From fcc52dcdfcfa1b993ab88f5a93febc0a1e76df35 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 12:14:42 -0700 Subject: [PATCH] Bump the prod-deps group across 1 directory with 5 updates (#1251) * Bump the prod-deps group across 1 directory with 5 updates Bumps the prod-deps group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@oclif/core](https://github.com/oclif/core) | `4.0.19` | `4.0.22` | | [@oclif/plugin-help](https://github.com/oclif/plugin-help) | `6.2.10` | `6.2.11` | | [openid-client](https://github.com/panva/node-openid-client) | `5.6.5` | `5.7.0` | | [jose](https://github.com/panva/jose) | `5.8.0` | `5.9.2` | | [express](https://github.com/expressjs/express) | `4.19.2` | `4.21.0` | Updates `@oclif/core` from 4.0.19 to 4.0.22 - [Release notes](https://github.com/oclif/core/releases) - [Changelog](https://github.com/oclif/core/blob/main/CHANGELOG.md) - [Commits](https://github.com/oclif/core/compare/4.0.19...4.0.22) Updates `@oclif/plugin-help` from 6.2.10 to 6.2.11 - [Release notes](https://github.com/oclif/plugin-help/releases) - [Changelog](https://github.com/oclif/plugin-help/blob/main/CHANGELOG.md) - [Commits](https://github.com/oclif/plugin-help/compare/6.2.10...6.2.11) Updates `openid-client` from 5.6.5 to 5.7.0 - [Release notes](https://github.com/panva/node-openid-client/releases) - [Changelog](https://github.com/panva/node-openid-client/blob/main/CHANGELOG.md) - [Commits](https://github.com/panva/node-openid-client/compare/v5.6.5...v5.7.0) Updates `jose` from 5.8.0 to 5.9.2 - [Release notes](https://github.com/panva/jose/releases) - [Changelog](https://github.com/panva/jose/blob/main/CHANGELOG.md) - [Commits](https://github.com/panva/jose/compare/v5.8.0...v5.9.2) Updates `express` from 4.19.2 to 4.21.0 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.0/History.md) - [Commits](https://github.com/expressjs/express/compare/4.19.2...4.21.0) --- updated-dependencies: - dependency-name: "@oclif/core" dependency-type: direct:production update-type: version-update:semver-patch dependency-group: prod-deps - dependency-name: "@oclif/plugin-help" dependency-type: direct:production update-type: version-update:semver-patch dependency-group: prod-deps - dependency-name: openid-client dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-deps - dependency-name: jose dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-deps - dependency-name: express dependency-type: direct:production update-type: version-update:semver-minor dependency-group: prod-deps ... Signed-off-by: dependabot[bot] * add changesets Signed-off-by: Brian DeHamer --------- Signed-off-by: dependabot[bot] Signed-off-by: Brian DeHamer Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Brian DeHamer --- .changeset/forty-moose-work.md | 5 + .changeset/friendly-pumas-fold.md | 5 + .changeset/unlucky-cars-own.md | 5 + package-lock.json | 165 ++++++++++++------------------ packages/cli/package.json | 2 +- packages/mock-server/package.json | 2 +- packages/mock/package.json | 2 +- 7 files changed, 82 insertions(+), 104 deletions(-) create mode 100644 .changeset/forty-moose-work.md create mode 100644 .changeset/friendly-pumas-fold.md create mode 100644 .changeset/unlucky-cars-own.md diff --git a/.changeset/forty-moose-work.md b/.changeset/forty-moose-work.md new file mode 100644 index 00000000..1f2e64ec --- /dev/null +++ b/.changeset/forty-moose-work.md @@ -0,0 +1,5 @@ +--- +'@sigstore/mock': patch +--- + +Bump jose from 5.8.0 to 5.9.2 diff --git a/.changeset/friendly-pumas-fold.md b/.changeset/friendly-pumas-fold.md new file mode 100644 index 00000000..24a35db5 --- /dev/null +++ b/.changeset/friendly-pumas-fold.md @@ -0,0 +1,5 @@ +--- +'@sigstore/mock-server': patch +--- + +Bump