From 32e7596143d1b604fb1e25454aebec192941621d Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Thu, 9 May 2024 15:28:44 -0700 Subject: [PATCH 1/5] deps: semver@7.6.2 --- node_modules/semver/internal/lrucache.js | 7 +------ node_modules/semver/package.json | 2 +- package-lock.json | 8 ++++---- package.json | 2 +- 4 files changed, 7 insertions(+), 12 deletions(-) diff --git a/node_modules/semver/internal/lrucache.js b/node_modules/semver/internal/lrucache.js index f4a97f2e2cd97..6d89ec948d0f1 100644 --- a/node_modules/semver/internal/lrucache.js +++ b/node_modules/semver/internal/lrucache.js @@ -17,12 +17,7 @@ class LRUCache { } delete (key) { - if (this.map.has(key)) { - this.map.delete(key) - return true - } else { - return false - } + return this.map.delete(key) } set (key, value) { diff --git a/node_modules/semver/package.json b/node_modules/semver/package.json index ccf86cd0a716e..cb8def45184df 100644 --- a/node_modules/semver/package.json +++ b/node_modules/semver/package.json @@ -1,6 +1,6 @@ { "name": "semver", - "version": "7.6.1", + "version": "7.6.2", "description": "The semantic version parser used by npm.", "main": "index.js", "scripts": { diff --git a/package-lock.json b/package-lock.json index 167ab03135815..9deaebc0b9eeb 100644 --- a/package-lock.json +++ b/package-lock.json @@ -143,7 +143,7 @@ "proc-log": "^4.2.0", "qrcode-terminal": "^0.12.0", "read": "^3.0.1", - "semver": "^7.6.1", + "semver": "^7.6.2", "spdx-expression-parse": "^4.0.0", "ssri": "^10.0.6", "supports-color": "^9.4.0", @@ -10694,9 +10694,9 @@ } }, "node_modules/semver": { - "version": "7.6.1", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.1.tgz", - "integrity": "sha512-f/vbBsu+fOiYt+lmwZV0rVwJScl46HppnOA1ZvIuBWKOTlllpyJ3bfVax76/OrhCH38dyxoDIA8K7uB963IYgA==", + "version": "7.6.2", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.6.2.tgz", + "integrity": "sha512-FNAIBWCx9qcRhoHcgcJ0gvU7SN1lYU2ZXuSfl04bSC5OpvDHFyJCjdNHomPXxjQlCBU67YW64PzY7/VIEH7F2w==", "inBundle": true, "bin": { "semver": "bin/semver.js" diff --git a/package.json b/package.json index 89326a49cea44..0a7d3c80339c3 100644 --- a/package.json +++ b/package.json @@ -108,7 +108,7 @@ "proc-log": "^4.2.0", "qrcode-terminal": "^0.12.0", "read": "^3.0.1", - "semver": "^7.6.1", + "semver": "^7.6.2", "spdx-expression-parse": "^4.0.0", "ssri": "^10.0.6", "supports-color": "^9.4.0", From f6dc65ba846abbe7c1df71d19cfc84bcf45c14fb Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Thu, 9 May 2024 15:29:44 -0700 Subject: [PATCH 2/5] deps: @npmcli/fs@3.1.1 --- node_modules/@npmcli/fs/package.json | 10 +++++----- package-lock.json | 10 +++++----- package.json | 2 +- workspaces/arborist/package.json | 2 +- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/node_modules/@npmcli/fs/package.json b/node_modules/@npmcli/fs/package.json index 28eb613388418..5261a11b78000 100644 --- a/node_modules/@npmcli/fs/package.json +++ b/node_modules/@npmcli/fs/package.json @@ -1,6 +1,6 @@ { "name": "@npmcli/fs", - "version": "3.1.0", + "version": "3.1.1", "description": "filesystem utilities for the npm cli", "main": "lib/index.js", "files": [ @@ -11,7 +11,7 @@ "snap": "tap", "test": "tap", "npmclilint": "npmcli-lint", - "lint": "eslint \"**/*.js\"", + "lint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"", "lintfix": "npm run lint -- --fix", "posttest": "npm run lint", "postsnap": "npm run lintfix --", @@ -20,7 +20,7 @@ }, "repository": { "type": "git", - "url": "https://github.com/npm/fs.git" + "url": "git+https://github.com/npm/fs.git" }, "keywords": [ "npm", @@ -30,7 +30,7 @@ "license": "ISC", "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.8.0", + "@npmcli/template-oss": "4.22.0", "tap": "^16.0.1" }, "dependencies": { @@ -41,7 +41,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.8.0" + "version": "4.22.0" }, "tap": { "nyc-arg": [ diff --git a/package-lock.json b/package-lock.json index 9deaebc0b9eeb..8403174f95398 100644 --- a/package-lock.json +++ b/package-lock.json @@ -89,7 +89,7 @@ "@isaacs/string-locale-compare": "^1.1.0", "@npmcli/arborist": "^7.2.1", "@npmcli/config": "^8.0.2", - "@npmcli/fs": "^3.1.0", + "@npmcli/fs": "^3.1.1", "@npmcli/map-workspaces": "^3.0.6", "@npmcli/package-json": "^5.1.0", "@npmcli/promise-spawn": "^7.0.2", @@ -1568,9 +1568,9 @@ } }, "node_modules/@npmcli/fs": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/@npmcli/fs/-/fs-3.1.0.tgz", - "integrity": "sha512-7kZUAaLscfgbwBQRbvdMYaZOWyMEcPTH/tJjnyAWJ/dvvs9Ef+CERx/qJb9GExJpl1qipaDGn7KqHnFGGixd0w==", + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/@npmcli/fs/-/fs-3.1.1.tgz", + "integrity": "sha512-q9CRWjpHCMIh5sVyefoD1cA7PkvILqCZsnSOEUUivORLjxCO/Irmue2DprETiNgEqktDBZaM1Bi+jrarx1XdCg==", "inBundle": true, "dependencies": { "semver": "^7.3.5" @@ -14769,7 +14769,7 @@ "license": "ISC", "dependencies": { "@isaacs/string-locale-compare": "^1.1.0", - "@npmcli/fs": "^3.1.0", + "@npmcli/fs": "^3.1.1", "@npmcli/installed-package-contents": "^2.1.0", "@npmcli/map-workspaces": "^3.0.2", "@npmcli/metavuln-calculator": "^7.1.1", diff --git a/package.json b/package.json index 0a7d3c80339c3..ab12a9a8c964e 