Skip to content

chore(deps): bump sigstore and @angular/cli#2452

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-27a3df8e2d
Closed

chore(deps): bump sigstore and @angular/cli#2452
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-27a3df8e2d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps sigstore to 4.1.1 and updates ancestor dependency @angular/cli. These dependencies need to be updated together.

Updates sigstore from 3.1.0 to 4.1.1

Release notes

Sourced from sigstore's releases.

sigstore@4.1.1

Patch Changes

  • 7845532: Verification of OID certificate extensions
  • f074710: Require inclusion promise in Rekor entry when used as timestamp source
  • Updated dependencies [b5aa4f1]
  • Updated dependencies [7845532]
  • Updated dependencies [f074710]
    • @​sigstore/core@​3.2.1
    • @​sigstore/verify@​3.1.1

sigstore@4.1.0

Minor Changes

  • eba6a52: verify(bundle[, payload][, options]) now returns a Signer object containing the public key and identity information from the verification.

Patch Changes

  • Updated dependencies [cee51c0]
  • Updated dependencies [2042aad]
  • Updated dependencies [018974e]
  • Updated dependencies [dea916f]
  • Updated dependencies [61a4f9e]
  • Updated dependencies [5ffadc0]
  • Updated dependencies [5ffadc0]
  • Updated dependencies [1663b3e]
    • @​sigstore/tuf@​4.0.1
    • @​sigstore/verify@​3.1.0
    • @​sigstore/sign@​4.1.0
    • @​sigstore/core@​3.1.0

sigstore@4.0.0

Major Changes

  • 383e200: Drop support for node 18

Patch Changes

  • Updated dependencies [40395f5]
  • Updated dependencies [383e200]
  • Updated dependencies [383e200]
  • Updated dependencies [383e200]
    • @​sigstore/tuf@​4.0.0
    • @​sigstore/sign@​4.0.0
    • @​sigstore/bundle@​4.0.0
    • @​sigstore/verify@​3.0.0
    • @​sigstore/core@​3.0.0
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for sigstore since your current version.


Updates @angular/cli from 19.2.25 to 22.0.5

Release notes

Sourced from @​angular/cli's releases.

22.0.5

@​schematics/angular

Commit Description
fix - 862a38069 remove unused app tsconfig outDir

@​angular/cli

Commit Description
fix - f099e641c gracefully handle package manager errors in command handler
fix - cf033ec48 respect release age policy in update bootstrapping logic

@​angular-devkit/build-angular

Commit Description
fix - f75085f4b prevent OS command injection in ssr-dev-server builder

@​angular/build

Commit Description
fix - dfee1e7b1 auto-inject localize/init in library unit tests
fix - aba718403 inherit preserveSymlinks option from build target in unit-test builder
fix - 7c0d9f03c load zone.js dynamically for library unit tests
fix - 4288e4452 scope createRequire module resolution using paths to prevent parent paths

@​angular/ssr

Commit Description
fix - 5f774f891 preserve response headers during redirect

22.0.4

@​angular/build

Commit Description
fix - 46185ceac aggregate parallel worker performance timings on the main thread
perf - 5d7e29c41 dispose builder result context early in non-watch mode

22.0.3

@​schematics/angular

Commit Description
fix - 0eddea898 remove default workspace vscode mcp.json configuration

22.0.2

@​angular/cli

Commit Description
fix - 136fc2714 support registry metadata fetching under bun package manager
perf - 2653dd5c7 implement semaphore backpressure throttling in PackageManager

@​angular/build

Commit Description
perf - 0b4a48add implement semaphore backpressure throttling in JavaScriptTransformer

@​angular/ssr

... (truncated)

Changelog

Sourced from @​angular/cli's changelog.

22.0.5 (2026-07-01)

@​angular/cli

Commit Type Description
f099e641c fix gracefully handle package manager errors in command handler
cf033ec48 fix respect release age policy in update bootstrapping logic

@​schematics/angular

Commit Type Description
862a38069 fix remove unused app tsconfig outDir

@​angular-devkit/build-angular

Commit Type Description
f75085f4b fix prevent OS command injection in ssr-dev-server builder

@​angular/build

Commit Type Description
dfee1e7b1 fix auto-inject localize/init in library unit tests
aba718403 fix inherit preserveSymlinks option from build target in unit-test builder
7c0d9f03c fix load zone.js dynamically for library unit tests
4288e4452 fix scope createRequire module resolution using paths to prevent parent paths

@​angular/ssr

Commit Type Description
5f774f891 fix preserve response headers during redirect

21.2.18 (2026-07-01)

@​angular/cli

Commit Type Description
61a810ab6 fix respect release age policy in update bootstrapping logic

@​angular/build

... (truncated)

Commits
  • 85a2698 release: cut the v22.0.5 release
  • 5c892ee build: update cross-repo angular dependencies
  • 7848e8d build: lock file maintenance
  • 862a380 fix(@​schematics/angular): remove unused app tsconfig outDir
  • 4288e44 fix(@​angular/build): scope createRequire module resolution using paths to pre...
  • 5f774f8 fix(@​angular/ssr): preserve response headers during redirect
  • 7c0d9f0 fix(@​angular/build): load zone.js dynamically for library unit tests
  • f75085f fix(@​angular-devkit/build-angular): prevent OS command injection in ssr-dev-s...
  • f099e64 fix(@​angular/cli): gracefully handle package manager errors in command handler
  • cf033ec fix(@​angular/cli): respect release age policy in update bootstrapping logic
  • Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
@angular/cli [> 19.2.25]

@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 2, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 2, 2026 10:06
@dependabot dependabot Bot added npm npm package updates (e.g. dependabot) dependencies Pull requests that update a dependency file labels Jul 2, 2026
@github-actions github-actions Bot enabled auto-merge July 2, 2026 10:07
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-27a3df8e2d branch 2 times, most recently from b70efca to 6a67537 Compare July 3, 2026 09:23
Bumps [sigstore](https://github.com/sigstore/sigstore-js) to 4.1.1 and updates ancestor dependency [@angular/cli](https://github.com/angular/angular-cli). These dependencies need to be updated together.


Updates `sigstore` from 3.1.0 to 4.1.1
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@3.1.0...sigstore@4.1.1)

Updates `@angular/cli` from 19.2.25 to 22.0.5
- [Release notes](https://github.com/angular/angular-cli/releases)
- [Changelog](https://github.com/angular/angular-cli/blob/main/CHANGELOG.md)
- [Commits](angular/angular-cli@v19.2.25...v22.0.5)

---
updated-dependencies:
- dependency-name: "@angular/cli"
  dependency-version: 22.0.5
  dependency-type: direct:development
- dependency-name: sigstore
  dependency-version: 4.1.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-27a3df8e2d branch from 6a67537 to 779f80d Compare July 3, 2026 10:11
@Junjiequan

Copy link
Copy Markdown
Member

@dependabot ignore this major version

@dependabot @github

dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

This option is only available on single-dependency pull requests, as the versions in multi-dependency pull requests may differ.

If you'd like to ignore all updates for these dependencies just reply @dependabot ignore these dependencies.

@Junjiequan

Copy link
Copy Markdown
Member

@dependabot ignore these dependencies

@dependabot dependabot Bot closed this Jul 3, 2026
auto-merge was automatically disabled July 3, 2026 10:12

Pull request was closed

@dependabot @github

dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you about any of these dependencies again, unless you re-open this PR.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/multi-27a3df8e2d branch July 3, 2026 10:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file npm npm package updates (e.g. dependabot)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant