From cdede11c5ccf0d806a9fa58afc1233832d3a900a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 7 Nov 2024 08:12:36 +0000
Subject: [PATCH] Bump github.com/sigstore/sigstore from 1.8.9 to 1.8.10

Bumps [github.com/sigstore/sigstore](https://github.com/sigstore/sigstore) from 1.8.9 to 1.8.10.
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](https://github.com/sigstore/sigstore/compare/v1.8.9...v1.8.10)

---
updated-dependencies:
- dependency-name: github.com/sigstore/sigstore
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 go.mod                                                        | 3 ++-
 go.sum                                                        | 4 ++--
 .../github.com/sigstore/sigstore/pkg/oauthflow/interactive.go | 2 +-
 vendor/github.com/sigstore/sigstore/pkg/tuf/client.go         | 1 +
 vendor/modules.txt                                            | 4 ++--
 5 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 02ca9a737c..8459327062 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,7 @@
 module github.com/tektoncd/cli
 
 go 1.22.7
+toolchain go1.22.9
 
 require (
 	github.com/AlecAivazis/survey/v2 v2.3.7
@@ -20,7 +21,7 @@ require (
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/pkg/errors v0.9.1
 	github.com/sigstore/cosign/v2 v2.4.1
-	github.com/sigstore/sigstore v1.8.9
+	github.com/sigstore/sigstore v1.8.10
 	github.com/spf13/cobra v1.8.1
 	github.com/spf13/pflag v1.0.5
 	github.com/tektoncd/chains v0.22.2
diff --git a/go.sum b/go.sum
index 345c80fdd1..0bda907b85 100644
--- a/go.sum
+++ b/go.sum
@@ -1185,8 +1185,8 @@ github.com/sigstore/protobuf-specs v0.3.2 h1:nCVARCN+fHjlNCk3ThNXwrZRqIommIeNKWw
 github.com/sigstore/protobuf-specs v0.3.2/go.mod h1:RZ0uOdJR4OB3tLQeAyWoJFbNCBFrPQdcokntde4zRBA=
 github.com/sigstore/rekor v1.3.6 h1:QvpMMJVWAp69a3CHzdrLelqEqpTM3ByQRt5B5Kspbi8=
 github.com/sigstore/rekor v1.3.6/go.mod h1:JDTSNNMdQ/PxdsS49DJkJ+pRJCO/83nbR5p3aZQteXc=
-github.com/sigstore/sigstore v1.8.9 h1:NiUZIVWywgYuVTxXmRoTT4O4QAGiTEKup4N1wdxFadk=
-github.com/sigstore/sigstore v1.8.9/go.mod h1:d9ZAbNDs8JJfxJrYmulaTazU3Pwr8uLL9+mii4BNR3w=
+github.com/sigstore/sigstore v1.8.10 h1:r4t+TYzJlG9JdFxMy+um9GZhZ2N1hBTyTex0AHEZxFs=
+github.com/sigstore/sigstore v1.8.10/go.mod h1:BekjqxS5ZtHNJC4u3Q3Stvfx2eyisbW/lUZzmPU2u4A=
 github.com/sigstore/sigstore-go v0.6.1 h1:tGkkv1oDIER+QYU5MrjqlttQOVDWfSkmYwMqkJhB/cg=
 github.com/sigstore/sigstore-go v0.6.1/go.mod h1:Xe5GHmUeACRFbomUWzVkf/xYCn8xVifb9DgqJrV2dIw=
 github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.8 h1:2zHmUvaYCwV6LVeTo+OAkTm8ykOGzA9uFlAjwDPAUWM=
diff --git a/vendor/github.com/sigstore/sigstore/pkg/oauthflow/interactive.go b/vendor/github.com/sigstore/sigstore/pkg/oauthflow/interactive.go
index dfc1f0c0e8..6714b3488e 100644
--- a/vendor/github.com/sigstore/sigstore/pkg/oauthflow/interactive.go
+++ b/vendor/github.com/sigstore/sigstore/pkg/oauthflow/interactive.go
@@ -134,7 +134,7 @@ func (i *InteractiveIDTokenGetter) doOobFlow(cfg *oauth2.Config, stateToken stri
 	fmt.Fprintln(i.GetOutput(), "Go to the following link in a browser:\n\n\t", authURL)
 	fmt.Fprintf(i.GetOutput(), "Enter verification code: ")
 	var code string
-	fmt.Fscanf(i.GetInput(), "%s", &code)
+	_, _ = fmt.Fscanf(i.GetInput(), "%s", &code)
 	// New line in case read input doesn't move cursor to next line.
 	fmt.Fprintln(i.GetOutput())
 	return code
diff --git a/vendor/github.com/sigstore/sigstore/pkg/tuf/client.go b/vendor/github.com/sigstore/sigstore/pkg/tuf/client.go
index 35c7337558..d03973e72a 100644
--- a/vendor/github.com/sigstore/sigstore/pkg/tuf/client.go
+++ b/vendor/github.com/sigstore/sigstore/pkg/tuf/client.go
@@ -71,6 +71,7 @@ var (
 // getRemoteRoot is a var for testing.
 var getRemoteRoot = func() string { return DefaultRemoteRoot }
 
+// Deprecated: Use https://pkg.go.dev/github.com/sigstore/sigstore-go/pkg/tuf
 type TUF struct {
 	sync.Mutex
 	client   *client.Client
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 3b2177d785..cd3734591e 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1270,8 +1270,8 @@ github.com/sigstore/rekor/pkg/types/intoto/v0.0.2
 github.com/sigstore/rekor/pkg/types/rekord
 github.com/sigstore/rekor/pkg/types/rekord/v0.0.1
 github.com/sigstore/rekor/pkg/util
-# github.com/sigstore/sigstore v1.8.9
-## explicit; go 1.22.5
+# github.com/sigstore/sigstore v1.8.10
+## explicit; go 1.22.8
 github.com/sigstore/sigstore/pkg/cryptoutils
 github.com/sigstore/sigstore/pkg/fulcioroots
 github.com/sigstore/sigstore/pkg/oauth