deps: [email protected]

node_modules/.gitignore

@@ -38,19 +38,6 @@
 !/@sigstore/core
 !/@sigstore/protobuf-specs
 !/@sigstore/sign
-!/@sigstore/sign/node_modules/
-/@sigstore/sign/node_modules/*
-!/@sigstore/sign/node_modules/@npmcli/
-/@sigstore/sign/node_modules/@npmcli/*
-!/@sigstore/sign/node_modules/@npmcli/agent
-!/@sigstore/sign/node_modules/@npmcli/fs
-!/@sigstore/sign/node_modules/cacache
-!/@sigstore/sign/node_modules/make-fetch-happen
-!/@sigstore/sign/node_modules/minipass-fetch
-!/@sigstore/sign/node_modules/proc-log
-!/@sigstore/sign/node_modules/ssri
-!/@sigstore/sign/node_modules/unique-filename
-!/@sigstore/sign/node_modules/unique-slug
 !/@sigstore/tuf
 !/@sigstore/verify
 !/@tufjs/
@@ -222,23 +209,6 @@
 !/shebang-regex
 !/signal-exit
 !/sigstore
-!/sigstore/node_modules/
-/sigstore/node_modules/*
-!/sigstore/node_modules/@npmcli/
-/sigstore/node_modules/@npmcli/*
-!/sigstore/node_modules/@npmcli/agent
-!/sigstore/node_modules/@npmcli/fs
-!/sigstore/node_modules/@sigstore/
-/sigstore/node_modules/@sigstore/*
-!/sigstore/node_modules/@sigstore/tuf
-!/sigstore/node_modules/cacache
-!/sigstore/node_modules/make-fetch-happen
-!/sigstore/node_modules/minipass-fetch
-!/sigstore/node_modules/proc-log
-!/sigstore/node_modules/ssri
-!/sigstore/node_modules/tuf-js
-!/sigstore/node_modules/unique-filename
-!/sigstore/node_modules/unique-slug
 !/smart-buffer
 !/socks-proxy-agent
 !/socks
@@ -268,11 +238,6 @@
 !/tiny-relative-date
 !/treeverse
 !/tuf-js
-!/tuf-js/node_modules/
-/tuf-js/node_modules/*
-!/tuf-js/node_modules/@tufjs/
-/tuf-js/node_modules/@tufjs/*
-!/tuf-js/node_modules/@tufjs/models
 !/unique-filename
 !/unique-slug
 !/util-deprecate

node_modules/@sigstore/bundle/dist/build.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.toDSSEBundle = exports.toMessageSignatureBundle = void 0;
+exports.toMessageSignatureBundle = toMessageSignatureBundle;
+exports.toDSSEBundle = toDSSEBundle;
 /*
 Copyright 2023 The Sigstore Authors.
 
@@ -21,9 +22,9 @@ const bundle_1 = require("./bundle");
 // Message signature bundle - $case: 'messageSignature'
 function toMessageSignatureBundle(options) {
     return {
-        mediaType: options.singleCertificate
-            ? bundle_1.BUNDLE_V03_MEDIA_TYPE
-            : bundle_1.BUNDLE_V02_MEDIA_TYPE,
+        mediaType: options.certificateChain
+            ? bundle_1.BUNDLE_V02_MEDIA_TYPE
+            : bundle_1.BUNDLE_V03_MEDIA_TYPE,
         content: {
             $case: 'messageSignature',
             messageSignature: {
@@ -37,21 +38,19 @@ function toMessageSignatureBundle(options) {
         verificationMaterial: toVerificationMaterial(options),
     };
 }
-exports.toMessageSignatureBundle = toMessageSignatureBundle;
 // DSSE envelope bundle - $case: 'dsseEnvelope'
 function toDSSEBundle(options) {
     return {
-        mediaType: options.singleCertificate
-            ? bundle_1.BUNDLE_V03_MEDIA_TYPE
-            : bundle_1.BUNDLE_V02_MEDIA_TYPE,
+        mediaType: options.certificateChain
+            ? bundle_1.BUNDLE_V02_MEDIA_TYPE
+            : bundle_1.BUNDLE_V03_MEDIA_TYPE,
         content: {
             $case: 'dsseEnvelope',
             dsseEnvelope: toEnvelope(options),
         },
         verificationMaterial: toVerificationMaterial(options),
     };
 }
-exports.toDSSEBundle = toDSSEBundle;
 function toEnvelope(options) {
     return {
         payloadType: options.artifactType,
@@ -75,20 +74,20 @@ function toVerificationMaterial(options) {
 }
 function toKeyContent(options) {
     if (options.certificate) {
-        if (options.singleCertificate) {
-            return {
-                $case: 'certificate',
-                certificate: { rawBytes: options.certificate },
-            };
-        }
-        else {
+        if (options.certificateChain) {
             return {
                 $case: 'x509CertificateChain',
                 x509CertificateChain: {
                     certificates: [{ rawBytes: options.certificate }],
                 },
             };
         }
+        else {
+            return {
+                $case: 'certificate',
+                certificate: { rawBytes: options.certificate },
+            };
+        }
     }
     else {
         return {

