fix(deps): update module github.com/sigstore/sigstore-go to v1.1.4

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/sigstore/sigstore-go	v1.1.3 -> v1.1.4

---

Release Notes

sigstore/sigstore-go (github.com/sigstore/sigstore-go)

v1.1.4

Compare Source

What's Changed

• Update rekor-tiles version path in #​531
• Bump production Sigstore TUF root to latest in #​537
• Bump staging Sigstore TUF root to latest in #​538
• Bump deps for sigstore libraries in #​543

Full Changelog: sigstore/sigstore-go@v1.1.3...v1.1.4

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 28 additional dependencies were updated

Details:

Package	Change
github.com/spf13/cobra	v1.10.1 -> v1.10.2
github.com/go-openapi/analysis	v0.23.0 -> v0.24.1
github.com/go-openapi/errors	v0.22.2 -> v0.22.4
github.com/go-openapi/jsonpointer	v0.21.1 -> v0.22.1
github.com/go-openapi/jsonreference	v0.21.0 -> v0.21.3
github.com/go-openapi/loads	v0.22.0 -> v0.23.2
github.com/go-openapi/runtime	v0.28.0 -> v0.29.2
github.com/go-openapi/spec	v0.21.0 -> v0.22.1
github.com/go-openapi/strfmt	v0.23.0 -> v0.25.0
github.com/go-openapi/swag	v0.24.1 -> v0.25.4
github.com/go-openapi/swag/cmdutils	v0.24.0 -> v0.25.4
github.com/go-openapi/swag/conv	v0.24.0 -> v0.25.4
github.com/go-openapi/swag/fileutils	v0.24.0 -> v0.25.4
github.com/go-openapi/swag/jsonname	v0.24.0 -> v0.25.4
github.com/go-openapi/swag/jsonutils	v0.24.0 -> v0.25.4
github.com/go-openapi/swag/loading	v0.24.0 -> v0.25.4
github.com/go-openapi/swag/mangling	v0.24.0 -> v0.25.4
github.com/go-openapi/swag/netutils	v0.24.0 -> v0.25.4
github.com/go-openapi/swag/stringutils	v0.24.0 -> v0.25.4
github.com/go-openapi/swag/typeutils	v0.24.0 -> v0.25.4
github.com/go-openapi/swag/yamlutils	v0.24.0 -> v0.25.4
github.com/go-openapi/validate	v0.24.0 -> v0.25.1
github.com/sigstore/rekor	v1.4.2 -> v1.4.3
github.com/sigstore/sigstore	v1.9.6-0.20250729224751-181c5d3339b3 -> v1.10.0
github.com/theupdateframework/go-tuf/v2	v2.2.0 -> v2.3.0
github.com/transparency-dev/formats	v0.0.0-20250825093915-4fde0c3c9ab1 -> v0.0.0-20251017110053-404c0d5b696c
go.mongodb.org/mongo-driver	v1.17.4 -> v1.17.6
google.golang.org/genproto/googleapis/rpc	v0.0.0-20250929231259-57b25ae835d4 -> v0.0.0-20251103181224-f26f9409b101

[github-actions]

🔒 MCP Security Scan Results

❌ adb-mysql-mcp-server

• Status: Failed
• Tools scanned: 3
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

Allowed issues (not blocking):

• [TF002] Destructive toxic flow detected. The same agent has access to at least one tool that produces untrusted content and one tool that can behave destructively. For more information, see https://explorer.invariantlabs.ai/docs/mcp-scan/issue-code-reference/#TF002 (Allowed: Database MCP servers inherently have tools that can execute SQL queries, which is their intended purpose)

❌ agentql-mcp

• Status: Failed
• Tools scanned: 0
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

❌ arxiv-mcp-server

• Status: Failed
• Tools scanned: 4
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

❌ astra-db-mcp

• Status: Failed
• Tools scanned: 16
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

Allowed issues (not blocking):

