Skip to content

Tags: tektoncd/chains

Tags

v0.25.2

Toggle v0.25.2's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode 
fix: CVE-2026-34986, CVE-2026-33211, CVE-2025-66506, & CVE-2026-33186 (

…#1631)

Dependency bumps:
  - github.com/go-jose/go-jose/v4: v4.0.5 → v4.1.4 (CVE-2026-34986, JWE decryption panic)
  - github.com/tektoncd/pipeline: v1.0.0 → v1.0.1 (CVE-2026-33211, git resolver path traversal)
  - github.com/sigstore/cosign/v2: v2.5.0 → v2.6.2 (CVE-2025-66506, excessive memory allocation)
  - google.golang.org/grpc: v1.71.1 → v1.80.0 (CVE-2026-33186, authz bypass via missing leading slash)

Signed-off-by: Shubham Bhardwaj <shubbhar@redhat.com>

v0.26.3

Toggle v0.26.3's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode 
fix: CVE-2026-34986, CVE-2026-33211, & CVE-2026-33186 (#1630)

Signed-off-by: Shubham Bhardwaj <shubbhar@redhat.com>

v0.26.2

Toggle v0.26.2's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode 
chore(deps): fix stale deps (#1547)

Signed-off-by: Anitha Natarajan <anataraj@redhat.com>

v0.26.1

Toggle v0.26.1's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode 
fix: upgrade cosign 2.6.0 to 2.6.2 (#1537)

Signed-off-by: Anitha Natarajan <anataraj@redhat.com>

v0.26.0

Toggle v0.26.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode 
fix container-registry-auth in release publish task (#1467)

v0.25.1

Toggle v0.25.1's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode 
Update go mod to use Go 1.23 (#1357)

Signed-off-by: savitaashture <sashture@redhat.com>

v0.25.0

Toggle v0.25.0's commit message 
Bump imjasonh/setup-ko from 0.8 to 0.9

Bumps [imjasonh/setup-ko](https://github.com/imjasonh/setup-ko) from 0.8 to 0.9.
- [Release notes](https://github.com/imjasonh/setup-ko/releases)
- [Commits](ko-build/setup-ko@v0.8...v0.9)

---
updated-dependencies:
- dependency-name: imjasonh/setup-ko
  dependency-version: '0.9'
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

v0.24.0

Toggle v0.24.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode 
Fixes go.mod (#1304)

- Running go.mod changes the go version in go.mod because of go
  toolchain, hence this patch updates the go.mod

Signed-off-by: PuneetPunamiya <ppunamiy@redhat.com>

v0.23.1

Toggle v0.23.1's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode 
Copy release resources from main branch v0.23.x (#1292)

The release process in the main branch has been updated to use GitHub's
container registry for releases. This commit brings those changes to the
v0.23.x branch.

Signed-off-by: Luiz Carvalho <lucarval@redhat.com>

v0.22.3

Toggle v0.22.3's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode 
Copy release resources from main branch v0.22.x (#1291)

The release process in the main branch has been updated to use GitHub's
container registry for releases. This commit brings those changes to the
v0.22.x branch.

Signed-off-by: Luiz Carvalho <lucarval@redhat.com>