node_modules/@sigstore/bundle/dist/bundle.js

@@ -1,6 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.isBundleWithDsseEnvelope = exports.isBundleWithMessageSignature = exports.isBundleWithPublicKey = exports.isBundleWithCertificateChain = exports.BUNDLE_V03_MEDIA_TYPE = exports.BUNDLE_V03_LEGACY_MEDIA_TYPE = exports.BUNDLE_V02_MEDIA_TYPE = exports.BUNDLE_V01_MEDIA_TYPE = void 0;
+exports.BUNDLE_V03_MEDIA_TYPE = exports.BUNDLE_V03_LEGACY_MEDIA_TYPE = exports.BUNDLE_V02_MEDIA_TYPE = exports.BUNDLE_V01_MEDIA_TYPE = void 0;
+exports.isBundleWithCertificateChain = isBundleWithCertificateChain;
+exports.isBundleWithPublicKey = isBundleWithPublicKey;
+exports.isBundleWithMessageSignature = isBundleWithMessageSignature;
+exports.isBundleWithDsseEnvelope = isBundleWithDsseEnvelope;
 exports.BUNDLE_V01_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle+json;version=0.1';
 exports.BUNDLE_V02_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle+json;version=0.2';
 exports.BUNDLE_V03_LEGACY_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle+json;version=0.3';
@@ -9,16 +13,12 @@ exports.BUNDLE_V03_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle.v0.3+json';
 function isBundleWithCertificateChain(b) {
     return b.verificationMaterial.content.$case === 'x509CertificateChain';
 }
-exports.isBundleWithCertificateChain = isBundleWithCertificateChain;
 function isBundleWithPublicKey(b) {
     return b.verificationMaterial.content.$case === 'publicKey';
 }
-exports.isBundleWithPublicKey = isBundleWithPublicKey;
 function isBundleWithMessageSignature(b) {
     return b.content.$case === 'messageSignature';
 }
-exports.isBundleWithMessageSignature = isBundleWithMessageSignature;
 function isBundleWithDsseEnvelope(b) {
     return b.content.$case === 'dsseEnvelope';
 }
-exports.isBundleWithDsseEnvelope = isBundleWithDsseEnvelope;

node_modules/@sigstore/bundle/dist/validate.js

@@ -1,6 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.assertBundleLatest = exports.assertBundleV02 = exports.isBundleV01 = exports.assertBundleV01 = exports.assertBundle = void 0;
+exports.assertBundle = assertBundle;
+exports.assertBundleV01 = assertBundleV01;
+exports.isBundleV01 = isBundleV01;
+exports.assertBundleV02 = assertBundleV02;
+exports.assertBundleLatest = assertBundleLatest;
 /*
 Copyright 2023 The Sigstore Authors.
 
@@ -27,7 +31,6 @@ function assertBundle(b) {
         throw new error_1.ValidationError('invalid bundle', invalidValues);
     }
 }
-exports.assertBundle = assertBundle;
 // Asserts that the given bundle conforms to the v0.1 bundle format.
 function assertBundleV01(b) {
     const invalidValues = [];
@@ -37,7 +40,6 @@ function assertBundleV01(b) {
         throw new error_1.ValidationError('invalid v0.1 bundle', invalidValues);
     }
 }
-exports.assertBundleV01 = assertBundleV01;
 // Type guard to determine if Bundle is a v0.1 bundle.
 function isBundleV01(b) {
     try {
@@ -48,7 +50,6 @@ function isBundleV01(b) {
         return false;
     }
 }
-exports.isBundleV01 = isBundleV01;
 // Asserts that the given bundle conforms to the v0.2 bundle format.
 function assertBundleV02(b) {
     const invalidValues = [];
@@ -58,7 +59,6 @@ function assertBundleV02(b) {
         throw new error_1.ValidationError('invalid v0.2 bundle', invalidValues);
     }
 }
-exports.assertBundleV02 = assertBundleV02;
 // Asserts that the given bundle conforms to the newest (0.3) bundle format.
 function assertBundleLatest(b) {
     const invalidValues = [];
@@ -69,7 +69,6 @@ function assertBundleLatest(b) {
         throw new error_1.ValidationError('invalid bundle', invalidValues);
     }
 }
-exports.assertBundleLatest = assertBundleLatest;
 function validateBundleBase(b) {
     const invalidValues = [];
     // Media type validation
@@ -192,6 +191,7 @@ function validateInclusionProof(b) {
 // Necessary for V03 and later bundles
 function validateNoCertificateChain(b) {
     const invalidValues = [];
+    /* istanbul ignore next */
     if (b.verificationMaterial?.content?.$case === 'x509CertificateChain') {
         invalidValues.push('verificationMaterial.content.$case');
     }

node_modules/@sigstore/bundle/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sigstore/bundle",
-  "version": "2.3.2",
+  "version": "3.0.0",
   "description": "Sigstore bundle type",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -30,6 +30,6 @@
     "@sigstore/protobuf-specs": "^0.3.2"
   },
   "engines": {
-    "node": "^16.14.0 || >=18.0.0"
+    "node": "^18.17.0 || >=20.5.0"
   }
 }

node_modules/@sigstore/core/dist/asn1/length.js

@@ -15,7 +15,8 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.encodeLength = exports.decodeLength = void 0;
+exports.decodeLength = decodeLength;
+exports.encodeLength = encodeLength;
 const error_1 = require("./error");
 // Decodes the length of a DER-encoded ANS.1 element from the supplied stream.
 // https://learn.microsoft.com/en-us/windows/win32/seccertenroll/about-encoded-length-and-value-bytes
@@ -44,7 +45,6 @@ function decodeLength(stream) {
     }
     return len;
 }
-exports.decodeLength = decodeLength;
 // Translates the supplied value to a DER-encoded length.
 function encodeLength(len) {
     if (len < 128) {
@@ -60,4 +60,3 @@ function encodeLength(len) {
     }
     return Buffer.from([0x80 | bytes.length, ...bytes]);
 }
-exports.encodeLength = encodeLength;

node_modules/@sigstore/core/dist/asn1/parse.js

@@ -1,6 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.parseBitString = exports.parseBoolean = exports.parseOID = exports.parseTime = exports.parseStringASCII = exports.parseInteger = void 0;
+exports.parseInteger = parseInteger;
+exports.parseStringASCII = parseStringASCII;
+exports.parseTime = parseTime;
+exports.parseOID = parseOID;
+exports.parseBoolean = parseBoolean;
+exports.parseBitString = parseBitString;
 /*
 Copyright 2023 The Sigstore Authors.
 
@@ -43,13 +48,11 @@ function parseInteger(buf) {
     }
     return n;
 }
-exports.parseInteger = parseInteger;
 // Parse an ASCII string from the DER-encoded buffer
 // https://learn.microsoft.com/en-us/windows/win32/seccertenroll/about-basic-types#boolean
 function parseStringASCII(buf) {
     return buf.toString('ascii');
 }
-exports.parseStringASCII = parseStringASCII;
 // Parse a Date from the DER-encoded buffer
 // https://www.rfc-editor.org/rfc/rfc5280#section-4.1.2.5.1
 function parseTime(buf, shortYear) {
@@ -70,7 +73,6 @@ function parseTime(buf, shortYear) {
     // Translate to ISO8601 format and parse
     return new Date(`${m[1]}-${m[2]}-${m[3]}T${m[4]}:${m[5]}:${m[6]}Z`);
 }
-exports.parseTime = parseTime;
 // Parse an OID from the DER-encoded buffer
 // https://learn.microsoft.com/en-us/windows/win32/seccertenroll/about-object-identifier
 function parseOID(buf) {
@@ -95,13 +97,11 @@ function parseOID(buf) {
     }
     return oid;
 }
-exports.parseOID = parseOID;
 // Parse a boolean from the DER-encoded buffer
 // https://learn.microsoft.com/en-us/windows/win32/seccertenroll/about-basic-types#boolean
 function parseBoolean(buf) {
     return buf[0] !== 0;
 }
-exports.parseBoolean = parseBoolean;
 // Parse a bit string from the DER-encoded buffer
 // https://learn.microsoft.com/en-us/windows/win32/seccertenroll/about-bit-string
 function parseBitString(buf) {
@@ -122,4 +122,3 @@ function parseBitString(buf) {
     }
     return bits;
 }
-exports.parseBitString = parseBitString;

node_modules/@sigstore/core/dist/crypto.js

@@ -3,7 +3,10 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.bufferEqual = exports.verify = exports.hash = exports.digest = exports.createPublicKey = void 0;
+exports.createPublicKey = createPublicKey;
+exports.digest = digest;
+exports.verify = verify;
+exports.bufferEqual = bufferEqual;
 /*
 Copyright 2023 The Sigstore Authors.
 
@@ -20,7 +23,6 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 const crypto_1 = __importDefault(require("crypto"));
-const SHA256_ALGORITHM = 'sha256';
 function createPublicKey(key, type = 'spki') {
     if (typeof key === 'string') {
         return crypto_1.default.createPublicKey(key);
@@ -29,24 +31,13 @@ function createPublicKey(key, type = 'spki') {
         return crypto_1.default.createPublicKey({ key, format: 'der', type: type });
     }
 }
-exports.createPublicKey = createPublicKey;
 function digest(algorithm, ...data) {
     const hash = crypto_1.default.createHash(algorithm);
     for (const d of data) {
         hash.update(d);
     }
     return hash.digest();
 }
-exports.digest = digest;
-// TODO: deprecate this in favor of digest()
-function hash(...data) {
-    const hash = crypto_1.default.createHash(SHA256_ALGORITHM);
-    for (const d of data) {
-        hash.update(d);
-    }
-    return hash.digest();
-}
-exports.hash = hash;
 function verify(data, key, signature, algorithm) {
     // The try/catch is to work around an issue in Node 14.x where verify throws
     // an error in some scenarios if the signature is invalid.
@@ -58,7 +49,6 @@ function verify(data, key, signature, algorithm) {
         return false;
     }
 }
-exports.verify = verify;
 function bufferEqual(a, b) {
     try {
         return crypto_1.default.timingSafeEqual(a, b);
@@ -68,4 +58,3 @@ function bufferEqual(a, b) {
         return false;
     }
 }
-exports.bufferEqual = bufferEqual;

node_modules/@sigstore/core/dist/dsse.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.preAuthEncoding = void 0;
+exports.preAuthEncoding = preAuthEncoding;
 /*
 Copyright 2023 The Sigstore Authors.
 
@@ -28,4 +28,3 @@ function preAuthEncoding(payloadType, payload) {
     ].join(' ');
     return Buffer.concat([Buffer.from(prefix, 'ascii'), payload]);
 }
-exports.preAuthEncoding = preAuthEncoding;