diff --git a/node_modules/@sigstore/bundle/package.json b/node_modules/@sigstore/bundle/package.json
index ab96ba7e8b2ca..dd853897226d2 100644
--- a/node_modules/@sigstore/bundle/package.json
+++ b/node_modules/@sigstore/bundle/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@sigstore/bundle",
-  "version": "2.3.1",
+  "version": "2.3.2",
   "description": "Sigstore bundle type",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -27,7 +27,7 @@
     "provenance": true
   },
   "dependencies": {
-    "@sigstore/protobuf-specs": "^0.3.1"
+    "@sigstore/protobuf-specs": "^0.3.2"
   },
   "engines": {
     "node": "^16.14.0 || >=18.0.0"
diff --git a/node_modules/@sigstore/sign/package.json b/node_modules/@sigstore/sign/package.json
index 47d8fed2e6ab3..4adb3d24c6fa6 100644
--- a/node_modules/@sigstore/sign/package.json
+++ b/node_modules/@sigstore/sign/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@sigstore/sign",
-  "version": "2.3.1",
+  "version": "2.3.2",
   "description": "Sigstore signing library",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -27,15 +27,15 @@
   },
   "devDependencies": {
     "@sigstore/jest": "^0.0.0",
-    "@sigstore/mock": "^0.7.3",
+    "@sigstore/mock": "^0.7.4",
     "@sigstore/rekor-types": "^2.0.0",
     "@types/make-fetch-happen": "^10.0.4",
     "@types/promise-retry": "^1.1.6"
   },
   "dependencies": {
-    "@sigstore/bundle": "^2.3.0",
+    "@sigstore/bundle": "^2.3.2",
     "@sigstore/core": "^1.0.0",
-    "@sigstore/protobuf-specs": "^0.3.1",
+    "@sigstore/protobuf-specs": "^0.3.2",
     "make-fetch-happen": "^13.0.1",
     "proc-log": "^4.2.0",
     "promise-retry": "^2.0.1"
diff --git a/node_modules/@sigstore/verify/package.json b/node_modules/@sigstore/verify/package.json
index edd6566e10ece..cd0c845a797e4 100644
--- a/node_modules/@sigstore/verify/package.json
+++ b/node_modules/@sigstore/verify/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@sigstore/verify",
-  "version": "1.2.0",
+  "version": "1.2.1",
   "description": "Verification of Sigstore signatures",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -26,8 +26,8 @@
     "provenance": true
   },
   "dependencies": {
-    "@sigstore/protobuf-specs": "^0.3.1",
-    "@sigstore/bundle": "^2.3.1",
+    "@sigstore/protobuf-specs": "^0.3.2",
+    "@sigstore/bundle": "^2.3.2",
     "@sigstore/core": "^1.1.0"
   },
   "engines": {
diff --git a/node_modules/sigstore/package.json b/node_modules/sigstore/package.json
index f39fc63b5a91d..fa8744bf304a3 100644
--- a/node_modules/sigstore/package.json
+++ b/node_modules/sigstore/package.json
@@ -1,6 +1,6 @@
 {
   "name": "sigstore",
-  "version": "2.3.0",
+  "version": "2.3.1",
   "description": "code-signing for npm packages",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -29,17 +29,17 @@
   "devDependencies": {
     "@sigstore/rekor-types": "^2.0.0",
     "@sigstore/jest": "^0.0.0",
-    "@sigstore/mock": "^0.7.0",
-    "@tufjs/repo-mock": "^2.0.0",
+    "@sigstore/mock": "^0.7.4",
+    "@tufjs/repo-mock": "^2.0.1",
     "@types/make-fetch-happen": "^10.0.4"
   },
   "dependencies": {
-    "@sigstore/bundle": "^2.3.1",
+    "@sigstore/bundle": "^2.3.2",
     "@sigstore/core": "^1.0.0",
-    "@sigstore/protobuf-specs": "^0.3.1",
-    "@sigstore/sign": "^2.3.0",
-    "@sigstore/tuf": "^2.3.1",
-    "@sigstore/verify": "^1.2.0"
+    "@sigstore/protobuf-specs": "^0.3.2",
+    "@sigstore/sign": "^2.3.2",
+    "@sigstore/tuf": "^2.3.4",
+    "@sigstore/verify": "^1.2.1"
   },
   "engines": {
     "node": "^16.14.0 || >=18.0.0"
diff --git a/package-lock.json b/package-lock.json
index dd0b603c4b288..193c7eaa14266 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1986,12 +1986,13 @@
       }
     },
     "node_modules/@sigstore/bundle": {
-      "version": "2.3.1",
-      "resolved": "https://registry.npmjs.org/@sigstore/bundle/-/bundle-2.3.1.tgz",
-      "integrity": "sha512-eqV17lO3EIFqCWK3969Rz+J8MYrRZKw9IBHpSo6DEcEX2c+uzDFOgHE9f2MnyDpfs48LFO4hXmk9KhQ74JzU1g==",
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/@sigstore/bundle/-/bundle-2.3.2.tgz",
+      "integrity": "sha512-wueKWDk70QixNLB363yHc2D2ItTgYiMTdPwK8D9dKQMR3ZQ0c35IxP5xnwQ8cNLoCgCRcHf14kE+CLIvNX1zmA==",
       "inBundle": true,
+      "license": "Apache-2.0",
       "dependencies": {
-        "@sigstore/protobuf-specs": "^0.3.1"
+        "@sigstore/protobuf-specs": "^0.3.2"
       },
       "engines": {
         "node": "^16.14.0 || >=18.0.0"
@@ -2002,6 +2003,7 @@
       "resolved": "https://registry.npmjs.org/@sigstore/core/-/core-1.1.0.tgz",
       "integrity": "sha512-JzBqdVIyqm2FRQCulY6nbQzMpJJpSiJ8XXWMhtOX9eKgaXXpfNOF53lzQEjIydlStnd/eFtuC1dW4VYdD93oRg==",
       "inBundle": true,
+      "license": "Apache-2.0",
       "engines": {
         "node": "^16.14.0 || >=18.0.0"
       }
@@ -2016,14 +2018,15 @@
       }
     },
     "node_modules/@sigstore/sign": {
-      "version": "2.3.1",
-      "resolved": "https://registry.npmjs.org/@sigstore/sign/-/sign-2.3.1.tgz",
-      "integrity": "sha512-YZ71wKIOweC8ViUeZXboz0iPLqMkskxuoeN/D1CEpAyZvEepbX9oRMIoO6a/DxUqO1VEaqmcmmqzSiqtOsvSmw==",
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/@sigstore/sign/-/sign-2.3.2.tgz",
+      "integrity": "sha512-5Vz5dPVuunIIvC5vBb0APwo7qKA4G9yM48kPWJT+OEERs40md5GoUR1yedwpekWZ4m0Hhw44m6zU+ObsON+iDA==",
       "inBundle": true,
+      "license": "Apache-2.0",
       "dependencies": {
-        "@sigstore/bundle": "^2.3.0",
+        "@sigstore/bundle": "^2.3.2",
         "@sigstore/core": "^1.0.0",
-        "@sigstore/protobuf-specs": "^0.3.1",
+        "@sigstore/protobuf-specs": "^0.3.2",
         "make-fetch-happen": "^13.0.1",
         "proc-log": "^4.2.0",
         "promise-retry": "^2.0.1"
@@ -2047,14 +2050,15 @@
       }
     },
     "node_modules/@sigstore/verify": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/@sigstore/verify/-/verify-1.2.0.tgz",
-      "integrity": "sha512-hQF60nc9yab+Csi4AyoAmilGNfpXT+EXdBgFkP9OgPwIBPwyqVf7JAWPtmqrrrneTmAT6ojv7OlH1f6Ix5BG4Q==",
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/@sigstore/verify/-/verify-1.2.1.tgz",
+      "integrity": "sha512-8iKx79/F73DKbGfRf7+t4dqrc0bRr0thdPrxAtCKWRm/F0tG71i6O1rvlnScncJLLBZHn3h8M3c1BSUAb9yu8g==",
       "inBundle": true,
+      "license": "Apache-2.0",
       "dependencies": {
-        "@sigstore/bundle": "^2.3.1",
+        "@sigstore/bundle": "^2.3.2",
         "@sigstore/core": "^1.1.0",
-        "@sigstore/protobuf-specs": "^0.3.1"
+        "@sigstore/protobuf-specs": "^0.3.2"
       },
       "engines": {
         "node": "^16.14.0 || >=18.0.0"
@@ -10816,17 +10820,18 @@
       }
     },
     "node_modules/sigstore": {
-      "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/sigstore/-/sigstore-2.3.0.tgz",
-      "integrity": "sha512-q+o8L2ebiWD1AxD17eglf1pFrl9jtW7FHa0ygqY6EKvibK8JHyq9Z26v9MZXeDiw+RbfOJ9j2v70M10Hd6E06A==",
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/sigstore/-/sigstore-2.3.1.tgz",
+      "integrity": "sha512-8G+/XDU8wNsJOQS5ysDVO0Etg9/2uA5gR9l4ZwijjlwxBcrU6RPfwi2+jJmbP+Ap1Hlp/nVAaEO4Fj22/SL2gQ==",
       "inBundle": true,
+      "license": "Apache-2.0",
       "dependencies": {
-        "@sigstore/bundle": "^2.3.1",
+        "@sigstore/bundle": "^2.3.2",
         "@sigstore/core": "^1.0.0",
-        "@sigstore/protobuf-specs": "^0.3.1",
-        "@sigstore/sign": "^2.3.0",
-        "@sigstore/tuf": "^2.3.1",
-        "@sigstore/verify": "^1.2.0"
+        "@sigstore/protobuf-specs": "^0.3.2",
+        "@sigstore/sign": "^2.3.2",
+        "@sigstore/tuf": "^2.3.4",
+        "@sigstore/verify": "^1.2.1"
       },
       "engines": {
         "node": "^16.14.0 || >=18.0.0"