Skip to content

Commit f4d3f2d

Browse files
committed
chore(deps): update tektoncd/pipeline to v1.0.2
Upgrade github.com/tektoncd/pipeline to v1.0.2 to fix CVE-2026-40161 (GHSA-wjxp-xrpv-xpff), a high-severity credential exposure flaw in the git resolver API mode that leaks configured Git API tokens to attacker-controlled endpoints when users omit the token parameter with a custom serverURL. Signed-off-by: Akshay Pant <akpant@redhat.com>
1 parent ddeeb41 commit f4d3f2d

5 files changed

Lines changed: 10 additions & 8 deletions

File tree

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ require (
2828
github.com/pkg/errors v0.9.1
2929
github.com/spf13/cobra v1.9.1
3030
github.com/stretchr/testify v1.10.0
31-
github.com/tektoncd/pipeline v1.0.1
31+
github.com/tektoncd/pipeline v1.0.2
3232
gitlab.com/gitlab-org/api/client-go v0.128.0
3333
go.opencensus.io v0.24.0
3434
go.uber.org/zap v1.27.0

go.sum

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -458,8 +458,8 @@ github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o
458458
github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
459459
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
460460
github.com/stvp/go-udp-testing v0.0.0-20201019212854-469649b16807/go.mod h1:7jxmlfBCDBXRzr0eAQJ48XC1hBu1np4CS5+cHEYfwpc=
461-
github.com/tektoncd/pipeline v1.0.1 h1:M/zKgke+OwxH+96JtvPACMhQD7We5UyDEJKGmaZ6Dms=
462-
github.com/tektoncd/pipeline v1.0.1/go.mod h1:6t5Dz42fVra9z+y3bcOzSwQADh9gEkOPGVUh8jrI/jg=
461+
github.com/tektoncd/pipeline v1.0.2 h1:WBvXquuTxDS1feNnTJ8uKuCEBzvRMTPkRa8cmXAMyk4=
462+
github.com/tektoncd/pipeline v1.0.2/go.mod h1:CbqDSVgytHYm6T3UYz/NQYmzKOv18sD/hNh06CYw77o=
463463
github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
464464
github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
465465
github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=

vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1/task_validation.go

Lines changed: 3 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/github.com/tektoncd/pipeline/pkg/apis/pipeline/v1beta1/task_validation.go

Lines changed: 3 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

vendor/modules.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -378,7 +378,7 @@ github.com/stoewer/go-strcase
378378
## explicit; go 1.17
379379
github.com/stretchr/testify/assert
380380
github.com/stretchr/testify/assert/yaml
381-
# github.com/tektoncd/pipeline v1.0.1
381+
# github.com/tektoncd/pipeline v1.0.2
382382
## explicit; go 1.24.0
383383
github.com/tektoncd/pipeline/internal/artifactref
384384
github.com/tektoncd/pipeline/pkg/apis/config

0 commit comments

Comments
 (0)