Bump the gomod group across 1 directory with 3 updates

[dependabot[bot]]

Bumps the gomod group with 1 update in the / directory: github.com/sigstore/sigstore.

Updates github.com/sigstore/sigstore from 1.8.7 to 1.8.10

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.8.10

What's Changed

• fix(kms): fix CreateKey may panic when using GCP KMS by @​mozillazg in sigstore/sigstore#1829
• update to go1.22.7 and ci job by @​cpanato in sigstore/sigstore#1847
• Mark TUF client as deprecated by @​haydentherapper in sigstore/sigstore#1858
• bump to go 1.22.8 by @​cpanato in sigstore/sigstore#1865

and several dependencies updates

New Contributors

• @​mozillazg made their first contribution in sigstore/sigstore#1829

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.9...v1.8.10

v1.8.9

What's Changed

• fuzzing: improve coverage by @​AdamKorcz in sigstore/sigstore#1809
• Deserialize ed25519 keys from hashivault correctly by @​stevenjohnstone in sigstore/sigstore#1811
• oauthflow: Add SubjectFromUnverifiedToken by @​adityasaky in sigstore/sigstore#1826

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.8...v1.8.9

v1.8.8

What's Changed

• Fixes issue in Device access token request by @​rishabhsvats in sigstore/sigstore#1752
• Support email_verified as a String by @​sabre1041 in sigstore/sigstore#1794
• Dependency updates

Full Changelog: https://github.com/sigstore/sigstore/compare/v1.8.7...v1.8.8

Commits

• 305ff9e bump to go 1.22.8 (#1865)
• d88a949 build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#1860)
• cfde863 build(deps): Bump the gomod group across 1 directory with 3 updates (#1859)
• e928a84 build(deps): Bump github.com/Azure/azure-sdk-for-go/sdk/azcore (#1861)
• 66f05db build(deps): Bump google.golang.org/api in /pkg/signature/kms/gcp (#1862)
• f0978ed build(deps): Bump the all group with 2 updates (#1863)
• 9398b12 build(deps): Bump the all group in /test/e2e with 2 updates (#1864)
• bd8ee68 Mark TUF client as deprecated (#1858)
• c59dfa0 build(deps): Bump golang.org/x/crypto from 0.25.0 to 0.28.0 (#1852)
• bde3e53 build(deps): Bump golang.org/x/term from 0.22.0 to 0.25.0 (#1851)
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.25.0 to 0.28.0

Commits

• adef4cc go.mod: update golang.org/x dependencies
• a0819fb sha3: fix cSHAKE initialization for extremely large N and or S
• 42ee18b ssh: return ServerAuthError after too many auth failures
• 9e92970 bn256: add missing symbols in comment
• c9da6b9 all: fix printf(var) mistakes detected by latest printf checker
• b35ab4f go.mod: update golang.org/x dependencies
• bcb0f91 internal/poly1305: Port sum_amd64.s to Avo
• 7eace71 chacha20poly1305: Avo port of chacha20poly1305_amd64.s
• 620dfbc salsa20/salsa: Port salsa20_amd64.s to Avo
• 82942cf blake2b: port blake2b_amd64.s to Avo
• Additional commits viewable in compare view

Updates golang.org/x/oauth2 from 0.21.0 to 0.23.0

Commits

• 3e64809 x/oauth2: add Token.ExpiresIn
• 16a9973 jwt: rename example to avoid vet error
• b52af7d endpoints: add GitLab DeviceAuthURL
• 6d8340f LICENSE: update per Google Legal
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[dependabot[bot]]

Looks like these dependencies are updatable in another way, so this is no longer needed.