deps: sigstore@4.1.1

owlstronaut · owlstronaut · commit 7f6c6ef49023 · 2026-05-27T12:40:28.000-07:00
diff --git a/node_modules/sigstore/dist/config.js b/node_modules/sigstore/dist/config.js
@@ -65,6 +65,12 @@ function createVerificationPolicy(options) {
     if (options.certificateIssuer) {
         policy.extensions = { issuer: options.certificateIssuer };
     }
+    if (options.certificateOIDs) {
+        policy.oids = Object.entries(options.certificateOIDs).map(([oid, value]) => ({
+            oid: { id: oid.split('.').map(Number) },
+            value: Buffer.from(value),
+        }));
+    }
     return policy;
 }
 // Instantiate the FulcioSigner based on the supplied options.
diff --git a/node_modules/sigstore/package.json b/node_modules/sigstore/package.json
@@ -1,6 +1,6 @@
 {
   "name": "sigstore",
-  "version": "4.1.0",
+  "version": "4.1.1",
   "description": "code-signing for npm packages",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -29,17 +29,17 @@
   "devDependencies": {
     "@sigstore/rekor-types": "^4.0.0",
     "@sigstore/jest": "^0.0.0",
-    "@sigstore/mock": "^0.11.0",
-    "@tufjs/repo-mock": "^4.0.0",
+    "@sigstore/mock": "^0.12.1",
+    "@tufjs/repo-mock": "^4.0.1",
     "@types/make-fetch-happen": "^10.0.4"
   },
   "dependencies": {
     "@sigstore/bundle": "^4.0.0",
-    "@sigstore/core": "^3.1.0",
+    "@sigstore/core": "^3.2.1",
     "@sigstore/protobuf-specs": "^0.5.0",
-    "@sigstore/sign": "^4.1.0",
-    "@sigstore/tuf": "^4.0.1",
-    "@sigstore/verify": "^3.1.0"
+    "@sigstore/sign": "^4.1.1",
+    "@sigstore/tuf": "^4.0.2",
+    "@sigstore/verify": "^3.1.1"
   },
   "engines": {
     "node": "^20.17.0 || >=22.9.0"
diff --git a/package-lock.json b/package-lock.json
@@ -10862,18 +10862,18 @@
       }
     },
     "node_modules/sigstore": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/sigstore/-/sigstore-4.1.0.tgz",
-      "integrity": "sha512-/fUgUhYghuLzVT/gaJoeVehLCgZiUxPCPMcyVNY0lIf/cTCz58K/WTI7PefDarXxp9nUKpEwg1yyz3eSBMTtgA==",
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/sigstore/-/sigstore-4.1.1.tgz",
+      "integrity": "sha512-endqECJkfhozrXMK5ngu/UAA0xVcVEFdnHJCElGaExypjW+HK5i6zu3NteLoaX/iFbRUbC3+DjttQs0GARr+5w==",
       "inBundle": true,
       "license": "Apache-2.0",
       "dependencies": {
         "@sigstore/bundle": "^4.0.0",
-        "@sigstore/core": "^3.1.0",
+        "@sigstore/core": "^3.2.1",
         "@sigstore/protobuf-specs": "^0.5.0",
-        "@sigstore/sign": "^4.1.0",
-        "@sigstore/tuf": "^4.0.1",
-        "@sigstore/verify": "^3.1.0"
+        "@sigstore/sign": "^4.1.1",
+        "@sigstore/tuf": "^4.0.2",
+        "@sigstore/verify": "^3.1.1"
       },
       "engines": {
         "node": "^20.17.0 || >=22.9.0"

Original file line number	Diff line number	Diff line change
`@@ -65,6 +65,12 @@ function createVerificationPolicy(options) {`
`65`	`65`	`if (options.certificateIssuer) {`
`66`	`66`	`policy.extensions = { issuer: options.certificateIssuer };`
`67`	`67`	`}`
	`68`	`+ if (options.certificateOIDs) {`
	`69`	`+ policy.oids = Object.entries(options.certificateOIDs).map(([oid, value]) => ({`
	`70`	`+ oid: { id: oid.split('.').map(Number) },`
	`71`	`+ value: Buffer.from(value),`
	`72`	`+ }));`
	`73`	`+ }`
`68`	`74`	`return policy;`
`69`	`75`	`}`
`70`	`76`	`// Instantiate the FulcioSigner based on the supplied options.`