• [TF001] Data leak toxic flow detected. The same agent has access to at least one tool that produces untrusted content, one tool that can access private data, and one tool that can behave as a public sink. For more information, see https://explorer.invariantlabs.ai/docs/mcp-scan/issue-code-reference/#TF001 _(Allowed: Data leak toxic flow is expected for Astra DB operations. The server provides:
• Tools that read database content (GetRecord, ListRecords, FindRecord) which access private data
• Tools that can create/update records with untrusted content from external sources
• OpenBrowser tool that acts as a public sink
  This combination is necessary for the database server to function as intended,
  allowing agents to query, manipulate, and authenticate with Astra DB.
  )_
• [TF002] Destructive toxic flow detected. The same agent has access to at least one tool that produces untrusted content and one tool that can behave destructively. For more information, see https://explorer.invariantlabs.ai/docs/mcp-scan/issue-code-reference/#TF002 _(Allowed: Destructive toxic flow is expected and required for database management. The server includes:
• Destructive operations: DeleteCollection, DeleteRecord, BulkDeleteRecords, UpdateRecord, BulkUpdateRecords
• Tools that handle untrusted content: CreateRecord, BulkCreateRecords, FindRecord
  These destructive capabilities are essential for proper database management,
  allowing agents to maintain and modify database state as needed.
  )_

❌ aws-diagram

• Status: Failed
• Tools scanned: 3
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

Allowed issues (not blocking):

• [W001] Tool description contains dangerous words that could be used for prompt injection. (Allowed: Tool description contains imperative instructions for AI agents which are necessary for proper operation)
• [TF002] Destructive toxic flow detected. The same agent has access to at least one tool that produces untrusted content and one tool that can behave destructively. For more information, see https://explorer.invariantlabs.ai/docs/mcp-scan/issue-code-reference/#TF002 (Allowed: Destructive toxic flow is mitigated by container sandboxing - code execution is isolated from host system)

❌ aws-documentation

• Status: Failed
• Tools scanned: 3
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

Allowed issues (not blocking):

• [W001] Tool description contains dangerous words that could be used for prompt injection. (Allowed: The 'recommend' tool contains legitimate usage instructions for AI agents, not malicious prompt injection)

❌ blender-mcp

• Status: Failed
• Tools scanned: 21
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

Allowed issues (not blocking):

• [TF001] Data leak toxic flow detected. The same agent has access to at least one tool that produces untrusted content, one tool that can access private data, and one tool that can behave as a public sink. For more information, see https://explorer.invariantlabs.ai/docs/mcp-scan/issue-code-reference/#TF001 (Allowed: Data leak risk acceptable - tool designed for creative workflows where external content integration is essential. Users should be aware of potential data exposure through code execution capabilities.)
• [TF002] Destructive toxic flow detected. The same agent has access to at least one tool that produces untrusted content and one tool that can behave destructively. For more information, see https://explorer.invariantlabs.ai/docs/mcp-scan/issue-code-reference/#TF002 (Allowed: Destructive flow risk acceptable - execute_blender_code tool is core functionality for Blender automation. Users should only use with trusted prompts and in isolated environments.)

✅ brightdata-mcp

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

❌ browserbase-mcp-server

• Status: Failed
• Tools scanned: 0
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

❌ chroma-mcp

• Status: Failed
• Tools scanned: 13
• Vulnerabilities found: 2

Security issues detected:

• [TF001] Data leak toxic flow detected. The same agent has access to at least one tool that produces untrusted content, one tool that can access private data, and one tool that can behave as a public sink. For more information, see https://explorer.invariantlabs.ai/docs/mcp-scan/issue-code-reference/#TF001
• [W004] The MCP server is not in our registry.

Allowed issues (not blocking):

• [TF002] Destructive toxic flow detected. The same agent has access to at least one tool that produces untrusted content and one tool that can behave destructively. For more information, see https://explorer.invariantlabs.ai/docs/mcp-scan/issue-code-reference/#TF002 (Allowed: ChromaDB is a vector database that requires both read and write operations for managing embeddings and collections)

❌ chrome-devtools-mcp

• Status: Failed
• Tools scanned: 26
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

Allowed issues (not blocking):

• [TF001] Data leak toxic flow detected. The same agent has access to at least one tool that produces untrusted content, one tool that can access private data, and one tool that can behave as a public sink. For more information, see https://explorer.invariantlabs.ai/docs/mcp-scan/issue-code-reference/#TF001 (Allowed: Data leak risk acceptable - tool designed for browser automation and debugging workflows where external content interaction is essential. Chrome DevTools MCP server reads page content, console messages, and network requests which may contain sensitive information. Users should be aware of potential data exposure when automating browser interactions.)
• [TF002] Destructive toxic flow detected. The same agent has access to at least one tool that produces untrusted content and one tool that can behave destructively. For more information, see https://explorer.invariantlabs.ai/docs/mcp-scan/issue-code-reference/#TF002 (Allowed: Destructive flow risk acceptable - browser automation and debugging tools are core functionality. Chrome DevTools MCP includes tools for page navigation, script evaluation, and DOM manipulation. Users should only use with trusted prompts and be aware of the impact of browser automation actions.)

❌ context7

• Status: Failed
• Tools scanned: 2
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

❌ graphlit-mcp-server

• Status: Failed
• Tools scanned: 0
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

❌ heroku-mcp-server

• Status: Failed
• Tools scanned: 0
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

❌ ida-pro-mcp

• Status: Failed
• Tools scanned: 48
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

Allowed issues (not blocking):

• [TF002] Destructive toxic flow detected. The same agent has access to at least one tool that produces untrusted content and one tool that can behave destructively. For more information, see https://explorer.invariantlabs.ai/docs/mcp-scan/issue-code-reference/#TF002 (Allowed: Destructive toxic flow is acceptable for a reverse engineering tool)

❌ launchdarkly-mcp-server

• Status: Failed
• Tools scanned: 0
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

❌ magic-mcp

• Status: Failed
• Tools scanned: 0
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

❌ mcp-clickhouse

• Status: Failed
• Tools scanned: 0
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

❌ mcp-jetbrains

• Status: Failed
• Tools scanned: 0
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

❌ mcp-neo4j-aura-manager

• Status: Failed
• Tools scanned: 0
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

❌ mcp-neo4j-cypher

• Status: Failed
• Tools scanned: 3
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

Allowed issues (not blocking):

• [TF002] Destructive toxic flow detected. The same agent has access to at least one tool that produces untrusted content and one tool that can behave destructively. For more information, see https://explorer.invariantlabs.ai/docs/mcp-scan/issue-code-reference/#TF002 (Allowed: Expected behavior for database MCP server that needs both read and write capabilities for Cypher queries)

❌ mcp-neo4j-memory

• Status: Failed
• Tools scanned: 0
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

❌ mcp-server-box

• Status: Failed
• Tools scanned: 0
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

❌ mcp-server-circleci

• Status: Failed
• Tools scanned: 16
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

Allowed issues (not blocking):

• [E001] Prompt injection detected in the tool description. (Allowed: Tool descriptions contain operational instructions for CI/CD workflows (e.g., 'MUST start your response with', 'CRITICAL REQUIREMENTS') that are necessary for proper data handling and tool usage guidance)
• [W001] Tool description contains dangerous words that could be used for prompt injection. (Allowed: CI/CD operations require specific terminology for pipeline control (run, rollback, rerun) that may trigger prompt injection warnings)
• [W001] Tool description contains dangerous words that could be used for prompt injection. (Allowed: CI/CD operations require specific terminology for pipeline control (run, rollback, rerun) that may trigger prompt injection warnings)
• [W001] Tool description contains dangerous words that could be used for prompt injection. (Allowed: CI/CD operations require specific terminology for pipeline control (run, rollback, rerun) that may trigger prompt injection warnings)
• [W001] Tool description contains dangerous words that could be used for prompt injection. (Allowed: CI/CD operations require specific terminology for pipeline control (run, rollback, rerun) that may trigger prompt injection warnings)
• [TF002] Destructive toxic flow detected. The same agent has access to at least one tool that produces untrusted content and one tool that can behave destructively. For more information, see https://explorer.invariantlabs.ai/docs/mcp-scan/issue-code-reference/#TF002 (Allowed: CI/CD platforms inherently perform destructive operations like canceling builds, running pipelines, and modifying configurations)

❌ mcp-server-neon

• Status: Failed
• Tools scanned: 0
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

❌ netbird

• Status: Failed
• Tools scanned: 0
• Vulnerabilities found: 1

Security issues detected:

• [W003] Could not identify the MCP server.

❌ notion

• Status: Failed
• Tools scanned: 19
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

Allowed issues (not blocking):

