Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deps updates #7357

Merged
merged 11 commits into from
Apr 9, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions node_modules/.gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -208,6 +208,9 @@
!/socks-proxy-agent
!/socks
!/spdx-correct
!/spdx-correct/node_modules/
/spdx-correct/node_modules/*
!/spdx-correct/node_modules/spdx-expression-parse
!/spdx-exceptions
!/spdx-expression-parse
!/spdx-license-ids
Expand All @@ -233,6 +236,9 @@
!/unique-slug
!/util-deprecate
!/validate-npm-package-license
!/validate-npm-package-license/node_modules/
/validate-npm-package-license/node_modules/*
!/validate-npm-package-license/node_modules/spdx-expression-parse
!/validate-npm-package-name
!/walk-up-path
!/wcwidth
Expand Down
5 changes: 4 additions & 1 deletion node_modules/@npmcli/agent/lib/agents.js
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,10 @@ module.exports = class Agent extends AgentBase {
ProxyAgent = this.isSecureEndpoint(options) ? ProxyAgent[1] : ProxyAgent[0]
}

const proxyAgent = new ProxyAgent(proxy, this.#options)
const proxyAgent = new ProxyAgent(proxy, {
...this.#options,
socketOptions: { family: this.#options.family },
})
proxyCache.set(cacheKey, proxyAgent)

return proxyAgent
Expand Down
4 changes: 2 additions & 2 deletions node_modules/@npmcli/agent/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@npmcli/agent",
"version": "2.2.1",
"version": "2.2.2",
"description": "the http/https agent used by the npm cli",
"main": "lib/index.js",
"scripts": {
Expand Down Expand Up @@ -36,7 +36,7 @@
"http-proxy-agent": "^7.0.0",
"https-proxy-agent": "^7.0.1",
"lru-cache": "^10.0.1",
"socks-proxy-agent": "^8.0.1"
"socks-proxy-agent": "^8.0.3"
},
"devDependencies": {
"@npmcli/eslint-config": "^4.0.0",
Expand Down
4 changes: 1 addition & 3 deletions node_modules/@npmcli/git/lib/is.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,4 @@
// not an airtight indicator, but a good gut-check to even bother trying
const { promisify } = require('util')
const fs = require('fs')
const stat = promisify(fs.stat)
const { stat } = require('fs/promises')
module.exports = ({ cwd = process.cwd() } = {}) =>
stat(cwd + '/.git').then(() => true, () => false)
2 changes: 1 addition & 1 deletion node_modules/@npmcli/git/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@npmcli/git",
"version": "5.0.4",
"version": "5.0.5",
"main": "lib/index.js",
"files": [
"bin/",
Expand Down
13 changes: 7 additions & 6 deletions node_modules/@npmcli/package-json/lib/normalize.js
Original file line number Diff line number Diff line change
@@ -1,11 +1,9 @@
const semver = require('semver')
const valid = require('semver/functions/valid')
const clean = require('semver/functions/clean')
const fs = require('fs/promises')
const { glob } = require('glob')
const legacyFixer = require('normalize-package-data/lib/fixer.js')
const legacyMakeWarning = require('normalize-package-data/lib/make_warning.js')
const path = require('path')
const log = require('proc-log')
const git = require('@npmcli/git')
const hostedGitInfo = require('hosted-git-info')

// used to be npm-normalize-package-bin
Expand Down Expand Up @@ -130,10 +128,10 @@ const normalize = async (pkg, { strict, steps, root, changes, allowLegacyCase })
if (!data.version) {
data.version = ''
} else {
if (!semver.valid(data.version, loose)) {
if (!valid(data.version, loose)) {
throw new Error(`Invalid version: "${data.version}"`)
}
const version = semver.clean(data.version, loose)
const version = clean(data.version, loose)
if (version !== data.version) {
changes?.push(`"version" was cleaned and set to "${version}"`)
data.version = version
Expand Down Expand Up @@ -333,6 +331,7 @@ const normalize = async (pkg, { strict, steps, root, changes, allowLegacyCase })

// populate "gitHead" attribute
if (steps.includes('gitHead') && !data.gitHead) {
const git = require('@npmcli/git')
const gitRoot = await git.find({ cwd: pkg.path, root })
let head
if (gitRoot) {
Expand Down Expand Up @@ -518,6 +517,8 @@ const normalize = async (pkg, { strict, steps, root, changes, allowLegacyCase })
}

if (steps.includes('normalizeData')) {
const legacyFixer = require('normalize-package-data/lib/fixer.js')
const legacyMakeWarning = require('normalize-package-data/lib/make_warning.js')
legacyFixer.warn = function () {
changes?.push(legacyMakeWarning.apply(null, arguments))
}
Expand Down
18 changes: 6 additions & 12 deletions node_modules/@npmcli/package-json/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@npmcli/package-json",
"version": "5.0.0",
"version": "5.0.1",
"description": "Programmatic API to update package.json",
"main": "lib/index.js",
"files": [
Expand All @@ -10,7 +10,7 @@
"scripts": {
"snap": "tap",
"test": "tap",
"lint": "eslint \"**/*.js\"",
"lint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"",
"lintfix": "npm run lint -- --fix",
"posttest": "npm run lint",
"postsnap": "npm run lintfix --",
Expand All @@ -25,8 +25,8 @@
"license": "ISC",
"devDependencies": {
"@npmcli/eslint-config": "^4.0.0",
"@npmcli/template-oss": "4.18.0",
"read-package-json": "^6.0.4",
"@npmcli/template-oss": "4.21.3",
"read-package-json": "^7.0.0",
"read-package-json-fast": "^3.0.2",
"tap": "^16.0.1"
},
Expand All @@ -48,14 +48,8 @@
},
"templateOSS": {
"//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
"version": "4.18.0",
"publish": "true",
"ciVersions": [
"16.14.0",
"16.x",
"18.0.0",
"18.x"
]
"version": "4.21.3",
"publish": "true"
},
"tap": {
"nyc-arg": [
Expand Down
28 changes: 20 additions & 8 deletions node_modules/@sigstore/bundle/dist/build.js
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,9 @@ const bundle_1 = require("./bundle");
// Message signature bundle - $case: 'messageSignature'
function toMessageSignatureBundle(options) {
return {
mediaType: bundle_1.BUNDLE_V02_MEDIA_TYPE,
mediaType: options.singleCertificate
? bundle_1.BUNDLE_V03_MEDIA_TYPE
: bundle_1.BUNDLE_V02_MEDIA_TYPE,
content: {
$case: 'messageSignature',
messageSignature: {
Expand All @@ -39,7 +41,9 @@ exports.toMessageSignatureBundle = toMessageSignatureBundle;
// DSSE envelope bundle - $case: 'dsseEnvelope'
function toDSSEBundle(options) {
return {
mediaType: bundle_1.BUNDLE_V02_MEDIA_TYPE,
mediaType: options.singleCertificate
? bundle_1.BUNDLE_V03_MEDIA_TYPE
: bundle_1.BUNDLE_V02_MEDIA_TYPE,
content: {
$case: 'dsseEnvelope',
dsseEnvelope: toEnvelope(options),
Expand Down Expand Up @@ -71,12 +75,20 @@ function toVerificationMaterial(options) {
}
function toKeyContent(options) {
if (options.certificate) {
return {
$case: 'x509CertificateChain',
x509CertificateChain: {
certificates: [{ rawBytes: options.certificate }],
},
};
if (options.singleCertificate) {
return {
$case: 'certificate',
certificate: { rawBytes: options.certificate },
};
}
else {
return {
$case: 'x509CertificateChain',
x509CertificateChain: {
certificates: [{ rawBytes: options.certificate }],
},
};
}
}
else {
return {
Expand Down
5 changes: 3 additions & 2 deletions node_modules/@sigstore/bundle/dist/bundle.js
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.isBundleWithDsseEnvelope = exports.isBundleWithMessageSignature = exports.isBundleWithPublicKey = exports.isBundleWithCertificateChain = exports.BUNDLE_V03_MEDIA_TYPE = exports.BUNDLE_V02_MEDIA_TYPE = exports.BUNDLE_V01_MEDIA_TYPE = void 0;
exports.isBundleWithDsseEnvelope = exports.isBundleWithMessageSignature = exports.isBundleWithPublicKey = exports.isBundleWithCertificateChain = exports.BUNDLE_V03_MEDIA_TYPE = exports.BUNDLE_V03_LEGACY_MEDIA_TYPE = exports.BUNDLE_V02_MEDIA_TYPE = exports.BUNDLE_V01_MEDIA_TYPE = void 0;
exports.BUNDLE_V01_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle+json;version=0.1';
exports.BUNDLE_V02_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle+json;version=0.2';
exports.BUNDLE_V03_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle+json;version=0.3';
exports.BUNDLE_V03_LEGACY_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle+json;version=0.3';
exports.BUNDLE_V03_MEDIA_TYPE = 'application/vnd.dev.sigstore.bundle.v0.3+json';
// Type guards for bundle variants.
function isBundleWithCertificateChain(b) {
return b.verificationMaterial.content.$case === 'x509CertificateChain';
Expand Down
3 changes: 2 additions & 1 deletion node_modules/@sigstore/bundle/dist/index.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.isBundleV01 = exports.assertBundleV02 = exports.assertBundleV01 = exports.assertBundleLatest = exports.assertBundle = exports.envelopeToJSON = exports.envelopeFromJSON = exports.bundleToJSON = exports.bundleFromJSON = exports.ValidationError = exports.isBundleWithPublicKey = exports.isBundleWithMessageSignature = exports.isBundleWithDsseEnvelope = exports.isBundleWithCertificateChain = exports.BUNDLE_V03_MEDIA_TYPE = exports.BUNDLE_V02_MEDIA_TYPE = exports.BUNDLE_V01_MEDIA_TYPE = exports.toMessageSignatureBundle = exports.toDSSEBundle = void 0;
exports.isBundleV01 = exports.assertBundleV02 = exports.assertBundleV01 = exports.assertBundleLatest = exports.assertBundle = exports.envelopeToJSON = exports.envelopeFromJSON = exports.bundleToJSON = exports.bundleFromJSON = exports.ValidationError = exports.isBundleWithPublicKey = exports.isBundleWithMessageSignature = exports.isBundleWithDsseEnvelope = exports.isBundleWithCertificateChain = exports.BUNDLE_V03_MEDIA_TYPE = exports.BUNDLE_V03_LEGACY_MEDIA_TYPE = exports.BUNDLE_V02_MEDIA_TYPE = exports.BUNDLE_V01_MEDIA_TYPE = exports.toMessageSignatureBundle = exports.toDSSEBundle = void 0;
/*
Copyright 2023 The Sigstore Authors.

