From dd7029ed26cc978d0cefef52b21ee9ce070573cc Mon Sep 17 00:00:00 2001
From: "snyk-io[bot]" <141718529+snyk-io[bot]@users.noreply.github.com>
Date: Wed, 4 Feb 2026 01:55:43 +0000
Subject: [PATCH] fix: packages/attest/package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-GLOB-14040952
- https://snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
- https://snyk.io/vuln/SNYK-JS-BRACEEXPANSION-9789073
---
 packages/attest/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/attest/package.json b/packages/attest/package.json
index cf8e32af50..2522b13183 100644
--- a/packages/attest/package.json
+++ b/packages/attest/package.json
@@ -47,7 +47,7 @@
     "@actions/http-client": "^2.2.1",
     "@octokit/plugin-retry": "^6.0.1",
     "@sigstore/bundle": "^2.3.2",
-    "@sigstore/sign": "^2.3.2",
+    "@sigstore/sign": "^4.0.0",
     "jose": "^5.2.3"
   },
   "overrides": {