Open
Description
Hi,
I'm writing a script to generate SBOM content for my JSR deps, and I've noticed that the latest versions of a couple of std packages are missing the provenance link to Rekor: https://jsr.io/@std/collections/1.0.8 and https://jsr.io/@std/streams/1.0.7
The previous versions (https://jsr.io/@std/collections/1.0.7 and https://jsr.io/@std/streams/1.0.6) do have this, as well as the latest versions of the other @std packages I checked.
I don't know if it represents a security problem, but it's surprising (and causing some difficulties for my SBOM generation!)
Thanks,
Adam