From 431537d19b14c364daf4477213394e13da118caa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 2 Jul 2026 16:26:57 +0000 Subject: [PATCH] Bump sigstore from 4.1.0 to 4.1.1 Bumps [sigstore](https://github.com/sigstore/sigstore-js) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/sigstore/sigstore-js/releases) - [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@4.1.0...sigstore@4.1.1) --- updated-dependencies: - dependency-name: sigstore dependency-version: 4.1.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- yarn.lock | 77 +++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 52 insertions(+), 25 deletions(-) diff --git a/yarn.lock b/yarn.lock index da027d56e6a..eec1601be97 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2565,6 +2565,13 @@ __metadata: languageName: node linkType: hard +"@gar/promise-retry@npm:^1.0.2": + version: 1.0.3 + resolution: "@gar/promise-retry@npm:1.0.3" + checksum: 885b02c8b0d75b2d215da25f3b639158c4fbe8fefe0d79163304534b9a6d0710db4b7699f7cd3cc1a730792bff04cbe19f4850a62d3e105a663eaeec88f38332 + languageName: node + linkType: hard + "@graphql-tools/merge@npm:^9.0.3": version: 9.0.3 resolution: "@graphql-tools/merge@npm:9.0.3" @@ -5474,7 +5481,7 @@ __metadata: languageName: node linkType: hard -"@sigstore/core@npm:^3.1.0": +"@sigstore/core@npm:^3.2.0, @sigstore/core@npm:^3.2.1": version: 3.2.1 resolution: "@sigstore/core@npm:3.2.1" checksum: b7f7dadf07234b6fa110dfeedd8453c6d81fa0fc77731c097dc72b3fb9e0e8750e7b3fa82c33f4b9d8bdda1be634eda18231f5dad1679bdf31f204f855926f61 @@ -5488,38 +5495,38 @@ __metadata: languageName: node linkType: hard -"@sigstore/sign@npm:^4.1.0": - version: 4.1.0 - resolution: "@sigstore/sign@npm:4.1.0" +"@sigstore/sign@npm:^4.1.1": + version: 4.1.1 + resolution: "@sigstore/sign@npm:4.1.1" dependencies: + "@gar/promise-retry": "npm:^1.0.2" "@sigstore/bundle": "npm:^4.0.0" - "@sigstore/core": "npm:^3.1.0" + "@sigstore/core": "npm:^3.2.0" "@sigstore/protobuf-specs": "npm:^0.5.0" - make-fetch-happen: "npm:^15.0.3" + make-fetch-happen: "npm:^15.0.4" proc-log: "npm:^6.1.0" - promise-retry: "npm:^2.0.1" - checksum: 9983972e3dacb8431aa84ab89eb676447baeb5c1b8df3c3a43113168569c333d910e262a7e19d49dbf7a421cf0b0f4695834d5ba9ec467cf9f955d44d3fd5053 + checksum: 88a6e5d2ce49477a52574d5dd5f4531cbb3472435fad29730969b77988efb23bdd5ce031a74f738da5b24c950f99030704b75b8cc65d5179b56ce9ede9711784 languageName: node linkType: hard -"@sigstore/tuf@npm:^4.0.1": - version: 4.0.1 - resolution: "@sigstore/tuf@npm:4.0.1" +"@sigstore/tuf@npm:^4.0.2": + version: 4.0.2 + resolution: "@sigstore/tuf@npm:4.0.2" dependencies: "@sigstore/protobuf-specs": "npm:^0.5.0" tuf-js: "npm:^4.1.0" - checksum: ed2a33e1e90ca2e036c57f115eca48e3297b0c30329d6b8007974f4d4e8b09d9ea93bb0b92f4d83d9c8f939efd6f3284f8ef3dd8b6edca7c5c61a05f93e85974 + checksum: eb7ba5b9d4859948bfd5552a1c6d93f0d05b9482bf21dede53779ea429f833dcd13c3a52524596c556729d75d85326ce0a7d0857d3d23ef99784b0e94e948818 languageName: node linkType: hard -"@sigstore/verify@npm:^3.1.0": - version: 3.1.0 - resolution: "@sigstore/verify@npm:3.1.0" +"@sigstore/verify@npm:^3.1.1": + version: 3.1.1 + resolution: "@sigstore/verify@npm:3.1.1" dependencies: "@sigstore/bundle": "npm:^4.0.0" - "@sigstore/core": "npm:^3.1.0" + "@sigstore/core": "npm:^3.2.1" "@sigstore/protobuf-specs": "npm:^0.5.0" - checksum: 09745156daa109556750b0a57b076d6d813628f207d2db9425495a443a9b5e4bf378eb6904a0e3d6cd7f2c1382e80f136f29f3aed87eede2747d4f244aeb2075 + checksum: 3b8c0b224b23a0e215e90a60a03193b77f333d9fd6838671aec2aef1bc9e8d42b9cb5cf246d5fb31135705bef0384e919364c5ba7f749e2cb4c10c93ae856a5c languageName: node linkType: hard @@ -17018,7 +17025,7 @@ __metadata: languageName: node linkType: hard -"make-fetch-happen@npm:^15.0.0, make-fetch-happen@npm:^15.0.1, make-fetch-happen@npm:^15.0.3": +"make-fetch-happen@npm:^15.0.0, make-fetch-happen@npm:^15.0.1": version: 15.0.4 resolution: "make-fetch-happen@npm:15.0.4" dependencies: @@ -17037,6 +17044,26 @@ __metadata: languageName: node linkType: hard +"make-fetch-happen@npm:^15.0.4": + version: 15.0.6 + resolution: "make-fetch-happen@npm:15.0.6" + dependencies: + "@gar/promise-retry": "npm:^1.0.0" + "@npmcli/agent": "npm:^4.0.0" + "@npmcli/redact": "npm:^4.0.0" + cacache: "npm:^20.0.1" + http-cache-semantics: "npm:^4.1.1" + minipass: "npm:^7.0.2" + minipass-fetch: "npm:^5.0.0" + minipass-flush: "npm:^1.0.5" + minipass-pipeline: "npm:^1.2.4" + negotiator: "npm:^1.0.0" + proc-log: "npm:^6.0.0" + ssri: "npm:^13.0.0" + checksum: 2c5805dee83efd1cd1d3f57505120ae98f4a328be72d82447e24b8f72b8e5475910d7dbc49d7da1c5bd96a62bf8ef6ffda88ebadfdfbec7c715cfde2459c9295 + languageName: node + linkType: hard + "makeerror@npm:1.0.12": version: 1.0.12 resolution: "makeerror@npm:1.0.12" @@ -22708,16 +22735,16 @@ __metadata: linkType: hard "sigstore@npm:^4.0.0": - version: 4.1.0 - resolution: "sigstore@npm:4.1.0" + version: 4.1.1 + resolution: "sigstore@npm:4.1.1" dependencies: "@sigstore/bundle": "npm:^4.0.0" - "@sigstore/core": "npm:^3.1.0" + "@sigstore/core": "npm:^3.2.1" "@sigstore/protobuf-specs": "npm:^0.5.0" - "@sigstore/sign": "npm:^4.1.0" - "@sigstore/tuf": "npm:^4.0.1" - "@sigstore/verify": "npm:^3.1.0" - checksum: 6a62601b75c5b0336c15b62d41be6d07e750a2ebd93a49856401cff201aaab4af8304f3edeaffb4777409385c828c11c09b94b721be5932c1335de2292cceadd + "@sigstore/sign": "npm:^4.1.1" + "@sigstore/tuf": "npm:^4.0.2" + "@sigstore/verify": "npm:^3.1.1" + checksum: 8ebe0c2a7cb3cf9ed9fb775636ab2ae364cbdea9360ea256ab003d83b83dd5eeda8dd899cffcd3853fe711425c481fab2a74246772d75e3ecb9a9483f6700289 languageName: node linkType: hard