build(deps): bump github.com/sigstore/sigstore from 1.9.5 to 1.10.4

[dependabot]

Bumps github.com/sigstore/sigstore from 1.9.5 to 1.10.4.

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.10.4

What's Changed

• Escape target name - GHSA-fcv2-xgw5-pqxf in sigstore/sigstore#2265

Full Changelog: sigstore/sigstore@v1.10.3...v1.10.4

v1.10.3

What's Changed

v1.10.3 adds ValidatePubKey back to the cryptoutils package to avoid a breaking API change.

• Add back ValidatePubKey as a deprecated, minimal function in sigstore/sigstore#2235

Full Changelog: sigstore/sigstore@v1.10.2...v1.10.3

v1.10.2

Functionally equivalent to v1.10.0. v1.10.1 has been retracted to remove copied code.

v1.10.0

Breaking change

sigstore/sigstore#2194 moves cryptoutils.ValidatePubKey to goodkey.ValidatePubKey to minimize the dependency tree for clients using the cryptoutils package.

Features

• feat(hashivault): token helper in sigstore/sigstore#2174
• set GoogleAPIClientOption on GCP KMS provider in sigstore/sigstore#2128

Refactoring

• cryptoutils: move goodkey validation to separate package in sigstore/sigstore#2194
• Stop depending on golang.org/x/crypto for sha3 in sigstore/sigstore#2209
• remove duplicative dependency for portable browser opener in sigstore/sigstore#2178
• consolidate deep Equal usage to one library in sigstore/sigstore#2177
• Drop redundant aws-sdk-go dependency in the e2e kms tests in sigstore/sigstore#2172

v1.10.0

Breaking change

sigstore/sigstore#2194 moves cryptoutils.ValidatePubKey to goodkey.ValidatePubKey to minimize the dependency tree for clients using the cryptoutils package.

Features

• feat(hashivault): token helper in sigstore/sigstore#2174
• set GoogleAPIClientOption on GCP KMS provider in sigstore/sigstore#2128

Refactoring

... (truncated)

Commits

• 8ec410a Escape target name - GHSA-fcv2-xgw5-pqxf (#2265)
• deef0ee build(deps): Bump golang.org/x/crypto in /test/cliplugin/localkms (#2256)
• 641406c build(deps): Bump the gomod group across 2 directories with 4 updates (#2255)
• 1bfd00e build(deps): Bump the tools group across 1 directory with 2 updates (#2254)
• 714ac99 build(deps): Bump hashicorp/vault in /test/e2e in the all group (#2253)
• 626b82b build(deps): Bump localstack/localstack in /test/e2e in the all group (#2241)
• 72f0ed7 build(deps): Bump github.com/aws/aws-sdk-go-v2/config (#2230)
• b257168 build(deps): Bump github.com/aws/aws-sdk-go-v2 in /pkg/signature/kms/aws (#2226)
• 84f57b8 build(deps): Bump github.com/sigstore/sigstore (#2221)
• bdc1a86 build(deps): Bump actions/checkout from 5.0.1 to 6.0.0 (#2220)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign bparees for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@dependabot[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/bundle-e2e-4-20	48dd5f3	link	true	/test bundle-e2e-4-20
ci/prow/bundle-e2e-4-22	48dd5f3	link	true	/test bundle-e2e-4-22

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[raptorsun]

/close

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

[openshift-ci]

@raptorsun: Closed this PR.

Details

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.