From 85dfc7a57322e013ce8878272e789f35f9ee9d54 Mon Sep 17 00:00:00 2001 From: CrazyMax <1951866+crazy-max@users.noreply.github.com> Date: Wed, 5 Nov 2025 11:06:17 +0100 Subject: [PATCH] sigstore: remove @actions/attest dependency Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com> --- __tests__/sigstore/sigstore.test.itg.ts | 10 +- package.json | 2 - src/sigstore/sigstore.ts | 125 +++++---- src/types/sigstore/sigstore.ts | 56 ++++ yarn.lock | 351 +----------------------- 5 files changed, 127 insertions(+), 417 deletions(-) diff --git a/__tests__/sigstore/sigstore.test.itg.ts b/__tests__/sigstore/sigstore.test.itg.ts index f3ffa21..58baae6 100644 --- a/__tests__/sigstore/sigstore.test.itg.ts +++ b/__tests__/sigstore/sigstore.test.itg.ts @@ -44,11 +44,10 @@ maybe('signProvenanceBlobs', () => { const provenancePath = Object.keys(results)[0]; expect(provenancePath).toEqual(path.join(fixturesDir, 'sigstore', 'single', 'provenance.json')); expect(fs.existsSync(results[provenancePath].bundlePath)).toBe(true); - expect(results[provenancePath].bundle).toBeDefined(); + expect(results[provenancePath].payload).toBeDefined(); expect(results[provenancePath].certificate).toBeDefined(); expect(results[provenancePath].tlogID).toBeDefined(); - expect(results[provenancePath].attestationID).not.toBeDefined(); - console.log(provenancePath, JSON.stringify(results[provenancePath].bundle, null, 2)); + console.log(provenancePath, JSON.stringify(results[provenancePath].payload, null, 2)); }); it('multi-platform', async () => { const sigstore = new Sigstore(); @@ -59,11 +58,10 @@ maybe('signProvenanceBlobs', () => { for (const [provenancePath, res] of Object.entries(results)) { expect(provenancePath).toMatch(/linux_(amd64|arm64)\/provenance.json/); expect(fs.existsSync(res.bundlePath)).toBe(true); - expect(res.bundle).toBeDefined(); + expect(res.payload).toBeDefined(); expect(res.certificate).toBeDefined(); expect(res.tlogID).toBeDefined(); - expect(res.attestationID).not.toBeDefined(); - console.log(provenancePath, JSON.stringify(res.bundle, null, 2)); + console.log(provenancePath, JSON.stringify(res.payload, null, 2)); } }); }); diff --git a/package.json b/package.json index e5482f2..ac1badc 100644 --- a/package.json +++ b/package.json @@ -46,7 +46,6 @@ }, "dependencies": { "@actions/artifact": "^4.0.0", - "@actions/attest": "^2.0.0", "@actions/cache": "^4.1.0", "@actions/core": "^1.11.1", "@actions/exec": "^1.1.1", @@ -71,7 +70,6 @@ "tmp": "^0.2.5" }, "devDependencies": { - "@sigstore/mock": "^0.10.0", "@sigstore/rekor-types": "^3.0.0", "@types/gunzip-maybe": "^1.4.2", "@types/he": "^1.2.3", diff --git a/src/sigstore/sigstore.ts b/src/sigstore/sigstore.ts index c5dd540..fa1ce6e 100644 --- a/src/sigstore/sigstore.ts +++ b/src/sigstore/sigstore.ts @@ -18,12 +18,9 @@ import {X509Certificate} from 'crypto'; import fs from 'fs'; import path from 'path'; -import {Endpoints} from '@actions/attest/lib/endpoints'; import * as core from '@actions/core'; -import {signPayload} from '@actions/attest/lib/sign'; import {bundleFromJSON, bundleToJSON} from '@sigstore/bundle'; -import {Attestation} from '@actions/attest'; -import {Bundle} from '@sigstore/sign'; +import {Artifact, Bundle, CIContextProvider, DSSEBundleBuilder, FulcioSigner, RekorWitness, TSAWitness, Witness} from '@sigstore/sign'; import {Cosign} from '../cosign/cosign'; import {Exec} from '../exec'; @@ -31,47 +28,22 @@ import {GitHub} from '../github'; import {ImageTools} from '../buildx/imagetools'; import {MEDIATYPE_PAYLOAD as INTOTO_MEDIATYPE_PAYLOAD, Subject} from '../types/intoto/intoto'; -import {FULCIO_URL, REKOR_URL, SEARCH_URL, TSASERVER_URL} from '../types/sigstore/sigstore'; - -export interface SignAttestationManifestsOpts { - imageNames: Array; - imageDigest: string; - noTransparencyLog?: boolean; -} - -export interface SignAttestationManifestsResult extends Attestation { - imageName: string; -} - -export interface VerifySignedManifestsOpts { - certificateIdentityRegexp: string; - retries?: number; -} - -export interface VerifySignedManifestsResult { - cosignArgs: Array; - signatureManifestDigest: string; -} - -export interface SignProvenanceBlobsOpts { - localExportDir: string; - name?: string; - noTransparencyLog?: boolean; -} - -export interface SignProvenanceBlobsResult extends Attestation { - bundlePath: string; - subjects: Array; -} - -export interface VerifySignedArtifactsOpts { - certificateIdentityRegexp: string; -} - -export interface VerifySignedArtifactsResult { - bundlePath: string; - cosignArgs: Array; -} +import { + Endpoints, + FULCIO_URL, + ParsedBundle, + REKOR_URL, + SEARCH_URL, + SignAttestationManifestsOpts, + SignAttestationManifestsResult, + SignProvenanceBlobsOpts, + SignProvenanceBlobsResult, + TSASERVER_URL, + VerifySignedArtifactsOpts, + VerifySignedArtifactsResult, + VerifySignedManifestsOpts, + VerifySignedManifestsResult +} from '../types/sigstore/sigstore'; export interface SigstoreOpts { cosign?: Cosign; @@ -138,13 +110,13 @@ export class Sigstore { throw new Error(`Cosign sign command failed with exit code ${execRes.exitCode}`); } } - const attest = Sigstore.toAttestation(bundleFromJSON(signResult.bundle)); - if (attest.tlogID) { - core.info(`Uploaded to Rekor transparency log: ${SEARCH_URL}?logIndex=${attest.tlogID}`); + const parsedBundle = Sigstore.parseBundle(bundleFromJSON(signResult.bundle)); + if (parsedBundle.tlogID) { + core.info(`Uploaded to Rekor transparency log: ${SEARCH_URL}?logIndex=${parsedBundle.tlogID}`); } core.info(`Signature manifest pushed: https://oci.dag.dev/?referrers=${attestationRef}`); result[attestationRef] = { - ...attest, + ...parsedBundle, imageName: imageName }; }); @@ -242,28 +214,28 @@ export class Sigstore { core.warning(`No subjects found in provenance ${p}, skip signing.`); return; } - const bundle = await signPayload( + const bundle = await Sigstore.signPayload( { - body: blob, + data: blob, type: INTOTO_MEDIATYPE_PAYLOAD }, endpoints ); - const attest = Sigstore.toAttestation(bundle); + const parsedBundle = Sigstore.parseBundle(bundle); core.info(`Provenance blob signed for:`); for (const subject of subjects) { const [digestAlg, digestValue] = Object.entries(subject.digest)[0] || []; core.info(` - ${subject.name} (${digestAlg}:${digestValue})`); } - if (attest.tlogID) { - core.info(`Attestation signature uploaded to Rekor transparency log: ${SEARCH_URL}?logIndex=${attest.tlogID}`); + if (parsedBundle.tlogID) { + core.info(`Attestation signature uploaded to Rekor transparency log: ${SEARCH_URL}?logIndex=${parsedBundle.tlogID}`); } core.info(`Writing