Merge branch 'main' into neo-cache-service

2024-10-21 02:25:12 -07:00 · 2024-10-21 02:25:12 -07:00 · d399e33060
parent 4d1dedf2c7 29d342f176
commit d399e33060
4 changed files with 758 additions and 684 deletions
--- a/packages/attest/RELEASES.md
+++ b/packages/attest/RELEASES.md
@ -1,8 +1,15 @@
 # @actions/attest Releases

+### 1.5.0
+
+- Bump @actions/core from 1.10.1 to 1.11.1 [#1847](https://github.com/actions/toolkit/pull/1847)
+- Bump @sigstore/bundle from 2.3.2 to 3.0.0 [#1846](https://github.com/actions/toolkit/pull/1846)
+- Bump @sigstore/sign from 2.3.2 to 3.0.0 [#1846](https://github.com/actions/toolkit/pull/1846)
+
 ### 1.4.2

 - Fix bug in `buildSLSAProvenancePredicate`/`attestProvenance` when generating provenance statement for enterprise account using customized OIDC issuer value [#1823](https://github.com/actions/toolkit/pull/1823)
+
 ### 1.4.1

 - Bump @actions/http-client from 2.2.1 to 2.2.3 [#1805](https://github.com/actions/toolkit/pull/1805)
--- a/packages/attest/package-lock.json
+++ b/packages/attest/package-lock.json
--- a/packages/attest/package.json
+++ b/packages/attest/package.json
@ -1,6 +1,6 @@
 {
  "name": "@actions/attest",
-  "version": "1.4.2",
+  "version": "1.5.0",
  "description": "Actions attestation lib",
  "keywords": [
    "github",
@ -35,19 +35,19 @@
    "url": "https://github.com/actions/toolkit/issues"
  },
  "devDependencies": {
-    "@sigstore/mock": "^0.7.4",
-    "@sigstore/rekor-types": "^2.0.0",
+    "@sigstore/mock": "^0.8.0",
+    "@sigstore/rekor-types": "^3.0.0",
    "@types/jsonwebtoken": "^9.0.6",
    "nock": "^13.5.1",
    "undici": "^5.28.4"
  },
  "dependencies": {
-    "@actions/core": "^1.10.1",
+    "@actions/core": "^1.11.1",
    "@actions/github": "^6.0.0",
    "@actions/http-client": "^2.2.3",
    "@octokit/plugin-retry": "^6.0.1",
-    "@sigstore/bundle": "^2.3.2",
-    "@sigstore/sign": "^2.3.2",
+    "@sigstore/bundle": "^3.0.0",
+    "@sigstore/sign": "^3.0.0",
    "jose": "^5.2.3"
  },
  "overrides": {
--- a/packages/attest/src/sign.ts
+++ b/packages/attest/src/sign.ts
@ -86,7 +86,6 @@ const initBundleBuilder = (opts: SignOptions): BundleBuilder => {
    witnesses.push(
      new RekorWitness({
        rekorBaseURL: opts.rekorURL,
-        entryType: 'dsse',
        fetchOnConflict: true,
        timeout,
        retry
@ -106,5 +105,5 @@ const initBundleBuilder = (opts: SignOptions): BundleBuilder => {

  // Build the bundle with the singleCertificate option which will
  // trigger the creation of v0.3 DSSE bundles
-  return new DSSEBundleBuilder({signer, witnesses, singleCertificate: true})
+  return new DSSEBundleBuilder({signer, witnesses})
 }