From 8f8b89a01b183534d948769ebe42c8b773ecb7a2 Mon Sep 17 00:00:00 2001 From: Michael Smith Date: Wed, 16 Apr 2025 10:56:10 -0700 Subject: [PATCH 1/5] deps: hosted-git-info@8.1.0 --- node_modules/hosted-git-info/lib/index.js | 48 +++++++++++++++++++++++ node_modules/hosted-git-info/package.json | 6 +-- package-lock.json | 8 ++-- package.json | 2 +- 4 files changed, 56 insertions(+), 8 deletions(-) diff --git a/node_modules/hosted-git-info/lib/index.js b/node_modules/hosted-git-info/lib/index.js index 0c9d0b08c866b..2a7100dcee6e7 100644 --- a/node_modules/hosted-git-info/lib/index.js +++ b/node_modules/hosted-git-info/lib/index.js @@ -7,6 +7,26 @@ const parseUrl = require('./parse-url.js') const cache = new LRUCache({ max: 1000 }) +function unknownHostedUrl (url) { + try { + const { + protocol, + hostname, + pathname, + } = new URL(url) + + if (!hostname) { + return null + } + + const proto = /(?:git\+)http:$/.test(protocol) ? 'http:' : 'https:' + const path = pathname.replace(/\.git$/, '') + return `${proto}//${hostname}${path}` + } catch { + return null + } +} + class GitHost { constructor (type, user, auth, project, committish, defaultRepresentation, opts = {}) { Object.assign(this, GitHost.#gitHosts[type], { @@ -56,6 +76,34 @@ class GitHost { return cache.get(key) } + static fromManifest (manifest, opts = {}) { + if (!manifest || typeof manifest !== 'object') { + return + } + + const r = manifest.repository + // TODO: look into also checking the `bugs`/`homepage` URLs + + const rurl = r && ( + typeof r === 'string' + ? r + : typeof r === 'object' && typeof r.url === 'string' + ? r.url + : null + ) + + if (!rurl) { + throw new Error('no repository') + } + + const info = (rurl && GitHost.fromUrl(rurl.replace(/^git\+/, ''), opts)) || null + if (info) { + return info + } + const unk = unknownHostedUrl(rurl) + return GitHost.fromUrl(unk, opts) || unk + } + static parseUrl (url) { return parseUrl(url) } diff --git a/node_modules/hosted-git-info/package.json b/node_modules/hosted-git-info/package.json index 78356159af772..a9bb26be4a704 100644 --- a/node_modules/hosted-git-info/package.json +++ b/node_modules/hosted-git-info/package.json @@ -1,6 +1,6 @@ { "name": "hosted-git-info", - "version": "8.0.2", + "version": "8.1.0", "description": "Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab", "main": "./lib/index.js", "repository": { @@ -35,7 +35,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^5.0.0", - "@npmcli/template-oss": "4.23.4", + "@npmcli/template-oss": "4.24.3", "tap": "^16.0.1" }, "files": [ @@ -55,7 +55,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.23.4", + "version": "4.24.3", "publish": "true" } } diff --git a/package-lock.json b/package-lock.json index db47cb2fb6e63..7ee561cfa78ab 100644 --- a/package-lock.json +++ b/package-lock.json @@ -104,7 +104,7 @@ "fs-minipass": "^3.0.3", "glob": "^10.4.5", "graceful-fs": "^4.2.11", - "hosted-git-info": "^8.0.2", + "hosted-git-info": "^8.1.0", "ini": "^5.0.0", "init-package-json": "^8.0.0", "is-cidr": "^5.1.1", @@ -9286,9 +9286,9 @@ } }, "node_modules/hosted-git-info": { - "version": "8.0.2", - "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-8.0.2.tgz", - "integrity": "sha512-sYKnA7eGln5ov8T8gnYlkSOxFJvywzEx9BueN6xo/GKO8PGiI6uK6xx+DIGe45T3bdVjLAQDQW1aicT8z8JwQg==", + "version": "8.1.0", + "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-8.1.0.tgz", + "integrity": "sha512-Rw/B2DNQaPBICNXEm8balFz9a6WpZrkCGpcWFpy7nCj+NyhSdqXipmfvtmWt9xGfp0wZnBxB+iVpLmQMYt47Tw==", "inBundle": true, "license": "ISC", "dependencies": { diff --git a/package.json b/package.json index 6e7ce55a26920..4d7c6f41293cd 100644 --- a/package.json +++ b/package.json @@ -71,7 +71,7 @@ "fs-minipass": "^3.0.3", "glob": "^10.4.5", "graceful-fs": "^4.2.11", - "hosted-git-info": "^8.0.2", + "hosted-git-info": "^8.1.0", "ini": "^5.0.0", "init-package-json": "^8.0.0", "is-cidr": "^5.1.1", From acae5043774fb8d5b9ad828ac58eb1cb2a920e4a Mon Sep 17 00:00:00 2001 From: Michael Smith Date: Wed, 16 Apr 2025 10:56:53 -0700 Subject: [PATCH 2/5] deps: abbrev@3.0.1 --- node_modules/abbrev/lib/index.js | 5 ++++- node_modules/abbrev/package.json | 6 +++--- package-lock.json | 8 ++++---- package.json | 2 +- 4 files changed, 12 insertions(+), 9 deletions(-) diff --git a/node_modules/abbrev/lib/index.js b/node_modules/abbrev/lib/index.js index 9f48801f049c9..f7bee0c6fc7ad 100644 --- a/node_modules/abbrev/lib/index.js +++ b/node_modules/abbrev/lib/index.js @@ -1,7 +1,10 @@ module.exports = abbrev function