SUSE-SU-2025:1332-1 Security update for rekor

This update for rekor fixes the following issues: CVE-2023-45288: rekor: golang.org/x/net/http2: Fixed close connections when receiving too many headers (bsc#1236519) CVE-2024-6104: rekor: hashicorp/go-retryablehttps: Fixed sensitive information disclosure inside log file (bsc#1227053) CVE-2025-22868: rekor: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239191) CVE-2025-22869: rekor: golang.org/x/crypto/ssh: Fixed denial of service in the Key Exchange (bsc#1239327) CVE-2025-27144: rekor: gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Fixed denial of service in Go JOSE's parsing (bsc#1237638) CVE-2025-30204: rekor: github.com/golang-jwt/jwt/v5: Fixed jwt-go allowing excessive memory allocation during header parsing (bsc#1240468) Other fixes: Update to version 1.3.10: Features Added –client-signing-algorithms flag (#1974) Fixes / Misc emit unpopulated values when marshalling (#2438) pkg/api: better logs when algorithm registry rejects a key (#2429) chore: improve mysql readiness checks (#2397) Added –client-signing-algorithms flag (#1974) Update to version 1.3.9 (jsc#SLE-23476): Cache checkpoint for inactive shards (#2332) Support per-shard signing keys (#2330) Update to version 1.3.8: Bug Fixes fix zizmor issues (#2298) remove unneeded value in log message (#2282) Quality Enhancements chore: relax go directive to permit 1.22.x fetch minisign from homebrew instead of…Read More