diff --git a/.changeset/fuzzy-cobras-unite.md b/.changeset/fuzzy-cobras-unite.md new file mode 100644 index 00000000..d5ba72ae --- /dev/null +++ b/.changeset/fuzzy-cobras-unite.md @@ -0,0 +1,5 @@ +--- +'@sigstore/tuf': patch +--- + +Include a custom User-Agent header with fetch calls made to TUF repository diff --git a/package-lock.json b/package-lock.json index 95387655..eab94eda 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1081,7 +1081,6 @@ "integrity": "sha512-e7jT4DxYvIDLk1ZHmU/m/mB19rex9sv0c2ftBtjSBv+kVM/902eh0fINUzD7UwLLNR+jU585GxUJ8/EBfAM5fw==", "dev": true, "license": "MIT", - "peer": true, "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.5", @@ -5295,6 +5294,7 @@ "os": [ "darwin" ], + "peer": true, "engines": { "node": ">=10" } @@ -5312,6 +5312,7 @@ "os": [ "darwin" ], + "peer": true, "engines": { "node": ">=10" } @@ -5329,6 +5330,7 @@ "os": [ "linux" ], + "peer": true, "engines": { "node": ">=10" } @@ -5346,6 +5348,7 @@ "os": [ "linux" ], + "peer": true, "engines": { "node": ">=10" } @@ -5363,6 +5366,7 @@ "os": [ "linux" ], + "peer": true, "engines": { "node": ">=10" } @@ -5380,6 +5384,7 @@ "os": [ "linux" ], + "peer": true, "engines": { "node": ">=10" } @@ -5397,6 +5402,7 @@ "os": [ "linux" ], + "peer": true, "engines": { "node": ">=10" } @@ -5414,6 +5420,7 @@ "os": [ "win32" ], + "peer": true, "engines": { "node": ">=10" } @@ -5431,6 +5438,7 @@ "os": [ "win32" ], + "peer": true, "engines": { "node": ">=10" } @@ -5448,6 +5456,7 @@ "os": [ "win32" ], + "peer": true, "engines": { "node": ">=10" } @@ -5479,6 +5488,7 @@ "version": "0.1.6", "dev": true, "license": "Apache-2.0", + "peer": true, "dependencies": { "@swc/counter": "^0.1.3" } @@ -5760,7 +5770,6 @@ "integrity": "sha512-WOhQTZ4G8xZ1tjJTvKOpyEVSGgOTvJAfDK3FNFgELyaTpzhdgHVHeqW8V+UJvzF5BT+/B54T/1S2K6gd9c7bbA==", "dev": true, "license": "MIT", - "peer": true, "dependencies": { "undici-types": "~7.16.0" } @@ -5905,7 +5914,6 @@ "integrity": "sha512-N9lBGA9o9aqb1hVMc9hzySbhKibHmB+N3IpoShyV6HyQYRGIhlrO5rQgttypi+yEeKsKI4idxC8Jw6gXKD4THA==", "dev": true, "license": "MIT", - "peer": true, "dependencies": { "@typescript-eslint/scope-manager": "8.49.0", "@typescript-eslint/types": "8.49.0", @@ -6420,7 +6428,6 @@ "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==", "dev": true, "license": "MIT", - "peer": true, "bin": { "acorn": "bin/acorn" }, @@ -6811,7 +6818,6 @@ } ], "license": "MIT", - "peer": true, "dependencies": { "baseline-browser-mapping": "^2.8.19", "caniuse-lite": "^1.0.30001751", @@ -7784,7 +7790,6 @@ "integrity": "sha512-LEyamqS7W5HB3ujJyvi0HQK/dtVINZvd5mAAp9eT5S/ujByGjiZLCzPcHVzuXbpJDJF/cxwHlfceVUDZ2lnSTw==", "dev": true, "license": "MIT", - "peer": true, "dependencies": { "@eslint-community/eslint-utils": "^4.8.0", "@eslint-community/regexpp": "^4.12.1", @@ -12620,7 +12625,6 @@ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz", "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", "license": "MIT", - "peer": true, "engines": { "node": ">=12" }, @@ -12739,19 +12743,47 @@ "license": "0BSD" }, "node_modules/tuf-js": { - "version": "4.0.0", - "resolved": "https://registry.npmjs.org/tuf-js/-/tuf-js-4.0.0.tgz", - "integrity": "sha512-Lq7ieeGvXDXwpoSmOSgLWVdsGGV9J4a77oDTAPe/Ltrqnnm/ETaRlBAQTH5JatEh8KXuE6sddf9qAv1Q2282Hg==", + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/tuf-js/-/tuf-js-4.1.0.tgz", + "integrity": "sha512-50QV99kCKH5P/Vs4E2Gzp7BopNV+KzTXqWeaxrfu5IQJBOULRsTIS9seSsOVT8ZnGXzCyx55nYWAi4qJzpZKEQ==", "license": "MIT", "dependencies": { - "@tufjs/models": "4.0.0", - "debug": "^4.4.1", - "make-fetch-happen": "^15.0.0" + "@tufjs/models": "4.1.0", + "debug": "^4.4.3", + "make-fetch-happen": "^15.0.1" + }, + "engines": { + "node": "^20.17.0 || >=22.9.0" + } + }, + "node_modules/tuf-js/node_modules/@tufjs/models": { + "version": "4.1.0", + "resolved": "https://registry.npmjs.org/@tufjs/models/-/models-4.1.0.tgz", + "integrity": "sha512-Y8cK9aggNRsqJVaKUlEYs4s7CvQ1b1ta2DVPyAimb0I2qhzjNk+A+mxvll/klL0RlfuIUei8BF7YWiua4kQqww==", + "license": "MIT", + "dependencies": { + "@tufjs/canonical-json": "2.0.0", + "minimatch": "^10.1.1" }, "engines": { "node": "^20.17.0 || >=22.9.0" } }, + "node_modules/tuf-js/node_modules/minimatch": { + "version": "10.1.1", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.1.1.tgz", + "integrity": "sha512-enIvLvRAFZYXJzkCYG5RKmPfrFArdLv+R+lbQ53BmIMLIry74bjKzX6iHAm8WYamJkhSSEabrWN5D97XnKObjQ==", + "license": "BlueOak-1.0.0", + "dependencies": { + "@isaacs/brace-expansion": "^5.0.0" + }, + "engines": { + "node": "20 || >=22" + }, + "funding": { + "url": "https://github.com/sponsors/isaacs" + } + }, "node_modules/tunnel-agent": { "version": "0.6.0", "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz", @@ -12831,7 +12863,6 @@ "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==", "dev": true, "license": "Apache-2.0", - "peer": true, "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" @@ -13499,7 +13530,7 @@ "license": "Apache-2.0", "dependencies": { "@sigstore/protobuf-specs": "^0.5.0", - "tuf-js": "^4.0.0" + "tuf-js": "^4.1.0" }, "devDependencies": { "@sigstore/jest": "^0.0.0", diff --git a/packages/tuf/package.json b/packages/tuf/package.json index 479dd1cb..f764cc3b 100644 --- a/packages/tuf/package.json +++ b/packages/tuf/package.json @@ -33,7 +33,7 @@ }, "dependencies": { "@sigstore/protobuf-specs": "^0.5.0", - "tuf-js": "^4.0.0" + "tuf-js": "^4.1.0" }, "engines": { "node": "^20.17.0 || >=22.9.0" diff --git a/packages/tuf/src/client.ts b/packages/tuf/src/client.ts index bfa08caa..80f90f44 100644 --- a/packages/tuf/src/client.ts +++ b/packages/tuf/src/client.ts @@ -17,6 +17,7 @@ import fs from 'fs'; import path from 'path'; import { Config, Updater } from 'tuf-js'; import { TUFError } from '.'; +import { name as packageName, version } from '../package.json'; import { readTarget } from './target'; import type { MakeFetchHappenOptions } from 'make-fetch-happen'; @@ -162,6 +163,7 @@ function initClient( const config: Partial = { fetchTimeout: options.timeout, fetchRetry: options.retry, + userAgent: `${encodeURIComponent(packageName)}/${version}`, }; return new Updater({