abbrev (...args) { - let list = args.length === 1 || Array.isArray(args[0]) ? args[0] : args + let list = args + if (args.length === 1 && (Array.isArray(args[0]) || typeof args[0] === 'string')) { + list = [].concat(args[0]) + } for (let i = 0, l = list.length; i < l; i++) { list[i] = typeof list[i] === 'string' ? list[i] : String(list[i]) diff --git a/node_modules/abbrev/package.json b/node_modules/abbrev/package.json index 9dfcc0095d7dc..077d4bccd0e69 100644 --- a/node_modules/abbrev/package.json +++ b/node_modules/abbrev/package.json @@ -1,6 +1,6 @@ { "name": "abbrev", - "version": "3.0.0", + "version": "3.0.1", "description": "Like ruby's abbrev module, but in js", "author": "GitHub Inc.", "main": "lib/index.js", @@ -21,7 +21,7 @@ "license": "ISC", "devDependencies": { "@npmcli/eslint-config": "^5.0.0", - "@npmcli/template-oss": "4.23.3", + "@npmcli/template-oss": "4.24.3", "tap": "^16.3.0" }, "tap": { @@ -39,7 +39,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.23.3", + "version": "4.24.3", "publish": true } } diff --git a/package-lock.json b/package-lock.json index 7ee561cfa78ab..063fdb04d2549 100644 --- a/package-lock.json +++ b/package-lock.json @@ -94,7 +94,7 @@ "@npmcli/redact": "^3.1.1", "@npmcli/run-script": "^9.1.0", "@sigstore/tuf": "^3.0.0", - "abbrev": "^3.0.0", + "abbrev": "^3.0.1", "archy": "~1.0.0", "cacache": "^19.0.1", "chalk": "^5.4.1", @@ -5122,9 +5122,9 @@ } }, "node_modules/abbrev": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-3.0.0.tgz", - "integrity": "sha512-+/kfrslGQ7TNV2ecmQwMJj/B65g5KVq1/L3SGVZ3tCYGqlzFuFCGBZJtMP99wH3NpEUyAjn0zPdPUg0D+DwrOA==", + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-3.0.1.tgz", + "integrity": "sha512-AO2ac6pjRB3SJmGJo+v5/aK6Omggp6fsLrs6wN9bd35ulu4cCwaAU9+7ZhXjeqHVkaHThLuzH0nZr0YpCDhygg==", "inBundle": true, "license": "ISC", "engines": { diff --git a/package.json b/package.json index 4d7c6f41293cd..81c67a260a0e1 100644 --- a/package.json +++ b/package.json @@ -61,7 +61,7 @@ "@npmcli/redact": "^3.1.1", "@npmcli/run-script": "^9.1.0", "@sigstore/tuf": "^3.0.0", - "abbrev": "^3.0.0", + "abbrev": "^3.0.1", "archy": "~1.0.0", "cacache": "^19.0.1", "chalk": "^5.4.1", From aa165ff150e2a7ae93cef7e8a7cbc3be5edd1edb Mon Sep 17 00:00:00 2001 From: Michael Smith Date: Wed, 16 Apr 2025 10:58:32 -0700 Subject: [PATCH 3/5] deps: @npmcli/query@4.0.1 --- node_modules/@npmcli/query/package.json | 4 +-- node_modules/postcss-selector-parser/API.md | 6 ++-- .../dist/selectors/container.js | 27 +++++++++++++----- .../postcss-selector-parser/package.json | 2 +- package-lock.json | 28 ++++++++++++++----- 5 files changed, 48 insertions(+), 19 deletions(-) diff --git a/node_modules/@npmcli/query/package.json b/node_modules/@npmcli/query/package.json index 14f7fbfaac016..20660b227834d 100644 --- a/node_modules/@npmcli/query/package.json +++ b/node_modules/@npmcli/query/package.json @@ -1,6 +1,6 @@ { "name": "@npmcli/query", - "version": "4.0.0", + "version": "4.0.1", "description": "npm query parser and tools", "main": "lib/index.js", "scripts": { @@ -49,7 +49,7 @@ "tap": "^16.2.0" }, "dependencies": { - "postcss-selector-parser": "^6.1.2" + "postcss-selector-parser": "^7.0.0" }, "repository": { "type": "git", diff --git a/node_modules/postcss-selector-parser/API.md b/node_modules/postcss-selector-parser/API.md index c8e55ee53f6eb..e564830b66b04 100644 --- a/node_modules/postcss-selector-parser/API.md +++ b/node_modules/postcss-selector-parser/API.md @@ -254,7 +254,7 @@ if (next && next.type !== 'combinator') { } ``` -### `node.replaceWith(node)` +### `node.replaceWith(node[,...nodeN])` Replace a node with another. @@ -267,6 +267,8 @@ attr.replaceWith(className); Arguments: * `node`: The node to substitute the original with. +... +* `nodeN`: The node to substitute the original with. ### `node.remove()` @@ -531,7 +533,7 @@ Arguments: * `node`: The node to add. -### `container.insertBefore(old, new)` & `container.insertAfter(old, new)` +### `container.insertBefore(old, new[, ...newNodes])` & `container.insertAfter(old, new[, ...newNodes])` Add a node before or after an existing node in a container: diff --git a/node_modules/postcss-selector-parser/dist/selectors/container.js b/node_modules/postcss-selector-parser/dist/selectors/container.js index 8600c544ebb1d..84755cbd541a2 100644 --- a/node_modules/postcss-selector-parser/dist/selectors/container.js +++ b/node_modules/postcss-selector-parser/dist/selectors/container.js @@ -33,6 +33,9 @@ var Container = /*#__PURE__*/function (_Node) { _proto.prepend = function prepend(selector) { selector.parent = this; this.nodes.unshift(selector); + for (var id in this.indexes) { + this.indexes[id]++; + } return this; }; _proto.at = function at(index) { @@ -69,29 +72,39 @@ var Container = /*#__PURE__*/function (_Node) { return this.removeAll(); }; _proto.insertAfter = function insertAfter(oldNode, newNode) { + var _this$nodes; newNode.parent = this; var oldIndex = this.index(oldNode); - this.nodes.splice(oldIndex + 1, 0, newNode); + var resetNode = []; + for (var i = 2; i < arguments.length; i++) { + resetNode.push(arguments[i]); + } + (_this$nodes = this.nodes).splice.apply(_this$nodes, [oldIndex + 1, 0, newNode].concat(resetNode)); newNode.parent = this; var index; for (var id in this.indexes) { index = this.indexes[id]; - if (oldIndex <= index) { - this.indexes[id] = index + 1; + if (oldIndex < index) { + this.indexes[id] = index + arguments.length - 1; } } return this; }; _proto.insertBefore = function insertBefore(oldNode, newNode) { + var _this$nodes2; newNode.parent = this; var oldIndex = this.index(oldNode); - this.nodes.splice(oldIndex, 0, newNode); + var resetNode = []; + for (var i = 2; i < arguments.length; i++) { + resetNode.push(arguments[i]); + } + (_this$nodes2 = this.nodes).splice.apply(_this$nodes2, [oldIndex, 0, newNode].concat(resetNode)); newNode.parent = this; var index; for (var id in this.indexes) { index = this.indexes[id]; - if (index <= oldIndex) { - this.indexes[id] = index + 1; + if (index >= oldIndex) { + this.indexes[id] = index + arguments.length - 1; } } return this; @@ -117,7 +130,7 @@ var Container = /*#__PURE__*/function (_Node) { * Return the most specific node at the line and column number given. * The source location is based on the original parsed location, locations aren't * updated as selector nodes are mutated. - * + * * Note that this location is relative to the location of the first character * of the selector, and not the location of the selector in the overall document * when used in conjunction with postcss. diff --git a/node_modules/postcss-selector-parser/package.json b/node_modules/postcss-selector-parser/package.json index 0b074d0fd4f33..f8b1d3619c0be 100644 --- a/node_modules/postcss-selector-parser/package.json +++ b/node_modules/postcss-selector-parser/package.json @@ -1,6 +1,6 @@ { "name": "postcss-selector-parser", - "version": "6.1.2", + "version": "7.1.0", "devDependencies": { "@babel/cli": "^7.11.6", "@babel/core": "^7.11.6", diff --git a/package-lock.json b/package-lock.json index 063fdb04d2549..1d68457de3464 100644 --- a/package-lock.json +++ b/package-lock.json @@ -3704,12 +3704,12 @@ } }, "node_modules/@npmcli/query": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/@npmcli/query/-/query-4.0.0.tgz", - "integrity": "sha512-3pPbese0fbCiFJ/7/X1GBgxAKYFE8sxBddA7GtuRmOgNseH4YbGsXJ807Ig3AEwNITjDUISHglvy89cyDJnAwA==", + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/@npmcli/query/-/query-4.0.1.tgz", + "integrity": "sha512-4OIPFb4weUUwkDXJf4Hh1inAn8neBGq3xsH4ZsAaN6FK3ldrFkH7jSpCc7N9xesi0Sp+EBXJ9eGMDrEww2Ztqw==", "license": "ISC", "dependencies": { - "postcss-selector-parser": "^6.1.2" + "postcss-selector-parser": "^7.0.0" }, "engines": { "node": "^18.17.0 || >=20.5.0" @@ -4512,6 +4512,20 @@ "node": "^14.17.0 || ^16.13.0 || >=18.0.0" } }, + "node_modules/@npmcli/template-oss/node_modules/postcss-selector-parser": { + "version": "6.1.2", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.1.2.tgz", + "integrity": "sha512-Q8qQfPiZ+THO/3ZrOrO0cJJKfpYCagtMUkXbnEfmgUjwXg6z/WBeOyS9APBBPCTSiDV+s4SwQGu8yFsiMRIudg==", + "dev": true, + "license": "MIT", + "dependencies": { + "cssesc": "^3.0.0", + "util-deprecate": "^1.0.2" + }, + "engines": { + "node": ">=4" + } + }, "node_modules/@npmcli/template-oss/node_modules/proc-log": { "version": "4.2.0", "resolved": "https://registry.npmjs.org/proc-log/-/proc-log-4.2.0.tgz", @@ -13369,9 +13383,9 @@ } }, "node_modules/postcss-selector-parser": { - "version": "6.1.2", - "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.1.2.tgz", - "integrity": "sha512-Q8qQfPiZ+THO/3ZrOrO0cJJKfpYCagtMUkXbnEfmgUjwXg6z/WBeOyS9APBBPCTSiDV+s4SwQGu8yFsiMRIudg==", + "version": "7.1.0", + "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.0.tgz", + "integrity": "sha512-8sLjZwK0R+JlxlYcTuVnyT2v+htpdrjDOKuMcOVdYjt52Lh8hWRYpxBPoKx/Zg+bcjc3wx6fmQevMmUztS/ccA==", "license": "MIT", "dependencies": { "cssesc": "^3.0.0", From 88dabc7d1b48b0207c3a938f35a2d2debf748abb Mon Sep 17 00:00:00 2001 From: Michael Smith Date: Wed, 16 Apr 2025 10:59:08 -0700 Subject: [PATCH 4/5] deps: @sigstore/protobuf-specs@0.4.1 --- .../dist/__generated__/envelope.js | 2 +- .../dist/__generated__/events.js | 2 +- .../google/api/field_behavior.js | 2 +- .../dist/__generated__/google/protobuf/any.js | 2 +- .../google/protobuf/descriptor.js | 2 +- .../google/protobuf/timestamp.js | 2 +- .../dist/__generated__/sigstore_bundle.js | 2 +- .../dist/__generated__/sigstore_common.js | 21 ++- .../dist/__generated__/sigstore_rekor.js | 2 +- .../dist/__generated__/sigstore_trustroot.js | 139 ++++++++++++++++-- .../__generated__/sigstore_verification.js | 2 +- .../@sigstore/protobuf-specs/package.json | 2 +- package-lock.json | 6 +- 13 files changed, 159 insertions(+), 27 deletions(-) diff --git a/node_modules/@sigstore/protobuf-specs/dist/__generated__/envelope.js b/node_modules/@sigstore/protobuf-specs/dist/__generated__/envelope.js index 0c8a0201a618f..6e99b9a5385e2 100644 --- a/node_modules/@sigstore/protobuf-specs/dist/__generated__/envelope.js +++ b/node_modules/@sigstore/protobuf-specs/dist/__generated__/envelope.js @@ -2,7 +2,7 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: // protoc-gen-ts_proto v2.6.1 -// protoc v5.29.3 +// protoc v5.29.4 // source: envelope.proto Object.defineProperty(exports, "__esModule", { value: true }); exports.Signature = exports.Envelope = void 0; diff --git a/node_modules/@sigstore/protobuf-specs/dist/__generated__/events.js b/node_modules/@sigstore/protobuf-specs/dist/__generated__/events.js index 3b11bee7b22dc..cfa416dc79757 100644 --- a/node_modules/@sigstore/protobuf-specs/dist/__generated__/events.js +++ b/node_modules/@sigstore/protobuf-specs/dist/__generated__/events.js @@ -2,7 +2,7 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: // protoc-gen-ts_proto v2.6.1 -// protoc v5.29.3 +// protoc v5.29.4 // source: events.proto Object.defineProperty(exports, "__esModule", { value: true }); exports.CloudEventBatch = exports.CloudEvent_CloudEventAttributeValue = exports.CloudEvent_AttributesEntry = exports.CloudEvent = void 0; diff --git a/node_modules/@sigstore/protobuf-specs/dist/__generated__/google/api/field_behavior.js b/node_modules/@sigstore/protobuf-specs/dist/__generated__/google/api/field_behavior.js index 0335caccdf85b..2eb88ffad29fa 100644 --- a/node_modules/@sigstore/protobuf-specs/dist/__generated__/google/api/field_behavior.js +++ b/node_modules/@sigstore/protobuf-specs/dist/__generated__/google/api/field_behavior.js @@ -2,7 +2,7 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: // protoc-gen-ts_proto v2.6.1 -// protoc v5.29.3 +// protoc v5.29.4 // source: google/api/field_behavior.proto Object.defineProperty(exports, "__esModule", { value: true }); exports.FieldBehavior = void 0; diff --git a/node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/any.js b/node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/any.js index 3a1b926e0ae3d..d7577642765b6 100644 --- a/node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/any.js +++ b/node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/any.js @@ -2,7 +2,7 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: // protoc-gen-ts_proto v2.6.1 -// protoc v5.29.3 +// protoc v5.29.4 // source: google/protobuf/any.proto Object.defineProperty(exports, "__esModule", { value: true }); exports.Any = void 0; diff --git a/node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/descriptor.js b/node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/descriptor.js index 11abdd0f033a6..860f9c027f264 100644 --- a/node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/descriptor.js +++ b/node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/descriptor.js @@ -2,7 +2,7 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: // protoc-gen-ts_proto v2.6.1 -// protoc v5.29.3 +// protoc v5.29.4 // source: google/protobuf/descriptor.proto Object.defineProperty(exports, "__esModule", { value: true }); exports.GeneratedCodeInfo_Annotation = exports.GeneratedCodeInfo = exports.SourceCodeInfo_Location = exports.SourceCodeInfo = exports.FeatureSetDefaults_FeatureSetEditionDefault = exports.FeatureSetDefaults = exports.FeatureSet = exports.UninterpretedOption_NamePart = exports.UninterpretedOption = exports.MethodOptions = exports.ServiceOptions = exports.EnumValueOptions = exports.EnumOptions = exports.OneofOptions = exports.FieldOptions_FeatureSupport = exports.FieldOptions_EditionDefault = exports.FieldOptions = exports.MessageOptions = exports.FileOptions = exports.MethodDescriptorProto = exports.ServiceDescriptorProto = exports.EnumValueDescriptorProto = exports.EnumDescriptorProto_EnumReservedRange = exports.EnumDescriptorProto = exports.OneofDescriptorProto = exports.FieldDescriptorProto = exports.ExtensionRangeOptions_Declaration = exports.ExtensionRangeOptions = exports.DescriptorProto_ReservedRange = exports.DescriptorProto_ExtensionRange = exports.DescriptorProto = exports.FileDescriptorProto = exports.FileDescriptorSet = exports.GeneratedCodeInfo_Annotation_Semantic = exports.FeatureSet_JsonFormat = exports.FeatureSet_MessageEncoding = exports.FeatureSet_Utf8Validation = exports.FeatureSet_RepeatedFieldEncoding = exports.FeatureSet_EnumType = exports.FeatureSet_FieldPresence = exports.MethodOptions_IdempotencyLevel = exports.FieldOptions_OptionTargetType = exports.FieldOptions_OptionRetention = exports.FieldOptions_JSType = exports.FieldOptions_CType = exports.FileOptions_OptimizeMode = exports.FieldDescriptorProto_Label = exports.FieldDescriptorProto_Type = exports.ExtensionRangeOptions_VerificationState = exports.Edition = void 0; diff --git a/node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/timestamp.js b/node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/timestamp.js index 0ad41519adac6..b13943a2ceb92 100644 --- a/node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/timestamp.js +++ b/node_modules/@sigstore/protobuf-specs/dist/__generated__/google/protobuf/timestamp.js @@ -2,7 +2,7 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: // protoc-gen-ts_proto v2.6.1 -// protoc v5.29.3 +// protoc v5.29.4 // source: google/protobuf/timestamp.proto Object.defineProperty(exports, "__esModule", { value: true }); exports.Timestamp = void 0; diff --git a/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_bundle.js b/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_bundle.js index 800d6893f4348..4563415ec2a85 100644 --- a/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_bundle.js +++ b/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_bundle.js @@ -2,7 +2,7 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: // protoc-gen-ts_proto v2.6.1 -// protoc v5.29.3 +// protoc v5.29.4 // source: sigstore_bundle.proto Object.defineProperty(exports, "__esModule", { value: true }); exports.Bundle = exports.VerificationMaterial = exports.TimestampVerificationData = void 0; diff --git a/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_common.js b/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_common.js index a66b6a505e163..27fd3c709ba85 100644 --- a/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_common.js +++ b/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_common.js @@ -2,7 +2,7 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: // protoc-gen-ts_proto v2.6.1 -// protoc v5.29.3 +// protoc v5.29.4 // source: sigstore_common.proto Object.defineProperty(exports, "__esModule", { value: true }); exports.TimeRange = exports.X509CertificateChain = exports.SubjectAlternativeName = exports.X509Certificate = exports.DistinguishedName = exports.ObjectIdentifierValuePair = exports.ObjectIdentifier = exports.PublicKeyIdentifier = exports.PublicKey = exports.RFC3161SignedTimestamp = exports.LogId = exports.MessageSignature = exports.HashOutput = exports.SubjectAlternativeNameType = exports.PublicKeyDetails = exports.HashAlgorithm = void 0; @@ -132,6 +132,15 @@ var PublicKeyDetails; /** PKIX_ED25519 - Ed 25519 */ PublicKeyDetails[PublicKeyDetails["PKIX_ED25519"] = 7] = "PKIX_ED25519"; PublicKeyDetails[PublicKeyDetails["PKIX_ED25519_PH"] = 8] = "PKIX_ED25519_PH"; + /** + * PKIX_ECDSA_P384_SHA_256 - These algorithms are deprecated and should not be used, but they + * were/are being used by most Sigstore clients implementations. + * + * @deprecated + */ + PublicKeyDetails[PublicKeyDetails["PKIX_ECDSA_P384_SHA_256"] = 19] = "PKIX_ECDSA_P384_SHA_256"; + /** @deprecated */ + PublicKeyDetails[PublicKeyDetails["PKIX_ECDSA_P521_SHA_256"] = 20] = "PKIX_ECDSA_P521_SHA_256"; /** * LMS_SHA256 - LMS and LM-OTS * @@ -203,6 +212,12 @@ function publicKeyDetailsFromJSON(object) { case 8: case "PKIX_ED25519_PH": return PublicKeyDetails.PKIX_ED25519_PH; + case 19: + case "PKIX_ECDSA_P384_SHA_256": + return PublicKeyDetails.PKIX_ECDSA_P384_SHA_256; + case 20: + case "PKIX_ECDSA_P521_SHA_256": + return PublicKeyDetails.PKIX_ECDSA_P521_SHA_256; case 14: case "LMS_SHA256": return PublicKeyDetails.LMS_SHA256; @@ -249,6 +264,10 @@ function