Skip to content

chore(deps): update module github.com/openshift-pipelines/pipelines-as-code to v0.48.0#1636

Open
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/github.com-openshift-pipelines-pipelines-as-code-0.x
Open

chore(deps): update module github.com/openshift-pipelines/pipelines-as-code to v0.48.0#1636
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/github.com-openshift-pipelines-pipelines-as-code-0.x

Conversation

@red-hat-konflux

@red-hat-konflux red-hat-konflux Bot commented May 26, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
github.com/openshift-pipelines/pipelines-as-code v0.46.0v0.48.0 age confidence

Warning

Some dependencies could not be looked up. Check the warning logs for more information.


Release Notes

openshift-pipelines/pipelines-as-code (github.com/openshift-pipelines/pipelines-as-code)

v0.48.0

Compare Source

Pipelines as Code version v0.48.0

OpenShift Pipelines as Code v0.48.0 has been released 🥳

[!IMPORTANT]
This is a security release. It includes fixes for GitHub Enterprise header hijacking, webhook secret leakage in logs, and GitHub App token over-scoping. All users are encouraged to upgrade as soon as possible.

✨ Major changes and Features

  • TLS configuration support: Add configurable TLS settings (min version, cipher suites, curve preferences) for the PAC controller via deployment environment variables, allowing the Tekton Operator to propagate TLS configuration without code changes.
  • Deprecation warnings for Tekton Hub integration: Deprecated the Tekton Hub catalog integration across documentation, configuration, and resource resolution. The public Tekton Hub has been shut down, and support for self-hosted Tekton Hub instances is now formally deprecated ahead of full removal in a future release.
  • Gitea remote task resolution: Enable Gitea/Forgejo provider to resolve remote taskRef URLs using the provider's authenticated API instead of returning "not supported". Supports branch, tag, and commit SHA URL formats.

🐛 Bug Fixes

  • Prevent GitHub Enterprise header hijacking: Validate webhook signature before minting App tokens and restrict the GitHub Enterprise host header to prevent an attacker from redirecting token requests to an arbitrary host.
  • Redact query string from incoming webhook log: Fix secret leakage in the incoming-webhook handler where the full URL including ?secret=<value> was logged verbatim. Now logs only the URL path.
  • Scope GitHub App token and deep-copy cached remote resources: Scope GitHub App token to the triggering repository when no extra scope config is present, preventing remote task annotations from accessing private repos. Also deep-copy cached remote Pipeline and Task objects before inlining to prevent mutation from contaminating subsequent PipelineRuns.
  • Remove unused secrets/delete permission from controller: Remove the unused cluster-wide secrets/delete permission from the controller ServiceAccount, following the principle of least privilege.
  • Enable controller profiling: Bump knative/eventing to v0.49.0 which includes the pprof server fix so controller profiling actually works, and update the profiling guide for the OpenCensus to OpenTelemetry migration.

⚙️ Chores

  • Preserve dots in image tags for version tag pushes: Fix container workflow tag sanitization to keep dots in version tags, ensuring release manifests reference the correct image tags.
  • Update incoming webhook legacy params deprecation message: Update the deprecation message for secret passing in URL query parameters.
  • Parse JSON test output for Slack notifications: Switch CI notify-slack script to parse JSON test output instead of the nonexistent log file.
  • Bump mxschmitt/action-tmate from 3.23 to 3.24: Updated CI dependency to latest version.

Installation

To install this version you can install the release.yaml with kubectl for your platform :

Openshift
kubectl apply -f https://github.com/tektoncd/pipelines-as-code/releases/download/v0.48.0/release.yaml
Kubernetes
kubectl apply -f https://github.com/tektoncd/pipelines-as-code/releases/download/v0.48.0/release.k8s.yaml
Documentation

The documentation for this release is available here :

https://docs.pipelinesascode.com/v0.48.0

Changelog

v0.47.0

Compare Source

Pipelines as Code version v0.47.0

OpenShift Pipelines as Code v0.47.0 has been released 🥳

✨ Major changes and Features

  • CEL string and list extension functions: Unlocks join(), replace(), substring(), split(), trim(), upperAscii(), lowerAscii() and other standard CEL string/list operations in on-cel-expression annotations and {{ cel: }} template expressions.
  • GitHub API rate limit Kubernetes event: Emits a Kubernetes Repository event when the GitHub API rate limit is exhausted, surfacing the issue to operators via kubectl describe.

