Skip to content

chore(deps): bump the all group across 1 directory with 2 updates#1743

Open
dependabot[bot] wants to merge 1 commit into
release-v0.25.xfrom
dependabot/go_modules/release-v0.25.x/all-a44489de78
Open

chore(deps): bump the all group across 1 directory with 2 updates#1743
dependabot[bot] wants to merge 1 commit into
release-v0.25.xfrom
dependabot/go_modules/release-v0.25.x/all-a44489de78

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps the all group with 2 updates in the / directory: github.com/in-toto/go-witness and github.com/tektoncd/pipeline.

Updates github.com/in-toto/go-witness from 0.8.4 to 0.8.6

Commits
  • 0c8bb30 fix: update gitleaks and fix config usage (#499)
  • bd01443 feat: add ability to pass headers to archivista client (#498)
  • e0990ed chore: bump github.com/open-policy-agent/opa from 1.4.0 to 1.4.2 (#495)
  • d6d6d68 chore: bump actions/setup-go from 5.4.0 to 5.5.0 (#496)
  • 15ff04a chore: bump actions/dependency-review-action from 4.6.0 to 4.7.0 (#497)
  • a0ece0d chore: bump github.com/open-policy-agent/opa from 1.1.0 to 1.4.0 in the go_mo...
  • a799b23 chore: bump github/codeql-action from 3.28.16 to 3.28.17 (#492)
  • cc3c452 chore: bump golangci/golangci-lint-action from 7.0.0 to 8.0.0 (#491)
  • fe21e80 chore: bump github.com/aws/aws-sdk-go from 1.55.6 to 1.55.7 (#489)
  • 3e1d242 Update release workflow triggers for efficeincy and witness version (#494)
  • Additional commits viewable in compare view

Updates github.com/tektoncd/pipeline from 1.0.3 to 1.0.4

Release notes

Sourced from github.com/tektoncd/pipeline's releases.

Tekton Pipeline release v1.0.4 "Oriental Omnidroid"

-Docs @ v1.0.4 -Examples @ v1.0.4

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.0.4/release.yaml

Attestation

The Rekor UUID for this release is 7f9f39ddb0b3aebc8c331640aaf396e2e401748dbe9537aec401468365bbcd92

Obtain the attestation:

REKOR_UUID=7f9f39ddb0b3aebc8c331640aaf396e2e401748dbe9537aec401468365bbcd92
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.0.4/release.yaml
REKOR_UUID=7f9f39ddb0b3aebc8c331640aaf396e2e401748dbe9537aec401468365bbcd92
Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.0.4@sha256:" + .digest.sha256')
Download the release file
curl -L "$RELEASE_FILE" > release.yaml
For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

... (truncated)

Commits
  • 8ffb573 fix: add automated draft release support to release pipeline
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. labels Jul 2, 2026
@tekton-robot

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign lcarva after the PR has been reviewed.
You can assign the PR to them by writing /assign @lcarva in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Jul 2, 2026
@jkhelil

jkhelil commented Jul 3, 2026

Copy link
Copy Markdown
Member

/retest

Bumps the all group with 2 updates in the / directory: [github.com/in-toto/go-witness](https://github.com/in-toto/go-witness) and [github.com/tektoncd/pipeline](https://github.com/tektoncd/pipeline).


Updates `github.com/in-toto/go-witness` from 0.8.4 to 0.8.6
- [Release notes](https://github.com/in-toto/go-witness/releases)
- [Commits](in-toto/go-witness@v0.8.4...v0.8.6)

Updates `github.com/tektoncd/pipeline` from 1.0.3 to 1.0.4
- [Release notes](https://github.com/tektoncd/pipeline/releases)
- [Changelog](https://github.com/tektoncd/pipeline/blob/main/releases.md)
- [Commits](tektoncd/pipeline@v1.0.3...v1.0.4)

---
updated-dependencies:
- dependency-name: github.com/in-toto/go-witness
  dependency-version: 0.8.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/tektoncd/pipeline
  dependency-version: 1.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump the all group with 2 updates chore(deps): bump the all group across 1 directory with 2 updates Jul 3, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/release-v0.25.x/all-a44489de78 branch from 6c960b5 to 944531b Compare July 3, 2026 14:15
@anithapriyanatarajan

Copy link
Copy Markdown
Contributor

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Jul 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. lgtm Indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants