Skip to content

Commit d95d961

Browse files
jdaltonjdalton
committed
fix(deps): Remove http2 module dependency from @sigstore/sign
- Add pnpm override to force @sigstore/sign@4.1.0 - Create patch to inline HTTP constants instead of importing http2 - Eliminates unnecessary http2 module load for HTTP/1.1 operations - All constants verified against Node.js http2.constants
1 parent b728933 commit d95d961

3 files changed

Lines changed: 67 additions & 10 deletions

File tree

package.json

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -776,6 +776,7 @@
776776
"overrides": {
777777
"@npmcli/arborist": "9.1.6",
778778
"@npmcli/run-script": "10.0.0",
779+
"@sigstore/sign": "4.1.0",
779780
"ansi-regex": "6.2.2",
780781
"lru-cache": "11.2.2",
781782
"semver": "7.7.2",
@@ -785,6 +786,7 @@
785786
},
786787
"patchedDependencies": {
787788
"@npmcli/run-script@10.0.0": "patches/@npmcli__run-script@10.0.0.patch",
789+
"@sigstore/sign@4.1.0": "patches/@sigstore__sign@4.1.0.patch",
788790
"node-gyp@11.5.0": "patches/node-gyp@11.5.0.patch"
789791
}
790792
}

patches/@sigstore__sign@4.1.0.patch

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
diff --git a/dist/external/fetch.js b/dist/external/fetch.js
2+
index 1111111111111111111111111111111111111111..2222222222222222222222222222222222222222 100644
3+
--- a/dist/external/fetch.js
4+
+++ b/dist/external/fetch.js
5+
@@ -19,13 +19,18 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
6+
See the License for the specific language governing permissions and
7+
limitations under the License.
8+
*/
9+
-const http2_1 = require("http2");
10+
const make_fetch_happen_1 = __importDefault(require("make-fetch-happen"));
11+
const proc_log_1 = require("proc-log");
12+
const promise_retry_1 = __importDefault(require("promise-retry"));
13+
const util_1 = require("../util");
14+
const error_1 = require("./error");
15+
-const { HTTP2_HEADER_LOCATION, HTTP2_HEADER_CONTENT_TYPE, HTTP2_HEADER_USER_AGENT, HTTP_STATUS_INTERNAL_SERVER_ERROR, HTTP_STATUS_TOO_MANY_REQUESTS, HTTP_STATUS_REQUEST_TIMEOUT, } = http2_1.constants;
16+
+// Inline HTTP header constants (lowercase, compatible with HTTP/1.1 and HTTP/2)
17+
+const HTTP2_HEADER_LOCATION = 'location';
18+
+const HTTP2_HEADER_CONTENT_TYPE = 'content-type';
19+
+const HTTP2_HEADER_USER_AGENT = 'user-agent';
20+
+const HTTP_STATUS_INTERNAL_SERVER_ERROR = 500;
21+
+const HTTP_STATUS_TOO_MANY_REQUESTS = 429;
22+
+const HTTP_STATUS_REQUEST_TIMEOUT = 408;
23+
async function fetchWithRetry(url, options) {
24+
return (0, promise_retry_1.default)(async (retry, attemptNum) => {
25+
const method = options.method || 'POST';

pnpm-lock.yaml

Lines changed: 40 additions & 10 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)