100644 --- a/package.json +++ b/package.json @@ -54,7 +54,7 @@ "@isaacs/string-locale-compare": "^1.1.0", "@npmcli/arborist": "^7.2.1", "@npmcli/config": "^8.0.2", - "@npmcli/fs": "^3.1.0", + "@npmcli/fs": "^3.1.1", "@npmcli/map-workspaces": "^3.0.6", "@npmcli/package-json": "^5.1.0", "@npmcli/promise-spawn": "^7.0.2", diff --git a/workspaces/arborist/package.json b/workspaces/arborist/package.json index 1c20c44ff65b3..956c4499773a1 100644 --- a/workspaces/arborist/package.json +++ b/workspaces/arborist/package.json @@ -4,7 +4,7 @@ "description": "Manage node_modules trees", "dependencies": { "@isaacs/string-locale-compare": "^1.1.0", - "@npmcli/fs": "^3.1.0", + "@npmcli/fs": "^3.1.1", "@npmcli/installed-package-contents": "^2.1.0", "@npmcli/map-workspaces": "^3.0.2", "@npmcli/metavuln-calculator": "^7.1.1", From 76fcfada69c2f53e7e80b77ed33d4f8297d6904d Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Thu, 9 May 2024 15:31:06 -0700 Subject: [PATCH 3/5] deps: @sigstore/tuf@2.3.3 --- node_modules/.gitignore | 6 +++- node_modules/@sigstore/tuf/package.json | 6 ++-- .../node_modules}/@tufjs/models/LICENSE | 0 .../node_modules}/@tufjs/models/dist/base.js | 0 .../@tufjs/models/dist/delegations.js | 0 .../node_modules}/@tufjs/models/dist/error.js | 0 .../node_modules}/@tufjs/models/dist/file.js | 0 .../node_modules}/@tufjs/models/dist/index.js | 0 .../node_modules}/@tufjs/models/dist/key.js | 0 .../@tufjs/models/dist/metadata.js | 0 .../node_modules}/@tufjs/models/dist/role.js | 0 .../node_modules}/@tufjs/models/dist/root.js | 0 .../@tufjs/models/dist/signature.js | 0 .../@tufjs/models/dist/snapshot.js | 0 .../@tufjs/models/dist/targets.js | 0 .../@tufjs/models/dist/timestamp.js | 0 .../@tufjs/models/dist/utils/guard.js | 0 .../@tufjs/models/dist/utils/index.js | 0 .../@tufjs/models/dist/utils/key.js | 0 .../@tufjs/models/dist/utils/oid.js | 0 .../@tufjs/models/dist/utils/types.js | 0 .../@tufjs/models/dist/utils/verify.js | 0 .../node_modules}/@tufjs/models/package.json | 4 +-- node_modules/tuf-js/package.json | 8 ++--- package-lock.json | 35 +++++++++++++------ package.json | 2 +- 26 files changed, 39 insertions(+), 22 deletions(-) rename node_modules/{ => tuf-js/node_modules}/@tufjs/models/LICENSE (100%) rename node_modules/{ => tuf-js/node_modules}/@tufjs/models/dist/base.js (100%) rename node_modules/{ => tuf-js/node_modules}/@tufjs/models/dist/delegations.js (100%) rename node_modules/{ => tuf-js/node_modules}/@tufjs/models/dist/error.js (100%) rename node_modules/{ => tuf-js/node_modules}/@tufjs/models/dist/file.js (100%) rename node_modules/{ => tuf-js/node_modules}/@tufjs/models/dist/index.js (100%) rename node_modules/{ => tuf-js/node_modules}/@tufjs/models/dist/key.js (100%) rename node_modules/{ => tuf-js/node_modules}/@tufjs/models/dist/metadata.js (100%) rename node_modules/{ => tuf-js/node_modules}/@tufjs/models/dist/role.js (100%) rename node_modules/{ => tuf-js/node_modules}/@tufjs/models/dist/root.js (100%) rename node_modules/{ => tuf-js/node_modules}/@tufjs/models/dist/signature.js (100%) rename node_modules/{ => tuf-js/node_modules}/@tufjs/models/dist/snapshot.js (100%) rename node_modules/{ => tuf-js/node_modules}/@tufjs/models/dist/targets.js (100%) rename node_modules/{ => tuf-js/node_modules}/@tufjs/models/dist/timestamp.js (100%) rename node_modules/{ => tuf-js/node_modules}/@tufjs/models/dist/utils/guard.js (100%) rename node_modules/{ => tuf-js/node_modules}/@tufjs/models/dist/utils/index.js (100%) rename node_modules/{ => tuf-js/node_modules}/@tufjs/models/dist/utils/key.js (100%) rename node_modules/{ => tuf-js/node_modules}/@tufjs/models/dist/utils/oid.js (100%) rename node_modules/{ => tuf-js/node_modules}/@tufjs/models/dist/utils/types.js (100%) rename node_modules/{ => tuf-js/node_modules}/@tufjs/models/dist/utils/verify.js (100%) rename node_modules/{ => tuf-js/node_modules}/@tufjs/models/package.json (94%) diff --git a/node_modules/.gitignore b/node_modules/.gitignore index 643a7f949acc3..9331b2d567df2 100644 --- a/node_modules/.gitignore +++ b/node_modules/.gitignore @@ -42,7 +42,6 @@ !/@tufjs/ /@tufjs/* !/@tufjs/canonical-json -!/@tufjs/models !/abbrev !/agent-base !/aggregate-error @@ -211,6 +210,11 @@ !/tiny-relative-date !/treeverse !/tuf-js +!/tuf-js/node_modules/ +/tuf-js/node_modules/* +!/tuf-js/node_modules/@tufjs/ +/tuf-js/node_modules/@tufjs/* +!/tuf-js/node_modules/@tufjs/models !/unique-filename !/unique-slug !/util-deprecate diff --git a/node_modules/@sigstore/tuf/package.json b/node_modules/@sigstore/tuf/package.json index fc842df181470..d56d45cfc80a8 100644 --- a/node_modules/@sigstore/tuf/package.json +++ b/node_modules/@sigstore/tuf/package.json @@ -1,6 +1,6 @@ { "name": "@sigstore/tuf", - "version": "2.3.2", + "version": "2.3.3", "description": "Client for the Sigstore TUF repository", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -28,12 +28,12 @@ }, "devDependencies": { "@sigstore/jest": "^0.0.0", - "@tufjs/repo-mock": "^2.0.0", + "@tufjs/repo-mock": "^2.0.1", "@types/make-fetch-happen": "^10.0.4" }, "dependencies": { "@sigstore/protobuf-specs": "^0.3.0", - "tuf-js": "^2.2.0" + "tuf-js": "^2.2.1" }, "engines": { "node": "^16.14.0 || >=18.0.0" diff --git a/node_modules/@tufjs/models/LICENSE b/node_modules/tuf-js/node_modules/@tufjs/models/LICENSE similarity index 100% rename from node_modules/@tufjs/models/LICENSE rename to node_modules/tuf-js/node_modules/@tufjs/models/LICENSE diff --git a/node_modules/@tufjs/models/dist/base.js b/node_modules/tuf-js/node_modules/@tufjs/models/dist/base.js similarity index 100% rename from node_modules/@tufjs/models/dist/base.js rename to node_modules/tuf-js/node_modules/@tufjs/models/dist/base.js diff --git a/node_modules/@tufjs/models/dist/delegations.js b/node_modules/tuf-js/node_modules/@tufjs/models/dist/delegations.js similarity index 100% rename from node_modules/@tufjs/models/dist/delegations.js rename to node_modules/tuf-js/node_modules/@tufjs/models/dist/delegations.js diff --git a/node_modules/@tufjs/models/dist/error.js b/node_modules/tuf-js/node_modules/@tufjs/models/dist/error.js similarity index 100% rename from node_modules/@tufjs/models/dist/error.js rename to node_modules/tuf-js/node_modules/@tufjs/models/dist/error.js diff --git a/node_modules/@tufjs/models/dist/file.js b/node_modules/tuf-js/node_modules/@tufjs/models/dist/file.js similarity index 100% rename from node_modules/@tufjs/models/dist/file.js rename to node_modules/tuf-js/node_modules/@tufjs/models/dist/file.js diff --git a/node_modules/@tufjs/models/dist/index.js b/node_modules/tuf-js/node_modules/@tufjs/models/dist/index.js similarity index 100% rename from node_modules/@tufjs/models/dist/index.js rename to node_modules/tuf-js/node_modules/@tufjs/models/dist/index.js diff --git a/node_modules/@tufjs/models/dist/key.js b/node_modules/tuf-js/node_modules/@tufjs/models/dist/key.js similarity index 100% rename from node_modules/@tufjs/models/dist/key.js rename to node_modules/tuf-js/node_modules/@tufjs/models/dist/key.js diff --git a/node_modules/@tufjs/models/dist/metadata.js b/node_modules/tuf-js/node_modules/@tufjs/models/dist/metadata.js similarity index 100% rename from node_modules/@tufjs/models/dist/metadata.js rename to node_modules/tuf-js/node_modules/@tufjs/models/dist/metadata.js diff --git a/node_modules/@tufjs/models/dist/role.js b/node_modules/tuf-js/node_modules/@tufjs/models/dist/role.js similarity index 100% rename from node_modules/@tufjs/models/dist/role.js rename to node_modules/tuf-js/node_modules/@tufjs/models/dist/role.js diff --git a/node_modules/@tufjs/models/dist/root.js b/node_modules/tuf-js/node_modules/@tufjs/models/dist/root.js similarity index 100% rename from node_modules/@tufjs/models/dist/root.js rename to node_modules/tuf-js/node_modules/@tufjs/models/dist/root.js diff --git a/node_modules/@tufjs/models/dist/signature.js b/node_modules/tuf-js/node_modules/@tufjs/models/dist/signature.js similarity index 100% rename from node_modules/@tufjs/models/dist/signature.js rename to node_modules/tuf-js/node_modules/@tufjs/models/dist/signature.js diff --git a/node_modules/@tufjs/models/dist/snapshot.js b/node_modules/tuf-js/node_modules/@tufjs/models/dist/snapshot.js similarity index 100% rename from node_modules/@tufjs/models/dist/snapshot.js rename to node_modules/tuf-js/node_modules/@tufjs/models/dist/snapshot.js diff --git a/node_modules/@tufjs/models/dist/targets.js b/node_modules/tuf-js/node_modules/@tufjs/models/dist/targets.js similarity index 100% rename from node_modules/@tufjs/models/dist/targets.js rename to node_modules/tuf-js/node_modules/@tufjs/models/dist/targets.js diff --git a/node_modules/@tufjs/models/dist/timestamp.js b/node_modules/tuf-js/node_modules/@tufjs/models/dist/timestamp.js similarity index 100% rename from node_modules/@tufjs/models/dist/timestamp.js rename to node_modules/tuf-js/node_modules/@tufjs/models/dist/timestamp.js diff --git a/node_modules/@tufjs/models/dist/utils/guard.js b/node_modules/tuf-js/node_modules/@tufjs/models/dist/utils/guard.js similarity index 100% rename from node_modules/@tufjs/models/dist/utils/guard.js rename to node_modules/tuf-js/node_modules/@tufjs/models/dist/utils/guard.js diff --git a/node_modules/@tufjs/models/dist/utils/index.js b/node_modules/tuf-js/node_modules/@tufjs/models/dist/utils/index.js similarity index 100% rename from node_modules/@tufjs/models/dist/utils/index.js rename to node_modules/tuf-js/node_modules/@tufjs/models/dist/utils/index.js diff --git a/node_modules/@tufjs/models/dist/utils/key.js b/node_modules/tuf-js/node_modules/@tufjs/models/dist/utils/key.js similarity index 100% rename from node_modules/@tufjs/models/dist/utils/key.js rename to node_modules/tuf-js/node_modules/@tufjs/models/dist/utils/key.js diff --git a/node_modules/@tufjs/models/dist/utils/oid.js b/node_modules/tuf-js/node_modules/@tufjs/models/dist/utils/oid.js similarity index 100% rename from node_modules/@tufjs/models/dist/utils/oid.js rename to node_modules/tuf-js/node_modules/@tufjs/models/dist/utils/oid.js diff --git a/node_modules/@tufjs/models/dist/utils/types.js b/node_modules/tuf-js/node_modules/@tufjs/models/dist/utils/types.js similarity index 100% rename from node_modules/@tufjs/models/dist/utils/types.js