# Summary Updates sigstore version from 1.8 -> 2.2.2 for the root dependency version and for the Github Action `sign-attestation`, `verify-token`, and `setup-generic`. Per 1.9, signing options needed to be removed. More information on it here on this [Sigstore Issue](sigstore/sigstore-js#833). This fixes revert from #2913 The actions were refactored to make use of to explicitly use Sigstore's individual functions/types on imports from this [v2.0.0 change](sigstore/sigstore-js@829e123) ## Testing Process **Testing Removal of Signing Options** After updating `sign-attestation` on a personal workflow pointing to the branch. Check it out [here](https://github.com/enteraga6/bazel_docker_test/actions/runs/8458206728) After updating `verify-token` and `setup-generic` to 1.9, I tested using this [workflow](https://github.com/enteraga6/bazel_docker_test/actions/runs/8459083200). **Testing 2.2.2** After updating the actions to Sigstore 2.2.2, I tested using this [workflow](https://github.com/enteraga6/bazel_docker_test/actions/runs/8464040937). Note: it says Sigstore 1.9 on workflow title, but it was used to test 2.2.2. I used the same workflow. **Final Test** This [workflow test](https://github.com/enteraga6/bazel_docker_test/actions/runs/8474173065) shows successful functionality after all the changes. ## Checklist - [x] Review the contributing [guidelines](./../CONTRIBUTING.md) - [x] Add a reference to related issues in the PR description. - [x] Update documentation if applicable. - [x] Add unit tests if applicable. - [x] Add changes to the [CHANGELOG](./../CHANGELOG.md) if applicable. --------- Signed-off-by: Noah Elzner <nge1@rice.edu>