From 8b290b8d865f4d5d2caca84a45d0de9620d2187a Mon Sep 17 00:00:00 2001 From: Brian DeHamer Date: Thu, 26 Feb 2026 12:36:53 -0800 Subject: [PATCH] bump @actions/attest from 3.1.0 to 3.2.0 (#365) Signed-off-by: Brian DeHamer --- dist/index.js | 39 ++++++++++++++++++++++----------------- package-lock.json | 8 ++++---- package.json | 2 +- 3 files changed, 27 insertions(+), 22 deletions(-) diff --git a/dist/index.js b/dist/index.js index 82aa25c..271e009 100644 --- a/dist/index.js +++ b/dist/index.js @@ -108507,7 +108507,7 @@ exports.LRUCache = LRUCache; /***/ }), -/***/ 60983: +/***/ 86705: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { // This file exists as a CommonJS module to read the version from package.json. @@ -108524,7 +108524,7 @@ module.exports = {version: packageJson.version} /***/ 47849: /***/ ((module) => { -module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/attest","version":"3.1.0","description":"Actions attestation lib","keywords":["github","actions","attestation"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/attest","license":"MIT","type":"module","main":"lib/index.js","types":"lib/index.d.ts","exports":{".":{"types":"./lib/index.d.ts","import":"./lib/index.js"}},"directories":{"lib":"lib","test":"__tests__"},"files":["lib"],"publishConfig":{"access":"public","provenance":true},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/attest"},"scripts":{"test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc && cp src/package-version.cjs lib/"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"devDependencies":{"@sigstore/mock":"^0.10.0","@sigstore/rekor-types":"^3.0.0","@types/jsonwebtoken":"^9.0.6","nock":"^13.5.1","undici":"^6.23.0"},"dependencies":{"@actions/core":"^3.0.0","@actions/github":"^9.0.0","@actions/http-client":"^4.0.0","@octokit/plugin-retry":"^8.0.3","@sigstore/bundle":"^3.1.0","@sigstore/sign":"^3.1.0","jose":"^5.10.0"}}'); +module.exports = /*#__PURE__*/JSON.parse('{"name":"@actions/attest","version":"3.2.0","description":"Actions attestation lib","keywords":["github","actions","attestation"],"homepage":"https://github.com/actions/toolkit/tree/main/packages/attest","license":"MIT","type":"module","main":"lib/index.js","types":"lib/index.d.ts","exports":{".":{"types":"./lib/index.d.ts","import":"./lib/index.js"}},"directories":{"lib":"lib","test":"__tests__"},"files":["lib"],"publishConfig":{"access":"public","provenance":true},"repository":{"type":"git","url":"git+https://github.com/actions/toolkit.git","directory":"packages/attest"},"scripts":{"test":"echo \\"Error: run tests from root\\" && exit 1","tsc":"tsc && cp src/internal/package-version.cjs lib/internal/"},"bugs":{"url":"https://github.com/actions/toolkit/issues"},"devDependencies":{"@sigstore/mock":"^0.10.0","@sigstore/rekor-types":"^3.0.0","@types/jsonwebtoken":"^9.0.6","nock":"^13.5.1","undici":"^6.23.0"},"dependencies":{"@actions/core":"^3.0.0","@actions/github":"^9.0.0","@actions/http-client":"^4.0.0","@octokit/plugin-retry":"^8.0.3","@sigstore/bundle":"^3.1.0","@sigstore/sign":"^3.1.0","jose":"^5.10.0"}}'); /***/ }), @@ -115947,6 +115947,22 @@ function retry(octokit, octokitOptions) { retry.VERSION = plugin_retry_dist_bundle_VERSION; +// EXTERNAL MODULE: ./node_modules/@actions/attest/lib/internal/package-version.cjs +var package_version = __nccwpck_require__(86705); +;// CONCATENATED MODULE: ./node_modules/@actions/attest/lib/internal/utils.js + +const utils_getUserAgent = () => { + const baseUserAgent = `@actions/attest-${package_version.version}`; + const orchId = process.env['ACTIONS_ORCHESTRATION_ID']; + if (orchId) { + // Sanitize the orchestration ID to ensure it contains only valid characters + // Valid characters: 0-9, a-z, _, -, . + const sanitizedId = orchId.replace(/[^a-z0-9_.-]/gi, '_'); + return `${baseUserAgent} actions_orchestration_id/${sanitizedId}`; + } + return baseUserAgent; +}; +//# sourceMappingURL=utils.js.map ;// CONCATENATED MODULE: ./node_modules/@actions/attest/lib/artifactMetadata.js var artifactMetadata_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } @@ -115970,6 +115986,7 @@ var __rest = (undefined && undefined.__rest) || function (s, e) { }; + const CREATE_STORAGE_RECORD_REQUEST = 'POST /orgs/{owner}/artifacts/metadata/storage-record'; const DEFAULT_RETRY_COUNT = 5; /** @@ -115987,8 +116004,9 @@ function createStorageRecord(artifactOptions, packageRegistryOptions, token, ret return artifactMetadata_awaiter(this, void 0, void 0, function* () { const retries = retryAttempts !== null && retryAttempts !== void 0 ? retryAttempts : DEFAULT_RETRY_COUNT; const octokit = getOctokit(token, { retry: { retries } }, retry); + const headersWithUserAgent = Object.assign({ 'User-Agent': utils_getUserAgent() }, headers); try { - const response = yield octokit.request(CREATE_STORAGE_RECORD_REQUEST, Object.assign({ owner: github_context.repo.owner, headers }, buildRequestParams(artifactOptions, packageRegistryOptions))); + const response = yield octokit.request(CREATE_STORAGE_RECORD_REQUEST, Object.assign({ owner: github_context.repo.owner, headers: headersWithUserAgent }, buildRequestParams(artifactOptions, packageRegistryOptions))); const data = typeof response.data == 'string' ? JSON.parse(response.data) : response.data; @@ -116130,8 +116148,6 @@ const initBundleBuilder = (opts) => { return new sign_dist/* DSSEBundleBuilder */.VV({ signer, witnesses }); }; //# sourceMappingURL=sign.js.map -// EXTERNAL MODULE: ./node_modules/@actions/attest/lib/package-version.cjs -var package_version = __nccwpck_require__(60983); ;// CONCATENATED MODULE: ./node_modules/@actions/attest/lib/store.js var store_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } @@ -116158,7 +116174,7 @@ const writeAttestation = (attestation_1, token_1, ...args_1) => store_awaiter(vo var _a; const retries = (_a = options.retry) !== null && _a !== void 0 ? _a : store_DEFAULT_RETRY_COUNT; const octokit = getOctokit(token, { retry: { retries } }, retry); - const headers = Object.assign({ 'User-Agent': store_getUserAgent() }, options.headers); + const headers = Object.assign({ 'User-Agent': utils_getUserAgent() }, options.headers); try { const response = yield octokit.request(CREATE_ATTESTATION_REQUEST, { owner: github_context.repo.owner, @@ -116176,17 +116192,6 @@ const writeAttestation = (attestation_1, token_1, ...args_1) => store_awaiter(vo throw new Error(`Failed to persist attestation: ${message}`); } }); -const store_getUserAgent = () => { - const baseUserAgent = `@actions/attest-${package_version.version}`; - const orchId = process.env['ACTIONS_ORCHESTRATION_ID']; - if (orchId) { - // Sanitize the orchestration ID to ensure it contains only valid characters - // Valid characters: 0-9, a-z, _, -, . - const sanitizedId = orchId.replace(/[^a-z0-9_.-]/gi, '_'); - return `${baseUserAgent} actions_orchestration_id/${sanitizedId}`; - } - return baseUserAgent; -}; //# sourceMappingURL=store.js.map ;// CONCATENATED MODULE: ./node_modules/@actions/attest/lib/attest.js var attest_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _arguments, P, generator) { diff --git a/package-lock.json b/package-lock.json index fd4d173..cd95c2f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,7 +9,7 @@ "version": "4.0.0", "license": "MIT", "dependencies": { - "@actions/attest": "^3.1.0", + "@actions/attest": "^3.2.0", "@actions/core": "^3.0.0", "@actions/github": "^9.0.0", "@actions/glob": "^0.6.1", @@ -42,9 +42,9 @@ } }, "node_modules/@actions/attest": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/@actions/attest/-/attest-3.1.0.tgz", - "integrity": "sha512-uJmeYeeL5xM65sZN/SzKq57vA7/9bGhlErASxsKalChG6wxHna1z/o3bnw1guNjd1hWIeCCGg6WM9dfC8SS18A==", + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/@actions/attest/-/attest-3.2.0.tgz", + "integrity": "sha512-Mdpqfyfp4dp7VZt9lVBmQTlnpK0PBrIXSblzeseP4w6Gn4Bbl5bpScJ+8zgwOMfTz1049wPzSUda5XtTYIZloQ==", "license": "MIT", "dependencies": { "@actions/core": "^3.0.0", diff --git a/package.json b/package.json index 3094e92..7c7e325 100644 --- a/package.json +++ b/package.json @@ -78,7 +78,7 @@ ] }, "dependencies": { - "@actions/attest": "^3.1.0", + "@actions/attest": "^3.2.0", "@actions/core": "^3.0.0", "@actions/github": "^9.0.0", "@actions/glob": "^0.6.1",