diff --git a/node_modules/pacote/lib/registry.js b/node_modules/pacote/lib/registry.js
index 0e83edf17519a..de25a11af4667 100644
--- a/node_modules/pacote/lib/registry.js
+++ b/node_modules/pacote/lib/registry.js
@@ -321,6 +321,7 @@ class RegistryFetcher extends Fetcher {
               // specify a public key from the keys endpoint: `registry-host.tld/-/npm/v1/keys`
               const options = {
                 tufCachePath: this.tufCache,
+                tufForceCache: true,
                 keySelector: publicKey ? () => publicKey.pemkey : undefined,
               }
               await sigstore.verify(bundle, options)
diff --git a/node_modules/pacote/package.json b/node_modules/pacote/package.json
index 88d479d182f5d..8fc0bb707f1e5 100644
--- a/node_modules/pacote/package.json
+++ b/node_modules/pacote/package.json
@@ -1,6 +1,6 @@
 {
   "name": "pacote",
-  "version": "17.0.5",
+  "version": "17.0.6",
   "description": "JavaScript package downloader",
   "author": "GitHub Inc.",
   "bin": {
@@ -11,7 +11,7 @@
   "scripts": {
     "test": "tap",
     "snap": "tap",
-    "lint": "eslint \"**/*.js\"",
+    "lint": "eslint \"**/*.{js,cjs,ts,mjs,jsx,tsx}\"",
     "postlint": "template-oss-check",
     "lintfix": "npm run lint -- --fix",
     "posttest": "npm run lint",
@@ -27,7 +27,7 @@
   "devDependencies": {
     "@npmcli/arborist": "^7.1.0",
     "@npmcli/eslint-config": "^4.0.0",
-    "@npmcli/template-oss": "4.19.0",
+    "@npmcli/template-oss": "4.21.3",
     "hosted-git-info": "^7.0.0",
     "mutate-fs": "^2.1.1",
     "nock": "^13.2.4",
@@ -59,7 +59,7 @@
     "promise-retry": "^2.0.1",
     "read-package-json": "^7.0.0",
     "read-package-json-fast": "^3.0.0",
-    "sigstore": "^2.0.0",
+    "sigstore": "^2.2.0",
     "ssri": "^10.0.0",
     "tar": "^6.1.11"
   },
@@ -72,7 +72,7 @@
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.19.0",
+    "version": "4.21.3",
     "windowsCI": false,
     "publish": "true"
   }
diff --git a/package-lock.json b/package-lock.json
index 16ca04ca5e66f..7da2f9e460fa5 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -143,7 +143,7 @@
         "npm-user-validate": "^2.0.0",
         "npmlog": "^7.0.1",
         "p-map": "^4.0.0",
-        "pacote": "^17.0.5",
+        "pacote": "^17.0.6",
         "parse-conflict-json": "^3.0.1",
         "proc-log": "^3.0.0",
         "qrcode-terminal": "^0.12.0",
@@ -10785,9 +10785,9 @@
       }
     },
     "node_modules/pacote": {
-      "version": "17.0.5",
-      "resolved": "https://registry.npmjs.org/pacote/-/pacote-17.0.5.tgz",
-      "integrity": "sha512-TAE0m20zSDMnchPja9vtQjri19X3pZIyRpm2TJVeI+yU42leJBBDTRYhOcWFsPhaMxf+3iwQkFiKz16G9AEeeA==",
+      "version": "17.0.6",
+      "resolved": "https://registry.npmjs.org/pacote/-/pacote-17.0.6.tgz",
+      "integrity": "sha512-cJKrW21VRE8vVTRskJo78c/RCvwJCn1f4qgfxL4w77SOWrTCRcmfkYHlHtS0gqpgjv3zhXflRtgsrUCX5xwNnQ==",
       "inBundle": true,
       "dependencies": {
         "@npmcli/git": "^5.0.0",
@@ -10805,7 +10805,7 @@
         "promise-retry": "^2.0.1",
         "read-package-json": "^7.0.0",
         "read-package-json-fast": "^3.0.0",
-        "sigstore": "^2.0.0",
+        "sigstore": "^2.2.0",
         "ssri": "^10.0.0",
         "tar": "^6.1.11"
       },
diff --git a/package.json b/package.json
index 2de998fcb0243..ba379e92abe70 100644
--- a/package.json
+++ b/package.json
@@ -105,7 +105,7 @@
     "npm-user-validate": "^2.0.0",
     "npmlog": "^7.0.1",
     "p-map": "^4.0.0",
-    "pacote": "^17.0.5",
+    "pacote": "^17.0.6",
     "parse-conflict-json": "^3.0.1",
     "proc-log": "^3.0.0",
     "qrcode-terminal": "^0.12.0",