Skip to content

chore(deps): bump github.com/tektoncd/pipeline from 1.6.3 to 1.6.4#3607

Open
dependabot[bot] wants to merge 1 commit into
release-v0.78.xfrom
dependabot/go_modules/release-v0.78.x/github.com/tektoncd/pipeline-1.6.4
Open

chore(deps): bump github.com/tektoncd/pipeline from 1.6.3 to 1.6.4#3607
dependabot[bot] wants to merge 1 commit into
release-v0.78.xfrom
dependabot/go_modules/release-v0.78.x/github.com/tektoncd/pipeline-1.6.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/tektoncd/pipeline from 1.6.3 to 1.6.4.

Release notes

Sourced from github.com/tektoncd/pipeline's releases.

Tekton Pipeline release v1.6.4 "Sphynx Sentinels"

-Docs @ v1.6.4 -Examples @ v1.6.4

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.6.4/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677acb83d45b8aa456f143d85612fab55c350630e7c858ecf3a3ec4b61343464a5b3

Obtain the attestation:

REKOR_UUID=108e9186e8c5677acb83d45b8aa456f143d85612fab55c350630e7c858ecf3a3ec4b61343464a5b3
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.6.4/release.yaml
REKOR_UUID=108e9186e8c5677acb83d45b8aa456f143d85612fab55c350630e7c858ecf3a3ec4b61343464a5b3
Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.6.4@sha256:" + .digest.sha256')
Download the release file
curl -L "$RELEASE_FILE" > release.yaml
For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

... (truncated)

Commits
  • f53bb02 build: bump go directive to 1.25
  • ffa6ba1 build(deps): bump the all group across 1 directory with 4 updates
  • 5b6efd8 build(deps): bump github.com/google/go-containerregistry
  • See full diff in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump github.com/tektoncd/pipeline from 1.6.3 to 1.6.4
ee6a8d2 
Bumps [github.com/tektoncd/pipeline](https://github.com/tektoncd/pipeline) from 1.6.3 to 1.6.4.
- [Release notes](https://github.com/tektoncd/pipeline/releases)
- [Changelog](https://github.com/tektoncd/pipeline/blob/main/releases.md)
- [Commits](tektoncd/pipeline@v1.6.3...v1.6.4)

---
updated-dependencies:
- dependency-name: github.com/tektoncd/pipeline
  dependency-version: 1.6.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. labels Jun 29, 2026
@tekton-robot

tekton-robot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign jkandasa after the PR has been reviewed.
You can assign the PR to them by writing /assign @jkandasa in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkhelil jkhelil Awaiting requested review from jkhelil
@pratap0007 pratap0007 Awaiting requested review from pratap0007

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tekton-robot