build(deps): bump @sigstore/sign from 4.1.0 to 4.1.1

Bumps [@sigstore/sign](https://github.com/sigstore/sigstore-js) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/sigstore/sigstore-js/releases) - [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@4.1.0...@sigstore/sign@4.1.1) --- updated-dependencies: - dependency-name: "@sigstore/sign" dependency-version: 4.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
2026-03-19 09:01:22 +00:00
parent afcc1c08a8
commit af784a2022
2 changed files with 51 additions and 10 deletions
--- a/package.json
+++ b/package.json
@@ -51,7 +51,7 @@
    "@actions/io": "^3.0.2",
    "@actions/tool-cache": "^4.0.0",
    "@sigstore/bundle": "^4.0.0",
-    "@sigstore/sign": "^4.1.0",
+    "@sigstore/sign": "^4.1.1",
    "@sigstore/tuf": "^4.0.2",
    "@sigstore/verify": "^3.1.0",
    "async-retry": "^1.3.3",
--- a/yarn.lock
+++ b/yarn.lock
@@ -380,7 +380,7 @@ __metadata:
    "@actions/tool-cache": "npm:^4.0.0"
    "@eslint/js": "npm:^9.39.3"
    "@sigstore/bundle": "npm:^4.0.0"
-    "@sigstore/sign": "npm:^4.1.0"
+    "@sigstore/sign": "npm:^4.1.1"
    "@sigstore/tuf": "npm:^4.0.2"
    "@sigstore/verify": "npm:^3.1.0"
    "@types/gunzip-maybe": "npm:^1.4.3"
@@ -696,6 +696,13 @@ __metadata:
  languageName: node
  linkType: hard

+"@gar/promise-retry@npm:^1.0.0, @gar/promise-retry@npm:^1.0.2":
+  version: 1.0.3
+  resolution: "@gar/promise-retry@npm:1.0.3"
+  checksum: 10/0d13ea3bb1025755e055648f6e290d2a7e0c87affaf552218f09f66b3fcd9ea9d5c9cc5fe2aa6e285e1530437768e40f9448fe9a86f4f3417b216dcf488d3d1a
+  languageName: node
+  linkType: hard
+
 "@gar/promisify@npm:^1.1.3":
  version: 1.1.3
  resolution: "@gar/promisify@npm:1.1.3"
@@ -837,6 +844,13 @@ __metadata:
  languageName: node
  linkType: hard

+"@npmcli/redact@npm:^4.0.0":
+  version: 4.0.0
+  resolution: "@npmcli/redact@npm:4.0.0"
+  checksum: 10/5d52df2b5267f4369c97a2b2f7c427e3d7aa4b6a83e7a1b522e196f6e9d50024c620bd0cb2052067c74d1aaa0c330d9bc04e1d335bfb46180e705bb33423e74c
+  languageName: node
+  linkType: hard
+
 "@octokit/auth-token@npm:^6.0.0":
  version: 6.0.0
  resolution: "@octokit/auth-token@npm:6.0.0"
@@ -1234,6 +1248,13 @@ __metadata:
  languageName: node
  linkType: hard

+"@sigstore/core@npm:^3.2.0":
+  version: 3.2.0
+  resolution: "@sigstore/core@npm:3.2.0"
+  checksum: 10/2425d20297d57a5f5a62f0e6c2f4280818015ea00b3defebdac63f13c7d01db988602c316c16e374ba091c3649dd9a22ae8c9ba3ac165f736b0503164c5da5f5
+  languageName: node
+  linkType: hard
+
 "@sigstore/protobuf-specs@npm:^0.5.0":
  version: 0.5.0
  resolution: "@sigstore/protobuf-specs@npm:0.5.0"
@@ -1241,17 +1262,17 @@ __metadata:
  languageName: node
  linkType: hard

-"@sigstore/sign@npm:^4.1.0":
-  version: 4.1.0
-  resolution: "@sigstore/sign@npm:4.1.0"
+"@sigstore/sign@npm:^4.1.1":
+  version: 4.1.1
+  resolution: "@sigstore/sign@npm:4.1.1"
  dependencies:
+    "@gar/promise-retry": "npm:^1.0.2"
    "@sigstore/bundle": "npm:^4.0.0"
-    "@sigstore/core": "npm:^3.1.0"
+    "@sigstore/core": "npm:^3.2.0"
    "@sigstore/protobuf-specs": "npm:^0.5.0"
-    make-fetch-happen: "npm:^15.0.3"
+    make-fetch-happen: "npm:^15.0.4"
    proc-log: "npm:^6.1.0"
-    promise-retry: "npm:^2.0.1"
-  checksum: 10/e5441d4cacf0f203f329e96bb7a3ca77682cfdf90d6448ad368344056fd8d55c01742e2b636545d55364490a87988f767f2b23168b2d9cc52ef3d8fe9e9496aa
+  checksum: 10/c9424813ed83ae26111dd3a190dbfd776901cfc245ebb9aa68e133a7ffcbf8fc053f01d999a451e44805a291921ba4d2dfe80e3fd41b20cd5becd26aae5f5e7c
  languageName: node
  linkType: hard

@@ -3460,7 +3481,7 @@ __metadata:
  languageName: node
  linkType: hard

-"make-fetch-happen@npm:^15.0.1, make-fetch-happen@npm:^15.0.3":
+"make-fetch-happen@npm:^15.0.1":
  version: 15.0.3
  resolution: "make-fetch-happen@npm:15.0.3"
  dependencies:
@@ -3479,6 +3500,26 @@ __metadata:
  languageName: node
  linkType: hard

+"make-fetch-happen@npm:^15.0.4":
+  version: 15.0.5
+  resolution: "make-fetch-happen@npm:15.0.5"
+  dependencies:
+    "@gar/promise-retry": "npm:^1.0.0"
+    "@npmcli/agent": "npm:^4.0.0"
+    "@npmcli/redact": "npm:^4.0.0"
+    cacache: "npm:^20.0.1"
+    http-cache-semantics: "npm:^4.1.1"
+    minipass: "npm:^7.0.2"
+    minipass-fetch: "npm:^5.0.0"
+    minipass-flush: "npm:^1.0.5"
+    minipass-pipeline: "npm:^1.2.4"
+    negotiator: "npm:^1.0.0"
+    proc-log: "npm:^6.0.0"
+    ssri: "npm:^13.0.0"
+  checksum: 10/d2649effb06c00cb2b266057cb1c8c1e99cfc8d1378e7d9c26cc8f00be41bc63d59b77a5576ed28f8105acc57fb16220b64217f8d3a6a066a594c004aa163afa
+  languageName: node
+  linkType: hard
+
 "minimatch@npm:^10.0.3":
  version: 10.0.3
  resolution: "minimatch@npm:10.0.3"