Skip to content

chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates#2749

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-36da88f257
Open

chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates#2749
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-36da88f257

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 15, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 2 updates in the / directory: sigstore and websocket-driver.

Updates sigstore from 1.9.0 to 4.1.1

Release notes

Sourced from sigstore's releases.

sigstore@4.1.1

Patch Changes

  • 7845532: Verification of OID certificate extensions
  • f074710: Require inclusion promise in Rekor entry when used as timestamp source
  • Updated dependencies [b5aa4f1]
  • Updated dependencies [7845532]
  • Updated dependencies [f074710]
    • @​sigstore/core@​3.2.1
    • @​sigstore/verify@​3.1.1

sigstore@4.1.0

Minor Changes

  • eba6a52: verify(bundle[, payload][, options]) now returns a Signer object containing the public key and identity information from the verification.

Patch Changes

  • Updated dependencies [cee51c0]
  • Updated dependencies [2042aad]
  • Updated dependencies [018974e]
  • Updated dependencies [dea916f]
  • Updated dependencies [61a4f9e]
  • Updated dependencies [5ffadc0]
  • Updated dependencies [5ffadc0]
  • Updated dependencies [1663b3e]
    • @​sigstore/tuf@​4.0.1
    • @​sigstore/verify@​3.1.0
    • @​sigstore/sign@​4.1.0
    • @​sigstore/core@​3.1.0

sigstore@4.0.0

Major Changes

  • 383e200: Drop support for node 18

Patch Changes

  • Updated dependencies [40395f5]
  • Updated dependencies [383e200]
  • Updated dependencies [383e200]
  • Updated dependencies [383e200]
    • @​sigstore/tuf@​4.0.0
    • @​sigstore/sign@​4.0.0
    • @​sigstore/bundle@​4.0.0
    • @​sigstore/verify@​3.0.0
    • @​sigstore/core@​3.0.0

sigstore@3.1.0

Minor Changes

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for sigstore since your current version.


Updates websocket-driver from 0.7.4 to 0.7.5

Changelog

Sourced from websocket-driver's changelog.

0.7.5 / 2026-06-04

  • Close a draft-75/76 connection if a length header grows to exceed the configured max length
  • Fail the connection if a message is larger than the configured max length after extension processing
Commits
  • 5d6a9aa Bump version to 0.7.5
  • c55679a Fail the connection if a message is larger than the configured max length aft...
  • 5b197ca Close a draft-75/76 connection if a length header grows to exceed the configu...
  • fc93a48 Test on Node v22, v24, and v26
  • 2e82d34 Test on recent versions of Node
  • e4962db Switch from Travis CI to GitHub Actions
  • 3f2f9b7 Travis update: cache npm modules, remove sudo, run on Node 15
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 15, 2026
@dependabot
dependabot Bot requested a review from a team as a code owner July 15, 2026 23:05
@dependabot
dependabot Bot requested review from maribethb and removed request for a team July 15, 2026 23:05
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 15, 2026
…dates

Bumps the npm_and_yarn group with 2 updates in the / directory: [sigstore](https://github.com/sigstore/sigstore-js) and [websocket-driver](https://github.com/faye/websocket-driver-node).


Updates `sigstore` from 1.9.0 to 4.1.1
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@1.9.0...sigstore@4.1.1)

Updates `websocket-driver` from 0.7.4 to 0.7.5
- [Changelog](https://github.com/faye/websocket-driver-node/blob/main/CHANGELOG.md)
- [Commits](faye/websocket-driver-node@0.7.4...0.7.5)

---
updated-dependencies:
- dependency-name: sigstore
  dependency-version: 4.1.1
  dependency-type: indirect
- dependency-name: websocket-driver
  dependency-version: 0.7.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-36da88f257 branch from 21f3247 to cf2d06e Compare July 16, 2026 15:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant