From d868d1e189722918b5d0214110f62ec96c5a7545 Mon Sep 17 00:00:00 2001
From: "snyk-io[bot]" <141718529+snyk-io[bot]@users.noreply.github.com>
Date: Thu, 29 Jan 2026 01:24:34 +0000
Subject: [PATCH] fix: packages/attest/package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-TAR-15127355
---
 packages/attest/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/attest/package.json b/packages/attest/package.json
index cf8e32af50..9e617ec667 100644
--- a/packages/attest/package.json
+++ b/packages/attest/package.json
@@ -47,7 +47,7 @@
     "@actions/http-client": "^2.2.1",
     "@octokit/plugin-retry": "^6.0.1",
     "@sigstore/bundle": "^2.3.2",
-    "@sigstore/sign": "^2.3.2",
+    "@sigstore/sign": "^3.0.0",
     "jose": "^5.2.3"
   },
   "overrides": {