🐛 Bug Fixes

  • Bitbucket Data Center: detect file changes on merged PR push: Fixes on-path-change and on-cel-expression filters silently skipping PipelineRuns when the push event is a merge commit with no listed file changes; the Bitbucket /changes API is now used to diff the actual modified files.
  • Skip key=value arguments as PipelineRun names in /test: When a user posts /test custom1=value, the key=value argument was incorrectly treated as a PipelineRun name and bypassed on-comment annotation matching; it is now correctly passed through as a parameter.
  • Label value sanitization and normalization: Ensures Kubernetes label values (e.g. branch names) are sanitized to comply with the 63-character limit and valid character set rules, preventing label validation errors.
  • Reconciler: skip watcher status updates: Fixes a regression introduced in #​2667 that caused forbidden errors on clusters where the watcher service account lacks pipelineruns/status update permissions; the generated status sync is now disabled for the watcher.
  • GitLab: post informative comment on inaccessible fork MR: When a merge request originates from a fork the bot cannot access, PAC now posts a comment on the MR explaining the situation rather than silently failing.

⚙️ Chores

  • Fix documentation reference in formatting package: Corrected the godoc comment in CleanValueKubernetes to point to the right Kubernetes label specification.
  • Update golangci-lint configuration: Replaced deprecated gomodguard linter with gomodguard_v2 and disabled the inline govet check to reduce false positives.
  • Update golangci-lint to v2.12.2: Bumped the CI golangci-lint image to match the updated linter configuration.

Installation

To install this version you can install the release.yaml with kubectl for your platform :

Openshift
kubectl apply -f https://github.com/tektoncd/pipelines-as-code/releases/download/v0.47.0/release.yaml
Kubernetes
kubectl apply -f https://github.com/tektoncd/pipelines-as-code/releases/download/v0.47.0/release.k8s.yaml
Documentation

The documentation for this release is available here :

https://docs.pipelinesascode.com/v0.47.0

What's Changed

New Contributors

Full Changelog: tektoncd/pipelines-as-code@v0.46.0...v0.47.0

Changelog


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-openshift-pipelines-pipelines-as-code-0.x branch from 9d244ea to 3cc78a0 Compare May 26, 2026 21:55
@codecov

codecov Bot commented May 26, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 81.49%. Comparing base (13a2f01) to head (389d4ab).

❗ There is a different number of reports uploaded between BASE (13a2f01) and HEAD (389d4ab). Click for more details.

HEAD has 2 uploads less than BASE
Flag BASE (13a2f01) HEAD (389d4ab)
unit-tests 2 1
e2e-tests 1 0
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #1636      +/-   ##
==========================================
- Coverage   87.43%   81.49%   -5.95%     
==========================================
  Files          34       34              
  Lines        3566     3566              
==========================================
- Hits         3118     2906     -212     
- Misses        285      512     +227     
+ Partials      163      148      -15     
Flag Coverage Δ
e2e-tests ?
unit-tests 81.49% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.
see 12 files with indirect coverage changes


Continue to review full report in Codecov by Harness.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 13a2f01...389d4ab. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-openshift-pipelines-pipelines-as-code-0.x branch 10 times, most recently from f9a998d to 75580b0 Compare June 3, 2026 10:19
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-openshift-pipelines-pipelines-as-code-0.x branch 2 times, most recently from ebca5d7 to 38ab488 Compare June 3, 2026 18:39
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/openshift-pipelines/pipelines-as-code to v0.47.0 chore(deps): update module github.com/openshift-pipelines/pipelines-as-code to v0.47.0 - autoclosed Jun 4, 2026
@red-hat-konflux red-hat-konflux Bot closed this Jun 4, 2026
@red-hat-konflux red-hat-konflux Bot deleted the konflux/mintmaker/main/github.com-openshift-pipelines-pipelines-as-code-0.x branch June 4, 2026 02:37
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/openshift-pipelines/pipelines-as-code to v0.47.0 - autoclosed chore(deps): update module github.com/openshift-pipelines/pipelines-as-code to v0.47.0 Jun 4, 2026
@red-hat-konflux red-hat-konflux Bot reopened this Jun 4, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-openshift-pipelines-pipelines-as-code-0.x branch 5 times, most recently from fe499a3 to 60a7e04 Compare June 4, 2026 18:43
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/openshift-pipelines/pipelines-as-code to v0.47.0 chore(deps): update module github.com/openshift-pipelines/pipelines-as-code to v0.48.0 Jun 4, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-openshift-pipelines-pipelines-as-code-0.x branch 3 times, most recently from 3af9371 to 5396824 Compare June 5, 2026 14:36
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-openshift-pipelines-pipelines-as-code-0.x branch from 5396824 to 8b2907b Compare June 15, 2026 20:17
@fullsend-ai-review

fullsend-ai-review Bot commented Jun 15, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 8:19 PM UTC · Completed 8:22 PM UTC
Commit: ffde3b2 · View workflow run →

@fullsend-ai-review fullsend-ai-review Bot added the ready-for-merge All reviewers approved — ready to merge label Jun 22, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-openshift-pipelines-pipelines-as-code-0.x branch from 99ae02b to 9353a7d Compare June 22, 2026 20:04
@fullsend-ai-review

fullsend-ai-review Bot commented Jun 22, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 8:07 PM UTC · Completed 8:11 PM UTC
Commit: 0d0162a · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-review fullsend-ai-review Bot added ready-for-merge All reviewers approved — ready to merge and removed ready-for-merge All reviewers approved — ready to merge labels Jun 22, 2026
@fullsend-ai-review

fullsend-ai-review Bot commented Jun 23, 2026

Copy link
Copy Markdown

🤖 Review · ❌ Terminated · Started 1:17 PM UTC · Ended 1:23 PM UTC
Commit: ec21706 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-review

fullsend-ai-review Bot commented Jun 23, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 8:57 PM UTC · Completed 9:01 PM UTC
Commit: ec21706 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-review

fullsend-ai-review Bot commented Jun 24, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 8:30 PM UTC · Completed 8:36 PM UTC
Commit: ec21706 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-review

fullsend-ai-review Bot commented Jun 26, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 1:59 PM UTC · Completed 2:05 PM UTC
Commit: ec21706 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-review

fullsend-ai-review Bot commented Jun 26, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 5:46 PM UTC · Completed 5:51 PM UTC
Commit: ec21706 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-review

fullsend-ai-review Bot commented Jun 29, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 11:24 AM UTC · Completed 11:30 AM UTC
Commit: ec21706 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-review

fullsend-ai-review Bot commented Jun 29, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 3:34 PM UTC · Completed 3:40 PM UTC
Commit: ec21706 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-review

fullsend-ai-review Bot commented Jun 30, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 10:44 AM UTC · Completed 10:48 AM UTC
Commit: ec21706 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-review

fullsend-ai-review Bot commented Jun 30, 2026

Copy link
Copy Markdown

🤖 Finished Review · ❌ Failure · Started 4:37 PM UTC · Completed 4:43 PM UTC
Commit: ec21706 · View workflow run →

@fullsend-ai-review

fullsend-ai-review Bot commented Jul 1, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 2:28 PM UTC · Completed 2:32 PM UTC
Commit: ec21706 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-review

fullsend-ai-review Bot commented Jul 2, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 1:34 AM UTC · Completed 1:40 AM UTC
Commit: ec21706 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

…s-code to v0.48.0

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 2, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 2:39 PM UTC · Completed 2:43 PM UTC
Commit: ec21706 · View workflow run →

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code ready-for-merge All reviewers approved — ready to merge

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants