Updated the project.

my-app/node_modules/@sigstore/sign/dist/bundler/bundle.d.ts

@@ -2,4 +2,4 @@ import * as sigstore from '@sigstore/bundle';
 import type { Signature } from '../signer';
 import type { Artifact } from './base';
 export declare function toMessageSignatureBundle(artifact: Artifact, signature: Signature): sigstore.BundleWithMessageSignature;
-export declare function toDSSEBundle(artifact: Required<Artifact>, signature: Signature): sigstore.BundleWithDsseEnvelope;
+export declare function toDSSEBundle(artifact: Required<Artifact>, signature: Signature, singleCertificate?: boolean): sigstore.BundleWithDsseEnvelope;

my-app/node_modules/@sigstore/sign/dist/bundler/bundle.js

@@ -56,7 +56,7 @@ function toMessageSignatureBundle(artifact, signature) {
 }
 exports.toMessageSignatureBundle = toMessageSignatureBundle;
 // DSSE envelope bundle - $case: 'dsseEnvelope'
-function toDSSEBundle(artifact, signature) {
+function toDSSEBundle(artifact, signature, singleCertificate) {
     return sigstore.toDSSEBundle({
         artifact: artifact.data,
         artifactType: artifact.type,
@@ -65,6 +65,7 @@ function toDSSEBundle(artifact, signature) {
             ? util_1.pem.toDER(signature.key.certificate)
             : undefined,
         keyHint: signature.key.$case === 'publicKey' ? signature.key.hint : undefined,
+        singleCertificate,
     });
 }
 exports.toDSSEBundle = toDSSEBundle;

my-app/node_modules/@sigstore/sign/dist/bundler/dsse.d.ts

@@ -2,8 +2,13 @@
 import { Artifact, BaseBundleBuilder, BundleBuilderOptions } from './base';
 import type { BundleWithDsseEnvelope } from '@sigstore/bundle';
 import type { Signature } from '../signer';
+type DSSEBundleBuilderOptions = BundleBuilderOptions & {
+    singleCertificate?: boolean;
+};
 export declare class DSSEBundleBuilder extends BaseBundleBuilder<BundleWithDsseEnvelope> {
-    constructor(options: BundleBuilderOptions);
+    private singleCertificate?;
+    constructor(options: DSSEBundleBuilderOptions);
     protected prepare(artifact: Artifact): Promise<Buffer>;
     protected package(artifact: Artifact, signature: Signature): Promise<BundleWithDsseEnvelope>;
 }
+export {};

my-app/node_modules/@sigstore/sign/dist/bundler/dsse.js

@@ -23,6 +23,7 @@ const bundle_1 = require("./bundle");
 class DSSEBundleBuilder extends base_1.BaseBundleBuilder {
     constructor(options) {
         super(options);
+        this.singleCertificate = options.singleCertificate ?? false;
     }
     // DSSE requires the artifact to be pre-encoded with the payload type
     // before the signature is generated.
@@ -32,7 +33,7 @@ class DSSEBundleBuilder extends base_1.BaseBundleBuilder {
     }
     // Packages the artifact and signature into a DSSE bundle
     async package(artifact, signature) {
-        return (0, bundle_1.toDSSEBundle)(artifactDefaults(artifact), signature);
+        return (0, bundle_1.toDSSEBundle)(artifactDefaults(artifact), signature, this.singleCertificate);
     }
 }
 exports.DSSEBundleBuilder = DSSEBundleBuilder;