Bump oras-project/setup-oras from 1 to 2

[dependabot]

Bumps oras-project/setup-oras from 1 to 2.

Release notes

Sourced from oras-project/setup-oras's releases.

v2.0.0

Highlights

• Support ORAS CLI v1.3.1
• Migrate action runtime from node20 to node24 (#153)
• Pin undici to >=6.24.1 to address 5 CVEs: GHSA-f269-vfmq-vjvj, GHSA-2mjp-6q6p-2qxm, GHSA-vrm6-8vpv-qv8q, GHSA-v9p9-hfj2-hcw8, GHSA-4992-7rv2-5pvq
• Bump @actions/core from ^2.x to ^3.0.0 (ESM-only)
• Bump @actions/tool-cache from ^3.x to ^4.0.0 (ESM-only)
• Replace @vercel/ncc with esbuild as the build bundler

What's Changed

• Add version 1.3.1 with checksums (#150)
• feat: migrate action runtime from node20 to node24 (#153)
• fix: pin undici to >=6.24.1 to address CVEs (#157)
• chore(deps): bump @​actions/core to 3.x and @​actions/tool-cache to 4.x (#159)
• chore(deps): Bump @​actions/core from 1.11.1 to 2.0.1 (#130)
• chore(deps): Bump typescript from 5.9.2 to 6.0.2 (#151)
• chore(deps): Bump actions/checkout from 5 to 6 (#128)
• chore(deps): Bump actions/setup-node from 5 to 6 (#123)
• chore(deps): Bump @​types/node from 24.12.0 to 25.5.2 (multiple PRs)

Full Changelog: oras-project/setup-oras@v1.2.4...v2.0.0

v1.2.4

Highlights

• Support oras v1.3.0

Other Changes

• Update dependencies

What's Changed

• chore(deps): Bump @​types/node from 22.15.2 to 22.15.17 by @​dependabot[bot] in oras-project/setup-oras#97
• chore(deps): Bump @​types/node from 22.15.17 to 22.15.19 by @​dependabot[bot] in oras-project/setup-oras#98
• chore(deps): Bump @​types/node from 22.15.19 to 22.15.21 by @​dependabot[bot] in oras-project/setup-oras#99
• chore(deps): Bump @​types/node from 22.15.21 to 22.15.29 by @​dependabot[bot] in oras-project/setup-oras#100
• chore(deps): Bump @​types/node from 22.15.29 to 22.15.30 by @​dependabot[bot] in oras-project/setup-oras#101
• chore(deps): Bump @​types/node from 22.15.30 to 24.0.1 by @​dependabot[bot] in oras-project/setup-oras#102
• chore(deps): Bump @​types/node from 24.0.1 to 24.0.3 by @​dependabot[bot] in oras-project/setup-oras#103
• chore(deps): Bump @​types/node from 24.0.3 to 24.0.7 by @​dependabot[bot] in oras-project/setup-oras#104
• chore(deps): Bump @​types/node from 24.0.7 to 24.0.13 by @​dependabot[bot] in oras-project/setup-oras#106
• chore(deps): Bump @​types/node from 24.0.13 to 24.0.15 by @​dependabot[bot] in oras-project/setup-oras#107
• chore(deps): Bump @​types/node from 24.0.15 to 24.1.0 by @​dependabot[bot] in oras-project/setup-oras#108
• chore(deps): Bump typescript from 5.8.3 to 5.9.2 by @​dependabot[bot] in oras-project/setup-oras#109
• chore(deps): Bump @​types/node from 24.1.0 to 24.2.1 by @​dependabot[bot] in oras-project/setup-oras#110
• chore(deps): Bump @​types/node from 24.2.1 to 24.3.0 by @​dependabot[bot] in oras-project/setup-oras#111
• chore(deps): Bump actions/checkout from 4 to 5 by @​dependabot[bot] in oras-project/setup-oras#112
• chore(deps): Bump @​types/node from 24.3.0 to 24.3.1 by @​dependabot[bot] in oras-project/setup-oras#113
• chore(deps): Bump actions/setup-node from 4 to 5 by @​dependabot[bot] in oras-project/setup-oras#114
• bump: add oras v1.3.0 to setup-oras by @​wangxiaoxuan273 in oras-project/setup-oras#115

... (truncated)

Commits

• 38de303 chore: release v2.0.0 (#160)
• bbd8d79 chore(deps): bump @​actions/core to 3.x and @​actions/tool-cache to 4.x (#159)
• 44d83f3 chore(deps): Bump @​types/node from 24.12.0 to 25.5.2 (#158)
• dd86831 fix: pin undici to >=6.24.1 to address CVEs (#157)
• be45691 feat: migrate action runtime from node20 to node24 (#153)
• f0fe559 Add version 1.3.1 with checksums from … (#150)
• 0db6c65 chore(deps): Bump @​types/node from 25.0.3 to 25.5.0 (#149)
• 8a0db1e chore(deps): Bump typescript from 5.9.3 to 6.0.2 (#151)
• bd8ffed chore: add TerryHowe to owners and code owners (#152)
• c33dd38 chore(deps): Bump @​types/node from 25.0.2 to 25.0.3 (#131)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)