Updated the project.

my-app/node_modules/@sigstore/sign/dist/bundler/bundle.d.ts

@@ -2,4 +2,4 @@ import * as sigstore from '@sigstore/bundle';
 import type { Signature } from '../signer';
 import type { Artifact } from './base';
 export declare function toMessageSignatureBundle(artifact: Artifact, signature: Signature): sigstore.BundleWithMessageSignature;
-export declare function toDSSEBundle(artifact: Required<Artifact>, signature: Signature): sigstore.BundleWithDsseEnvelope;
+export declare function toDSSEBundle(artifact: Required<Artifact>, signature: Signature, singleCertificate?: boolean): sigstore.BundleWithDsseEnvelope;

my-app/node_modules/@sigstore/sign/dist/bundler/bundle.js

@@ -56,7 +56,7 @@ function toMessageSignatureBundle(artifact, signature) {
 }
 exports.toMessageSignatureBundle = toMessageSignatureBundle;
 // DSSE envelope bundle - $case: 'dsseEnvelope'
-function toDSSEBundle(artifact, signature) {
+function toDSSEBundle(artifact, signature, singleCertificate) {
     return sigstore.toDSSEBundle({
         artifact: artifact.data,
         artifactType: artifact.type,
@@ -65,6 +65,7 @@ function toDSSEBundle(artifact, signature) {
             ? util_1.pem.toDER(signature.key.certificate)
             : undefined,
         keyHint: signature.key.$case === 'publicKey' ? signature.key.hint : undefined,
+        singleCertificate,
     });
 }
 exports.toDSSEBundle = toDSSEBundle;

my-app/node_modules/@sigstore/sign/dist/bundler/dsse.d.ts

@@ -2,8 +2,13 @@
 import { Artifact, BaseBundleBuilder, BundleBuilderOptions } from './base';
 import type { BundleWithDsseEnvelope } from '@sigstore/bundle';
 import type { Signature } from '../signer';
+type DSSEBundleBuilderOptions = BundleBuilderOptions & {
+    singleCertificate?: boolean;
+};
 export declare class DSSEBundleBuilder extends BaseBundleBuilder<BundleWithDsseEnvelope> {
-    constructor(options: BundleBuilderOptions);
+    private singleCertificate?;
+    constructor(options: DSSEBundleBuilderOptions);
     protected prepare(artifact: Artifact): Promise<Buffer>;
     protected package(artifact: Artifact, signature: Signature): Promise<BundleWithDsseEnvelope>;
 }
+export {};

my-app/node_modules/@sigstore/sign/dist/bundler/dsse.js

@@ -23,6 +23,7 @@ const bundle_1 = require("./bundle");
 class DSSEBundleBuilder extends base_1.BaseBundleBuilder {
     constructor(options) {
         super(options);
+        this.singleCertificate = options.singleCertificate ?? false;
     }
     // DSSE requires the artifact to be pre-encoded with the payload type
     // before the signature is generated.
@@ -32,7 +33,7 @@ class DSSEBundleBuilder extends base_1.BaseBundleBuilder {
     }
     // Packages the artifact and signature into a DSSE bundle
     async package(artifact, signature) {
-        return (0, bundle_1.toDSSEBundle)(artifactDefaults(artifact), signature);
+        return (0, bundle_1.toDSSEBundle)(artifactDefaults(artifact), signature, this.singleCertificate);
     }
 }
 exports.DSSEBundleBuilder = DSSEBundleBuilder;

my-app/node_modules/@sigstore/sign/dist/external/error.d.ts

@@ -1,5 +1,3 @@
-import fetch from 'make-fetch-happen';
-type Response = Awaited<ReturnType<typeof fetch>>;
 export declare class HTTPError extends Error {
     statusCode: number;
     location?: string;
@@ -9,5 +7,3 @@ export declare class HTTPError extends Error {
         location?: string;
     });
 }
-export declare const checkStatus: (response: Response) => Promise<Response>;
-export {};

