From 9b9d27dc4caed56deea1b4a952c1e0e7985a4e43 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 5 Nov 2025 10:45:32 +0000
Subject: [PATCH] build(deps): bump @sigstore/bundle from 3.1.0 to 4.0.0

Bumps [@sigstore/bundle](https://github.com/sigstore/sigstore-js) from 3.1.0 to 4.0.0.
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/@sigstore/bundle@3.1.0...@sigstore/bundle@4.0.0)

---
updated-dependencies:
- dependency-name: "@sigstore/bundle"
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package.json |  2 +-
 yarn.lock    | 18 +++++++++++++++++-
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/package.json b/package.json
index ac1badc..c66fe1b 100644
--- a/package.json
+++ b/package.json
@@ -56,7 +56,7 @@
     "@azure/storage-blob": "^12.15.0",
     "@octokit/core": "^5.2.2",
     "@octokit/plugin-rest-endpoint-methods": "^10.4.1",
-    "@sigstore/bundle": "^3.1.0",
+    "@sigstore/bundle": "^4.0.0",
     "@sigstore/sign": "^3.1.0",
     "async-retry": "^1.3.3",
     "csv-parse": "^6.1.0",
diff --git a/yarn.lock b/yarn.lock
index cde8745..4c70d01 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1132,7 +1132,7 @@ __metadata:
     "@azure/storage-blob": "npm:^12.15.0"
     "@octokit/core": "npm:^5.2.2"
     "@octokit/plugin-rest-endpoint-methods": "npm:^10.4.1"
-    "@sigstore/bundle": "npm:^3.1.0"
+    "@sigstore/bundle": "npm:^4.0.0"
     "@sigstore/rekor-types": "npm:^3.0.0"
     "@sigstore/sign": "npm:^3.1.0"
     "@types/gunzip-maybe": "npm:^1.4.2"
@@ -2064,6 +2064,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@sigstore/bundle@npm:^4.0.0":
+  version: 4.0.0
+  resolution: "@sigstore/bundle@npm:4.0.0"
+  dependencies:
+    "@sigstore/protobuf-specs": "npm:^0.5.0"
+  checksum: 10/09ef32284783cdcdcc7ecd16711f1d1be6b6fc6abe22bf7434071a6d3aa3512d15f68a4cc481513569a55a001c5bd112edfccbea7b3c16b5aa1557f73773f504
+  languageName: node
+  linkType: hard
+
 "@sigstore/core@npm:^2.0.0":
   version: 2.0.0
   resolution: "@sigstore/core@npm:2.0.0"
@@ -2078,6 +2087,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@sigstore/protobuf-specs@npm:^0.5.0":
+  version: 0.5.0
+  resolution: "@sigstore/protobuf-specs@npm:0.5.0"
+  checksum: 10/98e84c5df1b5828e96a4c3cd39aca1ab069de53f0eaf4d0844ee50a19a15bff5707663e78eead7c27745fea3c55a37edfe5569242a1c695a146459159c104450
+  languageName: node
+  linkType: hard
+
 "@sigstore/rekor-types@npm:^3.0.0":
   version: 3.0.0
   resolution: "@sigstore/rekor-types@npm:3.0.0"