524">#524</a>)</li>
<li>See full diff in <a
href="https://github.com/oras-project/oras-go/compare/v2.2.0...v2.2.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=oras.land/oras-go/v2&package-manager=go_modules&previous-version=2.2.0&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: dependabot[bot]

go.mod

@@ -6,11 +6,11 @@ require (
 	github.com/go-ldap/ldap/v3 v3.4.5
 	github.com/notaryproject/notation-core-go v1.0.0-rc.4
 	github.com/opencontainers/go-digest v1.0.0
-	github.com/opencontainers/image-spec v1.1.0-rc.3
+	github.com/opencontainers/image-spec v1.1.0-rc4
 	github.com/veraison/go-cose v1.1.0
 	golang.org/x/crypto v0.10.0
 	golang.org/x/mod v0.11.0
-	oras.land/oras-go/v2 v2.2.0
+	oras.land/oras-go/v2 v2.2.1
 )
 
 require (
@@ -19,5 +19,5 @@ require (
 	github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	golang.org/x/sync v0.2.0 // indirect
+	golang.org/x/sync v0.3.0 // indirect
 )

go.sum

@@ -17,8 +17,8 @@ github.com/notaryproject/notation-core-go v1.0.0-rc.4 h1:gzo4JzKRMLGoOeOhPXxoudj
 github.com/notaryproject/notation-core-go v1.0.0-rc.4/go.mod h1:PEHrnhW0mEIVpyYdXqAJoJAaUgfz757tqxB3LG4qcag=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.1.0-rc.3 h1:GT9Xon8YrLxz6N7sErbN81V8J4lOQKGUZQmI3ioviqU=
-github.com/opencontainers/image-spec v1.1.0-rc.3/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
+github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0=
+github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@@ -48,8 +48,8 @@ golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI=
-golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
+golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -75,5 +75,5 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-oras.land/oras-go/v2 v2.2.0 h1:E1fqITD56Eg5neZbxBtAdZVgDHD6wBabJo6xESTcQyo=
-oras.land/oras-go/v2 v2.2.0/go.mod h1:pXjn0+KfarspMHHNR3A56j3tgvr+mxArHuI8qVn59v8=
+oras.land/oras-go/v2 v2.2.1 h1:3VJTYqy5KfelEF9c2jo1MLSpr+TM3mX8K42wzZcd6qE=
+oras.land/oras-go/v2 v2.2.1/go.mod h1:GeAwLuC4G/JpNwkd+bSZ6SkDMGaaYglt6YK2WvZP7uQ=