build(deps): bump @sigstore/tuf from 4.0.2 to 5.0.0 by dependabot[bot] · Pull Request #1160 · docker/actions-toolkit

dependabot · 2026-06-04T03:29:24Z

Bumps @sigstore/tuf from 4.0.2 to 5.0.0.

Release notes

Sourced from @sigstore/tuf's releases.

@sigstore/tuf@5.0.0

Major Changes

46c00b3: Drop support for Node 20

Patch Changes

7db2666: Update TUF seed files

74eda7a: Bump tuf-js from 4.x to 5.0.1

46c00b3: Bump tuf-js from 5.0.1 to 6.0.0

Commits

7d2900e Version Packages (#1661)
46c00b3 Drop Node 20 (#1670)
3975770 Bump the dev-deps group across 1 directory with 3 updates (#1665)
7db2666 Update TUF seed files (#1662)
ffa2c84 Bump the minor-patch group with 2 updates (#1663)
74eda7a update tuf-js to 5.0.1 (#1647)
c1dc7d4 Version Packages (#1607)
f074710 reject integratedTime w/o inclusionPromise (#1659)
7845532 OID certificate extension verification (#1658)
b5aa4f1 proper utf-8 encoding in DSSE PAE (#1657)
Additional commits viewable in compare view

Bumps [@sigstore/tuf](https://github.com/sigstore/sigstore-js) from 4.0.2 to 5.0.0. - [Release notes](https://github.com/sigstore/sigstore-js/releases) - [Commits](https://github.com/sigstore/sigstore-js/compare/@sigstore/tuf@4.0.2...@sigstore/tuf@5.0.0) --- updated-dependencies: - dependency-name: "@sigstore/tuf" dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added bot dependencies labels Jun 4, 2026

dependabot Bot force-pushed the dependabot/npm_and_yarn/sigstore/tuf-5.0.0 branch from 82efa8b to 4560db4 Compare June 29, 2026 10:03

crazy-max approved these changes Jun 29, 2026

View reviewed changes

crazy-max merged commit 320a052 into main Jun 29, 2026
116 checks passed

dependabot Bot deleted the dependabot/npm_and_yarn/sigstore/tuf-5.0.0 branch June 29, 2026 13:35

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): bump @sigstore/tuf from 4.0.2 to 5.0.0#1160

build(deps): bump @sigstore/tuf from 4.0.2 to 5.0.0#1160
crazy-max merged 1 commit into
mainfrom
dependabot/npm_and_yarn/sigstore/tuf-5.0.0

dependabot Bot commented on behalf of github Jun 4, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jun 4, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

@​sigstore/tuf@​5.0.0

Major Changes

Patch Changes

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github Jun 4, 2026 •

edited

Loading

`@sigstore/tuf@5`.0.0