rename to node_modules/tuf-js/node_modules/@tufjs/models/dist/utils/types.js diff --git a/node_modules/@tufjs/models/dist/utils/verify.js b/node_modules/tuf-js/node_modules/@tufjs/models/dist/utils/verify.js similarity index 100% rename from node_modules/@tufjs/models/dist/utils/verify.js rename to node_modules/tuf-js/node_modules/@tufjs/models/dist/utils/verify.js diff --git a/node_modules/@tufjs/models/package.json b/node_modules/tuf-js/node_modules/@tufjs/models/package.json similarity index 94% rename from node_modules/@tufjs/models/package.json rename to node_modules/tuf-js/node_modules/@tufjs/models/package.json index 60368242ab556..be581591a0f3a 100644 --- a/node_modules/@tufjs/models/package.json +++ b/node_modules/tuf-js/node_modules/@tufjs/models/package.json @@ -1,6 +1,6 @@ { "name": "@tufjs/models", - "version": "2.0.0", + "version": "2.0.1", "description": "TUF metadata models", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -29,7 +29,7 @@ "homepage": "https://github.com/theupdateframework/tuf-js/tree/main/packages/models#readme", "dependencies": { "@tufjs/canonical-json": "2.0.0", - "minimatch": "^9.0.3" + "minimatch": "^9.0.4" }, "engines": { "node": "^16.14.0 || >=18.0.0" diff --git a/node_modules/tuf-js/package.json b/node_modules/tuf-js/package.json index f6b2943f8195d..9280719230d9a 100644 --- a/node_modules/tuf-js/package.json +++ b/node_modules/tuf-js/package.json @@ -1,6 +1,6 @@ { "name": "tuf-js", - "version": "2.2.0", + "version": "2.2.1", "description": "JavaScript implementation of The Update Framework (TUF)", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -28,14 +28,14 @@ }, "homepage": "https://github.com/theupdateframework/tuf-js/tree/main/packages/client#readme", "devDependencies": { - "@tufjs/repo-mock": "2.0.0", + "@tufjs/repo-mock": "2.0.1", "@types/debug": "^4.1.12", "@types/make-fetch-happen": "^10.0.4" }, "dependencies": { - "@tufjs/models": "2.0.0", + "@tufjs/models": "2.0.1", "debug": "^4.3.4", - "make-fetch-happen": "^13.0.0" + "make-fetch-happen": "^13.0.1" }, "engines": { "node": "^16.14.0 || >=18.0.0" diff --git a/package-lock.json b/package-lock.json index 8403174f95398..72ee066fe864d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -95,7 +95,7 @@ "@npmcli/promise-spawn": "^7.0.2", "@npmcli/redact": "^2.0.0", "@npmcli/run-script": "^8.1.0", - "@sigstore/tuf": "^2.3.2", + "@sigstore/tuf": "^2.3.3", "abbrev": "^2.0.0", "archy": "~1.0.0", "cacache": "^18.0.3", @@ -2025,13 +2025,13 @@ } }, "node_modules/@sigstore/tuf": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/@sigstore/tuf/-/tuf-2.3.2.tgz", - "integrity": "sha512-mwbY1VrEGU4CO55t+Kl6I7WZzIl+ysSzEYdA1Nv/FTrl2bkeaPXo5PnWZAVfcY2zSdhOpsUTJW67/M2zHXGn5w==", + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/@sigstore/tuf/-/tuf-2.3.3.tgz", + "integrity": "sha512-agQhHNkIddXFslkudjV88vTXiAMEyUtso3at6ZHUNJ1agZb7Ze6VW/PddHipdWBu1t+8OWLW5X5yZOPiOnaWJQ==", "inBundle": true, "dependencies": { "@sigstore/protobuf-specs": "^0.3.0", - "tuf-js": "^2.2.0" + "tuf-js": "^2.2.1" }, "engines": { "node": "^16.14.0 || >=18.0.0" @@ -2064,7 +2064,7 @@ "version": "2.0.0", "resolved": "https://registry.npmjs.org/@tufjs/models/-/models-2.0.0.tgz", "integrity": "sha512-c8nj8BaOExmZKO2DXhDfegyhSGcG9E/mPN3U13L+/PsoWm1uaGiHHjxqSHQiasDBQwDA3aHuw9+9spYAP1qvvg==", - "inBundle": true, + "dev": true, "dependencies": { "@tufjs/canonical-json": "2.0.0", "minimatch": "^9.0.3" @@ -13825,14 +13825,27 @@ } }, "node_modules/tuf-js": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/tuf-js/-/tuf-js-2.2.0.tgz", - "integrity": "sha512-ZSDngmP1z6zw+FIkIBjvOp/II/mIub/O7Pp12j1WNsiCpg5R5wAc//i555bBQsE44O94btLt0xM/Zr2LQjwdCg==", + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/tuf-js/-/tuf-js-2.2.1.tgz", + "integrity": "sha512-GwIJau9XaA8nLVbUXsN3IlFi7WmQ48gBUrl3FTkkL/XLu/POhBzfmX9hd33FNMX1qAsfl6ozO1iMmW9NC8YniA==", "inBundle": true, "dependencies": { - "@tufjs/models": "2.0.0", + "@tufjs/models": "2.0.1", "debug": "^4.3.4", - "make-fetch-happen": "^13.0.0" + "make-fetch-happen": "^13.0.1" + }, + "engines": { + "node": "^16.14.0 || >=18.0.0" + } + }, + "node_modules/tuf-js/node_modules/@tufjs/models": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/@tufjs/models/-/models-2.0.1.tgz", + "integrity": "sha512-92F7/SFyufn4DXsha9+QfKnN03JGqtMFMXgSHbZOo8JG59WkTni7UzAouNQDf7AuP9OAMxVOPQcqG3sB7w+kkg==", + "inBundle": true, + "dependencies": { + "@tufjs/canonical-json": "2.0.0", + "minimatch": "^9.0.4" }, "engines": { "node": "^16.14.0 || >=18.0.0" diff --git a/package.json b/package.json index ab12a9a8c964e..2bc3a146a7989 100644 --- a/package.json +++ b/package.json @@ -60,7 +60,7 @@ "@npmcli/promise-spawn": "^7.0.2", "@npmcli/redact": "^2.0.0", "@npmcli/run-script": "^8.1.0", - "@sigstore/tuf": "^2.3.2", + "@sigstore/tuf": "^2.3.3", "abbrev": "^2.0.0", "archy": "~1.0.0", "cacache": "^18.0.3", From f0ca7a7d671a2ab07e175ce4af0076b1cbc9dd38 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Thu, 9 May 2024 15:31:36 -0700 Subject: [PATCH 4/5] deps: minipass@7.1.1 --- node_modules/minipass/dist/commonjs/index.js | 18 +++++++++--------- node_modules/minipass/dist/esm/index.js | 6 +++--- node_modules/minipass/package.json | 2 +- package-lock.json | 11 +++++------ package.json | 2 +- workspaces/libnpmorg/package.json | 2 +- 6 files changed, 20 insertions(+), 21 deletions(-) diff --git a/node_modules/minipass/dist/commonjs/index.js b/node_modules/minipass/dist/commonjs/index.js index b6cdae8eb514b..068c095b69793 100644 --- a/node_modules/minipass/dist/commonjs/index.js +++ b/node_modules/minipass/dist/commonjs/index.js @@ -10,9 +10,9 @@ const proc = typeof process === 'object' && process stdout: null, stderr: null, }; -const events_1 = require("events"); -const stream_1 = __importDefault(require("stream")); -const string_decoder_1 = require("string_decoder"); +const node_events_1 = require("node:events"); +const node_stream_1 = __importDefault(require("node:stream")); +const node_string_decoder_1 = require("node:string_decoder"); /** * Return true if the argument is a Minipass stream, Node stream, or something * else that Minipass can interact with. @@ -20,7 +20,7 @@ const string_decoder_1 = require("string_decoder"); const isStream = (s) => !!s && typeof s === 'object' && (s instanceof Minipass || - s instanceof stream_1.default || + s instanceof node_stream_1.default || (0, exports.isReadable)(s) || (0, exports.isWritable)(s)); exports.isStream = isStream; @@ -29,17 +29,17 @@ exports.isStream = isStream; */ const isReadable = (s) => !!s && typeof s === 'object' && - s instanceof events_1.EventEmitter && + s instanceof node_events_1.EventEmitter && typeof s.pipe === 'function' && // node core Writable streams have a pipe() method, but it throws - s.pipe !== stream_1.default.Writable.prototype.pipe; + s.pipe !== node_stream_1.default.Writable.prototype.pipe; exports.isReadable = isReadable; /** * Return true if the argument is a valid {@link Minipass.Writable} */ const isWritable = (s) => !!s && typeof s === 'object' && - s instanceof events_1.EventEmitter && + s instanceof node_events_1.EventEmitter && typeof s.write === 'function' && typeof s.end === 'function'; exports.isWritable = isWritable; @@ -146,7 +146,7 @@ const isEncodingOptions = (o) => !o.objectMode && !!o.encoding && o.encoding !== * `Events` is the set of event handler signatures that this object * will emit, see {@link Minipass.Events} */ -class Minipass extends events_1.EventEmitter { +class Minipass extends node_events_1.EventEmitter { [FLOWING] = false; [PAUSED] = false; [PIPES] = []; @@ -201,7 +201,7 @@ class Minipass extends events_1.EventEmitter { } this[ASYNC] = !!options.async; this[DECODER] = this[ENCODING] - ? new string_decoder_1.StringDecoder(this[ENCODING]) + ? new node_string_decoder_1.StringDecoder(this[ENCODING]) : null; //@ts-ignore - private option for debugging and testing if (options && options.debugExposeBuffer === true) { diff --git a/node_modules/minipass/dist/esm/index.js b/node_modules/minipass/dist/esm/index.js index b65fafbae43a4..b5fa4513c9083 100644 --- a/node_modules/minipass/dist/esm/index.js +++ b/node_modules/minipass/dist/esm/index.js @@ -4,9 +4,9 @@ const proc = typeof process === 'object' && process stdout: null, stderr: null, }; -import { EventEmitter } from 'events'; -import Stream from 'stream'; -import { StringDecoder } from 'string_decoder'; +import { EventEmitter } from 'node:events'; +import Stream from 'node:stream'; +import { StringDecoder } from 'node:string_decoder'; /** * Return true if the argument is a Minipass stream, Node stream, or something * else that Minipass can interact with. diff --git a/node_modules/minipass/package.json b/node_modules/minipass/package.json index 76038f55de57b..f8b39b5259490 100644 --- a/node_modules/minipass/package.json +++ b/node_modules/minipass/package.json @@ -1,6 +1,6 @@ { "name": "minipass", - "version": "7.1.0", + "version": "7.1.1", "description": "minimal implementation of a PassThrough stream", "main": "./dist/commonjs/index.js", "types": "./dist/commonjs/index.d.ts", diff --git a/package-lock.json b/package-lock.json index 72ee066fe864d..c91ff5d22ce3d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -124,7 +124,7 @@ "libnpmversion": "^6.0.0", "make-fetch-happen": "^13.0.1", "minimatch": "^9.0.4", - "minipass": "^7.1.0", + "minipass": "^7.1.1", "minipass-pipeline": "^1.2.4", "ms": "^2.1.2", "node-gyp": "^10.1.0", @@ -8391,11 +8391,10 @@ } }, "node_modules/minipass": { - "version": "7.1.0", - "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.0.tgz", - "integrity": "sha512-oGZRv2OT1lO2UF1zUcwdTb3wqUwI0kBGTgt/T7OdSj6M6N5m3o5uPf0AIW6lVxGGoiWUR7e2AwTE+xiwK8WQig==", + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.1.tgz", + "integrity": "sha512-UZ7eQ+h8ywIRAW1hIEl2AqdwzJucU/Kp59+8kkZeSvafXhZjul247BvIJjEVFVeON6d7lM46XX1HXCduKAS8VA==", "inBundle": true, - "license": "ISC", "engines": { "node": ">=16 || 14 >=14.17" } @@ -14969,7 +14968,7 @@ "devDependencies": { "@npmcli/eslint-config": "^4.0.0", "@npmcli/template-oss": "4.22.0", - "minipass": "^7.1.0", + "minipass": "^7.1.1", "nock": "^13.3.3", "tap": "^16.3.8" }, diff --git a/package.json b/package.json index 2bc3a146a7989..5a07275e8488c 100644 --- a/package.json +++ b/package.json @@ -89,7 +89,7 @@ "libnpmversion": "^6.0.0", "make-fetch-happen": "^13.0.1", "minimatch": "^9.0.4", - "minipass": "^7.1.0", + "minipass": "^7.1.1", "minipass-pipeline": "^1.2.4", "ms": "^2.1.2", "node-gyp": "^10.1.0", diff --git a/workspaces/libnpmorg/package.json b/workspaces/libnpmorg/package.json index ed3e3410443d8..f5d9562b5ff09 100644 --- a/workspaces/libnpmorg/package.json +++ b/workspaces/libnpmorg/package.json @@ -29,7 +29,7 @@ "devDependencies": { "@npmcli/eslint-config": "^4.0.0", "@npmcli/template-oss": "4.22.0", - "minipass": "^7.1.0", + "minipass": "^7.1.1", "nock": "^13.3.3", "tap": "^16.3.8" }, From 2151d290a0c6ae418787c2757f2d0ed34b9e5344 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Thu, 9 May 2024 15:33:42 -0700 Subject: [PATCH 5/5] deps: @sigstore/sign@2.3.1 --- DEPENDENCIES.md | 2 + .../@sigstore/sign/dist/external/error.js | 44 +++------ .../@sigstore/sign/dist/external/fetch.js | 99 +++++++++++++++++++ .../@sigstore/sign/dist/external/fulcio.js | 30 ++---- .../@sigstore/sign/dist/external/rekor.js | 77 ++++----------- .../@sigstore/sign/dist/external/tsa.js | 27 ++--- node_modules/@sigstore/sign/package.json | 11 ++- package-lock.json | 10 +- 8 files changed, 170 insertions(+), 130 deletions(-) create mode 100644 node_modules/@sigstore/sign/dist/external/fetch.js diff --git a/DEPENDENCIES.md b/DEPENDENCIES.md index e9b9f575c7cb7..fd7561a2a96f0 100644 --- a/DEPENDENCIES.md +++ b/DEPENDENCIES.md @@ -737,6 +737,8 @@ graph LR; sigstore-->sigstore-verify["@sigstore/verify"]; sigstore-bundle-->sigstore-protobuf-specs["@sigstore/protobuf-specs"]; sigstore-sign-->make-fetch-happen; + sigstore-sign-->proc-log; + sigstore-sign-->promise-retry; sigstore-sign-->sigstore-bundle["@sigstore/bundle"]; sigstore-sign-->sigstore-core["@sigstore/core"]; sigstore-sign-->sigstore-protobuf-specs["@sigstore/protobuf-specs"]; diff --git a/node_modules/@sigstore/sign/dist/external/error.js b/node_modules/@sigstore/sign/dist/external/error.js index 0dad92ea69414..a6a65adebb176 100644 --- a/node_modules/@sigstore/sign/dist/external/error.js +++ b/node_modules/@sigstore/sign/dist/external/error.js @@ -1,6 +1,21 @@ "use strict"; +/* +Copyright 2023 The Sigstore Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ Object.defineProperty(exports, "__esModule", { value: true }); -exports.checkStatus = exports.HTTPError = void 0; +exports.HTTPError = void 0; class HTTPError extends Error { constructor({ status, message, location, }) { super(`(${status}) ${message}`); @@ -9,30 +24,3 @@ class HTTPError extends Error { } } exports.HTTPError = HTTPError; -const checkStatus = async (response) => { - if (response.ok) { - return response; - } - else { - let message = response.statusText; - const location = response.headers?.get('Location') || undefined; - const contentType = response.headers?.get('Content-Type'); - // If response type is JSON, try to parse the body for a message - if (contentType?.includes('application/json')) { - try { - await response.json().then((body) => { - message = body.message; - }); - } - catch (e) { - // ignore - } - } - throw new HTTPError({ - status: response.status, - message: message, - location: location, - }); - } -}; -exports.checkStatus = checkStatus; diff --git a/node_modules/@sigstore/sign/dist/external/fetch.js b/node_modules/@sigstore/sign/dist/external/fetch.js new file mode 100644 index 0000000000000..b2d81bde7be16 --- /dev/null +++ b/node_modules/@sigstore/sign/dist/external/fetch.js @@ -0,0 +1,99 @@ +"use strict"; +var __importDefault = (this && this.__importDefault) || function (mod) { + return (mod && mod.__esModule) ? mod : { "default": mod }; +}; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.fetchWithRetry = void 0; +/* +Copyright 2023 The Sigstore Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +const http2_1 = require("http2"); +const make_fetch_happen_1 = __importDefault(require("make-fetch-happen")); +const proc_log_1 = require("proc-log"); +const promise_retry_1 = __importDefault(require("promise-retry")); +const util_1 = require("../util"); +const error_1 = require("./error"); +const { HTTP2_HEADER_LOCATION, HTTP2_HEADER_CONTENT_TYPE, HTTP2_HEADER_USER_AGENT, HTTP_STATUS_INTERNAL_SERVER_ERROR, HTTP_STATUS_TOO_MANY_REQUESTS, HTTP_STATUS_REQUEST_TIMEOUT, } = http2_1.constants; +async function fetchWithRetry(url, options) { + return (0, promise_retry_1.default)(async (retry, attemptNum) => { + const method = options.method || 'POST'; + const headers = { + [HTTP2_HEADER_USER_AGENT]: util_1.ua.getUserAgent(), + ...options.headers, + }; + const response = await (0, make_fetch_happen_1.default)(url, { + method, + headers, + body: options.body, + timeout: options.timeout, + retry: false, // We're handling retries ourselves + }).catch((reason) => { + proc_log_1.log.http('fetch', `${method} ${url} attempt ${attemptNum} failed with ${reason}`); + return retry(reason); + }); + if (response.ok) { + return response; + } + else { + const error = await errorFromResponse(response); + proc_log_1.log.http('fetch', `${method} ${url} attempt ${attemptNum} failed with ${response.status}`); + if (retryable(response.status)) { + return retry(error); + } + else { + throw error; + } + } + }, retryOpts(options.retry)); +} +exports.fetchWithRetry = fetchWithRetry; +// Translate a Response into an HTTPError instance. This will attempt to parse +// the response body for a message, but will default to the statusText if none +// is found. +const errorFromResponse = async (response) => { + let message = response.statusText; + const location = response.headers?.get(HTTP2_HEADER_LOCATION) || undefined; + const contentType = response.headers?.get(HTTP2_HEADER_CONTENT_TYPE); + // If response type is JSON, try to parse the body for a message + if (contentType?.includes('application/json')) { + try { + const body = await response.json(); + message = body.message || message; + } + catch (e) { + // ignore + } + } + return new error_1.HTTPError({ + status: response.status, + message: message, + location: location, + }); +}; +// Determine if a status code is retryable. This includes 5xx errors, 408, and +// 429. +const retryable = (status) => [HTTP_STATUS_REQUEST_TIMEOUT, HTTP_STATUS_TOO_MANY_REQUESTS].includes(status) || status >= HTTP_STATUS_INTERNAL_SERVER_ERROR; +// Normalize the retry options to the format expected by promise-retry +const retryOpts = (retry) => { + if (typeof retry === 'boolean') { + return { retries: retry ? 1 : 0 }; + } + else if (typeof retry === 'number') { + return { retries: retry }; + } + else { + return { retries: 0, ...retry }; + } +}; diff --git a/node_modules/@sigstore/sign/dist/external/fulcio.js b/node_modules/@sigstore/sign/dist/external/fulcio.js index f00b62e147cd7..de6a1ad9f9e79 100644 --- a/node_modules/@sigstore/sign/dist/external/fulcio.js +++ b/node_modules/@sigstore/sign/dist/external/fulcio.js @@ -1,7 +1,4 @@ "use strict"; -var __importDefault = (this && this.__importDefault) || function (mod) { - return (mod && mod.__esModule) ? mod : { "default": mod }; -}; Object.defineProperty(exports, "__esModule", { value: true }); exports.Fulcio = void 0; /* @@ -19,33 +16,26 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ -const make_fetch_happen_1 = __importDefault(require("make-fetch-happen")); -const util_1 = require("../util"); -const error_1 = require("./error"); +const fetch_1 = require("./fetch"); /** * Fulcio API client. */ class Fulcio { constructor(options) { - this.fetch = make_fetch_happen_1.default.defaults({ - retry: options.retry, - timeout: options.timeout, + this.options = options; + } + async createSigningCertificate(request) { + const { baseURL, retry, timeout } = this.options; + const url = `${baseURL}/api/v2/signingCert`; + const response = await (0, fetch_1.fetchWithRetry)(url, { headers: { 'Content-Type': 'application/json', - 'User-Agent': util_1.ua.getUserAgent(), }, - }); - this.baseUrl = options.baseURL; - } - async createSigningCertificate(request) { - const url = `${this.baseUrl}/api/v2/signingCert`; - const response = await this.fetch(url, { - method: 'POST', body: JSON.stringify(request), + timeout, + retry, }); - await (0, error_1.checkStatus)(response); - const data = await response.json(); - return data; + return response.json(); } } exports.Fulcio = Fulcio; diff --git a/node_modules/@sigstore/sign/dist/external/rekor.js b/node_modules/@sigstore/sign/dist/external/rekor.js index 6f6cb96cc9c5c..bb59a126e032f 100644 --- a/node_modules/@sigstore/sign/dist/external/rekor.js +++ b/node_modules/@sigstore/sign/dist/external/rekor.js @@ -1,7 +1,4 @@ "use strict"; -var __importDefault = (this && this.__importDefault) || function (mod) { - return (mod && mod.__esModule) ? mod : { "default": mod }; -}; Object.defineProperty(exports, "__esModule", { value: true }); exports.Rekor = void 0; /* @@ -19,23 +16,13 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ -const make_fetch_happen_1 = __importDefault(require("make-fetch-happen")); -const util_1 = require("../util"); -const error_1 = require("./error"); +const fetch_1 = require("./fetch"); /** * Rekor API client. */ class Rekor { constructor(options) { - this.fetch = make_fetch_happen_1.default.defaults({ - retry: options.retry, - timeout: options.timeout, - headers: { - Accept: 'application/json', - 'User-Agent': util_1.ua.getUserAgent(), - }, - }); - this.baseUrl = options.baseURL; + this.options = options; } /** * Create a new entry in the Rekor log. @@ -43,13 +30,17 @@ class Rekor { * @returns {Promise} The created entry */ async createEntry(propsedEntry) { - const url = `${this.baseUrl}/api/v1/log/entries`; - const response = await this.fetch(url, { - method: 'POST', - headers: { 'Content-Type': 'application/json' }, + const { baseURL, timeout, retry } = this.options; + const url = `${baseURL}/api/v1/log/entries`; + const response = await (0, fetch_1.fetchWithRetry)(url, { + headers: { + 'Content-Type': 'application/json', + Accept: 'application/json', + }, body: JSON.stringify(propsedEntry), + timeout, + retry, }); - await (0, error_1.checkStatus)(response); const data = await response.json(); return entryFromResponse(data); } @@ -59,44 +50,18 @@ class Rekor { * @returns {Promise} The retrieved entry */ async getEntry(uuid) { - const url = `${this.baseUrl}/api/v1/log/entries/${uuid}`; - const response = await this.fetch(url); - await (0, error_1.checkStatus)(response); - const data = await response.json(); - return entryFromResponse(data); - } - /** - * Search the Rekor log index for entries matching the given query. - * @param opts {SearchIndex} Options to search the Rekor log - * @returns {Promise} UUIDs of matching entries - */ - async searchIndex(opts) { - const url = `${this.baseUrl}/api/v1/index/retrieve`; - const response = await this.fetch(url, { - method: 'POST', - body: JSON.stringify(opts), - headers: { 'Content-Type': 'application/json' }, + const { baseURL, timeout, retry } = this.options; + const url = `${baseURL}/api/v1/log/entries/${uuid}`; + const response = await (0, fetch_1.fetchWithRetry)(url, { + method: 'GET', + headers: { + Accept: 'application/json', + }, + timeout, + retry, }); - await (0, error_1.checkStatus)(response); const data = await response.json(); - return data; - } - /** - * Search the Rekor logs for matching the given query. - * @param opts {SearchLogQuery} Query to search the Rekor log - * @returns {Promise} List of matching entries - */ - async searchLog(opts) { - const url = `${this.baseUrl}/api/v1/log/entries/retrieve`; - const response = await this.fetch(url, { - method: 'POST', - body: JSON.stringify(opts), - headers: { 'Content-Type': 'application/json' }, - }); - await (0, error_1.checkStatus)(response); - const rawData = await response.json(); - const data = rawData.map((d) => entryFromResponse(d)); - return data; + return entryFromResponse(data); } } exports.Rekor = Rekor; diff --git a/node_modules/@sigstore/sign/dist/external/tsa.js b/node_modules/@sigstore/sign/dist/external/tsa.js index 252c14f2d32d8..a948ba9cca2c7 100644 --- a/node_modules/@sigstore/sign/dist/external/tsa.js +++ b/node_modules/@sigstore/sign/dist/external/tsa.js @@ -1,7 +1,4 @@ "use strict"; -var __importDefault = (this && this.__importDefault) || function (mod) { - return (mod && mod.__esModule) ? mod : { "default": mod }; -}; Object.defineProperty(exports, "__esModule", { value: true }); exports.TimestampAuthority = void 0; /* @@ -19,28 +16,22 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ -const make_fetch_happen_1 = __importDefault(require("make-fetch-happen")); -const util_1 = require("../util"); -const error_1 = require("./error"); +const fetch_1 = require("./fetch"); class TimestampAuthority { constructor(options) { - this.fetch = make_fetch_happen_1.default.defaults({ - retry: options.retry, - timeout: options.timeout, + this.options = options; + } + async createTimestamp(request) { + const { baseURL, timeout, retry } = this.options; + const url = `${baseURL}/api/v1/timestamp`; + const response = await (0, fetch_1.fetchWithRetry)(url, { headers: { 'Content-Type': 'application/json', - 'User-Agent': util_1.ua.getUserAgent(), }, - }); - this.baseUrl = options.baseURL; - } - async createTimestamp(request) { - const url = `${this.baseUrl}/api/v1/timestamp`; - const response = await this.fetch(url, { - method: 'POST', body: JSON.stringify(request), + timeout, + retry, }); - await (0, error_1.checkStatus)(response); return response.buffer(); } } diff --git a/node_modules/@sigstore/sign/package.json b/node_modules/@sigstore/sign/package.json index 09eea0a39e877..47d8fed2e6ab3 100644 --- a/node_modules/@sigstore/sign/package.json +++ b/node_modules/@sigstore/sign/package.json @@ -1,6 +1,6 @@ { "name": "@sigstore/sign", - "version": "2.3.0", + "version": "2.3.1", "description": "Sigstore signing library", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -27,15 +27,18 @@ }, "devDependencies": { "@sigstore/jest": "^0.0.0", - "@sigstore/mock": "^0.7.0", + "@sigstore/mock": "^0.7.3", "@sigstore/rekor-types": "^2.0.0", - "@types/make-fetch-happen": "^10.0.4" + "@types/make-fetch-happen": "^10.0.4", + "@types/promise-retry": "^1.1.6" }, "dependencies": { "@sigstore/bundle": "^2.3.0", "@sigstore/core": "^1.0.0", "@sigstore/protobuf-specs": "^0.3.1", - "make-fetch-happen": "^13.0.0" + "make-fetch-happen": "^13.0.1", + "proc-log": "^4.2.0", + "promise-retry": "^2.0.1" }, "engines": { "node": "^16.14.0 || >=18.0.0" diff --git a/package-lock.json b/package-lock.json index c91ff5d22ce3d..e227122e41c66 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2010,15 +2010,17 @@ } }, "node_modules/@sigstore/sign": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/@sigstore/sign/-/sign-2.3.0.tgz", - "integrity": "sha512-tsAyV6FC3R3pHmKS880IXcDJuiFJiKITO1jxR1qbplcsBkZLBmjrEw5GbC7ikD6f5RU1hr7WnmxB/2kKc1qUWQ==", + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/@sigstore/sign/-/sign-2.3.1.tgz", + "integrity": "sha512-YZ71wKIOweC8ViUeZXboz0iPLqMkskxuoeN/D1CEpAyZvEepbX9oRMIoO6a/DxUqO1VEaqmcmmqzSiqtOsvSmw==", "inBundle": true, "dependencies": { "@sigstore/bundle": "^2.3.0", "@sigstore/core": "^1.0.0", "@sigstore/protobuf-specs": "^0.3.1", - "make-fetch-happen": "^13.0.0" + "make-fetch-happen": "^13.0.1", + "proc-log": "^4.2.0", + "promise-retry": "^2.0.1" }, "engines": { "node": "^16.14.0 || >=18.0.0"