From dc319fdd9f78e107f8662b64b69b462eb32ee978 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 28 May 2026 06:21:09 +0000 Subject: [PATCH] deps(v4)(deps): bump sigstore from 0.13.0 to 0.14.0 in /v4 Bumps [sigstore](https://github.com/sigstore/sigstore-rs) from 0.13.0 to 0.14.0. - [Release notes](https://github.com/sigstore/sigstore-rs/releases) - [Changelog](https://github.com/sigstore/sigstore-rs/blob/main/CHANGELOG.md) - [Commits](https://github.com/sigstore/sigstore-rs/compare/v0.13.0...v0.14.0) --- updated-dependencies: - dependency-name: sigstore dependency-version: 0.14.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- v4/Cargo.lock | 298 +++++++++++++++++++++++++++++--------------------- v4/Cargo.toml | 2 +- 2 files changed, 177 insertions(+), 123 deletions(-) diff --git a/v4/Cargo.lock b/v4/Cargo.lock index b57dca5e..1e51cb1a 100644 --- a/v4/Cargo.lock +++ b/v4/Cargo.lock @@ -25,7 +25,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0" dependencies = [ "cfg-if", - "cipher", + "cipher 0.4.4", "cpufeatures 0.2.17", ] @@ -324,12 +324,6 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" -[[package]] -name = "base64" -version = "0.13.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" - [[package]] name = "base64" version = "0.21.7" @@ -466,7 +460,7 @@ version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "26b52a9543ae338f279b96b0b9fed9c8093744685043739079ce85cd58f289a6" dependencies = [ - "cipher", + "cipher 0.4.4", ] [[package]] @@ -509,7 +503,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c3613f74bd2eac03dad61bd53dbe620703d4371614fe0bc3b9f04dd36fe4e818" dependencies = [ "cfg-if", - "cipher", + "cipher 0.4.4", "cpufeatures 0.2.17", ] @@ -532,7 +526,7 @@ checksum = "10cd79432192d1c0f4e1a0fef9527696cc039165d729fb41b3f4f4f354c2dc35" dependencies = [ "aead", "chacha20 0.9.1", - "cipher", + "cipher 0.4.4", "poly1305", "zeroize", ] @@ -558,10 +552,21 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" dependencies = [ "crypto-common 0.1.7", - "inout", + "inout 0.1.4", "zeroize", ] +[[package]] +name = "cipher" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e8cf2a2c93cd704877c0858356ed03480ff301ee950b43f1cbe4573b088bfa6c" +dependencies = [ + "block-buffer 0.12.0", + "crypto-common 0.2.2", + "inout 0.2.2", +] + [[package]] name = "clang-sys" version = "1.8.1" @@ -754,9 +759,9 @@ dependencies = [ [[package]] name = "crypto-common" -version = "0.2.1" +version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "77727bb15fa921304124b128af125e7e3b968275d1b108b379190264f4423710" +checksum = "ce6e4c961d6cd6c9a86db418387425e8bdeaf05b3c8bc1411e6dca4c252f1453" dependencies = [ "hybrid-array", ] @@ -768,10 +773,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b9d6cf87adf719ddf43a805e92c6870a531aedda35ff640442cbaf8674e141e1" dependencies = [ "aead", - "cipher", + "cipher 0.4.4", "generic-array", "poly1305", - "salsa20", + "salsa20 0.10.2", "subtle", "zeroize", ] @@ -1020,7 +1025,7 @@ checksum = "4850db49bf08e663084f7fb5c87d202ef91a3907271aff24a94eb97ff039153c" dependencies = [ "block-buffer 0.12.0", "const-oid 0.10.2", - "crypto-common 0.2.1", + "crypto-common 0.2.2", "ctutils", ] @@ -1100,7 +1105,6 @@ checksum = "70e796c081cee67dc755e1a36a0a172b897fab85fc3f6bc48307991f64e4eca9" dependencies = [ "curve25519-dalek", "ed25519", - "rand_core 0.6.4", "serde", "sha2 0.10.9", "subtle", @@ -1566,6 +1570,12 @@ version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" +[[package]] +name = "hex-literal" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e712f64ec3850b98572bffac52e2c6f282b29fe6c5fa6d42334b30be438d95c1" + [[package]] name = "hkdf" version = "0.12.4" @@ -1898,6 +1908,15 @@ dependencies = [ "generic-array", ] +[[package]] +name = "inout" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4250ce6452e92010fdf7268ccc5d14faa80bb12fc741938534c58f16804e03c7" +dependencies = [ + "hybrid-array", +] + [[package]] name = "integration-tests" version = "0.0.0" @@ -2081,21 +2100,6 @@ dependencies = [ "signature", ] -[[package]] -name = "jwt" -version = "0.16.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6204285f77fe7d9784db3fdc449ecce1a0114927a51d5a41c4c7a292011c015f" -dependencies = [ - "base64 0.13.1", - "crypto-common 0.1.7", - "digest 0.10.7", - "hmac 0.12.1", - "serde", - "serde_json", - "sha2 0.10.9", -] - [[package]] name = "konst" version = "0.2.20" @@ -2281,6 +2285,12 @@ version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1d87ecb2933e8aeadb3e3a02b828fed80a7528047e68b4f424523a0981a3a084" +[[package]] +name = "ndk-context" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "27b02d87554356db9e9a873add8782d4ea6e3e58ea071a9adb9a2e8ddb884a8b" + [[package]] name = "nom" version = "7.1.3" @@ -2420,7 +2430,6 @@ dependencies = [ "getrandom 0.2.17", "http", "rand 0.8.6", - "reqwest 0.12.28", "serde", "serde_json", "serde_path_to_error", @@ -2430,29 +2439,28 @@ dependencies = [ ] [[package]] -name = "oci-client" -version = "0.15.0" +name = "objc2" +version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9b74df13319e08bc386d333d3dc289c774c88cc543cae31f5347db07b5ec2172" +checksum = "3a12a8ed07aefc768292f076dc3ac8c48f3781c8f2d5851dd3d98950e8c5a89f" dependencies = [ - "bytes", - "chrono", - "futures-util", - "http", - "http-auth", - "jwt", - "lazy_static", - "oci-spec 0.8.4", - "olpc-cjson", - "regex", - "reqwest 0.12.28", - "serde", - "serde_json", - "sha2 0.10.9", - "thiserror 2.0.18", - "tokio", - "tracing", - "unicase", + "objc2-encode", +] + +[[package]] +name = "objc2-encode" +version = "4.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ef25abbcd74fb2609453eb695bd2f860d389e457f67dc17cafc8b8cbc89d0c33" + +[[package]] +name = "objc2-foundation" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3e0adef53c21f888deb4fa59fc59f7eb17404926ee8a6f59f5df0fd7f9f3272" +dependencies = [ + "bitflags", + "objc2", ] [[package]] @@ -2469,7 +2477,7 @@ dependencies = [ "http-auth", "jsonwebtoken", "lazy_static", - "oci-spec 0.9.0", + "oci-spec", "olpc-cjson", "regex", "reqwest 0.13.3", @@ -2482,23 +2490,6 @@ dependencies = [ "unicase", ] -[[package]] -name = "oci-spec" -version = "0.8.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fc3da52b83ce3258fbf29f66ac784b279453c2ac3c22c5805371b921ede0d308" -dependencies = [ - "const_format", - "derive_builder", - "getset", - "regex", - "serde", - "serde_json", - "strum", - "strum_macros", - "thiserror 2.0.18", -] - [[package]] name = "oci-spec" version = "0.9.0" @@ -2655,13 +2646,11 @@ dependencies = [ [[package]] name = "password-hash" -version = "0.5.0" +version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "346f04948ba92c43e8469c1ee6736c7563d71012b17d40745260fe106aac2166" +checksum = "aab41826031698d6ffcd9cff78ef56ef998e39dc7e5067cdfebe373842d4723b" dependencies = [ - "base64ct", - "rand_core 0.6.4", - "subtle", + "phc", ] [[package]] @@ -2674,6 +2663,16 @@ dependencies = [ "hmac 0.12.1", ] +[[package]] +name = "pbkdf2" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "112d82ceb8c5bf524d9af484d4e4970c9fd5a0cc15ba14ad93dccd28873b0629" +dependencies = [ + "digest 0.11.2", + "hmac 0.13.0", +] + [[package]] name = "pem" version = "3.0.6" @@ -2710,6 +2709,16 @@ dependencies = [ "indexmap 2.14.0", ] +[[package]] +name = "phc" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "44dc769b75f93afdddd8c7fa12d685292ddeff1e66f7f0f3a234cf1818afe892" +dependencies = [ + "base64ct", + "ctutils", +] + [[package]] name = "pin-project" version = "1.1.11" @@ -2756,8 +2765,8 @@ dependencies = [ "aes", "cbc", "der 0.7.10", - "pbkdf2", - "scrypt", + "pbkdf2 0.12.2", + "scrypt 0.11.0", "sha2 0.10.9", "spki 0.7.3", ] @@ -3297,7 +3306,6 @@ dependencies = [ "hyper-util", "js-sys", "log", - "mime_guess", "percent-encoding", "pin-project-lite", "quinn", @@ -3309,14 +3317,12 @@ dependencies = [ "sync_wrapper", "tokio", "tokio-rustls", - "tokio-util", "tower", "tower-http", "tower-service", "url", "wasm-bindgen", "wasm-bindgen-futures", - "wasm-streams 0.4.2", "web-sys", "webpki-roots", ] @@ -3329,6 +3335,7 @@ checksum = "62e0021ea2c22aed41653bc7e1419abb2c97e038ff2c33d0e1309e49a97deec0" dependencies = [ "base64 0.22.1", "bytes", + "futures-channel", "futures-core", "futures-util", "http", @@ -3339,6 +3346,7 @@ dependencies = [ "hyper-util", "js-sys", "log", + "mime_guess", "percent-encoding", "pin-project-lite", "quinn", @@ -3358,7 +3366,7 @@ dependencies = [ "url", "wasm-bindgen", "wasm-bindgen-futures", - "wasm-streams 0.5.0", + "wasm-streams", "web-sys", ] @@ -3544,13 +3552,29 @@ version = "1.0.23" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9774ba4a74de5f7b1c1451ed6cd5285a32eddb5cccb8cc655a4e50009e06477f" +[[package]] +name = "ryu-js" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dd29631678d6fb0903b69223673e122c32e9ae559d0960a38d574695ebc0ea15" + [[package]] name = "salsa20" version = "0.10.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "97a22f5af31f73a954c10289c93e8a50cc23d971e80ee446f1f6f7137a088213" dependencies = [ - "cipher", + "cipher 0.4.4", +] + +[[package]] +name = "salsa20" +version = "0.11.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2f874456e72520ff1375a06c588eaf074b0f01f9e9e1aada45bd9b7954a6e42c" +dependencies = [ + "cfg-if", + "cipher 0.5.2", ] [[package]] @@ -3634,12 +3658,24 @@ version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0516a385866c09368f0b5bcd1caff3366aace790fcd46e2bb032697bb172fd1f" dependencies = [ - "password-hash", - "pbkdf2", - "salsa20", + "pbkdf2 0.12.2", + "salsa20 0.10.2", "sha2 0.10.9", ] +[[package]] +name = "scrypt" +version = "0.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d87af57419b594aa23fa95f09f0e06d80d84ba01c26148c43844cad6ff4485f0" +dependencies = [ + "cfg-if", + "password-hash", + "pbkdf2 0.13.0", + "salsa20 0.11.0", + "sha2 0.11.0", +] + [[package]] name = "sec1" version = "0.7.3" @@ -3747,6 +3783,17 @@ dependencies = [ "zmij", ] +[[package]] +name = "serde_json_canonicalizer" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fe52319a927259afbfa5180c5157cd8167edfd3e8c254f9558c7fef44c5649f2" +dependencies = [ + "ryu-js", + "serde", + "serde_json", +] + [[package]] name = "serde_path_to_error" version = "0.1.20" @@ -3767,6 +3814,17 @@ dependencies = [ "serde", ] +[[package]] +name = "serde_repr" +version = "0.1.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "175ee3e80ae9982737ca543e96133087cbd9a485eecc3bc4de9c1a37b47ea59c" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + [[package]] name = "serde_urlencoded" version = "0.7.1" @@ -3884,9 +3942,9 @@ dependencies = [ [[package]] name = "sigstore" -version = "0.13.0" +version = "0.