express from 4.20.0 to 4.21.0 diff --git a/.changeset/unlucky-cars-own.md b/.changeset/unlucky-cars-own.md new file mode 100644 index 00000000..94748e13 --- /dev/null +++ b/.changeset/unlucky-cars-own.md @@ -0,0 +1,5 @@ +--- +'@sigstore/cli': patch +--- + +Bump openid-client from 5.6.5 to 5.7.0 diff --git a/package-lock.json b/package-lock.json index c8a2701e..82f09d50 100644 --- a/package-lock.json +++ b/package-lock.json @@ -3698,15 +3698,15 @@ } }, "node_modules/@oclif/core": { - "version": "4.0.19", - "resolved": "https://registry.npmjs.org/@oclif/core/-/core-4.0.19.tgz", - "integrity": "sha512-VXnsYNVfmucXp5BdOA/OcWi8F/h2h8ofW1GxQDdspodnmnUgALEpqrxXBl5NFuA+iEihtAJeXzX260ICHYDaBg==", + "version": "4.0.22", + "resolved": "https://registry.npmjs.org/@oclif/core/-/core-4.0.22.tgz", + "integrity": "sha512-aXM2O4g7f+kPNzhhOfqGOVRVYDxTVrH7Y720MuH0Twq5WHMxI4XwntnyBaRscoCPG6FWhItZLtiZxsvaUdupGg==", "dependencies": { "ansi-escapes": "^4.3.2", "ansis": "^3.3.2", "clean-stack": "^3.0.1", "cli-spinners": "^2.9.2", - "debug": "^4.3.5", + "debug": "^4.3.7", "ejs": "^3.1.10", "get-package-type": "^0.1.0", "globby": "^11.1.0", @@ -3745,9 +3745,9 @@ } }, "node_modules/@oclif/plugin-help": { - "version": "6.2.10", - "resolved": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-6.2.10.tgz", - "integrity": "sha512-Gm5/l/upTtj34StLIjZzhmO3AngqGx20rsbfOqDQ3SrsEnjfujtKgUm+MxXTjl4XfkkWREUN0CwuqLcuftnsOw==", + "version": "6.2.11", + "resolved": "https://registry.npmjs.org/@oclif/plugin-help/-/plugin-help-6.2.11.tgz", + "integrity": "sha512-Vo854dALtNhA34g6m4T9uWIrYfm/JFM82LWa5gLrsJGwpUGgeBwBX4P64HLo5ro59LF3YO2xPWViLaoK6gkm3g==", "dependencies": { "@oclif/core": "^4" }, @@ -5758,20 +5758,6 @@ "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" }, - "node_modules/body-parser/node_modules/qs": { - "version": "6.13.0", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.0.tgz", - "integrity": "sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==", - "dependencies": { - "side-channel": "^1.0.6" - }, - "engines": { - "node": ">=0.6" - }, - "funding": { - "url": "https://github.com/sponsors/ljharb" - } - }, "node_modules/bowser": { "version": "2.11.0", "resolved": "https://registry.npmjs.org/bowser/-/bowser-2.11.0.tgz", @@ -6339,11 +6325,11 @@ } }, "node_modules/debug": { - "version": "4.3.5", - "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.5.tgz", - "integrity": "sha512-pt0bNEmneDIvdL1Xsd9oDQ/wrQRkXDT4AUWlNZNPKvW5x/jyO9VFXkJUP07vQ2upmw5PlaITaPKc31jK13V+jg==", + "version": "4.3.7", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.7.tgz", + "integrity": "sha512-Er2nc/H7RrMXZBFCEim6TCmMk02Z8vLC2Rbi1KEBggpo0fS6l0S1nnapwmIi3yW/+GOJap1Krg4w0Hg80oCqgQ==", "dependencies": { - "ms": "2.1.2" + "ms": "^2.1.3" }, "engines": { "node": ">=6.0" @@ -7044,9 +7030,9 @@ } }, "node_modules/express": { - "version": "4.20.0", - "resolved": "https://registry.npmjs.org/express/-/express-4.20.0.tgz", - "integrity": "sha512-pLdae7I6QqShF5PnNTCVn4hI91Dx0Grkn2+IAsMTgMIKuQVte2dN9PeGSSAME2FR8anOhVA62QDIUaWVfEXVLw==", + "version": "4.21.0", + "resolved": "https://registry.npmjs.org/express/-/express-4.21.0.tgz", + "integrity": "sha512-VqcNGcj/Id5ZT1LZ/cfihi3ttTn+NJmkli2eZADigjq29qTlWi/hAQ43t/VLPq8+UX06FCEx3ByOYet6ZFblng==", "dependencies": { "accepts": "~1.3.8", "array-flatten": "1.1.1", @@ -7060,7 +7046,7 @@ "encodeurl": "~2.0.0", "escape-html": "~1.0.3", "etag": "~1.8.1", - "finalhandler": "1.2.0", + "finalhandler": "1.3.1", "fresh": "0.5.2", "http-errors": "2.0.0", "merge-descriptors": "1.0.3", @@ -7069,11 +7055,11 @@ "parseurl": "~1.3.3", "path-to-regexp": "0.1.10", "proxy-addr": "~2.0.7", - "qs": "6.11.0", + "qs": "6.13.0", "range-parser": "~1.2.1", "safe-buffer": "5.2.1", "send": "0.19.0", - "serve-static": "1.16.0", + "serve-static": "1.16.2", "setprototypeof": "1.2.0", "statuses": "2.0.1", "type-is": "~1.6.18", @@ -7250,11 +7236,12 @@ } }, "node_modules/finalhandler": { - "version": "1.2.0", - "license": "MIT", + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.1.tgz", + "integrity": "sha512-6BN9trH7bp3qvnrRyzsBz+g3lZxTNZTbVO2EV1CS0WIcDbawYVdYvGflME/9QP0h0pYlCDBCTjYa9nZzMDpyxQ==", "dependencies": { "debug": "2.6.9", - "encodeurl": "~1.0.2", + "encodeurl": "~2.0.0", "escape-html": "~1.0.3", "on-finished": "2.4.1", "parseurl": "~1.3.3", @@ -7267,14 +7254,24 @@ }, "node_modules/finalhandler/node_modules/debug": { "version": "2.6.9", - "license": "MIT", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", "dependencies": { "ms": "2.0.0" } }, + "node_modules/finalhandler/node_modules/encodeurl": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz", + "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==", + "engines": { + "node": ">= 0.8" + } + }, "node_modules/finalhandler/node_modules/ms": { "version": "2.0.0", - "license": "MIT" + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" }, "node_modules/find-up": { "version": "4.1.0", @@ -9738,9 +9735,9 @@ } }, "node_modules/jose": { - "version": "5.8.0", - "resolved": "https://registry.npmjs.org/jose/-/jose-5.8.0.tgz", - "integrity": "sha512-E7CqYpL/t7MMnfGnK/eg416OsFCVUrU/Y3Vwe7QjKhu/BkS1Ms455+2xsqZQVN57/U2MHMBvEb5SrmAZWAIntA==", + "version": "5.9.2", + "resolved": "https://registry.npmjs.org/jose/-/jose-5.9.2.tgz", + "integrity": "sha512-ILI2xx/I57b20sd7rHZvgiiQrmp2mcotwsAH+5ajbpFQbrYVQdNHYlQhoA5cFb78CgtBOxtC05TeA+mcgkuCqQ==", "funding": { "url": "https://github.com/sponsors/panva" } @@ -10332,8 +10329,9 @@ } }, "node_modules/ms": { - "version": "2.1.2", - "license": "MIT" + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==" }, "node_modules/mute-stream": { "version": "1.0.0", @@ -10705,10 +10703,11 @@ } }, "node_modules/openid-client": { - "version": "5.6.5", - "license": "MIT", + "version": "5.7.0", + "resolved": "https://registry.npmjs.org/openid-client/-/openid-client-5.7.0.tgz", + "integrity": "sha512-4GCCGZt1i2kTHpwvaC/sCpTpQqDnBzDzuJcJMbH+y1Q5qI8U8RBvoSh28svarXszZHR5BAMXbJPX1PGPRE3VOA==", "dependencies": { - "jose": "^4.15.5", + "jose": "^4.15.9", "lru-cache": "^6.0.0", "object-hash": "^2.2.0", "oidc-token-hash": "^5.0.3" @@ -10718,8 +10717,9 @@ } }, "node_modules/openid-client/node_modules/jose": { - "version": "4.15.5", - "license": "MIT", + "version": "4.15.9", + "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.9.tgz", + "integrity": "sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA==", "funding": { "url": "https://github.com/sponsors/panva" } @@ -10883,7 +10883,8 @@ }, "node_modules/parseurl": { "version": "1.3.3", - "license": "MIT", + "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==", "engines": { "node": ">= 0.8" } @@ -11183,11 +11184,11 @@ } }, "node_modules/qs": { - "version": "6.11.0", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", - "integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==", + "version": "6.13.0", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.0.tgz", + "integrity": "sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==", "dependencies": { - "side-channel": "^1.0.4" + "side-channel": "^1.0.6" }, "engines": { "node": ">=0.6" @@ -11461,11 +11462,6 @@ "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" }, - "node_modules/send/node_modules/ms": { - "version": "2.1.3", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", - "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==" - }, "node_modules/sentence-case": { "version": "3.0.4", "dev": true, @@ -11477,58 +11473,25 @@ } }, "node_modules/serve-static": { - "version": "1.16.0", - "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.0.tgz", - "integrity": "sha512-pDLK8zwl2eKaYrs8mrPZBJua4hMplRWJ1tIFksVC3FtBEBnl8dxgeHtsaMS8DhS9i4fLObaon6ABoc4/hQGdPA==", + "version": "1.16.2", + "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.2.tgz", + "integrity": "sha512-VqpjJZKadQB/PEbEwvFdO43Ax5dFBZ2UECszz8bQ7pi7wt//PWe1P6MN7eCnjsatYtBT6EuiClbjSWP2WrIoTw==", "dependencies": { - "encodeurl": "~1.0.2", + "encodeurl": "~2.0.0", "escape-html": "~1.0.3", "parseurl": "~1.3.3", - "send": "0.18.0" + "send": "0.19.0" }, "engines": { "node": ">= 0.8.0" } }, - "node_modules/serve-static/node_modules/debug": { - "version": "2.6.9", - "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", - "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", - "dependencies": { - "ms": "2.0.0" - } - }, - "node_modules/serve-static/node_modules/debug/node_modules/ms": { + "node_modules/serve-static/node_modules/encodeurl": { "version": "2.0.0", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", - "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==" - }, - "node_modules/serve-static/node_modules/ms": { - "version": "2.1.3", - "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", - "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==" - }, - "node_modules/serve-static/node_modules/send": { - "version": "0.18.0", - "resolved": "https://registry.npmjs.org/send/-/send-0.18.0.tgz", - "integrity": "sha512-qqWzuOjSFOuqPjFe4NOsMLafToQQwBSOEpS+FwEt3A2V3vKubTquT3vmLTQpFgMXp8AlFWFuP1qKaJZOtPpVXg==", - "dependencies": { - "debug": "2.6.9", - "depd": "2.0.0", - "destroy": "1.2.0", - "encodeurl": "~1.0.2", - "escape-html": "~1.0.3", - "etag": "~1.8.1", - "fresh": "0.5.2", - "http-errors": "2.0.0", - "mime": "1.6.0", - "ms": "2.1.3", - "on-finished": "2.4.1", - "range-parser": "~1.2.1", - "statuses": "2.0.1" - }, + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz", + "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==", "engines": { - "node": ">= 0.8.0" + "node": ">= 0.8" } }, "node_modules/set-function-length": { @@ -12750,7 +12713,7 @@ "@sigstore/oci": "^0.3.0", "@sigstore/sign": "^2.3.0", "open": "^8.4.2", - "openid-client": "^5.6.5", + "openid-client": "^5.7.0", "sigstore": "^2.3.0" }, "bin": { @@ -12845,7 +12808,7 @@ "asn1js": "^3.0.5", "bytestreamjs": "^2.0.1", "canonicalize": "^2.0.0", - "jose": "^5.8.0", + "jose": "^5.9.2", "nock": "^13.5.5", "pkijs": "^3.2.4", "pvutils": "^1.1.3" @@ -12866,7 +12829,7 @@ "@oclif/core": "^4", "@sigstore/mock": "^0.7.4", "@tufjs/repo-mock": "^2.0.1", - "express": "4.20.0" + "express": "4.21.0" }, "bin": { "server": "bin/run" diff --git a/packages/cli/package.json b/packages/cli/package.json index d3321699..8d6eaa1e 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -39,7 +39,7 @@ "@sigstore/oci": "^0.3.0", "@sigstore/sign": "^2.3.0", "open": "^8.4.2", - "openid-client": "^5.6.5", + "openid-client": "^5.7.0", "sigstore": "^2.3.0" }, "devDependencies": { diff --git a/packages/mock-server/package.json b/packages/mock-server/package.json index dd6a6075..0723d8ea 100644 --- a/packages/mock-server/package.json +++ b/packages/mock-server/package.json @@ -22,7 +22,7 @@ "@oclif/core": "^4", "@sigstore/mock": "^0.7.4", "@tufjs/repo-mock": "^2.0.1", - "express": "4.20.0" + "express": "4.21.0" }, "devDependencies": { "@types/express": "^4.17.21", diff --git a/packages/mock/package.json b/packages/mock/package.json index 6cf74cc1..7e8d21dd 100644 --- a/packages/mock/package.json +++ b/packages/mock/package.json @@ -36,7 +36,7 @@ "asn1js": "^3.0.5", "bytestreamjs": "^2.0.1", "canonicalize": "^2.0.0", - "jose": "^5.8.0", + "jose": "^5.9.2", "nock": "^13.5.5", "pkijs": "^3.2.4", "pvutils": "^1.1.3"