publicKeyDetailsToJSON(object) { return "PKIX_ED25519"; case PublicKeyDetails.PKIX_ED25519_PH: return "PKIX_ED25519_PH"; + case PublicKeyDetails.PKIX_ECDSA_P384_SHA_256: + return "PKIX_ECDSA_P384_SHA_256"; + case PublicKeyDetails.PKIX_ECDSA_P521_SHA_256: + return "PKIX_ECDSA_P521_SHA_256"; case PublicKeyDetails.LMS_SHA256: return "LMS_SHA256"; case PublicKeyDetails.LMOTS_SHA256: diff --git a/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_rekor.js b/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_rekor.js index a9efb0cd796af..47fec1098fb36 100644 --- a/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_rekor.js +++ b/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_rekor.js @@ -2,7 +2,7 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: // protoc-gen-ts_proto v2.6.1 -// protoc v5.29.3 +// protoc v5.29.4 // source: sigstore_rekor.proto Object.defineProperty(exports, "__esModule", { value: true }); exports.TransparencyLogEntry = exports.InclusionPromise = exports.InclusionProof = exports.Checkpoint = exports.KindVersion = void 0; diff --git a/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_trustroot.js b/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_trustroot.js index c8a278f3b5057..be20a91b2dd03 100644 --- a/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_trustroot.js +++ b/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_trustroot.js @@ -2,12 +2,73 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: // protoc-gen-ts_proto v2.6.1 -// protoc v5.29.3 +// protoc v5.29.4 // source: sigstore_trustroot.proto Object.defineProperty(exports, "__esModule", { value: true }); -exports.ClientTrustConfig = exports.SigningConfig = exports.TrustedRoot = exports.CertificateAuthority = exports.TransparencyLogInstance = void 0; +exports.ClientTrustConfig = exports.ServiceConfiguration = exports.Service = exports.SigningConfig = exports.TrustedRoot = exports.CertificateAuthority = exports.TransparencyLogInstance = exports.ServiceSelector = void 0; +exports.serviceSelectorFromJSON = serviceSelectorFromJSON; +exports.serviceSelectorToJSON = serviceSelectorToJSON; /* eslint-disable */ const sigstore_common_1 = require("./sigstore_common"); +/** + * ServiceSelector specifies how a client SHOULD select a set of + * Services to connect to. A client SHOULD throw an error if + * the value is SERVICE_SELECTOR_UNDEFINED. + */ +var ServiceSelector; +(function (ServiceSelector) { + ServiceSelector[ServiceSelector["SERVICE_SELECTOR_UNDEFINED"] = 0] = "SERVICE_SELECTOR_UNDEFINED"; + /** + * ALL - Clients SHOULD select all Services based on supported API version + * and validity window. + */ + ServiceSelector[ServiceSelector["ALL"] = 1] = "ALL"; + /** + * ANY - Clients SHOULD select one Service based on supported API version + * and validity window. It is up to the client implementation to + * decide how to select the Service, e.g. random or round-robin. + */ + ServiceSelector[ServiceSelector["ANY"] = 2] = "ANY"; + /** + * EXACT - Clients SHOULD select a specific number of Services based on + * supported API version and validity window, using the provided + * `count`. It is up to the client implementation to decide how to + * select the Service, e.g. random or round-robin. + */ + ServiceSelector[ServiceSelector["EXACT"] = 3] = "EXACT"; +})(ServiceSelector || (exports.ServiceSelector = ServiceSelector = {})); +function serviceSelectorFromJSON(object) { + switch (object) { + case 0: + case "SERVICE_SELECTOR_UNDEFINED": + return ServiceSelector.SERVICE_SELECTOR_UNDEFINED; + case 1: + case "ALL": + return ServiceSelector.ALL; + case 2: + case "ANY": + return ServiceSelector.ANY; + case 3: + case "EXACT": + return ServiceSelector.EXACT; + default: + throw new globalThis.Error("Unrecognized enum value " + object + " for enum ServiceSelector"); + } +} +function serviceSelectorToJSON(object) { + switch (object) { + case ServiceSelector.SERVICE_SELECTOR_UNDEFINED: + return "SERVICE_SELECTOR_UNDEFINED"; + case ServiceSelector.ALL: + return "ALL"; + case ServiceSelector.ANY: + return "ANY"; + case ServiceSelector.EXACT: + return "EXACT"; + default: + throw new globalThis.Error("Unrecognized enum value " + object + " for enum ServiceSelector"); + } +} exports.TransparencyLogInstance = { fromJSON(object) { return { @@ -106,10 +167,16 @@ exports.SigningConfig = { fromJSON(object) { return { mediaType: isSet(object.mediaType) ? globalThis.String(object.mediaType) : "", - caUrl: isSet(object.caUrl) ? globalThis.String(object.caUrl) : "", - oidcUrl: isSet(object.oidcUrl) ? globalThis.String(object.oidcUrl) : "", - tlogUrls: globalThis.Array.isArray(object?.tlogUrls) ? object.tlogUrls.map((e) => globalThis.String(e)) : [], - tsaUrls: globalThis.Array.isArray(object?.tsaUrls) ? object.tsaUrls.map((e) => globalThis.String(e)) : [], + caUrls: globalThis.Array.isArray(object?.caUrls) ? object.caUrls.map((e) => exports.Service.fromJSON(e)) : [], + oidcUrls: globalThis.Array.isArray(object?.oidcUrls) ? object.oidcUrls.map((e) => exports.Service.fromJSON(e)) : [], + rekorTlogUrls: globalThis.Array.isArray(object?.rekorTlogUrls) + ? object.rekorTlogUrls.map((e) => exports.Service.fromJSON(e)) + : [], + rekorTlogConfig: isSet(object.rekorTlogConfig) + ? exports.ServiceConfiguration.fromJSON(object.rekorTlogConfig) + : undefined, + tsaUrls: globalThis.Array.isArray(object?.tsaUrls) ? object.tsaUrls.map((e) => exports.Service.fromJSON(e)) : [], + tsaConfig: isSet(object.tsaConfig) ? exports.ServiceConfiguration.fromJSON(object.tsaConfig) : undefined, }; }, toJSON(message) { @@ -117,17 +184,63 @@ exports.SigningConfig = { if (message.mediaType !== "") { obj.mediaType = message.mediaType; } - if (message.caUrl !== "") { - obj.caUrl = message.caUrl; + if (message.caUrls?.length) { + obj.caUrls = message.caUrls.map((e) => exports.Service.toJSON(e)); + } + if (message.oidcUrls?.length) { + obj.oidcUrls = message.oidcUrls.map((e) => exports.Service.toJSON(e)); } - if (message.oidcUrl !== "") { - obj.oidcUrl = message.oidcUrl; + if (message.rekorTlogUrls?.length) { + obj.rekorTlogUrls = message.rekorTlogUrls.map((e) => exports.Service.toJSON(e)); } - if (message.tlogUrls?.length) { - obj.tlogUrls = message.tlogUrls; + if (message.rekorTlogConfig !== undefined) { + obj.rekorTlogConfig = exports.ServiceConfiguration.toJSON(message.rekorTlogConfig); } if (message.tsaUrls?.length) { - obj.tsaUrls = message.tsaUrls; + obj.tsaUrls = message.tsaUrls.map((e) => exports.Service.toJSON(e)); + } + if (message.tsaConfig !== undefined) { + obj.tsaConfig = exports.ServiceConfiguration.toJSON(message.tsaConfig); + } + return obj; + }, +}; +exports.Service = { + fromJSON(object) { + return { + url: isSet(object.url) ? globalThis.String(object.url) : "", + majorApiVersion: isSet(object.majorApiVersion) ? globalThis.Number(object.majorApiVersion) : 0, + validFor: isSet(object.validFor) ? sigstore_common_1.TimeRange.fromJSON(object.validFor) : undefined, + }; + }, + toJSON(message) { + const obj = {}; + if (message.url !== "") { + obj.url = message.url; + } + if (message.majorApiVersion !== 0) { + obj.majorApiVersion = Math.round(message.majorApiVersion); + } + if (message.validFor !== undefined) { + obj.validFor = sigstore_common_1.TimeRange.toJSON(message.validFor); + } + return obj; + }, +}; +exports.ServiceConfiguration = { + fromJSON(object) { + return { + selector: isSet(object.selector) ? serviceSelectorFromJSON(object.selector) : 0, + count: isSet(object.count) ? globalThis.Number(object.count) : 0, + }; + }, + toJSON(message) { + const obj = {}; + if (message.selector !== 0) { + obj.selector = serviceSelectorToJSON(message.selector); + } + if (message.count !== 0) { + obj.count = Math.round(message.count); } return obj; }, diff --git a/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_verification.js b/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_verification.js index 6ba91b088a4ed..9708849e54b15 100644 --- a/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_verification.js +++ b/node_modules/@sigstore/protobuf-specs/dist/__generated__/sigstore_verification.js @@ -2,7 +2,7 @@ // Code generated by protoc-gen-ts_proto. DO NOT EDIT. // versions: // protoc-gen-ts_proto v2.6.1 -// protoc v5.29.3 +// protoc v5.29.4 // source: sigstore_verification.proto Object.defineProperty(exports, "__esModule", { value: true }); exports.Input = exports.Artifact = exports.ArtifactVerificationOptions_ObserverTimestampOptions = exports.ArtifactVerificationOptions_TlogIntegratedTimestampOptions = exports.ArtifactVerificationOptions_TimestampAuthorityOptions = exports.ArtifactVerificationOptions_CtlogOptions = exports.ArtifactVerificationOptions_TlogOptions = exports.ArtifactVerificationOptions = exports.PublicKeyIdentities = exports.CertificateIdentities = exports.CertificateIdentity = void 0; diff --git a/node_modules/@sigstore/protobuf-specs/package.json b/node_modules/@sigstore/protobuf-specs/package.json index 0d5df4877e290..5e1496d39a345 100644 --- a/node_modules/@sigstore/protobuf-specs/package.json +++ b/node_modules/@sigstore/protobuf-specs/package.json @@ -1,6 +1,6 @@ { "name": "@sigstore/protobuf-specs", - "version": "0.4.0", + "version": "0.4.1", "description": "code-signing for npm packages", "main": "dist/index.js", "types": "dist/index.d.ts", diff --git a/package-lock.json b/package-lock.json index 1d68457de3464..8b86b300e43a1 100644 --- a/package-lock.json +++ b/package-lock.json @@ -4917,9 +4917,9 @@ } }, "node_modules/@sigstore/protobuf-specs": { - "version": "0.4.0", - "resolved": "https://registry.npmjs.org/@sigstore/protobuf-specs/-/protobuf-specs-0.4.0.tgz", - "integrity": "sha512-o09cLSIq9EKyRXwryWDOJagkml9XgQCoCSRjHOnHLnvsivaW7Qznzz6yjfV7PHJHhIvyp8OH7OX8w0Dc5bQK7A==", + "version": "0.4.1", + "resolved": "https://registry.npmjs.org/@sigstore/protobuf-specs/-/protobuf-specs-0.4.1.tgz", + "integrity": "sha512-7MJXQhIm7dWF9zo7rRtMYh8d2gSnc3+JddeQOTIg6gUN7FjcuckZ9EwGq+ReeQtbbl3Tbf5YqRrWxA1DMfIn+w==", "inBundle": true, "license": "Apache-2.0", "engines": { From fbfd858cc3d04392080ba3bf740d4c2deeb9b1dc Mon Sep 17 00:00:00 2001 From: Michael Smith Date: Wed, 16 Apr 2025 11:01:01 -0700 Subject: [PATCH 5/5] chore: dev dependency updates --- package-lock.json | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/package-lock.json b/package-lock.json index 8b86b300e43a1..76202591c5900 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2238,9 +2238,9 @@ } }, "node_modules/@asamuzakjp/css-color": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/@asamuzakjp/css-color/-/css-color-3.1.1.tgz", - "integrity": "sha512-hpRD68SV2OMcZCsrbdkccTw5FXjNDLo5OuqSHyHZfwweGsDWZwDJ2+gONyNAbazZclobMirACLw0lk8WVxIqxA==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/@asamuzakjp/css-color/-/css-color-3.1.2.tgz", + "integrity": "sha512-nwgc7jPn3LpZ4JWsoHtuwBsad1qSSLDDX634DdG0PBJofIuIEtSWk4KkRmuXyu178tjuHAbwiMNNzwqIyLYxZw==", "dev": true, "license": "MIT", "dependencies": { @@ -2930,9 +2930,9 @@ } }, "node_modules/@eslint-community/eslint-utils": { - "version": "4.5.1", - "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.5.1.tgz", - "integrity": "sha512-soEIOALTfTK6EjmKMMoLugwaP0rzkad90iIWd1hMO9ARkSAyjfMfkRRhLvD5qH7vvM0Cg72pieUfR6yh6XxC4w==", + "version": "4.6.1", + "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.6.1.tgz", + "integrity": "sha512-KTsJMmobmbrFLe3LDh0PC2FXpcSYJt/MLjlkh/9LEnmKYLSYmT/0EW9JWANjeoemiuZrmogti0tW5Ch+qNUYDw==", "dev": true, "license": "MIT", "peer": true, @@ -5063,9 +5063,9 @@ "license": "MIT" }, "node_modules/@types/node": { - "version": "22.14.0", - "resolved": "https://registry.npmjs.org/@types/node/-/node-22.14.0.tgz", - "integrity": "sha512-Kmpl+z84ILoG+3T/zQFyAJsU6EPTmOCj8/2+83fSN6djd6I4o7uOuGIH6vq3PrjY5BGitSbFuMN18j3iknubbA==", + "version": "22.14.1", + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.14.1.tgz", + "integrity": "sha512-u0HuPQwe/dHrItgHHpmw3N2fYCR6x4ivMNbPHRkBVP4CvN+kiRrKHWk3i8tXiO/joPwXLMYvF9TTF0eqgHIuOw==", "dev": true, "license": "MIT", "dependencies": { @@ -6017,9 +6017,9 @@ } }, "node_modules/caniuse-lite": { - "version": "1.0.30001709", - "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001709.tgz", - "integrity": "sha512-NgL3vUTnDrPCZ3zTahp4fsugQ4dc7EKTSzwQDPEel6DMoMnfH2jhry9n2Zm8onbSR+f/QtKHFOA+iAQu4kbtWA==", + "version": "1.0.30001714", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001714.tgz", + "integrity": "sha512-mtgapdwDLSSBnCI3JokHM7oEQBLxiJKVRtg10AxM1AyeiKcM96f0Mkbqeq+1AbiCtvMcHRulAAEMu693JrSWqg==", "dev": true, "funding": [ { @@ -7292,9 +7292,9 @@ "license": "MIT" }, "node_modules/electron-to-chromium": { - "version": "1.5.130", - "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.130.tgz", - "integrity": "sha512-Ou2u7L9j2XLZbhqzyX0jWDj6gA8D3jIfVzt4rikLf3cGBa0VdReuFimBKS9tQJA4+XpeCxj1NoWlfBXzbMa9IA==", + "version": "1.5.137", + "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.137.tgz", + "integrity": "sha512-/QSJaU2JyIuTbbABAo/crOs+SuAZLS+fVVS10PVrIT9hrRkmZl8Hb0xPSkKRUUWHQtYzXHpQUW3Dy5hwMzGZkA==", "dev": true, "license": "ISC" }, @@ -17894,9 +17894,9 @@ } }, "node_modules/typescript": { - "version": "5.8.2", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.8.2.tgz", - "integrity": "sha512-aJn6wq13/afZp/jT9QZmwEjDqqvSGp1VT5GVg+f/t6/oVyrgXM6BY1h9BRh/O5p3PlUPAe+WuiEZOmb/49RqoQ==", + "version": "5.8.3", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.8.3.tgz", + "integrity": "sha512-p1diW6TqL9L07nNxvRMM7hMMw4c5XOo/1ibL4aAIGmSAt9slTE1Xgw5KWuof2uTOvCg9BY7ZRi+GaF+7sfgPeQ==", "dev": true, "license": "Apache-2.0", "peer": true,