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "52bba786054331bdc89e90f74373b68a6c3b63c9754cf20e3a4a629d0165fe38" +checksum = "a4df549c175469befae9f95dcfa52cda15b11a4a72ade1f43a36e90cd90ba88a" dependencies = [ "async-trait", "aws-lc-rs", @@ -3896,32 +3954,25 @@ dependencies = [ "const-oid 0.9.6", "crypto_secretbox", "digest 0.10.7", - "ecdsa", - "ed25519", - "ed25519-dalek", - "elliptic-curve", "futures", "futures-util", "hex", - "oci-client 0.15.0", - "olpc-cjson", + "hex-literal", + "oci-client", "openidconnect", - "p256", - "p384", "pem", - "pkcs1", "pkcs8 0.10.2", - "rand 0.8.6", "regex", - "reqwest 0.12.28", - "rsa", + "reqwest 0.13.3", "rustls-pki-types", "rustls-webpki", - "scrypt", + "scrypt 0.12.0", "serde", "serde_json", + "serde_json_canonicalizer", + "serde_repr", + "serde_with", "sha2 0.10.9", - "signature", "sigstore_protobuf_specs", "thiserror 2.0.18", "tls_codec", @@ -3930,6 +3981,7 @@ dependencies = [ "tough", "tracing", "url", + "webbrowser", "x509-cert", "zeroize", ] @@ -4117,8 +4169,8 @@ dependencies = [ "fs4", "git2", "hex", - "oci-client 0.17.0", - "oci-spec 0.9.0", + "oci-client", + "oci-spec", "p256", "pkcs8 0.11.0", "rand_core 0.6.4", @@ -4149,7 +4201,7 @@ dependencies = [ "anyhow", "dirs-next", "hex", - "oci-client 0.17.0", + "oci-client", "serde", "serde_json", "serde_yaml", @@ -4553,9 +4605,9 @@ dependencies = [ [[package]] name = "tough" -version = "0.21.0" +version = "0.22.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e88d0ee9525696569cc2af5d46f8a739028c0268895071e0386957195b0c9161" +checksum = "8031cff0872dd1c6312370515a6be8098f6ea5512f1bad725016046fc725f272" dependencies = [ "async-recursion", "async-trait", @@ -4571,7 +4623,6 @@ dependencies = [ "olpc-cjson", "pem", "percent-encoding", - "reqwest 0.12.28", "rustls", "serde", "serde_json", @@ -4941,19 +4992,6 @@ dependencies = [ "wasmparser", ] -[[package]] -name = "wasm-streams" -version = "0.4.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "15053d8d85c7eccdbefef60f06769760a563c7f0a9d6902a13d35c7800b0ad65" -dependencies = [ - "futures-util", - "js-sys", - "wasm-bindgen", - "wasm-bindgen-futures", - "web-sys", -] - [[package]] name = "wasm-streams" version = "0.5.0" @@ -4999,6 +5037,22 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "webbrowser" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fc95580916af1e68ff6a7be07446fc5db73ebf71cf092de939bbf5f7e189f72" +dependencies = [ + "core-foundation", + "jni", + "log", + "ndk-context", + "objc2", + "objc2-foundation", + "url", + "web-sys", +] + [[package]] name = "webpki-root-certs" version = "1.0.7" diff --git a/v4/Cargo.toml b/v4/Cargo.toml index df7ee2af..da5ed168 100644 --- a/v4/Cargo.toml +++ b/v4/Cargo.toml @@ -50,7 +50,7 @@ oci-spec = "0.9" # cosign / sigstore verification (ADR-014). Trust-key loading lands in Wave 3A.1; # signature-manifest verification lands in Wave 3A.2. We intentionally keep the # feature surface small to minimise compile time. -sigstore = { version = "0.13", default-features = false, features = ["cosign", "sigstore-trust-root", "rustls-tls"] } +sigstore = { version = "0.14", default-features = false, features = ["cosign", "sigstore-trust-root", "rustls-tls"] } # ECDSA P-256 verifying key parsing for the `CosignVerifier` trust-key loader. p256 = { version = "0.13", default-features = false, features = ["ecdsa", "pem", "pkcs8", "std"] } ecdsa = { version = "0.16", default-features = false, features = ["pem", "pkcs8"] }