🌱 Bump github.com/sigstore/sigstore from 1.9.6-0.20250729224751-181c5d3339b3 to 1.10.4

[dependabot]

Bumps github.com/sigstore/sigstore from 1.9.6-0.20250729224751-181c5d3339b3 to 1.10.4.

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.10.4

What's Changed

• Escape target name - GHSA-fcv2-xgw5-pqxf in sigstore/sigstore#2265

Full Changelog: sigstore/sigstore@v1.10.3...v1.10.4

v1.10.3

What's Changed

v1.10.3 adds ValidatePubKey back to the cryptoutils package to avoid a breaking API change.

• Add back ValidatePubKey as a deprecated, minimal function in sigstore/sigstore#2235

Full Changelog: sigstore/sigstore@v1.10.2...v1.10.3

v1.10.2

Functionally equivalent to v1.10.0. v1.10.1 has been retracted to remove copied code.

v1.10.0

Breaking change

sigstore/sigstore#2194 moves cryptoutils.ValidatePubKey to goodkey.ValidatePubKey to minimize the dependency tree for clients using the cryptoutils package.

Features

• feat(hashivault): token helper in sigstore/sigstore#2174
• set GoogleAPIClientOption on GCP KMS provider in sigstore/sigstore#2128

Refactoring

• cryptoutils: move goodkey validation to separate package in sigstore/sigstore#2194
• Stop depending on golang.org/x/crypto for sha3 in sigstore/sigstore#2209
• remove duplicative dependency for portable browser opener in sigstore/sigstore#2178
• consolidate deep Equal usage to one library in sigstore/sigstore#2177
• Drop redundant aws-sdk-go dependency in the e2e kms tests in sigstore/sigstore#2172

v1.10.0

Breaking change

sigstore/sigstore#2194 moves cryptoutils.ValidatePubKey to goodkey.ValidatePubKey to minimize the dependency tree for clients using the cryptoutils package.

Features

• feat(hashivault): token helper in sigstore/sigstore#2174
• set GoogleAPIClientOption on GCP KMS provider in sigstore/sigstore#2128

Refactoring

... (truncated)

Commits

• See full diff in compare view

[justaugustus]

@dependabot rebase