Skip to content

build(deps): bump sigstore and @angular/cli#3243

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot-npm_and_yarn-multi-27a3df8e2d
Open

build(deps): bump sigstore and @angular/cli#3243
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot-npm_and_yarn-multi-27a3df8e2d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps sigstore to 4.1.1 and updates ancestor dependency @angular/cli. These dependencies need to be updated together.

Updates sigstore from 2.3.1 to 4.1.1

Release notes

Sourced from sigstore's releases.

sigstore@4.1.1

Patch Changes

  • 7845532: Verification of OID certificate extensions
  • f074710: Require inclusion promise in Rekor entry when used as timestamp source
  • Updated dependencies [b5aa4f1]
  • Updated dependencies [7845532]
  • Updated dependencies [f074710]
    • @​sigstore/core@​3.2.1
    • @​sigstore/verify@​3.1.1

sigstore@4.1.0

Minor Changes

  • eba6a52: verify(bundle[, payload][, options]) now returns a Signer object containing the public key and identity information from the verification.

Patch Changes

  • Updated dependencies [cee51c0]
  • Updated dependencies [2042aad]
  • Updated dependencies [018974e]
  • Updated dependencies [dea916f]
  • Updated dependencies [61a4f9e]
  • Updated dependencies [5ffadc0]
  • Updated dependencies [5ffadc0]
  • Updated dependencies [1663b3e]
    • @​sigstore/tuf@​4.0.1
    • @​sigstore/verify@​3.1.0
    • @​sigstore/sign@​4.1.0
    • @​sigstore/core@​3.1.0

sigstore@4.0.0

Major Changes

  • 383e200: Drop support for node 18

Patch Changes

  • Updated dependencies [40395f5]
  • Updated dependencies [383e200]
  • Updated dependencies [383e200]
  • Updated dependencies [383e200]
    • @​sigstore/tuf@​4.0.0
    • @​sigstore/sign@​4.0.0
    • @​sigstore/bundle@​4.0.0
    • @​sigstore/verify@​3.0.0
    • @​sigstore/core@​3.0.0

sigstore@3.1.0

Minor Changes

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for sigstore since your current version.


Updates @angular/cli from 18.2.20 to 22.0.7

Release notes

Sourced from @​angular/cli's releases.

22.0.7

@​angular/cli

Commit Description
fix - e85c10ccb copy packageManager field and yarn config for temp installs
fix - b87cafec0 support resolving subproject dependencies in pnpm workspaces

22.0.6

@​angular/build

Commit Description
fix - df49966c6 fallback to build target preserveSymlinks option in karma runner
fix - 9906add5b prevent externalizing builder-injected i18n locale data
fix - 070155f6e strip all vite id prefixes from minified code with external dependencies

@​angular/ssr

Commit Description
fix - c9aa354b1 replace all route parameters when resolving relative redirects

22.0.5

@​schematics/angular

Commit Description
fix - 862a38069 remove unused app tsconfig outDir

@​angular/cli

Commit Description
fix - f099e641c gracefully handle package manager errors in command handler
fix - cf033ec48 respect release age policy in update bootstrapping logic

@​angular-devkit/build-angular

Commit Description
fix - f75085f4b prevent OS command injection in ssr-dev-server builder

@​angular/build

Commit Description
fix - dfee1e7b1 auto-inject localize/init in library unit tests
fix - aba718403 inherit preserveSymlinks option from build target in unit-test builder
fix - 7c0d9f03c load zone.js dynamically for library unit tests
fix - 4288e4452 scope createRequire module resolution using paths to prevent parent paths

@​angular/ssr

Commit Description
fix - 5f774f891 preserve response headers during redirect

22.0.4

@​angular/build

Commit Description
fix - 46185ceac aggregate parallel worker performance timings on the main thread

... (truncated)

Changelog

Sourced from @​angular/cli's changelog.

22.0.7 (2026-07-15)

@​angular/cli

Commit Type Description
e85c10ccb fix copy packageManager field and yarn config for temp installs
b87cafec0 fix support resolving subproject dependencies in pnpm workspaces

21.2.19 (2026-07-09)

@​angular-devkit/build-angular

Commit Type Description
df5429871 fix update http-proxy-middleware to 3.0.7

20.3.32 (2026-07-09)

@​angular-devkit/build-angular

Commit Type Description
d4e07cb3e fix update http-proxy-middleware to 3.0.7

22.1.0-next.3 (2026-07-09)

@​angular/build

Commit Type Description
34d558c3c feat add built-in SQLite cache store fallback
52ae7f862 feat share persistent build cache across git worktrees
41bd100dd fix fallback to build target preserveSymlinks option in karma runner
6d9b360e5 fix prevent esbuild service hang on internal component stylesheet builds
85c53d990 fix prevent externalizing builder-injected i18n locale data
004cc4104 fix strip all vite id prefixes from minified code with external dependencies
09d0a11a8 perf enable fast-path AST printing with sourcemaps in AotCompilation

... (truncated)

Commits
  • e744701 release: cut the v22.0.7 release
  • a902c38 build: lock file maintenance
  • 12fb387 build: update pnpm to v10.34.5
  • 22d843e build: update cross-repo angular dependencies to v22.0.6
  • b87cafe fix(@​angular/cli): support resolving subproject dependencies in pnpm workspaces
  • e85c10c fix(@​angular/cli): copy packageManager field and yarn config for temp installs
  • 5584a58 build: update babel monorepo to v7.29.7
  • cc45a54 build: update dependency http-proxy-middleware to v3.0.7
  • 31345b6 build: lock file maintenance
  • dbd61b1 release: cut the v22.0.6 release
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code major labels Jul 1, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code major labels Jul 1, 2026
github-actions[bot]
github-actions Bot previously approved these changes Jul 1, 2026
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

github-actions[bot]
github-actions Bot previously approved these changes Jul 6, 2026
Bumps [sigstore](https://github.com/sigstore/sigstore-js) to 4.1.1 and updates ancestor dependency [@angular/cli](https://github.com/angular/angular-cli). These dependencies need to be updated together.


Updates `sigstore` from 2.3.1 to 4.1.1
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@2.3.1...sigstore@4.1.1)

Updates `@angular/cli` from 18.2.20 to 22.0.7
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md)
- [Commits](angular/angular-cli@18.2.20...v22.0.7)

---
updated-dependencies:
- dependency-name: "@angular/cli"
  dependency-version: 22.0.5
  dependency-type: direct:development
- dependency-name: sigstore
  dependency-version: 4.1.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot-npm_and_yarn-multi-27a3df8e2d branch from f1632d4 to d77ba22 Compare July 16, 2026 01:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

angular angular-showcase dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code major repo

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants