actions/attest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
254 Commits 1 Branch 30 Tags
main
Commit Graph

96 Commits

Author SHA1 Message Date
Brian DeHamer
ec072a1cb2 add new subject-version input (#364) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2026-02-26 12:38:12 -08:00
Brian DeHamer
8b290b8d86 bump @actions/attest from 3.1.0 to 3.2.0 (#365) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2026-02-26 12:36:53 -08:00
Brian DeHamer
35cfe2422e bump @actions/attest from 3.0.0 to 3.1.0 (#362) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2026-02-25 16:03:18 -08:00
Brian DeHamer
19ad753d23 test suite re-write (#356) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2026-02-19 10:14:47 -08:00
Brian DeHamer
7d7ff4475a ESM Conversion (#347) 
* initial esm conversion

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* esm'ify jest tests

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* lint issues

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* debug mock

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* glob updated

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* async all file functions

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* update @actions/github

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* update @actions/attest

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* rebuild package-lock.json

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* use experimental flag for jest in ci

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* remove stray istanbul ignore

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* Optimize getSubjectFromPath to avoid concurrent stat calls

Co-authored-by: bdehamer <398027+bdehamer@users.noreply.github.com>

* Fix boundary condition for MAX_SUBJECT_COUNT check

Co-authored-by: bdehamer <398027+bdehamer@users.noreply.github.com>

* Improve error message clarity for subject count limit

Co-authored-by: bdehamer <398027+bdehamer@users.noreply.github.com>

* Update test to match new error message format

Co-authored-by: bdehamer <398027+bdehamer@users.noreply.github.com>

* rebuild dist

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* Fix parseSBOMFromPath to check file size before reading

Co-authored-by: bdehamer <398027+bdehamer@users.noreply.github.com>

* Build package with updated changes

Co-authored-by: bdehamer <398027+bdehamer@users.noreply.github.com>

---------

Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: bdehamer <398027+bdehamer@users.noreply.github.com>
 2026-02-18 08:52:30 -08:00
Brian DeHamer
dc4ad3cc6c Consolidate attestation actions (#346) 
* consolidate attestation actions

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* better errors

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* Update src/sbom.ts

Co-authored-by: Austin Beattie <ajbeattie@github.com>

* clarify dedupe comment

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: Austin Beattie <ajbeattie@github.com>
 2026-02-13 11:23:24 -08:00
dependabot[bot]
a82737a684 Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 (#342) 
* Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1

Bumps @isaacs/brace-expansion from 5.0.0 to 5.0.1.

---
updated-dependencies:
- dependency-name: "@isaacs/brace-expansion"
  dependency-version: 5.0.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* regenerate dist

Signed-off-by: Meredith Lancaster <malancas@github.com>

* regenerate package-lock

Signed-off-by: Meredith Lancaster <malancas@github.com>

* regenerate dist

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Meredith Lancaster <malancas@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Meredith Lancaster <malancas@github.com>
Co-authored-by: Meredith Lancaster <malancas@users.noreply.github.com>
 2026-02-05 10:03:29 -08:00
dependabot[bot]
615da641f0 Bump tar from 7.4.3 to 7.5.7 (#337) 
* Bump tar from 7.4.3 to 7.5.7

Bumps [tar](https://github.com/isaacs/node-tar) from 7.4.3 to 7.5.7.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.4.3...v7.5.7)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Rebuild dist after dependency updates

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tingting Wang <tingx2wang@github.com>
 2026-01-29 15:03:36 -08:00
dependabot[bot]
411f73e40b Bump @actions/attest from 2.1.0 to 2.2.0 (#325) 
* Bump @actions/attest from 2.1.0 to 2.2.0

Bumps [@actions/attest](https://github.com/actions/toolkit/tree/HEAD/packages/attest) from 2.1.0 to 2.2.0.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/attest/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/attest)

---
updated-dependencies:
- dependency-name: "@actions/attest"
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: update dist/ after build

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tingting Wang <tingx2wang@github.com>
 2026-01-29 15:01:54 -08:00
dependabot[bot]
95674aef8a Bump @actions/github from 6.0.1 to 7.0.0 (#324) 
Bumps [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) from 6.0.1 to 7.0.0.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

---
updated-dependencies:
- dependency-name: "@actions/github"
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tingting Wang <tingx2wang@github.com>
 2026-01-28 15:29:26 -08:00
dependabot[bot]
775709ffff Bump the npm-development group across 1 directory with 5 updates (#336) 
* Bump the npm-development group across 1 directory with 5 updates

