Bump github.com/sigstore/sigstore from 1.7.6 to 1.8.0

[dependabot]

Bumps github.com/sigstore/sigstore from 1.7.6 to 1.8.0.

Release notes

Sourced from github.com/sigstore/sigstore's releases.

v1.8.0

What's Changed

• Bump the github.com/letsencrypt/boulder to the latest version to update vulnerable go-jose by @​OlegOAndreev in sigstore/sigstore#1548
• Update dependabot to weekly by @​haydentherapper in sigstore/sigstore#1569
• Adapt to simplified DSSE signing interface by @​adityasaky in sigstore/sigstore#1580

New Contributors

• @​OlegOAndreev made their first contribution in sigstore/sigstore#1548

Full Changelog: sigstore/sigstore@v1.7.6...v1.8.0

Commits

• b9063a4 build(deps): Bump the all group with 4 updates (#1581)
• fac5a33 build(deps): Bump the all group in /pkg/signature/kms/gcp with 1 update
• d217337 Adapt to simplified DSSE signing interface
• 8bd737c build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/aws
• 9a15769 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/hashivault
• b898510 build(deps): Bump golang.org/x/crypto in /test/fuzz
• 5aa5231 build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/gcp
• ca259be build(deps): Bump golang.org/x/crypto in /pkg/signature/kms/azure
• b5bb008 build(deps): Bump the all group in /pkg/signature/kms/aws with 2 updates
• e8d53bc build(deps): Bump the all group
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)