GHSA-JFC7-64V2-MR8C @sigstore/core has DSSE payloadType type-binding failure
Impact The preAuthEncoding function in @sigstore/core uses Node.js 'ascii' encoding when converting the PAE Pre-Authentication Encoding string to bytes. This allows payloadType to be mutated after signing without invalidating the signature, breaking the type-binding guarantee that DSSE is designe...