CGA-vg49-jvvg-68qx

Upgrading timestamp-authority to remediate this vulnerability requires moving from major version v1 to v2. Because timestamp-authority is a transitive dependency of github.com/sigstore/cosign, the issue is addressed in cosign version v3.0.3, which updates this dependency. However, upgrading to github.com/sigstore/cosign v3.0.3 currently results in build failures.