build(deps): Bump the go_modules group across 1 directory with 2 updates

[dependabot]

Bumps the go_modules group with 2 updates in the /example directory: github.com/cloudflare/circl and github.com/sigstore/rekor.

Updates github.com/cloudflare/circl from 1.6.1 to 1.6.3

Release notes

Sourced from github.com/cloudflare/circl's releases.

CIRCL v1.6.3

Fix a bug on ecc/p384 scalar multiplication.

What's Changed

• sign/mldsa: Check opts for nil value by @​armfazh in cloudflare/circl#582
• ecc/p384: Point addition must handle point doubling case. by @​armfazh in cloudflare/circl#583
• Release CIRCL v1.6.3 by @​armfazh in cloudflare/circl#584

Full Changelog: cloudflare/circl@v1.6.2...v1.6.3

CIRCL v1.6.2

• New SLH-DSA, improvements in ML-DSA for arm64.
• Tested compilation on WASM.

What's Changed

• Optimize pairing product computation by moving exponentiations to G1. by @​dfaranha in cloudflare/circl#547
• sign: Adding SLH-DSA signature by @​armfazh in cloudflare/circl#512
• Update code generators to CIRCL v1.6.1. by @​armfazh in cloudflare/circl#548
• ML-DSA: Add preliminary Wycheproof test vectors by @​bwesterb in cloudflare/circl#552
• go fmt by @​bwesterb in cloudflare/circl#554
• gz-compressing test vectors, use of HexBytes and ReadGzip functions. by @​armfazh in cloudflare/circl#555
• group: Removes use of elliptic Marshal and Unmarshal functions. by @​armfazh in cloudflare/circl#556
• Support encoding/decoding ML-DSA private keys (as long as they contain seeds) by @​bwesterb in cloudflare/circl#559
• Update to golangci-lint v2 by @​bwesterb in cloudflare/circl#560
• Preparation for ARM64 Implementation of poly operations for dilithium package. by @​elementrics in cloudflare/circl#562
• prepare power2Round for custom implementations in assembly by @​elementrics in cloudflare/circl#564
• ARM64 implementation for poly.PackLe16 by @​elementrics in cloudflare/circl#563
• add arm64 version of polyMulBy2toD by @​elementrics in cloudflare/circl#565
• add arm64 version of polySub by @​elementrics in cloudflare/circl#566
• group: add byteLen method for short groups and RandomScalar uses rand.Int by @​armfazh in cloudflare/circl#568
• add arm64 version of poly.Add/Sub by @​elementrics in cloudflare/circl#572
• group: Adding cryptobyte marshaling to scalars by @​armfazh in cloudflare/circl#569
• Bumping up to Go1.25 by @​armfazh in cloudflare/circl#574
• ci: Including WASM compilation. by @​armfazh in cloudflare/circl#577
• Revert to using package-declared HPKE errors for shortkem instead of standard library errors by @​harshiniwho in cloudflare/circl#578
• Release v1.6.2 by @​armfazh in cloudflare/circl#579

New Contributors

• @​dfaranha made their first contribution in cloudflare/circl#547
• @​elementrics made their first contribution in cloudflare/circl#562
• @​harshiniwho made their first contribution in cloudflare/circl#578

Full Changelog: cloudflare/circl@v1.6.1...v1.6.2

Commits

• 24ae53c Release CIRCL v1.6.3
• 581020b Rename method to oddMultiplesProjective.
• 12209a4 Removing unused cmov for jacobian points.
• fcba359 ecc/p384: use of complete projective formulas for scalar multiplication.
• 5e1bae8 ecc/p384: handle point doubling in point addition with Jacobian coordinates.
• 3416046 Check opts for nil value.
• a763d47 Release CIRCL v1.6.2
• 3c70bf9 Bump x/crypto x/sys dependencies.
• 3f0f15b Revert to using package-declared HPKE errors for shortkem instead of standard...
• 23491bd Adding generic Power2Round method.
• Additional commits viewable in compare view

Updates github.com/sigstore/rekor from 1.4.3 to 1.5.0

Release notes

Sourced from github.com/sigstore/rekor's releases.

v1.5.0

This release fixes GHSA-273p-m2cw-6833 and GHSA-4c4x-jm2x-pf9j. Note that this drops support for fetching public keys via URL when querying the search API.

Vulnerability Fixes

• Handle malformed COSE and DSSE entries (#2729)
• Drop support for fetching public keys by URL in the search index (#2731)

Features

• Add support for a custom TLS config for clients (#2709)

Changelog

Sourced from github.com/sigstore/rekor's changelog.

v1.5.0

This release fixes GHSA-273p-m2cw-6833 and GHSA-4c4x-jm2x-pf9j. Note that this drops support for fetching public keys via URL when querying the search API.

Vulnerability Fixes

• Handle malformed COSE and DSSE entries (#2729)
• Drop support for fetching public keys by URL in the search index (#2731)

Features

• Add support for a custom TLS config for clients (#2709)

Commits

• fe9717f Changelog for v1.5.0 (#2730)
• 60ef2bc Drop support for fetching public keys by URL in the search index (#2731)
• ca625dc build(deps): Bump github.com/redis/go-redis/v9 from 9.14.1 to 9.17.2 (#2706)
• 39bae3d Merge commit from fork (#2729)
• 812e699 build(deps): Bump google.golang.org/api from 0.256.0 to 0.259.0 (#2723)
• 4596e4e build(deps): Bump golang.org/x/net from 0.47.0 to 0.48.0 (#2722)
• a3e73cd build(deps): Bump github.com/sigstore/sigstore from 1.9.5 to 1.10.3 (#2724)
• 94d259c build(deps): Bump the all group across 1 directory with 3 updates (#2727)
• a5329c9 build(deps): Bump the all group with 2 updates (#2728)
• 5e6bdcd build(deps): Bump google.com/cloudsdktool/google-cloud-cli (#2726)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.08%. Comparing base (cb616af) to head (fa1f484).
⚠️ Report is 9 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #4040   +/-   ##
=======================================
  Coverage   94.08%   94.08%           
=======================================
  Files         207      207           
  Lines       19207    19207           
=======================================
  Hits        18071    18071           
  Misses        938      938           
  Partials      198      198           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.