• [TF001] Data leak toxic flow detected. The same agent has access to at least one tool that produces untrusted content, one tool that can access private data, and one tool that can behave as a public sink. For more information, see https://explorer.invariantlabs.ai/docs/mcp-scan/issue-code-reference/#TF001 _(Allowed: Data leak toxic flow is expected for a Notion integration server. Notion MCP server:
• Reads private Notion workspace data including pages, databases, and user information (private data access)
• Processes user-generated content from various Notion sources and external integrations (untrusted content)
• Exports and shares Notion data through search, fetch, and analysis operations (public sink)
  This combination is essential for the Notion MCP server to function effectively,
  allowing agents to access, analyze, and work with Notion workspace content and data.
  )_
• [TF002] Destructive toxic flow detected. The same agent has access to at least one tool that produces untrusted content and one tool that can behave destructively. For more information, see https://explorer.invariantlabs.ai/docs/mcp-scan/issue-code-reference/#TF002 _(Allowed: Destructive toxic flow is expected and required for Notion content management. The server includes:
• Tools to delete, update, and move Notion pages, databases, and other content (destructive operations)
• Tools that process user-generated content from Notion workspaces and external sources (untrusted content)
  These capabilities are essential for proper Notion workspace management,
  allowing agents to create, modify, organize, and maintain Notion content effectively.
  )_

❌ onchain-mcp

• Status: Failed
• Tools scanned: 10
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

Allowed issues (not blocking):

• [W001] Tool description contains dangerous words that could be used for prompt injection. (Allowed: The read_contract tool description contains the word "important:" as part of legitimate
  technical documentation explaining how to handle tuple types and nested structs in
  blockchain smart contracts. This is necessary technical guidance for proper usage
  of the tool, not a prompt injection attempt.
  )

❌ pagerduty-mcp

• Status: Failed
• Tools scanned: 33
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

Allowed issues (not blocking):

• [TF001] Data leak toxic flow detected. The same agent has access to at least one tool that produces untrusted content, one tool that can access private data, and one tool that can behave as a public sink. For more information, see https://explorer.invariantlabs.ai/docs/mcp-scan/issue-code-reference/#TF001 (Allowed: Data leak risk acceptable - incident management requires sharing operational data with responders and creating public status updates. Write operations are disabled by default, requiring explicit opt-in with --enable-write-tools flag.)

❌ phoenix-mcp

• Status: Failed
• Tools scanned: 19
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

Allowed issues (not blocking):

• [TF001] Data leak toxic flow detected. The same agent has access to at least one tool that produces untrusted content, one tool that can access private data, and one tool that can behave as a public sink. For more information, see https://explorer.invariantlabs.ai/docs/mcp-scan/issue-code-reference/#TF001 _(Allowed: Data leak toxic flow is expected for an observability platform. Phoenix MCP server:
• Reads traces, spans, and evaluation data (private data access)
• Processes and analyzes observability data from various sources (untrusted content)
• Exports and shares data for analysis (public sink)
  This combination is essential for the observability platform to function,
  allowing agents to monitor, analyze, and report on application performance and LLM traces.
  )_
• [TF002] Destructive toxic flow detected. The same agent has access to at least one tool that produces untrusted content and one tool that can behave destructively. For more information, see https://explorer.invariantlabs.ai/docs/mcp-scan/issue-code-reference/#TF002 _(Allowed: Destructive toxic flow is expected and required for data management. The server includes:
• Tools to delete traces, spans, and evaluations (destructive operations)
• Tools that process data from external sources (untrusted content)
  These capabilities are essential for proper data lifecycle management,
  allowing agents to clean up old data and manage the observability platform effectively.
  )_

❌ playwright-mcp

• Status: Failed
• Tools scanned: 22
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

Allowed issues (not blocking):

• [TF001] Data leak toxic flow detected. The same agent has access to at least one tool that produces untrusted content, one tool that can access private data, and one tool that can behave as a public sink. For more information, see https://explorer.invariantlabs.ai/docs/mcp-scan/issue-code-reference/#TF001 (Allowed: Data leak risk acceptable - tool designed for browser automation and web testing workflows where external content interaction is essential. Users should be aware of potential data exposure when automating web interactions.)
• [TF002] Destructive toxic flow detected. The same agent has access to at least one tool that produces untrusted content and one tool that can behave destructively. For more information, see https://explorer.invariantlabs.ai/docs/mcp-scan/issue-code-reference/#TF002 (Allowed: Destructive flow risk acceptable - browser automation tools are core functionality for web testing and automation. Users should only use with trusted prompts and on non-production systems.)

❌ sentry-mcp-server

• Status: Failed
• Tools scanned: 0
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

❌ supabase-mcp-server

• Status: Failed
• Tools scanned: 0
• Vulnerabilities found: 1

Security issues detected:

• [W004] The MCP server is not in our registry.

✅ tavily-mcp

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

---

Summary: Scanned 34 MCP server(s), found 33 security issue(s).

⚠️ Action Required: Security issues were detected. Please review and address them before merging.