my-app/node_modules/@sigstore/sign/dist/external/error.js

@@ -1,6 +1,21 @@
 "use strict";
+/*
+Copyright 2023 The Sigstore Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.checkStatus = exports.HTTPError = void 0;
+exports.HTTPError = void 0;
 class HTTPError extends Error {
     constructor({ status, message, location, }) {
         super(`(${status}) ${message}`);
@@ -9,30 +24,3 @@ class HTTPError extends Error {
     }
 }
 exports.HTTPError = HTTPError;
-const checkStatus = async (response) => {
-    if (response.ok) {
-        return response;
-    }
-    else {
-        let message = response.statusText;
-        const location = response.headers?.get('Location') || undefined;
-        const contentType = response.headers?.get('Content-Type');
-        // If response type is JSON, try to parse the body for a message
-        if (contentType?.includes('application/json')) {
-            try {
-                await response.json().then((body) => {
-                    message = body.message;
-                });
-            }
-            catch (e) {
-                // ignore
-            }
-        }
-        throw new HTTPError({
-            status: response.status,
-            message: message,
-            location: location,
-        });
-    }
-};
-exports.checkStatus = checkStatus;

my-app/node_modules/@sigstore/sign/dist/external/fulcio.d.ts

@@ -31,8 +31,7 @@ export interface SigningCertificateResponse {
  * Fulcio API client.
  */
 export declare class Fulcio {
-    private fetch;
-    private baseUrl;
+    private options;
     constructor(options: FulcioOptions);
     createSigningCertificate(request: SigningCertificateRequest): Promise<SigningCertificateResponse>;
 }

my-app/node_modules/@sigstore/sign/dist/external/fulcio.js

@@ -1,7 +1,4 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.Fulcio = void 0;
 /*
@@ -19,33 +16,26 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-const make_fetch_happen_1 = __importDefault(require("make-fetch-happen"));
-const util_1 = require("../util");
-const error_1 = require("./error");
+const fetch_1 = require("./fetch");
 /**
  * Fulcio API client.
  */
 class Fulcio {
     constructor(options) {
-        this.fetch = make_fetch_happen_1.default.defaults({
-            retry: options.retry,
-            timeout: options.timeout,
-            headers: {
-                'Content-Type': 'application/json',
-                'User-Agent': util_1.ua.getUserAgent(),
-            },
-        });
-        this.baseUrl = options.baseURL;
+        this.options = options;
     }
     async createSigningCertificate(request) {
-        const url = `${this.baseUrl}/api/v2/signingCert`;
-        const response = await this.fetch(url, {
-            method: 'POST',
+        const { baseURL, retry, timeout } = this.options;
+        const url = `${baseURL}/api/v2/signingCert`;
+        const response = await (0, fetch_1.fetchWithRetry)(url, {
+            headers: {
+                'Content-Type': 'application/json',
+            },
             body: JSON.stringify(request),
+            timeout,
+            retry,
         });
-        await (0, error_1.checkStatus)(response);
-        const data = await response.json();
-        return data;
+        return response.json();
     }
 }
 exports.Fulcio = Fulcio;

my-app/node_modules/@sigstore/sign/dist/external/rekor.d.ts

@@ -1,6 +1,6 @@
-import type { LogEntry, ProposedDSSEEntry, ProposedEntry, ProposedHashedRekordEntry, ProposedIntotoEntry, SearchIndex, SearchLogQuery } from '@sigstore/rekor-types';
+import type { LogEntry, ProposedDSSEEntry, ProposedEntry, ProposedHashedRekordEntry, ProposedIntotoEntry } from '@sigstore/rekor-types';
 import type { FetchOptions } from '../types/fetch';
-export type { ProposedDSSEEntry, ProposedEntry, ProposedHashedRekordEntry, ProposedIntotoEntry, SearchIndex, SearchLogQuery, };
+export type { ProposedDSSEEntry, ProposedEntry, ProposedHashedRekordEntry, ProposedIntotoEntry, };
 export type Entry = {
     uuid: string;
 } & LogEntry[string];
@@ -11,8 +11,7 @@ export type RekorOptions = {
  * Rekor API client.
  */
 export declare class Rekor {
-    private fetch;
-    private baseUrl;
+    private options;
     constructor(options: RekorOptions);
     /**
      * Create a new entry in the Rekor log.
@@ -26,16 +25,4 @@ export declare class Rekor {
      * @returns {Promise<Entry>} The retrieved entry
      */
     getEntry(uuid: string): Promise<Entry>;
-    /**
-     * Search the Rekor log index for entries matching the given query.
-     * @param opts {SearchIndex} Options to search the Rekor log
-     * @returns {Promise<string[]>} UUIDs of matching entries
-     */
-    searchIndex(opts: SearchIndex): Promise<string[]>;
-    /**
-     * Search the Rekor logs for matching the given query.
-     * @param opts {SearchLogQuery} Query to search the Rekor log
-     * @returns {Promise<Entry[]>} List of matching entries
-     */
-    searchLog(opts: SearchLogQuery): Promise<Entry[]>;
 }

my-app/node_modules/@sigstore/sign/dist/external/rekor.js

@@ -1,7 +1,4 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.Rekor = void 0;
 /*
@@ -19,23 +16,13 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-const make_fetch_happen_1 = __importDefault(require("make-fetch-happen"));
-const util_1 = require("../util");
-const error_1 = require("./error");
+const fetch_1 = require("./fetch");
 /**
  * Rekor API client.
  */
 class Rekor {
     constructor(options) {
-        this.fetch = make_fetch_happen_1.default.defaults({
-            retry: options.retry,
-            timeout: options.timeout,
-            headers: {
-                Accept: 'application/json',
-                'User-Agent': util_1.ua.getUserAgent(),
-            },
-        });
-        this.baseUrl = options.baseURL;
+        this.options = options;
     }
     /**
      * Create a new entry in the Rekor log.
@@ -43,13 +30,17 @@ class Rekor {
      * @returns {Promise<Entry>} The created entry
      */
     async createEntry(propsedEntry) {
-        const url = `${this.baseUrl}/api/v1/log/entries`;
-        const response = await this.fetch(url, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
+        const { baseURL, timeout, retry } = this.options;
+        const url = `${baseURL}/api/v1/log/entries`;
+        const response = await (0, fetch_1.fetchWithRetry)(url, {
+            headers: {
+                'Content-Type': 'application/json',
+                Accept: 'application/json',
+            },
             body: JSON.stringify(propsedEntry),
+            timeout,
+            retry,
         });
-        await (0, error_1.checkStatus)(response);
         const data = await response.json();
         return entryFromResponse(data);
     }
@@ -59,45 +50,19 @@ class Rekor {
      * @returns {Promise<Entry>} The retrieved entry
      */
     async getEntry(uuid) {
-        const url = `${this.baseUrl}/api/v1/log/entries/${uuid}`;
-        const response = await this.fetch(url);
-        await (0, error_1.checkStatus)(response);
+        const { baseURL, timeout, retry } = this.options;
+        const url = `${baseURL}/api/v1/log/entries/${uuid}`;
+        const response = await (0, fetch_1.fetchWithRetry)(url, {
+            method: 'GET',
+            headers: {
+                Accept: 'application/json',
+            },
+            timeout,
+            retry,
+        });
         const data = await response.json();
         return entryFromResponse(data);
     }
-    /**
-     * Search the Rekor log index for entries matching the given query.
-     * @param opts {SearchIndex} Options to search the Rekor log
-     * @returns {Promise<string[]>} UUIDs of matching entries
-     */
-    async searchIndex(opts) {
-        const url = `${this.baseUrl}/api/v1/index/retrieve`;
-        const response = await this.fetch(url, {
-            method: 'POST',
-            body: JSON.stringify(opts),
-            headers: { 'Content-Type': 'application/json' },
-        });
-        await (0, error_1.checkStatus)(response);
-        const data = await response.json();
-        return data;
-    }
-    /**
-     * Search the Rekor logs for matching the given query.
-     * @param opts {SearchLogQuery} Query to search the Rekor log
-     * @returns {Promise<Entry[]>} List of matching entries
-     */
-    async searchLog(opts) {
-        const url = `${this.baseUrl}/api/v1/log/entries/retrieve`;
-        const response = await this.fetch(url, {
-            method: 'POST',
-            body: JSON.stringify(opts),
-            headers: { 'Content-Type': 'application/json' },
-        });
-        await (0, error_1.checkStatus)(response);
-        const rawData = await response.json();
-        const data = rawData.map((d) => entryFromResponse(d));
-        return data;
-    }
 }
 exports.Rekor = Rekor;
 // Unpack the response from the Rekor API into a more convenient format.

my-app/node_modules/@sigstore/sign/dist/external/tsa.d.ts

@@ -11,8 +11,7 @@ export type TimestampAuthorityOptions = {
     baseURL: string;
 } & FetchOptions;
 export declare class TimestampAuthority {
-    private fetch;
-    private baseUrl;
+    private options;
     constructor(options: TimestampAuthorityOptions);
     createTimestamp(request: TimestampRequest): Promise<Buffer>;
 }

my-app/node_modules/@sigstore/sign/dist/external/tsa.js

@@ -1,7 +1,4 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.TimestampAuthority = void 0;
 /*
@@ -19,28 +16,22 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 */
-const make_fetch_happen_1 = __importDefault(require("make-fetch-happen"));
-const util_1 = require("../util");
-const error_1 = require("./error");
+const fetch_1 = require("./fetch");
 class TimestampAuthority {
     constructor(options) {
-        this.fetch = make_fetch_happen_1.default.defaults({
-            retry: options.retry,
-            timeout: options.timeout,
-            headers: {
-                'Content-Type': 'application/json',
-                'User-Agent': util_1.ua.getUserAgent(),
-            },
-        });
-        this.baseUrl = options.baseURL;
+        this.options = options;
     }
     async createTimestamp(request) {
-        const url = `${this.baseUrl}/api/v1/timestamp`;
-        const response = await this.fetch(url, {
-            method: 'POST',
+        const { baseURL, timeout, retry } = this.options;
+        const url = `${baseURL}/api/v1/timestamp`;
+        const response = await (0, fetch_1.fetchWithRetry)(url, {
+            headers: {
+                'Content-Type': 'application/json',
+            },
             body: JSON.stringify(request),
+            timeout,
+            retry,
         });
-        await (0, error_1.checkStatus)(response);
         return response.buffer();
     }
 }

my-app/node_modules/@sigstore/sign/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sigstore/sign",
-  "version": "2.2.2",
+  "version": "2.3.2",
   "description": "Sigstore signing library",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -27,15 +27,18 @@
   },
   "devDependencies": {
     "@sigstore/jest": "^0.0.0",
-    "@sigstore/mock": "^0.6.4",
+    "@sigstore/mock": "^0.7.4",
     "@sigstore/rekor-types": "^2.0.0",
-    "@types/make-fetch-happen": "^10.0.4"
+    "@types/make-fetch-happen": "^10.0.4",
+    "@types/promise-retry": "^1.1.6"
   },
   "dependencies": {
-    "@sigstore/bundle": "^2.1.1",
+    "@sigstore/bundle": "^2.3.2",
     "@sigstore/core": "^1.0.0",
-    "@sigstore/protobuf-specs": "^0.2.1",
-    "make-fetch-happen": "^13.0.0"
+    "@sigstore/protobuf-specs": "^0.3.2",
+    "make-fetch-happen": "^13.0.1",
+    "proc-log": "^4.2.0",
+    "promise-retry": "^2.0.1"
   },
   "engines": {
     "node": "^16.14.0 || >=18.0.0"