From e097e6a0127a6a78bc54182404456045ee73b59d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Jun 2026 03:29:02 +0000
Subject: [PATCH] build(deps): bump @sigstore/verify from 3.1.1 to 4.0.0

Bumps [@sigstore/verify](https://github.com/sigstore/sigstore-js) from 3.1.1 to 4.0.0.
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/@sigstore/verify@3.1.1...@sigstore/verify@4.0.0)

---
updated-dependencies:
- dependency-name: "@sigstore/verify"
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package.json |  2 +-
 yarn.lock    | 31 ++++++++++++++++++++-----------
 2 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/package.json b/package.json
index bd70adbc..ae724d4b 100644
--- a/package.json
+++ b/package.json
@@ -53,7 +53,7 @@
     "@sigstore/bundle": "^4.0.0",
     "@sigstore/sign": "^4.1.1",
     "@sigstore/tuf": "^4.0.2",
-    "@sigstore/verify": "^3.1.1",
+    "@sigstore/verify": "^4.0.0",
     "async-retry": "^1.3.3",
     "csv-parse": "^6.2.1",
     "gunzip-maybe": "^1.4.2",
diff --git a/yarn.lock b/yarn.lock
index fe40c424..c18938d9 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -471,7 +471,7 @@ __metadata:
     "@sigstore/bundle": "npm:^4.0.0"
     "@sigstore/sign": "npm:^4.1.1"
     "@sigstore/tuf": "npm:^4.0.2"
-    "@sigstore/verify": "npm:^3.1.1"
+    "@sigstore/verify": "npm:^4.0.0"
     "@types/gunzip-maybe": "npm:^1.4.3"
     "@types/he": "npm:^1.2.3"
     "@types/js-yaml": "npm:^4.0.9"
@@ -1337,6 +1337,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@sigstore/bundle@npm:^5.0.0":
+  version: 5.0.0
+  resolution: "@sigstore/bundle@npm:5.0.0"
+  dependencies:
+    "@sigstore/protobuf-specs": "npm:^0.5.0"
+  checksum: 10/9d86dd7f8086832fff2a36ce84bd38a895fe951a8848963c1dddf1d0eb4d14394c94626fc53c4173f42be5ee8d7319b593ce3a77491e8b1497349c653decba90
+  languageName: node
+  linkType: hard
+
 "@sigstore/core@npm:^3.2.0":
   version: 3.2.0
   resolution: "@sigstore/core@npm:3.2.0"
@@ -1344,10 +1353,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@sigstore/core@npm:^3.2.1":
-  version: 3.2.1
-  resolution: "@sigstore/core@npm:3.2.1"
-  checksum: 10/2f6c1ced55f8ed3f7fc705a668eb95db9471511dfb1f054927822bf97a051dd62228ecf6a9f1932d240c2c4ae69a3b5066550789e5ad8f4257839a4370e5a120
+"@sigstore/core@npm:^4.0.0":
+  version: 4.0.0
+  resolution: "@sigstore/core@npm:4.0.0"
+  checksum: 10/506a64b2aa192170e4e41a426780303dfc481d289700382dc8d9bf24b13fb495b3aac130de1dac4cfbf61c50fb59eee7429d2e29e714cc21303fa47f84ec4a6a
   languageName: node
   linkType: hard
 
@@ -1382,14 +1391,14 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@sigstore/verify@npm:^3.1.1":
-  version: 3.1.1
-  resolution: "@sigstore/verify@npm:3.1.1"
+"@sigstore/verify@npm:^4.0.0":
+  version: 4.0.0
+  resolution: "@sigstore/verify@npm:4.0.0"
   dependencies:
-    "@sigstore/bundle": "npm:^4.0.0"
-    "@sigstore/core": "npm:^3.2.1"
+    "@sigstore/bundle": "npm:^5.0.0"
+    "@sigstore/core": "npm:^4.0.0"
     "@sigstore/protobuf-specs": "npm:^0.5.0"
-  checksum: 10/4cb24b0e62b85ebf2b62698041e0dc212d152fd40a95c05c237357c992265a23e5789f86b138bea2eea0c5f6b994974d968f03dde9c692a514f96ae4b26f31a9
+  checksum: 10/260de3105ebea1b4dd558e7edff217c083a8b257cb293e7d878e8b7951313d594b6cc996b8477b0bd1b45c6ec03fefae8cb46e7ff3e775b624ee0705b73b4d2a
   languageName: node
   linkType: hard