chore(deps): update wsc-attestation requirement from 0.4 to 0.9

[dependabot]

Updates the requirements on wsc-attestation to permit the latest version.

Release notes

Sourced from wsc-attestation's releases.

v0.9.2

🎉 wsc vv0.9.2 Release

📦 Native CLI Binaries

Platform	Binary	TPM2 Support
Linux x86_64	wsc-linux-x86_64	❌
Linux x86_64	wsc-linux-x86_64-tpm2	✅
Linux aarch64	wsc-linux-aarch64	❌
macOS x86_64 (Intel)	wsc-macos-x86_64	❌
macOS aarch64 (Apple Silicon)	wsc-macos-aarch64	❌
Windows x86_64	wsc-windows-x86_64.exe	❌

📦 WebAssembly Components

Component Library (WIT Interface):

• wsc-component.wasm - WebAssembly component with WIT bindings
• Signed OCI artifact: ghcr.io/pulseengine/wsc:v0.9.2

CLI Tool (WASI Binary):

• wsc-cli.wasm - WASI command-line tool for Wasmtime
• Signed OCI artifact: ghcr.io/pulseengine/wsc:v0.9.2-cli

🔐 Security Features

• ✅ WASM Module Signing - Signed with wsc keyless signing (dogfooding!)
• ✅ OCI Artifact Signing - Signed with Cosign using GitHub OIDC (keyless)
• ✅ SLSA Provenance - Build attestation included
• ✅ SHA256 Checksums - For download verification

Keyless Signing:

• Identity: GitHub Actions OIDC
• Certificate: Short-lived from Fulcio (Sigstore)
• Transparency: Logged in Rekor

🚀 Quick Start

# Download native CLI for your platform
TAG=v0.9.2
Linux x86_64
curl -LO https://github.com/pulseengine/sigil/releases/download/${TAG}/wsc-linux-x86_64
chmod +x wsc-linux-x86_64
./wsc-linux-x86_64 --version
macOS Apple Silicon
curl -LO https://github.com/pulseengine/sigil/releases/download/${TAG}/wsc-macos-aarch64
chmod +x wsc-macos-aarch64
</tr></table>

... (truncated)

Changelog

Sourced from wsc-attestation's changelog.

[0.9.2] — 2026-05-29

Security hardening release. Closes two further STPA-Sec findings from https://github.com/pulseengine/sigil/blob/main/docs/security/stpa-keyless-2026-05-25.md that v0.9.1 left open (UCA-4, UCA-5).

UCA-1 (#137) was scoped into this release but deferred: wiring the Rekor Merkle inclusion proof into the verify path revealed that the existing inclusion-proof verifier recomputes the wrong Merkle root for fresh production Rekor entries on the log2025-* shards (the Rekor v2 / tiled-log migration). Because the verifier had never been on the production path, the bug had never surfaced. Enabling it fail-closed would reject legitimate signatures, so it stays unwired until the verifier is fixed against current Rekor — tracked in #137. UCA-3 (#138, cert validity bound to attacker-pickable integrated_time) remains deferred pending a clock-policy decision.

Fixed (security)

• Proof cache key now binds the full Rekor entry (UCA-4) (#139). The cache key was (module_hash, rekor_uuid) — both attacker-supplied in the bundle. On a cache hit the Rekor SET re-verification was skipped while the verifier still trusted the attacker-controlled body / signed_entry_timestamp / log fields, and the cached known-good proof was discarded. CacheKey::from_entry now folds every entry field (uuid, log index, body, SET, log id, integrated time, inclusion proof) into the key with length-prefixed, unambiguous encoding, so a cache hit can only occur for a byte-identical entry that already passed SET verification. Removes the defence-in-depth loss where a mutated entry could ride a stale cache slot past the SET check.

Fixed (correctness / audit integrity)

• Audit log no longer records an empty-input hash on serialize failure (UCA-5) (#140). The artifact-hash computation in verify() used module.serialize(&mut buf).ok(), swallowing any error and hashing a zero-length buffer — recording sha256:e3b0c442…b855 (the SHA-256 of no bytes) as the artifact identity in the audit log and collapsing all such cases into one proof-cache slot. The error is now propagated with ?, so a module that cannot be serialized aborts verification instead of writing a false identity to the forensic trail.

Tests

Three new cache-key unit tests (full-entry binding — every field mutation changes the key; field-boundary-ambiguity resistance; key stability) plus a fail-closed building-block test for the (still unwired) inclusion-proof verifier. 609 library tests pass.

... (truncated)

Commits

• 158b333 fix(keyless): bind proof-cache key to full entry + propagate audit-hash error...
• bcd6d30 release: v0.9.1 — close two feat(proofs): close #48 — parser/encoder roundtrip identity (v1.1.0 Track A, Path A) #135-class keyless verify bypasses + STPA-Sec rep...
• 5e001f4 refactor: carve verification core into wsc-verify-core (wasm-buildable) (#129)
• 08b7496 ci: expand nightly fuzz — 10 targets, 30-min budget each (#130)
• c06d355 ci: add Sigstore certificate pin watchdog (#126)
• 39de84e release: v0.9.0 — benchmark gate + fail-closed cert pinning (#125)
• 77ee367 fix(security): make Sigstore cert pinning fail-closed (closes #95) (#123)
• b97a008 ci: add criterion benchmark regression gate (closes #89) (#122)
• 56e10b2 chore: gitignore /audit/ working notes directory (#121)
• 5e53264 release: v0.8.4 — Fulcio cert pin rotation hotfix (#120)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)