diff --git a/packages/indexer/package.json b/packages/indexer/package.json index 6262e1d0..11a47ddc 100644 --- a/packages/indexer/package.json +++ b/packages/indexer/package.json @@ -134,7 +134,7 @@ "openpgp": "6.1.0", "ora": "8.2.0", "packageurl-js": "2.0.1", - "sigstore": "3.0.0", + "sigstore": "3.1.0", "snappy-wasm": "0.3.0", "spdx-exceptions": "2.5.0", "spdx-expression-parse": "4.0.0", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 75391815..dd8ccb8c 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -142,8 +142,8 @@ importers: specifier: 2.0.1 version: 2.0.1 sigstore: - specifier: 3.0.0 - version: 3.0.0 + specifier: 3.1.0 + version: 3.1.0 snappy-wasm: specifier: 0.3.0 version: 0.3.0 @@ -983,28 +983,28 @@ packages: resolution: {integrity: sha512-TvCl79Y8v18ZhFGd5mjO1kYPovSBq3+4LVCi5Nfl1JI8fS8i8kXbgQFGwBJRXczim8GlW8c2LMBKTtExYXOy/A==, tarball: https://registry.npmjs.org/@publint/pack/-/pack-0.1.1.tgz} engines: {node: '>=18'} - '@sigstore/bundle@3.0.0': - resolution: {integrity: sha512-XDUYX56iMPAn/cdgh/DTJxz5RWmqKV4pwvUAEKEWJl+HzKdCd/24wUa9JYNMlDSCb7SUHAdtksxYX779Nne/Zg==, tarball: https://registry.npmjs.org/@sigstore/bundle/-/bundle-3.0.0.tgz} + '@sigstore/bundle@3.1.0': + resolution: {integrity: sha512-Mm1E3/CmDDCz3nDhFKTuYdB47EdRFRQMOE/EAbiG1MJW77/w1b3P7Qx7JSrVJs8PfwOLOVcKQCHErIwCTyPbag==, tarball: https://registry.npmjs.org/@sigstore/bundle/-/bundle-3.1.0.tgz} engines: {node: ^18.17.0 || >=20.5.0} '@sigstore/core@2.0.0': resolution: {integrity: sha512-nYxaSb/MtlSI+JWcwTHQxyNmWeWrUXJJ/G4liLrGG7+tS4vAz6LF3xRXqLH6wPIVUoZQel2Fs4ddLx4NCpiIYg==, tarball: https://registry.npmjs.org/@sigstore/core/-/core-2.0.0.tgz} engines: {node: ^18.17.0 || >=20.5.0} - '@sigstore/protobuf-specs@0.3.3': - resolution: {integrity: sha512-RpacQhBlwpBWd7KEJsRKcBQalbV28fvkxwTOJIqhIuDysMMaJW47V4OqW30iJB9uRpqOSxxEAQFdr8tTattReQ==, tarball: https://registry.npmjs.org/@sigstore/protobuf-specs/-/protobuf-specs-0.3.3.tgz} + '@sigstore/protobuf-specs@0.4.0': + resolution: {integrity: sha512-o09cLSIq9EKyRXwryWDOJagkml9XgQCoCSRjHOnHLnvsivaW7Qznzz6yjfV7PHJHhIvyp8OH7OX8w0Dc5bQK7A==, tarball: https://registry.npmjs.org/@sigstore/protobuf-specs/-/protobuf-specs-0.4.0.tgz} engines: {node: ^18.17.0 || >=20.5.0} - '@sigstore/sign@3.0.0': - resolution: {integrity: sha512-UjhDMQOkyDoktpXoc5YPJpJK6IooF2gayAr5LvXI4EL7O0vd58okgfRcxuaH+YTdhvb5aa1Q9f+WJ0c2sVuYIw==, tarball: https://registry.npmjs.org/@sigstore/sign/-/sign-3.0.0.tgz} + '@sigstore/sign@3.1.0': + resolution: {integrity: sha512-knzjmaOHOov1Ur7N/z4B1oPqZ0QX5geUfhrVaqVlu+hl0EAoL4o+l0MSULINcD5GCWe3Z0+YJO8ues6vFlW0Yw==, tarball: https://registry.npmjs.org/@sigstore/sign/-/sign-3.1.0.tgz} engines: {node: ^18.17.0 || >=20.5.0} - '@sigstore/tuf@3.0.0': - resolution: {integrity: sha512-9Xxy/8U5OFJu7s+OsHzI96IX/OzjF/zj0BSSaWhgJgTqtlBhQIV2xdrQI5qxLD7+CWWDepadnXAxzaZ3u9cvRw==, tarball: https://registry.npmjs.org/@sigstore/tuf/-/tuf-3.0.0.tgz} + '@sigstore/tuf@3.1.0': + resolution: {integrity: sha512-suVMQEA+sKdOz5hwP9qNcEjX6B45R+hFFr4LAWzbRc5O+U2IInwvay/bpG5a4s+qR35P/JK/PiKiRGjfuLy1IA==, tarball: https://registry.npmjs.org/@sigstore/tuf/-/tuf-3.1.0.tgz} engines: {node: ^18.17.0 || >=20.5.0} - '@sigstore/verify@2.0.0': - resolution: {integrity: sha512-Ggtq2GsJuxFNUvQzLoXqRwS4ceRfLAJnrIHUDrzAD0GgnOhwujJkKkxM/s5Bako07c3WtAs/sZo5PJq7VHjeDg==, tarball: https://registry.npmjs.org/@sigstore/verify/-/verify-2.0.0.tgz} + '@sigstore/verify@2.1.0': + resolution: {integrity: sha512-kAAM06ca4CzhvjIZdONAL9+MLppW3K48wOFy1TbuaWFW/OMfl8JuTgW0Bm02JB1WJGT/ET2eqav0KTEKmxqkIA==, tarball: https://registry.npmjs.org/@sigstore/verify/-/verify-2.1.0.tgz} engines: {node: ^18.17.0 || >=20.5.0} '@sinclair/typebox@0.27.8': @@ -3019,8 +3019,8 @@ packages: resolution: {integrity: sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==, tarball: https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz} engines: {node: '>=14'} - sigstore@3.0.0: - resolution: {integrity: sha512-PHMifhh3EN4loMcHCz6l3v/luzgT3za+9f8subGgeMNjbJjzH4Ij/YoX3Gvu+kaouJRIlVdTHHCREADYf+ZteA==, tarball: https://registry.npmjs.org/sigstore/-/sigstore-3.0.0.tgz} + sigstore@3.1.0: + resolution: {integrity: sha512-ZpzWAFHIFqyFE56dXqgX/DkDRZdz+rRcjoIk/RQU4IX0wiCv1l8S7ZrXDHcCc+uaf+6o7w3h2l3g6GYG5TKN9Q==, tarball: https://registry.npmjs.org/sigstore/-/sigstore-3.1.0.tgz} engines: {node: ^18.17.0 || >=20.5.0} simple-concat@1.0.1: @@ -4498,37 +4498,37 @@ snapshots: '@publint/pack@0.1.1': {} - '@sigstore/bundle@3.0.0': + '@sigstore/bundle@3.1.0': dependencies: - '@sigstore/protobuf-specs': 0.3.3 + '@sigstore/protobuf-specs': 0.4.0 '@sigstore/core@2.0.0': {} - '@sigstore/protobuf-specs@0.3.3': {} + '@sigstore/protobuf-specs@0.4.0': {} - '@sigstore/sign@3.0.0': + '@sigstore/sign@3.1.0': dependencies: - '@sigstore/bundle': 3.0.0 + '@sigstore/bundle': 3.1.0 '@sigstore/core': 2.0.0 - '@sigstore/protobuf-specs': 0.3.3 + '@sigstore/protobuf-specs': 0.4.0 make-fetch-happen: 14.0.3 proc-log: 5.0.0 promise-retry: 2.0.1 transitivePeerDependencies: - supports-color - '@sigstore/tuf@3.0.0': + '@sigstore/tuf@3.1.0': dependencies: - '@sigstore/protobuf-specs': 0.3.3 + '@sigstore/protobuf-specs': 0.4.0 tuf-js: 3.0.1 transitivePeerDependencies: - supports-color - '@sigstore/verify@2.0.0': + '@sigstore/verify@2.1.0': dependencies: - '@sigstore/bundle': 3.0.0 + '@sigstore/bundle': 3.1.0 '@sigstore/core': 2.0.0 - '@sigstore/protobuf-specs': 0.3.3 + '@sigstore/protobuf-specs': 0.4.0 '@sinclair/typebox@0.27.8': {} @@ -6858,14 +6858,14 @@ snapshots: signal-exit@4.1.0: {} - sigstore@3.0.0: + sigstore@3.1.0: dependencies: - '@sigstore/bundle': 3.0.0 + '@sigstore/bundle': 3.1.0 '@sigstore/core': 2.0.0 - '@sigstore/protobuf-specs': 0.3.3 - '@sigstore/sign': 3.0.0 - '@sigstore/tuf': 3.0.0 - '@sigstore/verify': 2.0.0 + '@sigstore/protobuf-specs': 0.4.0 + '@sigstore/sign': 3.1.0 + '@sigstore/tuf': 3.1.0 + '@sigstore/verify': 2.1.0 transitivePeerDependencies: - supports-color