Skip to content

build(deps): bump @sigstore/verify from 3.1.1 to 4.1.0#1159

Merged
crazy-max merged 1 commit into
mainfrom
dependabot/npm_and_yarn/sigstore/verify-4.0.0
Jun 29, 2026
Merged

build(deps): bump @sigstore/verify from 3.1.1 to 4.1.0#1159
crazy-max merged 1 commit into
mainfrom
dependabot/npm_and_yarn/sigstore/verify-4.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 4, 2026

Copy link
Copy Markdown
Contributor

Bumps @sigstore/verify from 3.1.1 to 4.1.0.

Release notes

Sourced from @​sigstore/verify's releases.

@​sigstore/verify@​4.1.0

Minor Changes

  • 754e2a3: Support verification of DSSE bundles with a Rekor v2 hashedrekord transparency log entry, where the entry's digest is computed over the DSSE pre-authentication encoding (PAE) rather than the envelope payload

Patch Changes

  • Updated dependencies [04ea25a]
    • @​sigstore/core@​4.0.1

@​sigstore/verify@​4.0.0

Major Changes

  • 46c00b3: Drop support for Node 20

Patch Changes

  • Updated dependencies [46c00b3]
    • @​sigstore/bundle@​5.0.0
    • @​sigstore/core@​4.0.0
Commits
  • d406ea6 Version Packages (#1676)
  • 4245d6f Bump the prod-deps group across 1 directory with 11 updates (#1691)
  • 85c5838 Merge commit from fork
  • a063789 Bump actions/checkout from 6.0.3 to 7.0.0 (#1686)
  • 46a180c Bump the dev-deps group with 3 updates (#1688)
  • 6e64be8 Bump form-data from 4.0.4 to 4.0.6 (#1684)
  • 87ad7f1 Bump the prod-deps group across 1 directory with 12 updates (#1685)
  • bdaedac Bump the dev-deps group across 1 directory with 5 updates (#1683)
  • 98fac89 Bump the minor-patch group across 1 directory with 2 updates (#1681)
  • 754e2a3 Support DSSE bundles with Rekor v2 hashedrekord entries (#1677)
  • Additional commits viewable in compare view

@dependabot dependabot Bot changed the title build(deps): bump @sigstore/verify from 3.1.1 to 4.0.0 build(deps): bump @sigstore/verify from 3.1.1 to 4.1.0 Jun 29, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/sigstore/verify-4.0.0 branch 2 times, most recently from 1b137ce to 51487d7 Compare June 29, 2026 10:03
Bumps [@sigstore/verify](https://github.com/sigstore/sigstore-js) from 3.1.1 to 4.1.0.
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/@sigstore/verify@3.1.1...@sigstore/verify@4.1.0)

---
updated-dependencies:
- dependency-name: "@sigstore/verify"
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/sigstore/verify-4.0.0 branch from 51487d7 to f54cc2c Compare June 29, 2026 13:38
@crazy-max crazy-max merged commit 65253d8 into main Jun 29, 2026
115 of 116 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/sigstore/verify-4.0.0 branch June 29, 2026 13:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant