Skip to content

chore(deps): bump sigstore from 4.1.0 to 4.1.1 in /frontend#6068

Open
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/npm_and_yarn/frontend/sigstore-4.1.1
Open

chore(deps): bump sigstore from 4.1.0 to 4.1.1 in /frontend#6068
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/npm_and_yarn/frontend/sigstore-4.1.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps sigstore from 4.1.0 to 4.1.1.

Release notes

Sourced from sigstore's releases.

sigstore@4.1.1

Patch Changes

  • 7845532: Verification of OID certificate extensions
  • f074710: Require inclusion promise in Rekor entry when used as timestamp source
  • Updated dependencies [b5aa4f1]
  • Updated dependencies [7845532]
  • Updated dependencies [f074710]
    • @​sigstore/core@​3.2.1
    • @​sigstore/verify@​3.1.1
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 2, 2026
@github-actions github-actions Bot added frontend Changes related to the frontend GUI and removed dependencies Pull requests that update a dependency file labels Jul 2, 2026
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Automated Reviewer Suggestions

Based on the git blame history of the changed files, we recommend the following reviewers:

  • No candidates found from git blame history.

@aglinxinyuan aglinxinyuan requested a review from Copilot July 2, 2026 20:46

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.


💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@aglinxinyuan aglinxinyuan requested review from aglinxinyuan and xuang7 and removed request for aglinxinyuan July 2, 2026 20:46
@aglinxinyuan aglinxinyuan self-assigned this Jul 2, 2026
@aglinxinyuan aglinxinyuan requested review from Yicong-Huang and removed request for aglinxinyuan July 2, 2026 20:47
@aglinxinyuan aglinxinyuan added the release/v1.2 back porting to release/v1.2 label Jul 2, 2026
@codecov-commenter

codecov-commenter commented Jul 2, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 56.53%. Comparing base (d861036) to head (f5597bd).
✅ All tests successful. No failed tests found.

Additional details and impacted files
@@             Coverage Diff              @@
##               main    #6068      +/-   ##
============================================
- Coverage     57.18%   56.53%   -0.66%     
  Complexity     3103     3103              
============================================
  Files          1130     1132       +2     
  Lines         43825    45744    +1919     
  Branches       4747     5199     +452     
============================================
+ Hits          25062    25860     +798     
- Misses        17327    18409    +1082     
- Partials       1436     1475      +39     
Flag Coverage Δ *Carryforward flag
access-control-service 70.00% <ø> (ø) Carriedforward from d861036
agent-service 44.59% <ø> (ø) Carriedforward from d861036
amber 59.48% <ø> (ø) Carriedforward from d861036
computing-unit-managing-service 0.00% <ø> (ø) Carriedforward from d861036
config-service 52.30% <ø> (ø) Carriedforward from d861036
file-service 62.81% <ø> (ø) Carriedforward from d861036
frontend 49.13% <ø> (-0.94%) ⬇️
notebook-migration-service 78.57% <ø> (ø) Carriedforward from d861036
pyamber 91.15% <ø> (ø) Carriedforward from d861036
python 90.69% <ø> (ø) Carriedforward from d861036
workflow-compiling-service 55.14% <ø> (ø) Carriedforward from d861036

*This pull request uses carry forward flags. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@Yicong-Huang

Copy link
Copy Markdown
Contributor

CI failed, looks related, can you take a look? @aglinxinyuan

@aglinxinyuan

Copy link
Copy Markdown
Contributor

CI failed, looks related, can you take a look? @aglinxinyuan

Not related — this PR only bumps sigstore inside frontend/yarn.lock. The failure was a flaky unit test on the windows runner (joint-ui.service.spec.ts — a fully synchronous test timed out at 5000ms), and fail-fast then cancelled the ubuntu/macos jobs. Reran the failed jobs and CI is green now. Filed #6073 to track the flaky test.

@aglinxinyuan

Copy link
Copy Markdown
Contributor

@dependabot rebase

@dependabot @github

dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@aglinxinyuan

Copy link
Copy Markdown
Contributor

@dependabot recreate

Bumps [sigstore](https://github.com/sigstore/sigstore-js) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@4.1.0...sigstore@4.1.1)

---
updated-dependencies:
- dependency-name: sigstore
  dependency-version: 4.1.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/frontend/sigstore-4.1.1 branch from c0eb92d to 45a13ae Compare July 3, 2026 03:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

frontend Changes related to the frontend GUI javascript Pull requests that update javascript code release/v1.2 back porting to release/v1.2

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants