chore(deps): Bump github.com/sigstore/sigstore from 1.10.0 to 1.10.4#37
chore(deps): Bump github.com/sigstore/sigstore from 1.10.0 to 1.10.4#37dependabot[bot] wants to merge 1 commit into
Security Analysis Passed
No security issues found
Details
Kusari Analysis Results:
✅ No Flagged Issues Detected
All values appear to be within acceptable risk parameters.
Both dependency and code security analyses pass with zero vulnerabilities or security issues detected. The PR updates sigstore from 1.10.0 to 1.10.4, a well-maintained package with excellent security scores (10/10). Code scanning found no issues, exposed secrets, or vulnerabilities across all severity levels. The only concern is a maintenance monitoring flag on transitive dependency github.com/coreos/go-oidc/v3, which has no known vulnerabilities and is being updated as part of the sigstore upgrade. This is a non-blocking monitoring item that does not change the overall low-risk profile of this PR. The update brings security-positive changes with permissive licensing and is safe to merge.
Note
View full detailed analysis result for more information on the output and the checks that were run.
@kusari-inspector rerun - Trigger a re-analysis of this PR
@kusari-inspector feedback [your message] - Send feedback to our AI and team
See Kusari's documentation for setup and configuration.
Commit: 98bbfe9, performed at: 2026-01-22T20:31:00Z