[Snyk] Upgrade: , nock, , make-fetch-happen,

[WontonSam]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

@sigstore/bundle
from 2.2.0 to 2.3.2 | 3 versions ahead of your current version | 4 months ago
on 2024-05-16
nock
from 13.5.1 to 13.5.5 | 4 versions ahead of your current version | a month ago
on 2024-08-20
@sigstore/mock
from 0.6.5 to 0.7.5 | 6 versions ahead of your current version | 3 months ago
on 2024-06-11
make-fetch-happen
from 13.0.0 to 13.0.1 | 1 version ahead of your current version | 5 months ago
on 2024-04-30
@sigstore/sign
from 2.2.3 to 2.3.2 | 3 versions ahead of your current version | 4 months ago
on 2024-05-16

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	142	Proof of Concept
	Improper Access Control SNYK-JS-UNDICI-6564963	142	No Known Exploit
	Improper Authorization SNYK-JS-UNDICI-6564964	142	No Known Exploit

Release notes

Package name: @sigstore/bundle

• 2.3.2 - 2024-05-16
  

  Patch Changes

  • cf0c3ef: Bump @ sigstore/protobuf-specs from 0.3.1 to 0.3.2
  • Updated dependencies [cf0c3ef]
    • @ sigstore/bundle@2.3.2
• 2.3.1 - 2024-04-04
  

  Patch Changes

  • cf0c3ef: Bump @ sigstore/protobuf-specs from 0.3.1 to 0.3.2
  • Updated dependencies [cf0c3ef]
  • Updated dependencies [cf0c3ef]
    • @ sigstore/tuf@2.3.4
    • @ sigstore/bundle@2.3.2
    • @ sigstore/verify@1.2.1
    • @ sigstore/sign@2.3.2
• 2.3.0 - 2024-04-02
• 2.2.0 - 2024-02-15

from @sigstore/bundle GitHub release notes

Package name: nock

• 13.5.5 - 2024-08-20
  

  13.5.5 (2024-08-20)

  Bug Fixes

  • backport: memory leaks due to timer references outliving the timers (#2773) (#2773) (66eb7f4)
• 13.5.4 - 2024-02-26
  

  13.5.4 (2024-02-26)

  Bug Fixes

  • call fs.createReadStream lazily (#2357) (ba9fc42)
• 13.5.3 - 2024-02-17
• 13.5.2 - 2024-02-17
• 13.5.1 - 2024-01-28

from nock GitHub release notes

Package name: @sigstore/mock

• 0.7.5 - 2024-06-11
  

  Patch Changes

  • 7296bf4: Bump dependencies:

    • @ peculiar/webcrypto from 1.4.6 to 1.5.0
    • @ peculiar/x509 from 1.10.0 to 1.11.0
    • jose from 5.3.0 to 5.4.0
    • pkijs from 3.0.16 to 3.1.0

  • 5eb4a07: Bump dependencies:

    • @ peculiar/x509 from 1.9.7 to 1.10.0
    • jose from 5.2.4 to 5.3.0
• 0.7.4 - 2024-05-16
• 0.7.3 - 2024-05-08
• 0.7.2 - 2024-04-02
• 0.7.1 - 2024-03-25
• 0.7.0 - 2024-03-11
• 0.6.5 - 2024-02-15

from @sigstore/mock GitHub release notes

Package name: make-fetch-happen

• 13.0.1 - 2024-04-30
  

  13.0.1 (2024-04-30)

  Bug Fixes

  • 66018e3 log errors on retry (@ wraithgar)
  • ed73ef5 #288 always catch and emit cache write errors in promise (#288) (@ lukekarrys)

  Chores

  • 9e1329c #292 fix linting in tests (@ lukekarrys)
  • 4756bda #292 postinstall for dependabot template-oss PR (@ lukekarrys)
  • 91df666 #292 bump @ npmcli/template-oss from 4.21.3 to 4.21.4 (@ dependabot[bot])
• 13.0.0 - 2023-08-15
  

  13.0.0 (2023-08-15)

  ⚠️ BREAKING CHANGES

  • support for node <=16.13 has been removed

  Bug Fixes

  • fb1c716 #262 drop node 16.13.x support (@ lukekarrys)

  Dependencies

  • 41295dc #264 bump @ npmcli/agent from 1.1.0 to 2.0.0
  • 4875556 #261 bump cacache from 17.1.4 to 18.0.0

from make-fetch-happen GitHub release notes

Package name: @sigstore/sign

• 2.3.2 - 2024-05-16
  

  Patch Changes

  • cf0c3ef: Bump @ sigstore/protobuf-specs from 0.3.1 to 0.3.2
  • Updated dependencies [cf0c3ef]
    • @ sigstore/bundle@2.3.2
• 2.3.1 - 2024-05-08
  

  Patch Changes

  • cf0c3ef: Bump @ sigstore/protobuf-specs from 0.3.1 to 0.3.2
  • Updated dependencies [cf0c3ef]
  • Updated dependencies [cf0c3ef]
    • @ sigstore/tuf@2.3.4
    • @ sigstore/bundle@2.3.2
    • @ sigstore/verify@1.2.1
    • @ sigstore/sign@2.3.2
• 2.3.0 - 2024-04-03
• 2.2.3 - 2024-02-15

from @sigstore/sign GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"","from":"sigstore/bundle","to":"sigstore/bundle"},{"name":"nock","from":"13.5.1","to":"13.5.5"},{"name":"","from":"sigstore/mock","to":"sigstore/mock"},{"name":"make-fetch-happen","from":"13.0.0","to":"13.0.1"},{"name":"","from":"sigstore/sign","to":"sigstore/sign"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-TAR-6476909","issue_id":"SNYK-JS-TAR-6476909","priority_score":142,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00045},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Mar 22 2024 12:56:33 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.36},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Uncontrolled Resource Consumption ('Resource Exhaustion')"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-UNDICI-6564963","issue_id":"SNYK-JS-UNDICI-6564963","priority_score":29,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"low"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00044},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Apr 05 2024 07:24:45 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"low"},{"name":"relativePopularityRank","value":98},{"name":"impact","value":2.35},{"name":"likelihood","value":1.23},{"name":"scoreVersion","value":"V5"}],"severity":"low","title":"Improper Access Control"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-UNDICI-6564964","issue_id":"SNYK-JS-UNDICI-6564964","priority_score":66,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"high"},{"name":"attackComplexity","value":"high"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00044},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Apr 05 2024 07:26:59 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"low"},{"name":"relativePopularityRank","value":98},{"name":"impact","value":5.62},{"name":"likelihood","value":1.17},{"name":"scoreVersion","value":"V5"}],"severity":"low","title":"Improper Authorization"}],"prId":"bec94cc9-36ea-49fa-abf0-86c8fb4541d8","prPublicId":"bec94cc9-36ea-49fa-abf0-86c8fb4541d8","packageManager":"npm","priorityScoreList":[142,29,66],"projectPublicId":"593e2294-46a2-4fe3-be43-c6c622b0fdec","projectUrl":"https://app.snyk.io/org/cachiman/project/593e2294-46a2-4fe3-be43-c6c622b0fdec?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["priorityScore"],"type":"auto","upgrade":["SNYK-JS-TAR-6476909","SNYK-JS-UNDICI-6564963","SNYK-JS-UNDICI-6564964"],"upgradeInfo":{"versionsDiff":3,"publishedDate":"2024-05-16T17:12:04.074Z"},"vulns":["SNYK-JS-TAR-6476909","SNYK-JS-UNDICI-6564963","SNYK-JS-UNDICI-6564964"]}'

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.