Sigstore bundle to: ${bundlePath}`); - fs.writeFileSync(bundlePath, JSON.stringify(attest.bundle, null, 2), { + fs.writeFileSync(bundlePath, JSON.stringify(parsedBundle.payload, null, 2), { encoding: 'utf-8' }); result[p] = { - ...attest, + ...parsedBundle, bundlePath: bundlePath, subjects: subjects }; @@ -359,8 +331,41 @@ export class Sigstore { })); } - // https://github.com/actions/toolkit/blob/d3ab50471b4ff1d1274dffb90ef9c5d9949b4886/packages/attest/src/attest.ts#L90 - private static toAttestation(bundle: Bundle): Attestation { + private static async signPayload(artifact: Artifact, endpoints: Endpoints, timeout?: number, retries?: number): Promise { + const witnesses: Witness[] = []; + + const signer = new FulcioSigner({ + identityProvider: new CIContextProvider('sigstore'), + fulcioBaseURL: endpoints.fulcioURL, + timeout: timeout, + retry: retries + }); + + if (endpoints.rekorURL) { + witnesses.push( + new RekorWitness({ + rekorBaseURL: endpoints.rekorURL, + fetchOnConflict: true, + timeout: timeout, + retry: retries + }) + ); + } + + if (endpoints.tsaServerURL) { + witnesses.push( + new TSAWitness({ + tsaBaseURL: endpoints.tsaServerURL, + timeout: timeout, + retry: retries + }) + ); + } + + return new DSSEBundleBuilder({signer, witnesses}).create(artifact); + } + + private static parseBundle(bundle: Bundle): ParsedBundle { let certBytes: Buffer; switch (bundle.verificationMaterial.content.$case) { case 'x509CertificateChain': @@ -375,12 +380,12 @@ export class Sigstore { const signingCert = new X509Certificate(certBytes); - // Collect transparency log ID if available + // collect transparency log ID if available const tlogEntries = bundle.verificationMaterial.tlogEntries; const tlogID = tlogEntries.length > 0 ? tlogEntries[0].logIndex : undefined; return { - bundle: bundleToJSON(bundle), + payload: bundleToJSON(bundle), certificate: signingCert.toString(), tlogID: tlogID }; diff --git a/src/types/sigstore/sigstore.ts b/src/types/sigstore/sigstore.ts index 3fe99a9..4a57dce 100644 --- a/src/types/sigstore/sigstore.ts +++ b/src/types/sigstore/sigstore.ts @@ -14,7 +14,63 @@ * limitations under the License. */ +import type {SerializedBundle} from '@sigstore/bundle'; + +import {Subject} from '../intoto/intoto'; + export const FULCIO_URL = 'https://fulcio.sigstore.dev'; export const REKOR_URL = 'https://rekor.sigstore.dev'; export const TSASERVER_URL = 'https://timestamp.sigstore.dev'; export const SEARCH_URL = 'https://search.sigstore.dev'; + +export interface Endpoints { + fulcioURL: string; + rekorURL?: string; + tsaServerURL?: string; +} + +export interface ParsedBundle { + payload: SerializedBundle; + certificate: string; + tlogID?: string; +} + +export interface SignAttestationManifestsOpts { + imageNames: Array; + imageDigest: string; + noTransparencyLog?: boolean; +} + +export interface SignAttestationManifestsResult extends ParsedBundle { + imageName: string; +} + +export interface VerifySignedManifestsOpts { + certificateIdentityRegexp: string; + retries?: number; +} + +export interface VerifySignedManifestsResult { + cosignArgs: Array; + signatureManifestDigest: string; +} + +export interface SignProvenanceBlobsOpts { + localExportDir: string; + name?: string; + noTransparencyLog?: boolean; +} + +export interface SignProvenanceBlobsResult extends ParsedBundle { + bundlePath: string; + subjects: Array; +} + +export interface VerifySignedArtifactsOpts { + certificateIdentityRegexp: string; +} + +export interface VerifySignedArtifactsResult { + bundlePath: string; + cosignArgs: Array; +} diff --git a/yarn.lock b/yarn.lock index ff20170..cde8745 100644 --- a/yarn.lock +++ b/yarn.lock @@ -34,21 +34,6 @@ __metadata: languageName: node linkType: hard -"@actions/attest@npm:^2.0.0": - version: 2.0.0 - resolution: "@actions/attest@npm:2.0.0" - dependencies: - "@actions/core": "npm:^1.11.1" - "@actions/github": "npm:^6.0.0" - "@actions/http-client": "npm:^2.2.3" - "@octokit/plugin-retry": "npm:^6.0.1" - "@sigstore/bundle": "npm:^3.1.0" - "@sigstore/sign": "npm:^3.1.0" - jose: "npm:^5.10.0" - checksum: 10/5bfcab46f2b6a9e7fe22f313e212e0fef8bea1f7a88e93d00c8ccecfaee51f4c74226732391a9f14c1875058955fc4a74ba76a54fb23b96e2c77392b538c0182 - languageName: node - linkType: hard - "@actions/cache@npm:^4.1.0": version: 4.1.0 resolution: "@actions/cache@npm:4.1.0" @@ -96,7 +81,7 @@ __metadata: languageName: node linkType: hard -"@actions/github@npm:^6.0.0, @actions/github@npm:^6.0.1": +"@actions/github@npm:^6.0.1": version: 6.0.1 resolution: "@actions/github@npm:6.0.1" dependencies: @@ -1137,7 +1122,6 @@ __metadata: resolution: "@docker/actions-toolkit@workspace:." dependencies: "@actions/artifact": "npm:^4.0.0" - "@actions/attest": "npm:^2.0.0" "@actions/cache": "npm:^4.1.0" "@actions/core": "npm:^1.11.1" "@actions/exec": "npm:^1.1.1" @@ -1149,7 +1133,6 @@ __metadata: "@octokit/core": "npm:^5.2.2" "@octokit/plugin-rest-endpoint-methods": "npm:^10.4.1" "@sigstore/bundle": "npm:^3.1.0" - "@sigstore/mock": "npm:^0.10.0" "@sigstore/rekor-types": "npm:^3.0.0" "@sigstore/sign": "npm:^3.1.0" "@types/gunzip-maybe": "npm:^1.4.2" @@ -1684,13 +1667,6 @@ __metadata: languageName: node linkType: hard -"@noble/hashes@npm:1.4.0": - version: 1.4.0 - resolution: "@noble/hashes@npm:1.4.0" - checksum: 10/e156e65794c473794c52fa9d06baf1eb20903d0d96719530f523cc4450f6c721a957c544796e6efd0197b2296e7cd70efeb312f861465e17940a3e3c7e0febc6 - languageName: node - linkType: hard - "@nodelib/fs.scandir@npm:2.1.5": version: 2.1.5 resolution: "@nodelib/fs.scandir@npm:2.1.5" @@ -1916,19 +1892,6 @@ __metadata: languageName: node linkType: hard -"@octokit/plugin-retry@npm:^6.0.1": - version: 6.1.0 - resolution: "@octokit/plugin-retry@npm:6.1.0" - dependencies: - "@octokit/request-error": "npm:^5.0.0" - "@octokit/types": "npm:^13.0.0" - bottleneck: "npm:^2.15.3" - peerDependencies: - "@octokit/core": 5 - checksum: 10/ae57d35864e647dc4b1308ad14cccb665134b54fa4e0f07e5fa504b7bc9f23f957913b135d55ef69038ba8c10a63ab1e4a83a5e8dcf13df4d3b727f446be7af1 - languageName: node - linkType: hard - "@octokit/request-error@npm:^5.0.0, @octokit/request-error@npm:^5.1.1": version: 5.1.1 resolution: "@octokit/request-error@npm:5.1.1" @@ -2004,173 +1967,6 @@ __metadata: languageName: node linkType: hard -"@peculiar/asn1-cms@npm:^2.5.0": - version: 2.5.0 - resolution: "@peculiar/asn1-cms@npm:2.5.0" - dependencies: - "@peculiar/asn1-schema": "npm:^2.5.0" - "@peculiar/asn1-x509": "npm:^2.5.0" - "@peculiar/asn1-x509-attr": "npm:^2.5.0" - asn1js: "npm:^3.0.6" - tslib: "npm:^2.8.1" - checksum: 10/cb2f2efb26d324fd3732fac5296b48e7bb6e7d960c5d4d3a0240d1e323f06df2d37ffd9f90f5197172ff36433b92e805bcda82df8e42b34c4cfc2aa8de059e0b - languageName: node - linkType: hard - -"@peculiar/asn1-csr@npm:^2.5.0": - version: 2.5.0 - resolution: "@peculiar/asn1-csr@npm:2.5.0" - dependencies: - "@peculiar/asn1-schema": "npm:^2.5.0" - "@peculiar/asn1-x509": "npm:^2.5.0" - asn1js: "npm:^3.0.6" - tslib: "npm:^2.8.1" - checksum: 10/a08a278443626ac29fdd0bbfd76022f24f6f42b1e29a012f3436c6a13de4cffa89dd1fc09ea0d35960ff51e8daa8901603b2cf285d595ae7d605b4d6bdb36abe - languageName: node - linkType: hard - -"@peculiar/asn1-ecc@npm:^2.5.0": - version: 2.5.0 - resolution: "@peculiar/asn1-ecc@npm:2.5.0" - dependencies: - "@peculiar/asn1-schema": "npm:^2.5.0" - "@peculiar/asn1-x509": "npm:^2.5.0" - asn1js: "npm:^3.0.6" - tslib: "npm:^2.8.1" - checksum: 10/0d530f2c4011a38e74e08b5cdf0a8604ed5104e0a5c0cd9aca6df4e0bb350da9eb86e12e90e6b7e1baedc9297c9fce6753d069a864c7ad43f4518b0f8e5e0fee - languageName: node - linkType: hard - -"@peculiar/asn1-pfx@npm:^2.5.0": - version: 2.5.0 - resolution: "@peculiar/asn1-pfx@npm:2.5.0" - dependencies: - "@peculiar/asn1-cms": "npm:^2.5.0" - "@peculiar/asn1-pkcs8": "npm:^2.5.0" - "@peculiar/asn1-rsa": "npm:^2.5.0" - "@peculiar/asn1-schema": "npm:^2.5.0" - asn1js: "npm:^3.0.6" - tslib: "npm:^2.8.1" - checksum: 10/c5414ad96b4e16fef6c80ebf98f072207513e5f78d0a33df1389515c6f3356a0246d50dda01f8e291064acef57a254c5ec23d7d302ae744e2813bd8b6a2d0841 - languageName: node - linkType: hard - -"@peculiar/asn1-pkcs8@npm:^2.5.0": - version: 2.5.0 - resolution: "@peculiar/asn1-pkcs8@npm:2.5.0" - dependencies: - "@peculiar/asn1-schema": "npm:^2.5.0" - "@peculiar/asn1-x509": "npm:^2.5.0" - asn1js: "npm:^3.0.6" - tslib: "npm:^2.8.1" - checksum: 10/66c9524629410d504779e8432788794dc75419a0d1e7c420345a8bcc5d0eb36d9832a07c234d464d20a572ad5dd912bc5d1cd56b2e2787c2ca6315c728498a4f - languageName: node - linkType: hard - -"@peculiar/asn1-pkcs9@npm:^2.5.0": - version: 2.5.0 - resolution: "@peculiar/asn1-pkcs9@npm:2.5.0" - dependencies: - "@peculiar/asn1-cms": "npm:^2.5.0" - "@peculiar/asn1-pfx": "npm:^2.5.0" - "@peculiar/asn1-pkcs8": "npm:^2.5.0" - "@peculiar/asn1-schema": "npm:^2.5.0" - "@peculiar/asn1-x509": "npm:^2.5.0" - "@peculiar/asn1-x509-attr": "npm:^2.5.0" - asn1js: "npm:^3.0.6" - tslib: "npm:^2.8.1" - checksum: 10/a597a1eaa20fe2eac0ef2e5bda67245b4ffceb8f2e1009007477add655c1fae0faedc68a816de2aa2d5f3b5ec1d597b19b839e1eb0ef42281785cdff1d7927ed - languageName: node - linkType: hard - -"@peculiar/asn1-rsa@npm:^2.5.0": - version: 2.5.0 - resolution: "@peculiar/asn1-rsa@npm:2.5.0" - dependencies: - "@peculiar/asn1-schema": "npm:^2.5.0" - "@peculiar/asn1-x509": "npm:^2.5.0" - asn1js: "npm:^3.0.6" - tslib: "npm:^2.8.1" - checksum: 10/5a5db66832dadfee08df1c12a214ac82ec52a0f1bdd707fe4802d3204064671beb5c8fd748c299aad457190a73b0fd86aef9e1eb0f4778ce13957533b074c2a5 - languageName: node - linkType: hard - -"@peculiar/asn1-schema@npm:^2.3.13, @peculiar/asn1-schema@npm:^2.3.8, @peculiar/asn1-schema@npm:^2.5.0": - version: 2.5.0 - resolution: "@peculiar/asn1-schema@npm:2.5.0" - dependencies: - asn1js: "npm:^3.0.6" - pvtsutils: "npm:^1.3.6" - tslib: "npm:^2.8.1" - checksum: 10/6256d0ecd30a091df95dcecbd1c8fb4d0da355c84bf4306f1a2232d318d2fe6f398333f72e1f05c44eedfe9be807900ac87eeebda3276fbca5a0505d5435ce7a - languageName: node - linkType: hard - -"@peculiar/asn1-x509-attr@npm:^2.5.0": - version: 2.5.0 - resolution: "@peculiar/asn1-x509-attr@npm:2.5.0" - dependencies: - "@peculiar/asn1-schema": "npm:^2.5.0" - "@peculiar/asn1-x509": "npm:^2.5.0" - asn1js: "npm:^3.0.6" - tslib: "npm:^2.8.1" - checksum: 10/f802d2a97cec844d833cd1e74030260aaeab937f0a787994ccfe86a66bece1a21fd69b0a4bab89ba92586569d9e764e939ad5b09e2c70af03102af707de155f4 - languageName: node - linkType: hard - -"@peculiar/asn1-x509@npm:^2.5.0": - version: 2.5.0 - resolution: "@peculiar/asn1-x509@npm:2.5.0" - dependencies: - "@peculiar/asn1-schema": "npm:^2.5.0" - asn1js: "npm:^3.0.6" - pvtsutils: "npm:^1.3.6" - tslib: "npm:^2.8.1" - checksum: 10/d9bcaec630ef2e378395b16cd30de5e8c0dba4ffbdd394d69a7cbc712693f9d87f6005194fa8dd32199f9b600f6b1a6d7ba1c7f4b6948a3ba8551c1daf95b4ea - languageName: node - linkType: hard - -"@peculiar/json-schema@npm:^1.1.12": - version: 1.1.12 - resolution: "@peculiar/json-schema@npm:1.1.12" - dependencies: - tslib: "npm:^2.0.0" - checksum: 10/dfec178afe63a02b6d45da8a18e51ef417e9f5412a8c2809c9a07b29b9376fadee1b4f2ea2d92d4e5a7b8eba76d9e99afbef6d7e9a27bd85257f69c4da228cbc - languageName: node - linkType: hard - -"@peculiar/webcrypto@npm:^1.5.0": - version: 1.5.0 - resolution: "@peculiar/webcrypto@npm:1.5.0" - dependencies: - "@peculiar/asn1-schema": "npm:^2.3.8" - "@peculiar/json-schema": "npm:^1.1.12" - pvtsutils: "npm:^1.3.5" - tslib: "npm:^2.6.2" - webcrypto-core: "npm:^1.8.0" - checksum: 10/a6658390c37b1d386f46066e796985eb56f6f86a772e1373c364ec9a8257adf8623f156596613d2828b489e2b5f32f9d2b0820289b4981646001cba7d21ae2f6 - languageName: node - linkType: hard - -"@peculiar/x509@npm:^1.12.3": - version: 1.14.0 - resolution: "@peculiar/x509@npm:1.14.0" - dependencies: - "@peculiar/asn1-cms": "npm:^2.5.0" - "@peculiar/asn1-csr": "npm:^2.5.0" - "@peculiar/asn1-ecc": "npm:^2.5.0" - "@peculiar/asn1-pkcs9": "npm:^2.5.0" - "@peculiar/asn1-rsa": "npm:^2.5.0" - "@peculiar/asn1-schema": "npm:^2.5.0" - "@peculiar/asn1-x509": "npm:^2.5.0" - pvtsutils: "npm:^1.3.6" - reflect-metadata: "npm:^0.2.2" - tslib: "npm:^2.8.1" - tsyringe: "npm:^4.10.0" - checksum: 10/c167a31cd66b1bda9ff0d0de225cf7b94ca50fa4186d6d8d02adfbe3035d9bf7df23ec38ff672f3c0ef890fd353f725f48d587f12ca6cd20c7edb10d7a67e280 - languageName: node - linkType: hard - "@pkgjs/parseargs@npm:^0.11.0": version: 0.11.0 resolution: "@pkgjs/parseargs@npm:0.11.0" @@ -2275,24 +2071,6 @@ __metadata: languageName: node linkType: hard -"@sigstore/mock@npm:^0.10.0": - version: 0.10.0 - resolution: "@sigstore/mock@npm:0.10.0" - dependencies: - "@peculiar/webcrypto": "npm:^1.5.0" - "@peculiar/x509": "npm:^1.12.3" - "@sigstore/protobuf-specs": "npm:^0.4.0" - asn1js: "npm:^3.0.5" - bytestreamjs: "npm:^2.0.1" - canonicalize: "npm:^2.0.0" - jose: "npm:^5.9.6" - nock: "npm:^13.5.5" - pkijs: "npm:^3.2.4" - pvutils: "npm:^1.1.3" - checksum: 10/f0fd63e2c879a94af1f3331f61d11589c3026a5215882721a36d70d7b4a935fc47afa5e971e8948cf845cb4b01c8ea62d2031334351deb5b8415a09e95b7aaab - languageName: node - linkType: hard - "@sigstore/protobuf-specs@npm:^0.4.0": version: 0.4.3 resolution: "@sigstore/protobuf-specs@npm:0.4.3" @@ -3148,17 +2926,6 @@ __metadata: languageName: node linkType: hard -"asn1js@npm:^3.0.5, asn1js@npm:^3.0.6": - version: 3.0.6 - resolution: "asn1js@npm:3.0.6" - dependencies: - pvtsutils: "npm:^1.3.6" - pvutils: "npm:^1.1.3" - tslib: "npm:^2.8.1" - checksum: 10/2b283dd87662b3276ccc3e68db041c1062f629d9454b24fc2c141ad07c400ae50e02ee78f8c8a67043aa7d430e949d4616b8921178243932167bc2c9e861b972 - languageName: node - linkType: hard - "async-function@npm:^1.0.0": version: 1.0.0 resolution: "async-function@npm:1.0.0" @@ -3448,13 +3215,6 @@ __metadata: languageName: node linkType: hard -"bytestreamjs@npm:^2.0.1": - version: 2.0.1 - resolution: "bytestreamjs@npm:2.0.1" - checksum: 10/523b1024e3f887cdc0b3db7c4fc14b8563aaeb75e6642a41991b3208277fd0ae9cd66003c73473fe706c42797bf0c3f1f498fb9880b431d75b332e5709d56a0c - languageName: node - linkType: hard - "cacache@npm:^16.1.0": version: 16.1.3 resolution: "cacache@npm:16.1.3" @@ -3591,15 +3351,6 @@ __metadata: languageName: node linkType: hard -"canonicalize@npm:^2.0.0": - version: 2.1.0 - resolution: "canonicalize@npm:2.1.0" - bin: - canonicalize: bin/canonicalize.js - checksum: 10/6ab9b9c2b84e6a210e1d55f9f1194d69c1b955512f38cc53b0529c654807f469e21b5099750c76e2b8464650d829c01234c923526450fac263a1d89cf2bb61df - languageName: node - linkType: hard - "chainsaw@npm:~0.1.0": version: 0.1.0 resolution: "chainsaw@npm:0.1.0" @@ -6938,13 +6689,6 @@ __metadata: languageName: node linkType: hard -"jose@npm:^5.10.0, jose@npm:^5.9.6": - version: 5.10.0 - resolution: "jose@npm:5.10.0" - checksum: 10/03881d1dfb390dcf50926402edcfe233bf557b5a77321fcb1bdb53453bc1cdd26d2d0a9ab28c7445cbb826881f84fdf5074179700f10c2711ccb9880f51065d7 - languageName: node - linkType: hard - "js-tokens@npm:^4.0.0": version: 4.0.0 resolution: "js-tokens@npm:4.0.0" @@ -7012,13 +6756,6 @@ __metadata: languageName: node linkType: hard -"json-stringify-safe@npm:^5.0.1": - version: 5.0.1 - resolution: "json-stringify-safe@npm:5.0.1" - checksum: 10/59169a081e4eeb6f9559ae1f938f656191c000e0512aa6df9f3c8b2437a4ab1823819c6b9fd1818a4e39593ccfd72e9a051fdd3e2d1e340ed913679e888ded8c - languageName: node - linkType: hard - "json5@npm:^1.0.2": version: 1.0.2 resolution: "json5@npm:1.0.2" @@ -7571,17 +7308,6 @@ __metadata: languageName: node linkType: hard -"nock@npm:^13.5.5": - version: 13.5.6 - resolution: "nock@npm:13.5.6" - dependencies: - debug: "npm:^4.1.0" - json-stringify-safe: "npm:^5.0.1" - propagate: "npm:^2.0.0" - checksum: 10/a57c265b75e5f7767e2f8baf058773cdbf357c31c5fea2761386ec03a008a657f9df921899fe2a9502773b47145b708863b32345aef529b3c45cba4019120f88 - languageName: node - linkType: hard - "node-fetch@npm:^2.6.7": version: 2.6.7 resolution: "node-fetch@npm:2.6.7" @@ -8027,20 +7753,6 @@ __metadata: languageName: node linkType: hard -"pkijs@npm:^3.2.4": - version: 3.3.2 - resolution: "pkijs@npm:3.3.2" - dependencies: - "@noble/hashes": "npm:1.4.0" - asn1js: "npm:^3.0.6" - bytestreamjs: "npm:^2.0.1" - pvtsutils: "npm:^1.3.6" - pvutils: "npm:^1.1.3" - tslib: "npm:^2.8.1" - checksum: 10/aefd2504a7f0d9114c7efeaab1391f492498fc5b8acf49bd06257617915b80344328b143bb6cb25be180c3eee39e32964722e43a2ced48742dd418e7fb7bbd7a - languageName: node - linkType: hard - "possible-typed-array-names@npm:^1.0.0": version: 1.0.0 resolution: "possible-typed-array-names@npm:1.0.0" @@ -8132,13 +7844,6 @@ __metadata: languageName: node linkType: hard -"propagate@npm:^2.0.0": - version: 2.0.1 - resolution: "propagate@npm:2.0.1" - checksum: 10/8c761c16e8232f82f6d015d3e01e8bd4109f47ad804f904d950f6fe319813b448ca112246b6bfdc182b400424b155b0b7c4525a9bb009e6fa950200157569c14 - languageName: node - linkType: hard - "psl@npm:^1.1.28": version: 1.9.0 resolution: "psl@npm:1.9.0" @@ -8188,22 +7893,6 @@ __metadata: languageName: node linkType: hard -"pvtsutils@npm:^1.3.5, pvtsutils@npm:^1.3.6": - version: 1.3.6 - resolution: "pvtsutils@npm:1.3.6" - dependencies: - tslib: "npm:^2.8.1" - checksum: 10/d45b12f8526e13ecf15fe09b30cde65501f3300fd2a07c11b28a966d434d1f767c8a61597ecba2e19c7eb19ca0c740341a6babc67a4f741e08b1ef1095c71663 - languageName: node - linkType: hard - -"pvutils@npm:^1.1.3": - version: 1.1.5 - resolution: "pvutils@npm:1.1.5" - checksum: 10/9a5a71603c72bf9ea3a4501e8251e3f7a56026ed059bf63a18bd9a30cac6c35cc8250b39eb6291c1cb204cdeb6660663ab9bb2c74e85a512919bb2d614e340ea - languageName: node - linkType: hard - "queue-microtask@npm:^1.2.2": version: 1.2.3 resolution: "queue-microtask@npm:1.2.3" @@ -8273,13 +7962,6 @@ __metadata: languageName: node linkType: hard -"reflect-metadata@npm:^0.2.2": - version: 0.2.2 - resolution: "reflect-metadata@npm:0.2.2" - checksum: 10/1c93f9ac790fea1c852fde80c91b2760420069f4862f28e6fae0c00c6937a56508716b0ed2419ab02869dd488d123c4ab92d062ae84e8739ea7417fae10c4745 - languageName: node - linkType: hard - "reflect.getprototypeof@npm:^1.0.6, reflect.getprototypeof@npm:^1.0.9": version: 1.0.10 resolution: "reflect.getprototypeof@npm:1.0.10" @@ -9419,20 +9101,13 @@ __metadata: languageName: node linkType: hard -"tslib@npm:^1.10.0, tslib@npm:^1.9.3": +"tslib@npm:^1.10.0": version: 1.14.1 resolution: "tslib@npm:1.14.1" checksum: 10/7dbf34e6f55c6492637adb81b555af5e3b4f9cc6b998fb440dac82d3b42bdc91560a35a5fb75e20e24a076c651438234da6743d139e4feabf0783f3cdfe1dddb languageName: node linkType: hard -"tslib@npm:^2.0.0, tslib@npm:^2.6.2, tslib@npm:^2.7.0, tslib@npm:^2.8.1": - version: 2.8.1 - resolution: "tslib@npm:2.8.1" - checksum: 10/3e2e043d5c2316461cb54e5c7fe02c30ef6dccb3384717ca22ae5c6b5bc95232a6241df19c622d9c73b809bea33b187f6dbc73030963e29950c2141bc32a79f7 - languageName: node - linkType: hard - "tslib@npm:^2.2.0": version: 2.6.0 resolution: "tslib@npm:2.6.0" @@ -9440,15 +9115,6 @@ __metadata: languageName: node linkType: hard -"tsyringe@npm:^4.10.0": - version: 4.10.0 - resolution: "tsyringe@npm:4.10.0" - dependencies: - tslib: "npm:^1.9.3" - checksum: 10/b42660dc112cee2db02b3d69f2ef6a6a9d185afd96b18d8f88e47c1e62be94b69a9f5a58fcfdb2a3fbb7c6c175b8162ea00f7db6499bf333ce945e570e31615c - languageName: node - linkType: hard - "tunnel@npm:0.0.6, tunnel@npm:^0.0.6": version: 0.0.6 resolution: "tunnel@npm:0.0.6" @@ -9853,19 +9519,6 @@ __metadata: languageName: node linkType: hard -"webcrypto-core@npm:^1.8.0": - version: 1.8.1 - resolution: "webcrypto-core@npm:1.8.1" - dependencies: - "@peculiar/asn1-schema": "npm:^2.3.13" - "@peculiar/json-schema": "npm:^1.1.12" - asn1js: "npm:^3.0.5" - pvtsutils: "npm:^1.3.5" - tslib: "npm:^2.7.0" - checksum: 10/1a03144cb0b34433da0ebff79b1f8b81a17e4edee32614ae310af2b92e97cec24fcf82319a457798fa2c2259808d9cdaecda186655e4ec2616adf8669ffa505c - languageName: node - linkType: hard - "webidl-conversions@npm:^3.0.0": version: 3.0.1 resolution: "webidl-conversions@npm:3.0.1"