From 317ef495559e56e3f5c7451f450fba5b0b1568b5 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 21 Aug 2024 17:21:47 +0000 Subject: [PATCH] fix: upgrade @sigstore/bundle from 2.3.0 to 2.3.2 Snyk has created this PR to upgrade @sigstore/bundle from 2.3.0 to 2.3.2. See this package in npm: @sigstore/bundle See this project in Snyk: https://app.snyk.io/org/rizwan-r-r/project/6b85c047-1269-4f3f-998b-1c4291bb8f1a?utm_source=github&utm_medium=referral&page=upgrade-pr --- packages/attest/package-lock.json | 32 ++++++++++++++++--------------- packages/attest/package.json | 2 +- 2 files changed, 18 insertions(+), 16 deletions(-) diff --git a/packages/attest/package-lock.json b/packages/attest/package-lock.json index 4c6b14551f..d239fe40be 100644 --- a/packages/attest/package-lock.json +++ b/packages/attest/package-lock.json @@ -13,7 +13,7 @@ "@actions/github": "^6.0.0", "@actions/http-client": "^2.2.1", "@octokit/plugin-retry": "^7.1.1", - "@sigstore/bundle": "^2.3.0", + "@sigstore/bundle": "^2.3.2", "@sigstore/sign": "^2.3.0", "jsonwebtoken": "^9.0.2", "jwks-rsa": "^3.1.0" @@ -517,11 +517,12 @@ } }, "node_modules/@sigstore/bundle": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/@sigstore/bundle/-/bundle-2.3.0.tgz", - "integrity": "sha512-MU3XYHkOvKEFnuUtcAtVh0s4RTemRyi1NN87+v9fAL0qR9JZuK/nF27YJ79wjPvvi1W9sz3qc7cTgshH5tji6Q==", + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/@sigstore/bundle/-/bundle-2.3.2.tgz", + "integrity": "sha512-wueKWDk70QixNLB363yHc2D2ItTgYiMTdPwK8D9dKQMR3ZQ0c35IxP5xnwQ8cNLoCgCRcHf14kE+CLIvNX1zmA==", + "license": "Apache-2.0", "dependencies": { - "@sigstore/protobuf-specs": "^0.3.1" + "@sigstore/protobuf-specs": "^0.3.2" }, "engines": { "node": "^16.14.0 || >=18.0.0" @@ -557,9 +558,10 @@ } }, "node_modules/@sigstore/protobuf-specs": { - "version": "0.3.1", - "resolved": "https://registry.npmjs.org/@sigstore/protobuf-specs/-/protobuf-specs-0.3.1.tgz", - "integrity": "sha512-aIL8Z9NsMr3C64jyQzE0XlkEyBLpgEJJFDHLVVStkFV5Q3Il/r/YtY6NJWKQ4cy4AE7spP1IX5Jq7VCAxHHMfQ==", + "version": "0.3.2", + "resolved": "https://registry.npmjs.org/@sigstore/protobuf-specs/-/protobuf-specs-0.3.2.tgz", + "integrity": "sha512-c6B0ehIWxMI8wiS/bj6rHMPqeFvngFV7cDU/MY+B16P9Z3Mp9k8L93eYZ7BYzSickzuqAQqAq0V956b3Ju6mLw==", + "license": "Apache-2.0", "engines": { "node": "^16.14.0 || >=18.0.0" } @@ -2448,11 +2450,11 @@ "optional": true }, "@sigstore/bundle": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/@sigstore/bundle/-/bundle-2.3.0.tgz", - "integrity": "sha512-MU3XYHkOvKEFnuUtcAtVh0s4RTemRyi1NN87+v9fAL0qR9JZuK/nF27YJ79wjPvvi1W9sz3qc7cTgshH5tji6Q==", + "version": "2.3.2", + "resolved": "https://registry.npmjs.org/@sigstore/bundle/-/bundle-2.3.2.tgz", + "integrity": "sha512-wueKWDk70QixNLB363yHc2D2ItTgYiMTdPwK8D9dKQMR3ZQ0c35IxP5xnwQ8cNLoCgCRcHf14kE+CLIvNX1zmA==", "requires": { - "@sigstore/protobuf-specs": "^0.3.1" + "@sigstore/protobuf-specs": "^0.3.2" } }, "@sigstore/core": { @@ -2479,9 +2481,9 @@ } }, "@sigstore/protobuf-specs": { - "version": "0.3.1", - "resolved": "https://registry.npmjs.org/@sigstore/protobuf-specs/-/protobuf-specs-0.3.1.tgz", - "integrity": "sha512-aIL8Z9NsMr3C64jyQzE0XlkEyBLpgEJJFDHLVVStkFV5Q3Il/r/YtY6NJWKQ4cy4AE7spP1IX5Jq7VCAxHHMfQ==" + "version": "0.3.2", + "resolved": "https://registry.npmjs.org/@sigstore/protobuf-specs/-/protobuf-specs-0.3.2.tgz", + "integrity": "sha512-c6B0ehIWxMI8wiS/bj6rHMPqeFvngFV7cDU/MY+B16P9Z3Mp9k8L93eYZ7BYzSickzuqAQqAq0V956b3Ju6mLw==" }, "@sigstore/rekor-types": { "version": "2.0.0", diff --git a/packages/attest/package.json b/packages/attest/package.json index 4a675943b5..6eb7b46176 100644 --- a/packages/attest/package.json +++ b/packages/attest/package.json @@ -47,7 +47,7 @@ "@actions/github": "^6.0.0", "@actions/http-client": "^2.2.1", "@octokit/plugin-retry": "^7.1.1", - "@sigstore/bundle": "^2.3.0", + "@sigstore/bundle": "^2.3.2", "@sigstore/sign": "^2.3.0", "jsonwebtoken": "^9.0.2", "jwks-rsa": "^3.1.0"