Expand All @@ -22,6 +22,7 @@ Object.defineProperty(exports, "toMessageSignatureBundle", { enumerable: true, g
var bundle_1 = require("./bundle");
Object.defineProperty(exports, "BUNDLE_V01_MEDIA_TYPE", { enumerable: true, get: function () { return bundle_1.BUNDLE_V01_MEDIA_TYPE; } });
Object.defineProperty(exports, "BUNDLE_V02_MEDIA_TYPE", { enumerable: true, get: function () { return bundle_1.BUNDLE_V02_MEDIA_TYPE; } });
Object.defineProperty(exports, "BUNDLE_V03_LEGACY_MEDIA_TYPE", { enumerable: true, get: function () { return bundle_1.BUNDLE_V03_LEGACY_MEDIA_TYPE; } });
Object.defineProperty(exports, "BUNDLE_V03_MEDIA_TYPE", { enumerable: true, get: function () { return bundle_1.BUNDLE_V03_MEDIA_TYPE; } });
Object.defineProperty(exports, "isBundleWithCertificateChain", { enumerable: true, get: function () { return bundle_1.isBundleWithCertificateChain; } });
Object.defineProperty(exports, "isBundleWithDsseEnvelope", { enumerable: true, get: function () { return bundle_1.isBundleWithDsseEnvelope; } });
Expand Down
3 changes: 2 additions & 1 deletion node_modules/@sigstore/bundle/dist/validate.js
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,8 @@ function validateBundleBase(b) {
const invalidValues = [];
// Media type validation
if (b.mediaType === undefined ||
!b.mediaType.startsWith('application/vnd.dev.sigstore.bundle+json;version=')) {
(!b.mediaType.match(/^application\/vnd\.dev\.sigstore\.bundle\+json;version=\d\.\d/) &&
!b.mediaType.match(/^application\/vnd\.dev\.sigstore\.bundle\.v\d\.\d\+json/))) {
invalidValues.push('mediaType');
}
// Content-related validation
Expand Down
4 changes: 2 additions & 2 deletions node_modules/@sigstore/bundle/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@sigstore/bundle",
"version": "2.2.0",
"version": "2.3.1",
"description": "Sigstore bundle type",
"main": "dist/index.js",
"types": "dist/index.d.ts",
Expand All @@ -27,7 +27,7 @@
"provenance": true
},
"dependencies": {
"@sigstore/protobuf-specs": "^0.3.0"
"@sigstore/protobuf-specs": "^0.3.1"
},
"engines": {
"node": "^16.14.0 || >=18.0.0"
Expand Down
4 changes: 2 additions & 2 deletions node_modules/@sigstore/core/dist/crypto.js
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,12 @@ limitations under the License.
*/
const crypto_1 = __importDefault(require("crypto"));
const SHA256_ALGORITHM = 'sha256';
function createPublicKey(key) {
function createPublicKey(key, type = 'spki') {
if (typeof key === 'string') {
return crypto_1.default.createPublicKey(key);
}
else {
return crypto_1.default.createPublicKey({ key, format: 'der', type: 'spki' });
return crypto_1.default.createPublicKey({ key, format: 'der', type: type });
}
}
exports.createPublicKey = createPublicKey;
Expand Down
2 changes: 1 addition & 1 deletion node_modules/@sigstore/core/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@sigstore/core",
"version": "1.0.0",
"version": "1.1.0",
"description": "Base library for Sigstore",
"main": "dist/index.js",
"types": "dist/index.d.ts",
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.TrustedRoot = exports.CertificateAuthority = exports.TransparencyLogInstance = void 0;
exports.ClientTrustConfig = exports.SigningConfig = exports.TrustedRoot = exports.CertificateAuthority = exports.TransparencyLogInstance = void 0;
/* eslint-disable */
const sigstore_common_1 = require("./sigstore_common");
function createBaseTransparencyLogInstance() {
Expand Down Expand Up @@ -98,6 +98,58 @@ exports.TrustedRoot = {
return obj;
},
};
function createBaseSigningConfig() {
return { caUrl: "", oidcUrl: "", tlogUrls: [], tsaUrls: [] };
}
exports.SigningConfig = {
fromJSON(object) {
return {
caUrl: isSet(object.caUrl) ? String(object.caUrl) : "",
oidcUrl: isSet(object.oidcUrl) ? String(object.oidcUrl) : "",
tlogUrls: Array.isArray(object?.tlogUrls) ? object.tlogUrls.map((e) => String(e)) : [],
tsaUrls: Array.isArray(object?.tsaUrls) ? object.tsaUrls.map((e) => String(e)) : [],
};
},
toJSON(message) {
const obj = {};
message.caUrl !== undefined && (obj.caUrl = message.caUrl);
message.oidcUrl !== undefined && (obj.oidcUrl = message.oidcUrl);
if (message.tlogUrls) {
obj.tlogUrls = message.tlogUrls.map((e) => e);
}
else {
obj.tlogUrls = [];
}
if (message.tsaUrls) {
obj.tsaUrls = message.tsaUrls.map((e) => e);
}
else {
obj.tsaUrls = [];
}
return obj;
},
};
function createBaseClientTrustConfig() {
return { mediaType: "", trustedRoot: undefined, signingConfig: undefined };
}
exports.ClientTrustConfig = {
fromJSON(object) {
return {
mediaType: isSet(object.mediaType) ? String(object.mediaType) : "",
trustedRoot: isSet(object.trustedRoot) ? exports.TrustedRoot.fromJSON(object.trustedRoot) : undefined,
signingConfig: isSet(object.signingConfig) ? exports.SigningConfig.fromJSON(object.signingConfig) : undefined,
};
},
toJSON(message) {
const obj = {};
message.mediaType !== undefined && (obj.mediaType = message.mediaType);
message.trustedRoot !== undefined &&
(obj.trustedRoot = message.trustedRoot ? exports.TrustedRoot.toJSON(message.trustedRoot) : undefined);
message.signingConfig !== undefined &&
(obj.signingConfig = message.signingConfig ? exports.SigningConfig.toJSON(message.signingConfig) : undefined);
return obj;
},
};
function isSet(value) {
return value !== null && value !== undefined;
}
6 changes: 3 additions & 3 deletions node_modules/@sigstore/protobuf-specs/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@sigstore/protobuf-specs",
"version": "0.3.0",
"version": "0.3.1",
"description": "code-signing for npm packages",
"main": "dist/index.js",
"types": "dist/index.d.ts",
Expand All @@ -21,11 +21,11 @@
},
"homepage": "https://github.com/sigstore/protobuf-specs#readme",
"devDependencies": {
"@tsconfig/node14": "^1.0.3",
"@tsconfig/node16": "^16.1.1",
"@types/node": "^18.14.0",
"typescript": "^4.9.5"
},
"engines": {
"node": "^14.17.0 || ^16.13.0 || >=18.0.0"
"node": "^16.14.0 || >=18.0.0"
}
}
3 changes: 2 additions & 1 deletion node_modules/@sigstore/sign/dist/bundler/bundle.js
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ function toMessageSignatureBundle(artifact, signature) {
}
exports.toMessageSignatureBundle = toMessageSignatureBundle;
// DSSE envelope bundle - $case: 'dsseEnvelope'
function toDSSEBundle(artifact, signature) {
function toDSSEBundle(artifact, signature, singleCertificate) {
return sigstore.toDSSEBundle({
artifact: artifact.data,
artifactType: artifact.type,
Expand All @@ -65,6 +65,7 @@ function toDSSEBundle(artifact, signature) {
? util_1.pem.toDER(signature.key.certificate)
: undefined,
keyHint: signature.key.$case === 'publicKey' ? signature.key.hint : undefined,
singleCertificate,
});
}
exports.toDSSEBundle = toDSSEBundle;
Loading
Loading