Bumps the npm-development group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.0.3` | `25.0.10` |
| [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) | `29.9.0` | `29.12.1` |
| [prettier](https://github.com/prettier/prettier) | `3.7.4` | `3.8.1` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.50.1` | `8.54.0` |
| [undici](https://github.com/nodejs/undici) | `7.18.2` | `7.19.1` |



Updates `@types/node` from 25.0.3 to 25.0.10
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint-plugin-jest` from 29.9.0 to 29.12.1
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v29.9.0...v29.12.1)

Updates `prettier` from 3.7.4 to 3.8.1
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.7.4...3.8.1)

Updates `typescript-eslint` from 8.50.1 to 8.54.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.54.0/packages/typescript-eslint)

Updates `undici` from 7.18.2 to 7.19.1
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v7.18.2...v7.19.1)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.0.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: eslint-plugin-jest
  dependency-version: 29.12.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: prettier
  dependency-version: 3.8.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: typescript-eslint
  dependency-version: 8.54.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: undici
  dependency-version: 7.19.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: update dist/ after build

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tingting Wang <tingx2wang@github.com>
 2026-01-27 18:41:15 -08:00
dependabot[bot]
6d9cc6edb5 Bump tar from 7.4.3 to 7.5.6 (#333) 
* Bump tar from 7.4.3 to 7.5.6

Bumps [tar](https://github.com/isaacs/node-tar) from 7.4.3 to 7.5.6.
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-tar/compare/v7.4.3...v7.5.6)

---
updated-dependencies:
- dependency-name: tar
  dependency-version: 7.5.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: update dist/ after build

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tingting Wang <tingx2wang@github.com>
 2026-01-27 18:40:58 -08:00
dependabot[bot]
792c62d14a Bump @actions/core from 2.0.1 to 2.0.2 in the npm-production group (#323) 
Bumps the npm-production group with 1 update: [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core).


Updates `@actions/core` from 2.0.1 to 2.0.2
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-version: 2.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tingting Wang <tingx2wang@github.com>
 2026-01-27 18:40:13 -08:00
Meredith Lancaster
20eb46ce7a Validate repository org-ownership before storage record creation (#328) 
* check if the repository is owned by org before attempting storage record creation

Signed-off-by: Meredith Lancaster <malancas@github.com>

* linter

Signed-off-by: Meredith Lancaster <malancas@github.com>

* generate dist

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add fixtures for repoOwnerIsOrg function

Signed-off-by: Meredith Lancaster <malancas@github.com>

* formatter

Signed-off-by: Meredith Lancaster <malancas@github.com>

* clean up fixtures

Signed-off-by: Meredith Lancaster <malancas@github.com>

* more clean up

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix function declaration

Signed-off-by: Meredith Lancaster <malancas@github.com>

* clean up fixtures

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add test when repo is not owned by org

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add more expect statements, clean up mock calls

Signed-off-by: Meredith Lancaster <malancas@github.com>

* formatter

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add more spy expect statements

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
 2026-01-26 08:31:21 -08:00
Meredith Lancaster
7433fa7e7a Update undici development dependency to the latest version (#332) 
* update undici dep to the latest version

Signed-off-by: Meredith Lancaster <malancas@github.com>

* regenerate dist

Signed-off-by: Meredith Lancaster <malancas@github.com>

* update to v7.18.2

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
 2026-01-20 16:21:19 -08:00
Meredith Lancaster
7667f588f2 Create Artifact Metadata Storage Record on registry push (#313) 
* first pass at creating storage record

Signed-off-by: Meredith Lancaster <malancas@github.com>

* include storage record param in action config

Signed-off-by: Meredith Lancaster <malancas@github.com>

* use latest actions/attest version

Signed-off-by: Meredith Lancaster <malancas@github.com>

* update storage record params

Signed-off-by: Meredith Lancaster <malancas@github.com>

* include storage record id in result

Signed-off-by: Meredith Lancaster <malancas@github.com>

* regenerate dist

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add documentation on storage records

Signed-off-by: Meredith Lancaster <malancas@github.com>

* log storage record creation

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add storage record output

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add new param

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add storage record id output

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix linter errors

Signed-off-by: Meredith Lancaster <malancas@github.com>

* return all storage record ids

Signed-off-by: Meredith Lancaster <malancas@github.com>

* bump minor version

Signed-off-by: Meredith Lancaster <malancas@github.com>

* use expect string match function

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add try catch block for storage record creation

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix table column spacing

Signed-off-by: Meredith Lancaster <malancas@github.com>

* check for protocol

Signed-off-by: Meredith Lancaster <malancas@github.com>

* check for artifact url protocol

Signed-off-by: Meredith Lancaster <malancas@github.com>

* only fill registry_url for now

Signed-off-by: Meredith Lancaster <malancas@github.com>

* cleanup protocol handling

Signed-off-by: Meredith Lancaster <malancas@github.com>

* regenerate dist

Signed-off-by: Meredith Lancaster <malancas@github.com>

* handle subject name correctly

Signed-off-by: Meredith Lancaster <malancas@github.com>

* move test

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add back assert statements

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add back output assert statements

Signed-off-by: Meredith Lancaster <malancas@github.com>

* Apply suggestion from @Copilot

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Apply suggestion from @Copilot

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Apply suggestion from @Copilot

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* use url for subject name parsing

Signed-off-by: Meredith Lancaster <malancas@github.com>

* add missing test setpu

Signed-off-by: Meredith Lancaster <malancas@github.com>

* fix storage record fail test

Signed-off-by: Meredith Lancaster <malancas@github.com>

* regenerate dist

Signed-off-by: Meredith Lancaster <malancas@github.com>

---------

Signed-off-by: Meredith Lancaster <malancas@github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-12-18 11:30:45 -08:00
dependabot[bot]
0512723b04 Bump @actions/core from 1.11.1 to 2.0.1 (#318) 
* Bump @actions/core from 1.11.1 to 2.0.1

Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.11.1 to 2.0.1.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/@actions/artifact@2.0.1/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-version: 2.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* rebuild dist

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian DeHamer <bdehamer@github.com>
 2025-12-15 16:39:30 -08:00
dependabot[bot]
2498417848 Bump glob and markdownlint-cli (#305) 
* Bump glob and markdownlint-cli

Bumps [glob](https://github.com/isaacs/node-glob) to 10.5.0 and updates ancestor dependencies [glob](https://github.com/isaacs/node-glob) and [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli). These dependencies need to be updated together.


Updates `glob` from 10.4.5 to 10.5.0
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/node-glob/compare/v10.4.5...v10.5.0)

Updates `glob` from 11.0.3 to 11.1.0
- [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/node-glob/compare/v10.4.5...v10.5.0)

Updates `markdownlint-cli` from 0.45.0 to 0.46.0
- [Release notes](https://github.com/igorshubovych/markdownlint-cli/releases)
- [Commits](https://github.com/igorshubovych/markdownlint-cli/compare/v0.45.0...v0.46.0)

---
updated-dependencies:
- dependency-name: glob
  dependency-version: 10.5.0
  dependency-type: indirect
- dependency-name: glob
  dependency-version: 11.1.0
  dependency-type: indirect
- dependency-name: markdownlint-cli
  dependency-version: 0.46.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

* ran npm run bundle and commit /dist changes

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tingting Wang <tingx2wang@github.com>
 2025-11-20 10:17:59 -08:00
dependabot[bot]
498dbf428a Bump the npm-development group across 1 directory with 6 updates (#302) 
* Bump the npm-development group across 1 directory with 6 updates

Bumps the npm-development group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.37.0` | `9.39.1` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.7.0` | `24.10.0` |
| [eslint](https://github.com/eslint/eslint) | `9.37.0` | `9.39.1` |
| [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) | `29.0.1` | `29.1.0` |
| [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.4.4` | `29.4.5` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.46.0` | `8.46.4` |



Updates `@eslint/js` from 9.37.0 to 9.39.1
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v9.39.1/packages/js)

Updates `@types/node` from 24.7.0 to 24.10.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint` from 9.37.0 to 9.39.1
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v9.37.0...v9.39.1)

Updates `eslint-plugin-jest` from 29.0.1 to 29.1.0
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jest-community/eslint-plugin-jest/compare/v29.0.1...v29.1.0)

Updates `ts-jest` from 29.4.4 to 29.4.5
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.4.4...v29.4.5)

Updates `typescript-eslint` from 8.46.0 to 8.46.4
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.46.4/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.39.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@types/node"
  dependency-version: 24.10.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: eslint
  dependency-version: 9.39.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: eslint-plugin-jest
  dependency-version: 29.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: ts-jest
  dependency-version: 29.4.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: typescript-eslint
  dependency-version: 8.46.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>

* ran npm run bundle and commit /dist changes

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tingting Wang <tingx2wang@github.com>
 2025-11-20 10:17:12 -08:00
dependabot[bot]
065aa7392a Bump @actions/attest from 1.6.0 to 2.0.0 (#299) 
* Bump @actions/attest from 1.6.0 to 2.0.0

Bumps [@actions/attest](https://github.com/actions/toolkit/tree/HEAD/packages/attest) from 1.6.0 to 2.0.0.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/attest/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/attest)

---
updated-dependencies:
- dependency-name: "@actions/attest"
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* ran npm run bundle and commit /dist changes

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tingting Wang <tingx2wang@github.com>
 2025-11-20 10:16:34 -08:00
Brian DeHamer
daf44fb950 improved checksum parsing (#280) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2025-08-26 16:07:15 -07:00
dependabot[bot]
9c3e2717a6 Bump @sigstore/oci from 0.5.0 to 0.6.0 (#271) 
* Bump @sigstore/oci from 0.5.0 to 0.6.0

Bumps [@sigstore/oci](https://github.com/sigstore/sigstore-js) from 0.5.0 to 0.6.0.
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/@sigstore/oci@0.5.0...@sigstore/oci@0.6.0)

---
updated-dependencies:
- dependency-name: "@sigstore/oci"
  dependency-version: 0.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update dist after build

* Update dist after build

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Tingting Wang <twang1225@gmail.com>
 2025-08-05 14:10:37 -04:00
Brian DeHamer
3640186643 update vulnerable deps (#257) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2025-06-17 12:13:48 -07:00
dependabot[bot]
03074e1180 Bump jest and @types/jest (#255) 
* Bump jest and @types/jest

Bumps [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) and [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest). These dependencies needed to be updated together.

Updates `jest` from 29.7.0 to 30.0.0
- [Release notes](https://github.com/jestjs/jest/releases)
- [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/jestjs/jest/commits/v30.0.0/packages/jest)

Updates `@types/jest` from 29.5.14 to 30.0.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

---
updated-dependencies:
- dependency-name: jest
  dependency-version: 30.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
- dependency-name: "@types/jest"
  dependency-version: 30.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* rebuild dist

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* test coverage hints

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* enable ts isolated modules

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian DeHamer <bdehamer@github.com>
 2025-06-17 09:51:59 -07:00
Fredrik Skogman
6a89e12864 Add path to created attestation in a well-known summary file (#252) 
* Added a new output file, where the path on local disk to each created
attestation is stored. One attestation per line.

Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>

* Added a section to the readme about the paths file

Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>

* store the file in RUNNER_TEMP

* Ignore writing summary file for created attestations if runner_temp is not set.

* prettier updates

---------

Signed-off-by: Fredrik Skogman <kommendorkapten@github.com>
 2025-06-11 15:53:32 +02:00
dependabot[bot]
5ae9aa28e1 Bump undici from 5.28.5 to 5.29.0 (#246) 
* Bump undici from 5.28.5 to 5.29.0

Bumps [undici](https://github.com/nodejs/undici) from 5.28.5 to 5.29.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.5...v5.29.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 5.29.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>

* rebuild dist

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian DeHamer <bdehamer@github.com>
 2025-05-22 07:50:29 -07:00
dependabot[bot]
4119d34e49 Bump the npm-development group across 1 directory with 6 updates (#245) 
* Bump the npm-development group across 1 directory with 6 updates

Bumps the npm-development group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.26.0` | `9.27.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `22.15.8` | `22.15.19` |
| [eslint](https://github.com/eslint/eslint) | `9.26.0` | `9.27.0` |
| [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli) | `0.44.0` | `0.45.0` |
| [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.3.2` | `29.3.4` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.32.0` | `8.32.1` |



Updates `@eslint/js` from 9.26.0 to 9.27.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.27.0/packages/js)

Updates `@types/node` from 22.15.8 to 22.15.19
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint` from 9.26.0 to 9.27.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.26.0...v9.27.0)

Updates `markdownlint-cli` from 0.44.0 to 0.45.0
- [Release notes](https://github.com/igorshubovych/markdownlint-cli/releases)
- [Commits](https://github.com/igorshubovych/markdownlint-cli/compare/v0.44.0...v0.45.0)

Updates `ts-jest` from 29.3.2 to 29.3.4
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.3.2...v29.3.4)

Updates `typescript-eslint` from 8.32.0 to 8.32.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.32.1/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.27.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@types/node"
  dependency-version: 22.15.19
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: eslint
  dependency-version: 9.27.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: markdownlint-cli
  dependency-version: 0.45.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: ts-jest
  dependency-version: 29.3.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: typescript-eslint
  dependency-version: 8.32.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>

* rebuild dist

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian DeHamer <bdehamer@github.com>
 2025-05-20 06:56:07 -07:00
dependabot[bot]
7e777b150d Bump @actions/github from 6.0.0 to 6.0.1 in the npm-production group (#242) 
* Bump @actions/github from 6.0.0 to 6.0.1 in the npm-production group

Bumps the npm-production group with 1 update: [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github).


Updates `@actions/github` from 6.0.0 to 6.0.1
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

---
updated-dependencies:
- dependency-name: "@actions/github"
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-production
...

Signed-off-by: dependabot[bot] <support@github.com>

* rebuild dist

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian DeHamer <bdehamer@github.com>
 2025-05-20 06:55:33 -07:00
dependabot[bot]
647f15244e Bump the npm-development group with 4 updates (#240) 
* Bump the npm-development group with 4 updates

Bumps the npm-development group with 4 updates: [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js), [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node), [eslint](https://github.com/eslint/eslint) and [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).


Updates `@eslint/js` from 9.25.1 to 9.26.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.26.0/packages/js)

Updates `@types/node` from 22.15.3 to 22.15.8
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint` from 9.25.1 to 9.26.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.25.1...v9.26.0)

Updates `typescript-eslint` from 8.31.1 to 8.32.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.32.0/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.26.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@types/node"
  dependency-version: 22.15.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: eslint
  dependency-version: 9.26.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: typescript-eslint
  dependency-version: 8.32.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>

* rebuild dist

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian DeHamer <bdehamer@github.com>
 2025-05-08 10:45:12 -07:00
Brian DeHamer
afd6382543 Bump @sigstore/oci from 0.4.0 to 0.5.0 (#235) 
* bump @sigstore/oci from 0.4.0 to 0.5.0

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* bump package version to 2.3.0

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* update @babel/helpers from 7.22.13 to 7.27.0

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2025-04-25 15:46:24 -07:00
dependabot[bot]
13aa4f6a9c Bump @octokit/request from 8.2.0 to 8.4.1 (#229) 
* Bump @octokit/request from 8.2.0 to 8.4.1

Bumps [@octokit/request](https://github.com/octokit/request.js) from 8.2.0 to 8.4.1.
- [Release notes](https://github.com/octokit/request.js/releases)
- [Commits](https://github.com/octokit/request.js/compare/v8.2.0...v8.4.1)

---
updated-dependencies:
- dependency-name: "@octokit/request"
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* bump request lib

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: ejahnGithub <ejahngithub@github.com>
 2025-04-01 15:04:50 -04:00
Brian DeHamer
a63cfcc7d1 bump @actions/attest from 1.5.0 to 1.6.0 (#217) 
* bump @actions/attest from 1.5.0 to 1.6.0

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* pin superlinter to v7.2.1

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2025-02-26 10:41:20 -08:00
dependabot[bot]
516fe2247f Bump @octokit/plugin-paginate-rest from 9.1.5 to 9.2.2 (#215) 
* Bump @octokit/plugin-paginate-rest from 9.1.5 to 9.2.2

Bumps [@octokit/plugin-paginate-rest](https://github.com/octokit/plugin-paginate-rest.js) from 9.1.5 to 9.2.2.
- [Release notes](https://github.com/octokit/plugin-paginate-rest.js/releases)
- [Commits](https://github.com/octokit/plugin-paginate-rest.js/compare/v9.1.5...v9.2.2)

---
updated-dependencies:
- dependency-name: "@octokit/plugin-paginate-rest"
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* rebuild dist

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: Eugene <108841108+ejahnGithub@users.noreply.github.com>
 2025-02-26 10:14:40 -05:00
dependabot[bot]
90924a287f Bump the npm-development group with 6 updates (#216) 
* Bump the npm-development group with 6 updates

Bumps the npm-development group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.20.0` | `9.21.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `22.13.4` | `22.13.5` |
| [eslint](https://github.com/eslint/eslint) | `9.20.1` | `9.21.0` |
| [prettier](https://github.com/prettier/prettier) | `3.5.1` | `3.5.2` |
| [ts-jest](https://github.com/kulshekhar/ts-jest) | `29.2.5` | `29.2.6` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.24.1` | `8.25.0` |


Updates `@eslint/js` from 9.20.0 to 9.21.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.21.0/packages/js)

Updates `@types/node` from 22.13.4 to 22.13.5
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint` from 9.20.1 to 9.21.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.20.1...v9.21.0)

Updates `prettier` from 3.5.1 to 3.5.2
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.5.1...3.5.2)

Updates `ts-jest` from 29.2.5 to 29.2.6
- [Release notes](https://github.com/kulshekhar/ts-jest/releases)
- [Changelog](https://github.com/kulshekhar/ts-jest/blob/main/CHANGELOG.md)
- [Commits](https://github.com/kulshekhar/ts-jest/compare/v29.2.5...v29.2.6)

Updates `typescript-eslint` from 8.24.1 to 8.25.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.25.0/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: ts-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: typescript-eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>

* rebuild dist

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* fix typos

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian DeHamer <bdehamer@github.com>
 2025-02-25 11:49:37 -08:00
dependabot[bot]
ec6754115e Bump @octokit/request-error from 5.0.1 to 5.1.1 (#212) 
* Bump @octokit/request-error from 5.0.1 to 5.1.1

Bumps [@octokit/request-error](https://github.com/octokit/request-error.js) from 5.0.1 to 5.1.1.
- [Release notes](https://github.com/octokit/request-error.js/releases)
- [Commits](https://github.com/octokit/request-error.js/compare/v5.0.1...v5.1.1)

---
updated-dependencies:
- dependency-name: "@octokit/request-error"
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* update dist

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Eugene <108841108+ejahnGithub@users.noreply.github.com>
Co-authored-by: ejahnGithub <ejahngithub@github.com>
 2025-02-24 16:52:09 -05:00
Brian DeHamer
3ccffae6dc bump undici from 5.28.4 to 5.28.5 (#208) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2025-01-28 08:16:51 -08:00
Brian DeHamer
38bcf9b1c5 New subject-checksums input param (#198) 
* new subject-checksums input param

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* check for valid hex string for digest

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2025-01-21 10:32:02 -08:00
dependabot[bot]
d8029d4690 Bump the npm-development group with 6 updates (#186) 
* Bump the npm-development group with 6 updates

Bumps the npm-development group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.16.0` | `9.17.0` |
| [@sigstore/mock](https://github.com/sigstore/sigstore-js) | `0.8.0` | `0.9.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `22.9.4` | `22.10.2` |
| [eslint](https://github.com/eslint/eslint) | `9.16.0` | `9.17.0` |
| [prettier](https://github.com/prettier/prettier) | `3.3.3` | `3.4.2` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.18.0` | `8.18.1` |


Updates `@eslint/js` from 9.16.0 to 9.17.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.17.0/packages/js)

Updates `@sigstore/mock` from 0.8.0 to 0.9.0
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/@sigstore/mock@0.8.0...@sigstore/mock@0.9.0)

Updates `@types/node` from 22.9.4 to 22.10.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint` from 9.16.0 to 9.17.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.16.0...v9.17.0)

Updates `prettier` from 3.3.3 to 3.4.2
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.3.3...3.4.2)

Updates `typescript-eslint` from 8.18.0 to 8.18.1
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.18.1/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@sigstore/mock"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: prettier
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: typescript-eslint
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>

* rebuild dist

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian DeHamer <bdehamer@github.com>
 2024-12-23 12:10:15 -08:00
Brian DeHamer
bfa7e6911b Update eslint from 8.x to 9.x (#185) 
* remove eslint prettier plugins

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* eslint upgrade

Signed-off-by: Brian DeHamer <bdehamer@github.com>

* source fixup

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-12-13 15:25:52 -08:00
Brian DeHamer
94d0d43131 add attestation-id and attestation-url outputs (#181) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-12-09 09:56:33 -08:00
Brian DeHamer
65e34a8aa7 deduplicate subjects before adding to statement (#180) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-12-06 07:14:14 -08:00
dependabot[bot]
4cd38b497a Bump csv-parse from 5.5.6 to 5.6.0 (#175) 
* Bump csv-parse from 5.5.6 to 5.6.0

Bumps [csv-parse](https://github.com/adaltas/node-csv/tree/HEAD/packages/csv-parse) from 5.5.6 to 5.6.0.
- [Changelog](https://github.com/adaltas/node-csv/blob/master/packages/csv-parse/CHANGELOG.md)
- [Commits](https://github.com/adaltas/node-csv/commits/csv-parse@5.6.0/packages/csv-parse)

---
updated-dependencies:
- dependency-name: csv-parse
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* rebuild dist

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian DeHamer <bdehamer@github.com>
 2024-11-27 13:59:01 -08:00
dependabot[bot]
b14bf545fc Bump the npm-development group with 4 updates (#174) 
* Bump the npm-development group with 4 updates

Bumps the npm-development group with 4 updates: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node), [eslint-plugin-github](https://github.com/github/eslint-plugin-github), [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli) and [typescript](https://github.com/microsoft/TypeScript).


Updates `@types/node` from 22.9.0 to 22.9.4
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `eslint-plugin-github` from 5.0.2 to 5.1.2
- [Release notes](https://github.com/github/eslint-plugin-github/releases)
- [Commits](https://github.com/github/eslint-plugin-github/compare/v5.0.2...v5.1.2)

Updates `markdownlint-cli` from 0.42.0 to 0.43.0
- [Release notes](https://github.com/igorshubovych/markdownlint-cli/releases)
- [Commits](https://github.com/igorshubovych/markdownlint-cli/compare/v0.42.0...v0.43.0)

Updates `typescript` from 5.6.3 to 5.7.2
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.6.3...v5.7.2)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
- dependency-name: eslint-plugin-github
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: markdownlint-cli
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>

* rebuild dist

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian DeHamer <bdehamer@github.com>
 2024-11-27 13:58:08 -08:00
Brian DeHamer
a2d6fee37e readme updates for v2 release (#173) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-11-21 12:53:27 -08:00
Brian DeHamer
85e94cb741 support multi-subject attestations (#164) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-11-05 09:16:07 -08:00
Brian DeHamer
b485edd412 bump @sigstore/oci from 0.3.7 to 0.4.0 (#163) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-11-04 09:41:46 -08:00
Brian DeHamer
dd499c2535 bump @actions/attest from 1.4.1 to 1.5.0 (#162) 
Signed-off-by: Brian DeHamer <bdehamer@github.com>
 2024-11-01 12:08:32 -07:00
dependabot[bot]
a1e57e5e7d Bump the npm-development group with 2 updates (#149) 
* Bump the npm-development group with 2 updates

Bumps the npm-development group with 2 updates: [@sigstore/mock](https://github.com/sigstore/sigstore-js) and [typescript](https://github.com/microsoft/TypeScript).


Updates `@sigstore/mock` from 0.7.5 to 0.8.0
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/@sigstore/mock@0.7.5...@sigstore/mock@0.8.0)

Updates `typescript` from 5.6.2 to 5.6.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release.yml)
- [Commits](https://github.com/microsoft/TypeScript/compare/v5.6.2...v5.6.3)

---
updated-dependencies:
- dependency-name: "@sigstore/mock"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: typescript
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>

* rebuild dist

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: Eugene <108841108+ejahnGithub@users.noreply.github.com>
 2024-10-15 12:32:32 -07:00
dependabot[bot]
62269dcd0a Bump @actions/core from 1.10.1 to 1.11.1 (#147) 
* Bump @actions/core from 1.10.1 to 1.11.1

Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.10.1 to 1.11.1.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* rebuild dist

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian DeHamer <bdehamer@github.com>
 2024-10-08 17:39:38 -07:00
dependabot[bot]
ca4c0d7bd2 Bump the npm-development group with 2 updates (#138) 
* Bump the npm-development group with 2 updates

Bumps the npm-development group with 2 updates: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) and [@vercel/ncc](https://github.com/vercel/ncc).


Updates `@types/node` from 22.5.5 to 22.6.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@vercel/ncc` from 0.38.1 to 0.38.2
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](https://github.com/vercel/ncc/compare/0.38.1...0.38.2)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-development
- dependency-name: "@vercel/ncc"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-development
...

Signed-off-by: dependabot[bot] <support@github.com>

* rebuild dist

Signed-off-by: Brian DeHamer <bdehamer@github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Brian DeHamer <bdehamer@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Brian DeHamer <bdehamer@github.com>
 2024-09-25 14:30:55 -07:00