From e3d8aced52628c0e2473cf1e8982f7a7fb954a2d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 2 Jul 2026 13:23:27 +0000 Subject: [PATCH] build(deps): bump the npm_and_yarn group across 1 directory with 2 updates Bumps the npm_and_yarn group with 2 updates in the / directory: [@sigstore/verify](https://github.com/sigstore/sigstore-js) and [sigstore](https://github.com/sigstore/sigstore-js). Updates `@sigstore/verify` from 3.1.0 to 3.1.1 - [Release notes](https://github.com/sigstore/sigstore-js/releases) - [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@3.1.0...@sigstore/verify@3.1.1) Updates `sigstore` from 4.1.0 to 4.1.1 - [Release notes](https://github.com/sigstore/sigstore-js/releases) - [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@4.1.0...sigstore@4.1.1) --- updated-dependencies: - dependency-name: "@sigstore/verify" dependency-version: 3.1.1 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: sigstore dependency-version: 4.1.1 dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] --- yarn.lock | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/yarn.lock b/yarn.lock index 71c46ac50..66210dbad 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1561,7 +1561,7 @@ dependencies: "@sigstore/protobuf-specs" "^0.5.0" -"@sigstore/core@^3.1.0", "@sigstore/core@^3.2.0": +"@sigstore/core@^3.2.0", "@sigstore/core@^3.2.1": version "3.2.1" resolved "https://registry.yarnpkg.com/@sigstore/core/-/core-3.2.1.tgz#4efd4ab0f59e768b6daf65612024ba925787de72" integrity sha512-qRsxPnCrbC/puegGxKuynfnxgLiHqWStrSjxkoB4YKqq3Z3s4cyZyj42ZdWFAEblNP65C+rBH8EuREHIXoi83g== @@ -1571,9 +1571,9 @@ resolved "https://registry.npmjs.org/@sigstore/protobuf-specs/-/protobuf-specs-0.5.0.tgz" integrity sha512-MM8XIwUjN2bwvCg1QvrMtbBmpcSHrkhFSCu1D11NyPvDQ25HEc4oG5/OcQfd/Tlf/OxmKWERDj0zGE23jQaMwA== -"@sigstore/sign@^4.1.0": +"@sigstore/sign@^4.1.1": version "4.1.1" - resolved "https://registry.npmjs.org/@sigstore/sign/-/sign-4.1.1.tgz" + resolved "https://registry.yarnpkg.com/@sigstore/sign/-/sign-4.1.1.tgz#34765fe4a190d693340c0771a3d150a397bcfc55" integrity sha512-Hf4xglukg0XXQ2RiD5vSoLjdPe8OBUPA8XeVjUObheuDcWdYWrnH/BNmxZCzkAy68MzmNCxXLeurJvs6hcP2OQ== dependencies: "@gar/promise-retry" "^1.0.2" @@ -1583,21 +1583,21 @@ make-fetch-happen "^15.0.4" proc-log "^6.1.0" -"@sigstore/tuf@^4.0.1": +"@sigstore/tuf@^4.0.2": version "4.0.2" - resolved "https://registry.npmjs.org/@sigstore/tuf/-/tuf-4.0.2.tgz" + resolved "https://registry.yarnpkg.com/@sigstore/tuf/-/tuf-4.0.2.tgz#7d2fa2abcd5afa5baf752671d14a1c6ed0ed3196" integrity sha512-TCAzTy0xzdP79EnxSjq9KQ3eaR7+FmudLC6eRKknVKZbV7ZNlGLClAAQb/HMNJ5n2OBNk2GT1tEmU0xuPr+SLQ== dependencies: "@sigstore/protobuf-specs" "^0.5.0" tuf-js "^4.1.0" -"@sigstore/verify@^3.1.0": - version "3.1.0" - resolved "https://registry.npmjs.org/@sigstore/verify/-/verify-3.1.0.tgz" - integrity sha512-mNe0Iigql08YupSOGv197YdHpPPr+EzDZmfCgMc7RPNaZTw5aLN01nBl6CHJOh3BGtnMIj83EeN4butBchc8Ag== +"@sigstore/verify@^3.1.1": + version "3.1.1" + resolved "https://registry.yarnpkg.com/@sigstore/verify/-/verify-3.1.1.tgz#13c1c1cff28fe81f662de29d85ba5ae048fcbd8d" + integrity sha512-qv7+G3J2cc6wwFj3yKvXOamzqhMwSk1ogPGmhpS8iXllcPrJaIIBA+4HbttlHVu1pqWTdmaCH/WE7UOC51kdoA== dependencies: "@sigstore/bundle" "^4.0.0" - "@sigstore/core" "^3.1.0" + "@sigstore/core" "^3.2.1" "@sigstore/protobuf-specs" "^0.5.0" "@sinclair/typebox@^0.34.0": @@ -7753,16 +7753,16 @@ signal-exit@^4.0.1, signal-exit@^4.1.0: integrity sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw== sigstore@^4.0.0: - version "4.1.0" - resolved "https://registry.npmjs.org/sigstore/-/sigstore-4.1.0.tgz" - integrity sha512-/fUgUhYghuLzVT/gaJoeVehLCgZiUxPCPMcyVNY0lIf/cTCz58K/WTI7PefDarXxp9nUKpEwg1yyz3eSBMTtgA== + version "4.1.1" + resolved "https://registry.yarnpkg.com/sigstore/-/sigstore-4.1.1.tgz#2959993dbf978c759a5d23d854cbd3729b6dcd97" + integrity sha512-endqECJkfhozrXMK5ngu/UAA0xVcVEFdnHJCElGaExypjW+HK5i6zu3NteLoaX/iFbRUbC3+DjttQs0GARr+5w== dependencies: "@sigstore/bundle" "^4.0.0" - "@sigstore/core" "^3.1.0" + "@sigstore/core" "^3.2.1" "@sigstore/protobuf-specs" "^0.5.0" - "@sigstore/sign" "^4.1.0" - "@sigstore/tuf" "^4.0.1" - "@sigstore/verify" "^3.1.0" + "@sigstore/sign" "^4.1.1" + "@sigstore/tuf" "^4.0.2" + "@sigstore/verify" "^3.1.1" simple-concat@^1.0.0: version "1.0.1"