From c225a96d178ac5b693acb1452668b083bef3dd98 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Wed, 4 Dec 2024 00:18:24 +0000 Subject: [PATCH] feat: upgrade @sigstore/sign from 2.3.2 to 3.0.0 Snyk has created this PR to upgrade @sigstore/sign from 2.3.2 to 3.0.0. See this package in npm: @sigstore/sign See this project in Snyk: https://app.snyk.io/org/nerds-github/project/00eaf84d-a05e-4e1a-923e-697960352bb8?utm_source=github&utm_medium=referral&page=upgrade-pr --- packages/attest/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/attest/package.json b/packages/attest/package.json index 22f01f4d7b..88ea559375 100644 --- a/packages/attest/package.json +++ b/packages/attest/package.json @@ -47,7 +47,7 @@ "@actions/http-client": "^2.2.3", "@octokit/plugin-retry": "^6.0.1", "@sigstore/bundle": "^2.3.2", - "@sigstore/sign": "^2.3.2", + "@sigstore/sign": "^3.0.0", "jose": "^5.2.3" }, "overrides": {