From a580ed204c95b1ab56036fac841fc17a597c353e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jun 2026 03:28:13 +0000 Subject: [PATCH] build(deps): bump @sigstore/sign from 4.1.1 to 5.0.0 Bumps [@sigstore/sign](https://github.com/sigstore/sigstore-js) from 4.1.1 to 5.0.0. - [Release notes](https://github.com/sigstore/sigstore-js/releases) - [Commits](https://github.com/sigstore/sigstore-js/compare/@sigstore/sign@4.1.1...@sigstore/sign@5.0.0) --- updated-dependencies: - dependency-name: "@sigstore/sign" dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- package.json | 2 +- yarn.lock | 194 +++++++++++++++++++++++++++++++++++++++++++-------- 2 files changed, 166 insertions(+), 30 deletions(-) diff --git a/package.json b/package.json index bd70adbc..77694000 100644 --- a/package.json +++ b/package.json @@ -51,7 +51,7 @@ "@actions/io": "^3.0.2", "@actions/tool-cache": "^4.0.0", "@sigstore/bundle": "^4.0.0", - "@sigstore/sign": "^4.1.1", + "@sigstore/sign": "^5.0.0", "@sigstore/tuf": "^4.0.2", "@sigstore/verify": "^3.1.1", "async-retry": "^1.3.3", diff --git a/yarn.lock b/yarn.lock index fe40c424..a3e11fc2 100644 --- a/yarn.lock +++ b/yarn.lock @@ -469,7 +469,7 @@ __metadata: "@actions/tool-cache": "npm:^4.0.0" "@eslint/js": "npm:^9.39.3" "@sigstore/bundle": "npm:^4.0.0" - "@sigstore/sign": "npm:^4.1.1" + "@sigstore/sign": "npm:^5.0.0" "@sigstore/tuf": "npm:^4.0.2" "@sigstore/verify": "npm:^3.1.1" "@types/gunzip-maybe": "npm:^1.4.3" @@ -911,6 +911,19 @@ __metadata: languageName: node linkType: hard +"@npmcli/agent@npm:^5.0.0": + version: 5.0.1 + resolution: "@npmcli/agent@npm:5.0.1" + dependencies: + agent-base: "npm:^9.0.0" + http-proxy-agent: "npm:^9.0.0" + https-proxy-agent: "npm:^9.0.0" + lru-cache: "npm:^11.2.1" + socks-proxy-agent: "npm:^10.0.0" + checksum: 10/d969cfaa624115a3b5d14728077ec29bb63daee09fe8994078ada7606db1d70b5bc265cc54dd2659a0fcf99ac0dc09e2d4e7f94a9d93f909a5b234d85769404c + languageName: node + linkType: hard + "@npmcli/fs@npm:^2.1.0": version: 2.1.2 resolution: "@npmcli/fs@npm:2.1.2" @@ -930,6 +943,15 @@ __metadata: languageName: node linkType: hard +"@npmcli/fs@npm:^6.0.0": + version: 6.0.0 + resolution: "@npmcli/fs@npm:6.0.0" + dependencies: + semver: "npm:^7.3.5" + checksum: 10/caa9f71860a9fdca0e89e7882a1c4ec2537a7d24e8b20e7e67521ce8e0a6dd9d89b77e146cafd77b026f4969eeb18a8ba2292b85aadbe355ff4b8a44320e3635 + languageName: node + linkType: hard + "@npmcli/move-file@npm:^2.0.0": version: 2.0.1 resolution: "@npmcli/move-file@npm:2.0.1" @@ -940,10 +962,10 @@ __metadata: languageName: node linkType: hard -"@npmcli/redact@npm:^4.0.0": - version: 4.0.0 - resolution: "@npmcli/redact@npm:4.0.0" - checksum: 10/5d52df2b5267f4369c97a2b2f7c427e3d7aa4b6a83e7a1b522e196f6e9d50024c620bd0cb2052067c74d1aaa0c330d9bc04e1d335bfb46180e705bb33423e74c +"@npmcli/redact@npm:^5.0.0": + version: 5.0.0 + resolution: "@npmcli/redact@npm:5.0.0" + checksum: 10/e974158840c3744f945d723d9993a7ccff6643b86bf64a3ce6ecd43d06f106708c0f4560c69cc2ba444a67c220f54f9d51ba28754c0de06c83b1eedc902f71dd languageName: node linkType: hard @@ -1337,10 +1359,12 @@ __metadata: languageName: node linkType: hard -"@sigstore/core@npm:^3.2.0": - version: 3.2.0 - resolution: "@sigstore/core@npm:3.2.0" - checksum: 10/2425d20297d57a5f5a62f0e6c2f4280818015ea00b3defebdac63f13c7d01db988602c316c16e374ba091c3649dd9a22ae8c9ba3ac165f736b0503164c5da5f5 +"@sigstore/bundle@npm:^5.0.0": + version: 5.0.0 + resolution: "@sigstore/bundle@npm:5.0.0" + dependencies: + "@sigstore/protobuf-specs": "npm:^0.5.0" + checksum: 10/9d86dd7f8086832fff2a36ce84bd38a895fe951a8848963c1dddf1d0eb4d14394c94626fc53c4173f42be5ee8d7319b593ce3a77491e8b1497349c653decba90 languageName: node linkType: hard @@ -1351,6 +1375,13 @@ __metadata: languageName: node linkType: hard +"@sigstore/core@npm:^4.0.0": + version: 4.0.0 + resolution: "@sigstore/core@npm:4.0.0" + checksum: 10/506a64b2aa192170e4e41a426780303dfc481d289700382dc8d9bf24b13fb495b3aac130de1dac4cfbf61c50fb59eee7429d2e29e714cc21303fa47f84ec4a6a + languageName: node + linkType: hard + "@sigstore/protobuf-specs@npm:^0.5.0": version: 0.5.0 resolution: "@sigstore/protobuf-specs@npm:0.5.0" @@ -1358,17 +1389,17 @@ __metadata: languageName: node linkType: hard -"@sigstore/sign@npm:^4.1.1": - version: 4.1.1 - resolution: "@sigstore/sign@npm:4.1.1" +"@sigstore/sign@npm:^5.0.0": + version: 5.0.0 + resolution: "@sigstore/sign@npm:5.0.0" dependencies: "@gar/promise-retry": "npm:^1.0.2" - "@sigstore/bundle": "npm:^4.0.0" - "@sigstore/core": "npm:^3.2.0" + "@sigstore/bundle": "npm:^5.0.0" + "@sigstore/core": "npm:^4.0.0" "@sigstore/protobuf-specs": "npm:^0.5.0" - make-fetch-happen: "npm:^15.0.4" - proc-log: "npm:^6.1.0" - checksum: 10/c9424813ed83ae26111dd3a190dbfd776901cfc245ebb9aa68e133a7ffcbf8fc053f01d999a451e44805a291921ba4d2dfe80e3fd41b20cd5becd26aae5f5e7c + make-fetch-happen: "npm:^16.0.0" + proc-log: "npm:^7.0.0" + checksum: 10/1faa16c0b051fb5b8ef2d4430277946cb54bb0be1302dd6c959e0a816b29b368e969d569a7bd42173f1b059f6005df05bc34c972fbceef104ba0b99a885710b8 languageName: node linkType: hard @@ -1840,6 +1871,13 @@ __metadata: languageName: node linkType: hard +"agent-base@npm:9.0.0, agent-base@npm:^9.0.0": + version: 9.0.0 + resolution: "agent-base@npm:9.0.0" + checksum: 10/3a61414cd10dbb17fa8dae35124ffaa55fbb00f495004b2e7a8f4eca3a2b6ed9879474d4e2ebc27ee2f4207265652341525b4154e85c4d479be4854acd786bfb + languageName: node + linkType: hard + "agent-base@npm:^7.1.0, agent-base@npm:^7.1.2": version: 7.1.4 resolution: "agent-base@npm:7.1.4" @@ -2246,6 +2284,24 @@ __metadata: languageName: node linkType: hard +"cacache@npm:^21.0.0": + version: 21.0.0 + resolution: "cacache@npm:21.0.0" + dependencies: + "@npmcli/fs": "npm:^6.0.0" + fs-minipass: "npm:^3.0.0" + glob: "npm:^13.0.0" + lru-cache: "npm:^11.1.0" + minipass: "npm:^7.0.3" + minipass-collect: "npm:^2.0.1" + minipass-flush: "npm:^1.0.5" + minipass-pipeline: "npm:^1.2.4" + p-map: "npm:^7.0.2" + ssri: "npm:^14.0.0" + checksum: 10/7ae606e7d1334b9e0757f6cfc5116a5764cfd4e711f888edbf8d00f05f7ed81894731f2a289d5f6621a0ca935dadbea056085b21f64676caf659fe048045793b + languageName: node + linkType: hard + "callsites@npm:^3.0.0": version: 3.1.0 resolution: "callsites@npm:3.1.0" @@ -3060,7 +3116,7 @@ __metadata: languageName: node linkType: hard -"glob@npm:^13.0.3": +"glob@npm:^13.0.0, glob@npm:^13.0.3": version: 13.0.6 resolution: "glob@npm:13.0.6" dependencies: @@ -3225,6 +3281,16 @@ __metadata: languageName: node linkType: hard +"http-proxy-agent@npm:^9.0.0": + version: 9.0.0 + resolution: "http-proxy-agent@npm:9.0.0" + dependencies: + agent-base: "npm:9.0.0" + debug: "npm:^4.3.4" + checksum: 10/8cf23a49ab274b2a5199011e5a96268d75dd6e4031cf72b723182c41b47d876c507c2fa125451743b87cd9f826cf60f5260dcc5e7db58f9dcc38823c9c07e625 + languageName: node + linkType: hard + "https-proxy-agent@npm:^5.0.0": version: 5.0.0 resolution: "https-proxy-agent@npm:5.0.0" @@ -3245,6 +3311,16 @@ __metadata: languageName: node linkType: hard +"https-proxy-agent@npm:^9.0.0": + version: 9.0.0 + resolution: "https-proxy-agent@npm:9.0.0" + dependencies: + agent-base: "npm:9.0.0" + debug: "npm:^4.3.4" + checksum: 10/27457d671278c8c1074cc901fe305b70d1e340127433219124c4aefc44153a179a8921e4b16d67beb2868a3a39b6b7ec84d91d8f24f2ec1d39cf4ac385351a92 + languageName: node + linkType: hard + "humanize-ms@npm:^1.2.1": version: 1.2.1 resolution: "humanize-ms@npm:1.2.1" @@ -3263,6 +3339,15 @@ __metadata: languageName: node linkType: hard +"iconv-lite@npm:^0.7.2": + version: 0.7.2 + resolution: "iconv-lite@npm:0.7.2" + dependencies: + safer-buffer: "npm:>= 2.1.2 < 3.0.0" + checksum: 10/24c937b532f868e938386b62410b303b7c767ce3d08dc2829cbe59464d5a26ef86ae5ad1af6b34eec43ddfea39e7d101638644b0178d67262fa87015d59f983a + languageName: node + linkType: hard + "ieee754@npm:^1.2.1": version: 1.2.1 resolution: "ieee754@npm:1.2.1" @@ -3694,23 +3779,23 @@ __metadata: languageName: node linkType: hard -"make-fetch-happen@npm:^15.0.4": - version: 15.0.5 - resolution: "make-fetch-happen@npm:15.0.5" +"make-fetch-happen@npm:^16.0.0": + version: 16.0.1 + resolution: "make-fetch-happen@npm:16.0.1" dependencies: "@gar/promise-retry": "npm:^1.0.0" - "@npmcli/agent": "npm:^4.0.0" - "@npmcli/redact": "npm:^4.0.0" - cacache: "npm:^20.0.1" + "@npmcli/agent": "npm:^5.0.0" + "@npmcli/redact": "npm:^5.0.0" + cacache: "npm:^21.0.0" http-cache-semantics: "npm:^4.1.1" minipass: "npm:^7.0.2" - minipass-fetch: "npm:^5.0.0" + minipass-fetch: "npm:^6.0.0" minipass-flush: "npm:^1.0.5" minipass-pipeline: "npm:^1.2.4" negotiator: "npm:^1.0.0" - proc-log: "npm:^6.0.0" - ssri: "npm:^13.0.0" - checksum: 10/d2649effb06c00cb2b266057cb1c8c1e99cfc8d1378e7d9c26cc8f00be41bc63d59b77a5576ed28f8105acc57fb16220b64217f8d3a6a066a594c004aa163afa + proc-log: "npm:^7.0.0" + ssri: "npm:^14.0.0" + checksum: 10/38d7d5e4453f4cf4cbeec520c1d61a70aff15de9ee2b05775fbba6ce6378b58680a4d8e70cc6a7ebb048f98a6c6d4439cab5942a610d6a5ca3c26d0e9b174986 languageName: node linkType: hard @@ -3830,6 +3915,21 @@ __metadata: languageName: node linkType: hard +"minipass-fetch@npm:^6.0.0": + version: 6.0.0 + resolution: "minipass-fetch@npm:6.0.0" + dependencies: + iconv-lite: "npm:^0.7.2" + minipass: "npm:^7.0.3" + minipass-sized: "npm:^2.0.0" + minizlib: "npm:^3.0.1" + dependenciesMeta: + iconv-lite: + optional: true + checksum: 10/f5aaf55a59efb7f0735f292fb5351483390791d048c5afbd5520bb9743fd18a89a1cd00ec1e7d5efda904b30252348959b3854885176fd14a8de186ffd5c7e09 + languageName: node + linkType: hard + "minipass-flush@npm:^1.0.5": version: 1.0.5 resolution: "minipass-flush@npm:1.0.5" @@ -3857,6 +3957,15 @@ __metadata: languageName: node linkType: hard +"minipass-sized@npm:^2.0.0": + version: 2.0.0 + resolution: "minipass-sized@npm:2.0.0" + dependencies: + minipass: "npm:^7.1.2" + checksum: 10/3b89adf64ca705662f77481e278eff5ec0a57aeffb5feba7cc8843722b1e7770efc880f2a17d1d4877b2d7bf227873cd46afb4da44c0fd18088b601ea50f96bb + languageName: node + linkType: hard + "minipass@npm:^3.0.0, minipass@npm:^3.1.1, minipass@npm:^3.1.6": version: 3.3.6 resolution: "minipass@npm:3.3.6" @@ -4254,13 +4363,20 @@ __metadata: languageName: node linkType: hard -"proc-log@npm:^6.0.0, proc-log@npm:^6.1.0": +"proc-log@npm:^6.0.0": version: 6.1.0 resolution: "proc-log@npm:6.1.0" checksum: 10/9033f30f168ed5a0991b773d0c50ff88384c4738e9a0a67d341de36bf7293771eed648ab6a0562f62276da12fde91f3bbfc75ffff6e71ad49aafd74fc646be66 languageName: node linkType: hard +"proc-log@npm:^7.0.0": + version: 7.0.0 + resolution: "proc-log@npm:7.0.0" + checksum: 10/97cd9f4a8a0d84e42ee91e106e5ba5edcb954521e8dbe26ee6ad31396e5c12cc2be5e5b6be7b53fa5a69959afbacd32719106e2d6f45802e34b31d9a3a01ec20 + languageName: node + linkType: hard + "process-nextick-args@npm:~2.0.0": version: 2.0.1 resolution: "process-nextick-args@npm:2.0.1" @@ -4628,6 +4744,17 @@ __metadata: languageName: node linkType: hard +"socks-proxy-agent@npm:^10.0.0": + version: 10.0.0 + resolution: "socks-proxy-agent@npm:10.0.0" + dependencies: + agent-base: "npm:9.0.0" + debug: "npm:^4.3.4" + socks: "npm:^2.8.3" + checksum: 10/24bc7a7e22b867c6804e7e4b3f49a28db6dd8fc68d3f5c968a9a0694adba638480b541d514226b77607ac90cf2fffced46517226c8b1965e61c47bb6a46d19d0 + languageName: node + linkType: hard + "socks-proxy-agent@npm:^7.0.0": version: 7.0.0 resolution: "socks-proxy-agent@npm:7.0.0" @@ -4702,6 +4829,15 @@ __metadata: languageName: node linkType: hard +"ssri@npm:^14.0.0": + version: 14.0.0 + resolution: "ssri@npm:14.0.0" + dependencies: + minipass: "npm:^7.0.3" + checksum: 10/a1dfa938f05c6e6d3638b2e78f21cf67da96ad8f6963cd5cbc1adc9a52929a9bb82d4cd0bf2ba9d2205cfee27f66a271e0fd2f36b2fa072a66ab722eadaacc14 + languageName: node + linkType: hard + "ssri@npm:^9.0.0": version: 9.0.1 resolution: "ssri@npm:9.0.1"