build(deps): bump github.com/lestrrat-go/dsig from 1.2.1 to 1.3.0

[dependabot]

Bumps github.com/lestrrat-go/dsig from 1.2.1 to 1.3.0.

Release notes

Sourced from github.com/lestrrat-go/dsig's releases.

v1.3.0

What's Changed

• add SignWithOpts/VerifyWithOpts for custom signers by @​lestrrat in lestrrat-go/dsig#14

Full Changelog: lestrrat-go/dsig@v1.2.2...v1.3.0

v1.2.2

What's Changed

• Add fuzz tests and CI workflow by @​lestrrat in lestrrat-go/dsig#12
• add SignECDSADER and VerifyECDSADER helpers by @​lestrrat in lestrrat-go/dsig#13

Full Changelog: lestrrat-go/dsig@v1.2.1...v1.2.2

Changelog

Sourced from github.com/lestrrat-go/dsig's changelog.

v1.3.0 13 Apr 2026

• Add SignWithOpts() and VerifyWithOpts(), which thread an optional crypto.SignerOpts through to the underlying signer. For built-in families (HMAC, RSA, ECDSA, EdDSA) the opts argument is ignored. For the Custom family, opts are forwarded to the algorithm's Meta when it implements the new SignerWithOpts / VerifierWithOpts interfaces; otherwise the dispatcher falls back to the plain Signer / Verifier methods and the opts are dropped. The canonical use case is composite ML-DSA signatures, where a per-call domain-separation context (*mldsa.Options) must reach filippo.io/mldsa.

• Sign() is now a one-line wrapper around SignWithOpts() (and Verify() likewise wraps VerifyWithOpts()). The public signatures of Sign and Verify are unchanged; the only observable difference for existing callers is one extra call frame.

• RegisterAlgorithm() for the Custom family now accepts a Meta that implements only SignerWithOpts / VerifierWithOpts (in addition to the existing Signer / Verifier paths).

• In dsig v2, Sign / Verify will absorb the opts parameter and SignWithOpts / VerifyWithOpts will be removed. The same migration is planned for SignDigest / VerifyDigest once a DigestSigner interface for the Custom family lands. Doc comments on all four entry points flag the upcoming change.

v1.2.2 13 Apr 2026

• Add SignECDSADER() and VerifyECDSADER() primitive helpers for ECDSA signatures in ASN.1 DER-encoded Ecdsa-Sig-Value form (RFC 3279 §2.2.3), as used by X.509/PKIX and composite signature schemes. The existing SignECDSA()/VerifyECDSA() functions remain the canonical entry points for the JWS-native fixed-length r||s format (RFC 7515 §3.4).

Commits

• 518f4e1 set release date for v1.3.0
• 0849754 Merge pull request #14 from lestrrat-go/feat-signwithopts
• 5c9058f add SignWithOpts/VerifyWithOpts for custom signers
• 680ff9b update Changes for v1.2.2 release
• 27a35f3 Merge pull request #13 from lestrrat-go/feat-ecdsa-der
• 947c1e5 correct version to v1.2.2
• b8c3e23 update Changes for SignECDSADER/VerifyECDSADER
• d6f181c add SignECDSADER and VerifyECDSADER helpers
• 5d95498 Merge pull request #12 from lestrrat-go/feat-fuzz-tests
• 5ac5aaa add fuzz tests and CI workflow
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)