Update module github.com/sigstore/rekor to v1.3.9

[red-hat-konflux]

This PR contains the following updates:

Package	Type	Update	Change
github.com/sigstore/rekor	require	patch	v1.3.6 -> v1.3.9

---

Release Notes

sigstore/rekor (github.com/sigstore/rekor)

v1.3.9

Compare Source

Features

• Cache checkpoint for inactive shards (#​2332)
• Support per-shard signing keys (#​2330)

Contributors

• Hayden B

v1.3.8

Compare Source

Bug Fixes

• fix zizmor issues (#​2298)
• remove unneeded value in log message (#​2282)

Quality Enhancements

• chore: relax go directive to permit 1.22.x
• fetch minisign from homebrew instead of custom ppa (#​2329)
• fix(ci): simplify GOVERSION extraction
• chore(deps): bump actions pins to latest
• Updates go and golangci-lint (#​2302)
• update builder to use go1.23.4 (#​2301)
• clean up spaces
• log request body on 500 error to aid debugging (#​2283)

Contributors

• Appu Goundan
• Bob Callaway
• Carlos Tadeu Panato Junior
• Dominic Evans
• sgpinkus

v1.3.7

Compare Source

New Features

• log request body on 500 error to aid debugging (#​2283)
• Add support for signing with Tink keyset (#​2228)
• Add public key hash check in Signed Note verification (#​2214)
• update Trillian TLS configuration (#​2202)
• Add TLS support for Trillian server (#​2164)
• Replace docker-compose with plugin if available (#​2153)
• Add flags to backfill script (#​2146)
• Unset DisableKeepalive for backfill HTTP client (#​2137)
• Add script to delete indexes from Redis (#​2120)
• Run CREATE statement in backfill script (#​2109)
• Add MySQL support to backfill script (#​2081)
• Run e2e tests on mysql and redis index backends (#​2079)

Bug Fixes

• remove unneeded value in log message (#​2282)
• Add error message when computing consistency proof (#​2278)
• fix validation error handling on API (#​2217)
• fix error in pretty-printed inclusion proof from verify subcommand (#​2210)
• Fix index scripts (#​2203)
• fix failing sharding test
• Better error handling in backfill script (#​2148)
• Batch entries in cleanup script (#​2158)
• Add missing workflow for index cleanup test (#​2121)
• hashedrekord: fix schema $id (#​2092)

Contributors

• Aditya Sirish
• Bob Callaway
• Colleen Murphy
• cpanato
• Firas Ghanmi
• Hayden B
• Hojoung (Brian) Jang
• William Woodruff

---

Configuration

📅 Schedule: Branch creation - "after 5am on sunday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

This PR has been generated by MintMaker (powered by Renovate Bot).

[red-hat-konflux]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 43 additional dependencies were updated

Details:

Package	Change
github.com/coreos/go-oidc/v3	v3.11.0 -> v3.12.0
github.com/secure-systems-lab/go-securesystemslib	v0.8.0 -> v0.9.0
github.com/sigstore/protobuf-specs	v0.3.2 -> v0.3.3
github.com/sigstore/sigstore	v1.8.10 -> v1.8.12
golang.org/x/crypto	v0.28.0 -> v0.32.0
golang.org/x/oauth2	v0.23.0 -> v0.25.0
golang.org/x/xerrors	v0.0.0-20231012003039-104605ab7028 -> v0.0.0-20240716161551-93cc26a95ae9
google.golang.org/protobuf	v1.35.1 -> v1.36.4
cloud.google.com/go/auth	v0.9.5 -> v0.14.0
cloud.google.com/go/auth/oauth2adapt	v0.2.4 -> v0.2.7
github.com/aws/aws-sdk-go-v2	v1.31.0 -> v1.32.8
github.com/aws/aws-sdk-go-v2/config	v1.27.37 -> v1.28.10
github.com/aws/aws-sdk-go-v2/credentials	v1.17.35 -> v1.17.51
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	v1.16.14 -> v1.16.23
github.com/aws/aws-sdk-go-v2/internal/configsources	v1.3.18 -> v1.3.27
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	v2.6.18 -> v2.6.27
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	v1.11.5 -> v1.12.1
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	v1.11.20 -> v1.12.8
github.com/aws/aws-sdk-go-v2/service/sso	v1.23.1 -> v1.24.9
github.com/aws/aws-sdk-go-v2/service/ssooidc	v1.27.1 -> v1.28.8
github.com/aws/aws-sdk-go-v2/service/sts	v1.31.1 -> v1.33.6
github.com/aws/smithy-go	v1.21.0 -> v1.22.1
github.com/golang-jwt/jwt/v4	v4.5.0 -> v4.5.1
github.com/google/s2a-go	v0.1.8 -> v0.1.9
github.com/google/trillian	v1.6.0 -> v1.7.1
github.com/jmespath/go-jmespath	v0.4.0 -> v0.4.1-0.20220621161143-b0104c826a24
github.com/klauspost/compress	v1.17.9 -> v1.17.11
go.opentelemetry.io/otel	v1.30.0 -> v1.32.0
go.opentelemetry.io/otel/metric	v1.30.0 -> v1.32.0
go.opentelemetry.io/otel/trace	v1.30.0 -> v1.32.0
go.step.sm/crypto	v0.53.0 -> v0.57.0
golang.org/x/mod	v0.21.0 -> v0.22.0
golang.org/x/net	v0.29.0 -> v0.34.0
golang.org/x/sync	v0.8.0 -> v0.10.0
golang.org/x/sys	v0.26.0 -> v0.29.0
golang.org/x/term	v0.25.0 -> v0.28.0
golang.org/x/text	v0.19.0 -> v0.21.0
golang.org/x/time	v0.6.0 -> v0.9.0
google.golang.org/api	v0.199.0 -> v0.218.0
google.golang.org/genproto/googleapis/api	v0.0.0-20240903143218-8af14fe29dc1 -> v0.0.0-20241209162323-e6fa225c2576
google.golang.org/genproto/googleapis/rpc	v0.0.0-20240903143218-8af14fe29dc1 -> v0.0.0-20250115164207-1a7da9e5054f
google.golang.org/grpc	v1.67.1 -> v1.70.0
k8s.io/klog/v2	v2.130.0 -> v2.130.1

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: red-hat-konflux[bot]

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment