From 95b5a010811a6f5843f1a899f0615c1a8d07428c Mon Sep 17 00:00:00 2001 From: Brian DeHamer Date: Fri, 25 Apr 2025 14:00:45 -0700 Subject: [PATCH 1/3] bump @sigstore/oci from 0.4.0 to 0.5.0 Signed-off-by: Brian DeHamer --- dist/index.js | 4 +++- package-lock.json | 18 +++++++++--------- package.json | 2 +- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/dist/index.js b/dist/index.js index c668e309..07452a49 100644 --- a/dist/index.js +++ b/dist/index.js @@ -12934,7 +12934,7 @@ const getRegistryCredentials = (imageName) => { const { username, password } = (0, exports.fromBasicAuth)(creds.auth); // If the identitytoken is present, use it as the password (primarily for ACR) const pass = creds.identitytoken ? creds.identitytoken : password; - return { username, password: pass }; + return { headers: dockerConfig.HttpHeaders, username, password: pass }; }; exports.getRegistryCredentials = getRegistryCredentials; // Encode the username and password as base64-encoded basicauth value @@ -13422,6 +13422,8 @@ class RegistryClient { // authenticate requests. // https://github.com/google/go-containerregistry/blob/main/pkg/authn/README.md#the-registry async signIn(creds) { + // Ensure we include an auth headers if they are present + __classPrivateFieldSet(this, _RegistryClient_fetch, __classPrivateFieldGet(this, _RegistryClient_fetch, "f").defaults({ headers: creds.headers }), "f"); // Initiate a blob upload to get the auth challenge const probeResponse = await __classPrivateFieldGet(this, _RegistryClient_fetch, "f").call(this, `${__classPrivateFieldGet(this, _RegistryClient_baseURL, "f")}/v2/${__classPrivateFieldGet(this, _RegistryClient_repository, "f")}/blobs/uploads/`, { method: 'POST' }); // If we get a 200 response, we're already authenticated diff --git a/package-lock.json b/package-lock.json index 72599f48..c6281f3e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -13,7 +13,7 @@ "@actions/core": "^1.11.1", "@actions/github": "^6.0.0", "@actions/glob": "^0.5.0", - "@sigstore/oci": "^0.4.0", + "@sigstore/oci": "^0.5.0", "csv-parse": "^5.6.0" }, "devDependencies": { @@ -1925,12 +1925,12 @@ } }, "node_modules/@sigstore/oci": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/@sigstore/oci/-/oci-0.4.0.tgz", - "integrity": "sha512-2FWRiyWZEyJshGYRC4c2wQGrjmiLIIw2E+Wbr0ZDA8LqzDxHT/VLcQxE0zfzLuFk6z21EEPx9awVAOoY9ucL4g==", + "version": "0.5.0", + "resolved": "https://registry.npmjs.org/@sigstore/oci/-/oci-0.5.0.tgz", + "integrity": "sha512-9XiytDafq/vYh1ZPzcXvN2A3f2VMcmfu/RDohgueUNqJVZXDJ9OkY3lb/+INTo6g9ZCp5uYyJBmW2eYFVllUgQ==", "license": "Apache-2.0", "dependencies": { - "make-fetch-happen": "^14.0.1", + "make-fetch-happen": "^14.0.2", "proc-log": "^5.0.0" }, "engines": { @@ -10223,11 +10223,11 @@ } }, "@sigstore/oci": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/@sigstore/oci/-/oci-0.4.0.tgz", - "integrity": "sha512-2FWRiyWZEyJshGYRC4c2wQGrjmiLIIw2E+Wbr0ZDA8LqzDxHT/VLcQxE0zfzLuFk6z21EEPx9awVAOoY9ucL4g==", + "version": "0.5.0", + "resolved": "https://registry.npmjs.org/@sigstore/oci/-/oci-0.5.0.tgz", + "integrity": "sha512-9XiytDafq/vYh1ZPzcXvN2A3f2VMcmfu/RDohgueUNqJVZXDJ9OkY3lb/+INTo6g9ZCp5uYyJBmW2eYFVllUgQ==", "requires": { - "make-fetch-happen": "^14.0.1", + "make-fetch-happen": "^14.0.2", "proc-log": "^5.0.0" } }, diff --git a/package.json b/package.json index d07d6b64..5ec7604e 100644 --- a/package.json +++ b/package.json @@ -73,7 +73,7 @@ "@actions/core": "^1.11.1", "@actions/github": "^6.0.0", "@actions/glob": "^0.5.0", - "@sigstore/oci": "^0.4.0", + "@sigstore/oci": "^0.5.0", "csv-parse": "^5.6.0" }, "devDependencies": { From 7b06f8b83b4268b651d6fab10eebd1a118a2ee06 Mon Sep 17 00:00:00 2001 From: Brian DeHamer Date: Fri, 25 Apr 2025 14:01:18 -0700 Subject: [PATCH 2/3] bump package version to 2.3.0 Signed-off-by: Brian DeHamer --- package-lock.json | 4 ++-- package.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index c6281f3e..8137be2c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "actions/attest", - "version": "2.2.1", + "version": "2.3.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "actions/attest", - "version": "2.2.1", + "version": "2.3.0", "license": "MIT", "dependencies": { "@actions/attest": "^1.6.0", diff --git a/package.json b/package.json index 5ec7604e..6d166019 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "actions/attest", "description": "Generate signed attestations for workflow artifacts", - "version": "2.2.1", + "version": "2.3.0", "author": "", "private": true, "homepage": "https://github.com/actions/attest", From 7370b7a57b3fc8f3012d2d131a13c03f4df5b8d9 Mon Sep 17 00:00:00 2001 From: Brian DeHamer Date: Fri, 25 Apr 2025 14:02:34 -0700 Subject: [PATCH 3/3] update @babel/helpers from 7.22.13 to 7.27.0 Signed-off-by: Brian DeHamer --- package-lock.json | 354 +++++++++------------------------------------- 1 file changed, 70 insertions(+), 284 deletions(-) diff --git a/package-lock.json b/package-lock.json index 8137be2c..ba0d449d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -128,81 +128,20 @@ } }, "node_modules/@babel/code-frame": { - "version": "7.22.13", + "version": "7.26.2", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.26.2.tgz", + "integrity": "sha512-RJlIHRueQgwWitWgF8OdFYGZX328Ax5BCemNGlqHfplnRT9ESi8JkFlvaVYbS+UubVY6dpv87Fs2u5M29iNFVQ==", "dev": true, "license": "MIT", "dependencies": { - "@babel/highlight": "^7.22.13", - "chalk": "^2.4.2" + "@babel/helper-validator-identifier": "^7.25.9", + "js-tokens": "^4.0.0", + "picocolors": "^1.0.0" }, "engines": { "node": ">=6.9.0" } }, - "node_modules/@babel/code-frame/node_modules/ansi-styles": { - "version": "3.2.1", - "dev": true, - "license": "MIT", - "dependencies": { - "color-convert": "^1.9.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/@babel/code-frame/node_modules/chalk": { - "version": "2.4.2", - "dev": true, - "license": "MIT", - "dependencies": { - "ansi-styles": "^3.2.1", - "escape-string-regexp": "^1.0.5", - "supports-color": "^5.3.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/@babel/code-frame/node_modules/color-convert": { - "version": "1.9.3", - "dev": true, - "license": "MIT", - "dependencies": { - "color-name": "1.1.3" - } - }, - "node_modules/@babel/code-frame/node_modules/color-name": { - "version": "1.1.3", - "dev": true, - "license": "MIT" - }, - "node_modules/@babel/code-frame/node_modules/escape-string-regexp": { - "version": "1.0.5", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=0.8.0" - } - }, - "node_modules/@babel/code-frame/node_modules/has-flag": { - "version": "3.0.0", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=4" - } - }, - "node_modules/@babel/code-frame/node_modules/supports-color": { - "version": "5.5.0", - "dev": true, - "license": "MIT", - "dependencies": { - "has-flag": "^3.0.0" - }, - "engines": { - "node": ">=4" - } - }, "node_modules/@babel/compat-data": { "version": "7.22.9", "dev": true, @@ -381,7 +320,9 @@ } }, "node_modules/@babel/helper-string-parser": { - "version": "7.22.5", + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.25.9.tgz", + "integrity": "sha512-4A/SCr/2KLd5jrtOMFzaKjVtAei3+2r/NChoBNoZ3EyP/+GlhoaEGoWOZUmFmoITP7zOJyHIMm+DYRd8o3PvHA==", "dev": true, "license": "MIT", "engines": { @@ -389,7 +330,9 @@ } }, "node_modules/@babel/helper-validator-identifier": { - "version": "7.22.20", + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.25.9.tgz", + "integrity": "sha512-Ed61U6XJc3CVRfkERJWDz4dJwKe7iLmmJsbOGu9wSloNSFttHV0I8g6UAgb7qnK5ly5bGLPd4oXZlxCdANBOWQ==", "dev": true, "license": "MIT", "engines": { @@ -405,99 +348,28 @@ } }, "node_modules/@babel/helpers": { - "version": "7.22.11", - "dev": true, - "license": "MIT", - "dependencies": { - "@babel/template": "^7.22.5", - "@babel/traverse": "^7.22.11", - "@babel/types": "^7.22.11" - }, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/highlight": { - "version": "7.22.13", + "version": "7.27.0", + "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.27.0.tgz", + "integrity": "sha512-U5eyP/CTFPuNE3qk+WZMxFkp/4zUzdceQlfzf7DdGdhp+Fezd7HD+i8Y24ZuTMKX3wQBld449jijbGq6OdGNQg==", "dev": true, "license": "MIT", "dependencies": { - "@babel/helper-validator-identifier": "^7.22.5", - "chalk": "^2.4.2", - "js-tokens": "^4.0.0" + "@babel/template": "^7.27.0", + "@babel/types": "^7.27.0" }, "engines": { "node": ">=6.9.0" } }, - "node_modules/@babel/highlight/node_modules/ansi-styles": { - "version": "3.2.1", - "dev": true, - "license": "MIT", - "dependencies": { - "color-convert": "^1.9.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/@babel/highlight/node_modules/chalk": { - "version": "2.4.2", - "dev": true, - "license": "MIT", - "dependencies": { - "ansi-styles": "^3.2.1", - "escape-string-regexp": "^1.0.5", - "supports-color": "^5.3.0" - }, - "engines": { - "node": ">=4" - } - }, - "node_modules/@babel/highlight/node_modules/color-convert": { - "version": "1.9.3", - "dev": true, - "license": "MIT", - "dependencies": { - "color-name": "1.1.3" - } - }, - "node_modules/@babel/highlight/node_modules/color-name": { - "version": "1.1.3", - "dev": true, - "license": "MIT" - }, - "node_modules/@babel/highlight/node_modules/escape-string-regexp": { - "version": "1.0.5", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=0.8.0" - } - }, - "node_modules/@babel/highlight/node_modules/has-flag": { - "version": "3.0.0", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=4" - } - }, - "node_modules/@babel/highlight/node_modules/supports-color": { - "version": "5.5.0", + "node_modules/@babel/parser": { + "version": "7.27.0", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.27.0.tgz", + "integrity": "sha512-iaepho73/2Pz7w2eMS0Q5f83+0RKI7i4xmiYeBmDzfRVbQtTOG7Ts0S4HzJVsTMGI9keU8rNfuZr8DKfSt7Yyg==", "dev": true, "license": "MIT", "dependencies": { - "has-flag": "^3.0.0" + "@babel/types": "^7.27.0" }, - "engines": { - "node": ">=4" - } - }, - "node_modules/@babel/parser": { - "version": "7.23.0", - "dev": true, - "license": "MIT", "bin": { "parser": "bin/babel-parser.js" }, @@ -669,13 +541,15 @@ } }, "node_modules/@babel/template": { - "version": "7.22.15", + "version": "7.27.0", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.27.0.tgz", + "integrity": "sha512-2ncevenBqXI6qRMukPlXwHKHchC7RyMuu4xv5JBXRfOGVcTy1mXCD12qrp7Jsoxll1EV3+9sE4GugBVRjT2jFA==", "dev": true, "license": "MIT", "dependencies": { - "@babel/code-frame": "^7.22.13", - "@babel/parser": "^7.22.15", - "@babel/types": "^7.22.15" + "@babel/code-frame": "^7.26.2", + "@babel/parser": "^7.27.0", + "@babel/types": "^7.27.0" }, "engines": { "node": ">=6.9.0" @@ -710,13 +584,14 @@ } }, "node_modules/@babel/types": { - "version": "7.23.0", + "version": "7.27.0", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.27.0.tgz", + "integrity": "sha512-H45s8fVLYjbhFH62dIJ3WtmJ6RSPt/3DRO0ZcT2SUiYiQyz3BLVb9ADEnLl91m74aQPS3AzzeajZHYOalWe3bg==", "dev": true, "license": "MIT", "dependencies": { - "@babel/helper-string-parser": "^7.22.5", - "@babel/helper-validator-identifier": "^7.22.20", - "to-fast-properties": "^2.0.0" + "@babel/helper-string-parser": "^7.25.9", + "@babel/helper-validator-identifier": "^7.25.9" }, "engines": { "node": ">=6.9.0" @@ -5808,6 +5683,8 @@ }, "node_modules/js-tokens": { "version": "4.0.0", + "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==", "dev": true, "license": "MIT" }, @@ -8257,14 +8134,6 @@ "dev": true, "license": "BSD-3-Clause" }, - "node_modules/to-fast-properties": { - "version": "2.0.0", - "dev": true, - "license": "MIT", - "engines": { - "node": ">=4" - } - }, "node_modules/to-regex-range": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", @@ -8969,55 +8838,14 @@ } }, "@babel/code-frame": { - "version": "7.22.13", + "version": "7.26.2", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.26.2.tgz", + "integrity": "sha512-RJlIHRueQgwWitWgF8OdFYGZX328Ax5BCemNGlqHfplnRT9ESi8JkFlvaVYbS+UubVY6dpv87Fs2u5M29iNFVQ==", "dev": true, "requires": { - "@babel/highlight": "^7.22.13", - "chalk": "^2.4.2" - }, - "dependencies": { - "ansi-styles": { - "version": "3.2.1", - "dev": true, - "requires": { - "color-convert": "^1.9.0" - } - }, - "chalk": { - "version": "2.4.2", - "dev": true, - "requires": { - "ansi-styles": "^3.2.1", - "escape-string-regexp": "^1.0.5", - "supports-color": "^5.3.0" - } - }, - "color-convert": { - "version": "1.9.3", - "dev": true, - "requires": { - "color-name": "1.1.3" - } - }, - "color-name": { - "version": "1.1.3", - "dev": true - }, - "escape-string-regexp": { - "version": "1.0.5", - "dev": true - }, - "has-flag": { - "version": "3.0.0", - "dev": true - }, - "supports-color": { - "version": "5.5.0", - "dev": true, - "requires": { - "has-flag": "^3.0.0" - } - } + "@babel/helper-validator-identifier": "^7.25.9", + "js-tokens": "^4.0.0", + "picocolors": "^1.0.0" } }, "@babel/compat-data": { @@ -9138,11 +8966,15 @@ } }, "@babel/helper-string-parser": { - "version": "7.22.5", + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.25.9.tgz", + "integrity": "sha512-4A/SCr/2KLd5jrtOMFzaKjVtAei3+2r/NChoBNoZ3EyP/+GlhoaEGoWOZUmFmoITP7zOJyHIMm+DYRd8o3PvHA==", "dev": true }, "@babel/helper-validator-identifier": { - "version": "7.22.20", + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.25.9.tgz", + "integrity": "sha512-Ed61U6XJc3CVRfkERJWDz4dJwKe7iLmmJsbOGu9wSloNSFttHV0I8g6UAgb7qnK5ly5bGLPd4oXZlxCdANBOWQ==", "dev": true }, "@babel/helper-validator-option": { @@ -9150,71 +8982,24 @@ "dev": true }, "@babel/helpers": { - "version": "7.22.11", + "version": "7.27.0", + "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.27.0.tgz", + "integrity": "sha512-U5eyP/CTFPuNE3qk+WZMxFkp/4zUzdceQlfzf7DdGdhp+Fezd7HD+i8Y24ZuTMKX3wQBld449jijbGq6OdGNQg==", "dev": true, "requires": { - "@babel/template": "^7.22.5", - "@babel/traverse": "^7.22.11", - "@babel/types": "^7.22.11" + "@babel/template": "^7.27.0", + "@babel/types": "^7.27.0" } }, - "@babel/highlight": { - "version": "7.22.13", + "@babel/parser": { + "version": "7.27.0", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.27.0.tgz", + "integrity": "sha512-iaepho73/2Pz7w2eMS0Q5f83+0RKI7i4xmiYeBmDzfRVbQtTOG7Ts0S4HzJVsTMGI9keU8rNfuZr8DKfSt7Yyg==", "dev": true, "requires": { - "@babel/helper-validator-identifier": "^7.22.5", - "chalk": "^2.4.2", - "js-tokens": "^4.0.0" - }, - "dependencies": { - "ansi-styles": { - "version": "3.2.1", - "dev": true, - "requires": { - "color-convert": "^1.9.0" - } - }, - "chalk": { - "version": "2.4.2", - "dev": true, - "requires": { - "ansi-styles": "^3.2.1", - "escape-string-regexp": "^1.0.5", - "supports-color": "^5.3.0" - } - }, - "color-convert": { - "version": "1.9.3", - "dev": true, - "requires": { - "color-name": "1.1.3" - } - }, - "color-name": { - "version": "1.1.3", - "dev": true - }, - "escape-string-regexp": { - "version": "1.0.5", - "dev": true - }, - "has-flag": { - "version": "3.0.0", - "dev": true - }, - "supports-color": { - "version": "5.5.0", - "dev": true, - "requires": { - "has-flag": "^3.0.0" - } - } + "@babel/types": "^7.27.0" } }, - "@babel/parser": { - "version": "7.23.0", - "dev": true - }, "@babel/plugin-syntax-async-generators": { "version": "7.8.4", "dev": true, @@ -9314,12 +9099,14 @@ } }, "@babel/template": { - "version": "7.22.15", + "version": "7.27.0", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.27.0.tgz", + "integrity": "sha512-2ncevenBqXI6qRMukPlXwHKHchC7RyMuu4xv5JBXRfOGVcTy1mXCD12qrp7Jsoxll1EV3+9sE4GugBVRjT2jFA==", "dev": true, "requires": { - "@babel/code-frame": "^7.22.13", - "@babel/parser": "^7.22.15", - "@babel/types": "^7.22.15" + "@babel/code-frame": "^7.26.2", + "@babel/parser": "^7.27.0", + "@babel/types": "^7.27.0" } }, "@babel/traverse": { @@ -9345,12 +9132,13 @@ } }, "@babel/types": { - "version": "7.23.0", + "version": "7.27.0", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.27.0.tgz", + "integrity": "sha512-H45s8fVLYjbhFH62dIJ3WtmJ6RSPt/3DRO0ZcT2SUiYiQyz3BLVb9ADEnLl91m74aQPS3AzzeajZHYOalWe3bg==", "dev": true, "requires": { - "@babel/helper-string-parser": "^7.22.5", - "@babel/helper-validator-identifier": "^7.22.20", - "to-fast-properties": "^2.0.0" + "@babel/helper-string-parser": "^7.25.9", + "@babel/helper-validator-identifier": "^7.25.9" } }, "@bcoe/v8-coverage": { @@ -12799,6 +12587,8 @@ }, "js-tokens": { "version": "4.0.0", + "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz", + "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==", "dev": true }, "js-yaml": { @@ -14327,10 +14117,6 @@ "version": "1.0.5", "dev": true }, - "to-fast-properties": { - "version": "2.0.0", - "dev": true - }, "to-regex-range": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",