fix(deps): update module github.com/tektoncd/pipeline to v0.60.2

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/tektoncd/pipeline	v0.39.0 -> v0.60.2

---

Release Notes

tektoncd/pipeline (github.com/tektoncd/pipeline)

v0.60.2: Tekton Pipeline release v0.60.2 "Chinchilla Tobor"

Compare Source

-Docs @​ v0.60.2
-Examples @​ v0.60.2

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.60.2/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a1b1da05e47cee68581daf1cd5823facc5b59b76edaf9ce986efe5c68bd1a4cbe

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a1b1da05e47cee68581daf1cd5823facc5b59b76edaf9ce986efe5c68bd1a4cbe
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.60.2/release.yaml
REKOR_UUID=24296fb24b8ad77a1b1da05e47cee68581daf1cd5823facc5b59b76edaf9ce986efe5c68bd1a4cbe

##### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.60.2@​sha256:" + .digest.sha256')

##### Download the release file
curl "$RELEASE_FILE" > release.yaml

##### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.60.x] Fix: Identify workspace usage in a Task (#​8021)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.60.2!

• ❤️ @​tekton-robot, @​chitrangpatel

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.60.1: Tekton Pipeline release v0.60.1 "Chinchilla Tobor"

Compare Source

-Docs @​ v0.60.1
-Examples @​ v0.60.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.60.1/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a3c629b9f100be0eec857bdac47e80bdeacaf4cebba95adb7f9918b91b27842c5

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a3c629b9f100be0eec857bdac47e80bdeacaf4cebba95adb7f9918b91b27842c5
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.60.1/release.yaml
REKOR_UUID=24296fb24b8ad77a3c629b9f100be0eec857bdac47e80bdeacaf4cebba95adb7f9918b91b27842c5

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.60.1@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.60.x] Fix: Allow less strict validation of the Resolver Name during Webhook. (#​7996)
• 🐛 [release-v0.60.x] Fix: Update GetNameAndNamespace Parameters (#​7994)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.60.1!

• ❤️ @​tekton-robot, @​Aleromerog

Extra shout-out for awesome release notes:
@​Aleromerog

v0.60.0: Tekton Pipeline release v0.60.0 "Chinchilla Tobor"

Compare Source

🎉 Artifacts through Sidecar Logs and Concise Resolver Syntax(Stage I)🎉

-Docs @​ v0.60.0
-Examples @​ v0.60.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.60.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77a0f4210b40d70db3c3f419f177c49cdf9af22ac6e6f490d1141db7ca4ecb37796

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77a0f4210b40d70db3c3f419f177c49cdf9af22ac6e6f490d1141db7ca4ecb37796
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.60.0/release.yaml
REKOR_UUID=24296fb24b8ad77a0f4210b40d70db3c3f419f177c49cdf9af22ac6e6f490d1141db7ca4ecb37796

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.60.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ feat: Surface artifacts through sidecar container logs. (#​7883)

Surface artifacts through sidecar container logs.

• ✨ add namespace label/tag to non-deprecated throttle metrics (#​7879)

Add 'namespace' label/tag to the 'tekton_pipelines_controller_running_taskruns_throttled_by_quota' and 'tekton_pipelines_controller_running_taskruns_throttled_by_node' metrics, as kubernetes quota definitions are namespace scoped, hence certain namespaces may be more susceptible to quota throttling than others, and in a multi-node environment, not all namespaces are necessarily on the same node.

To enable this new label/tag, set 'metrics.taskrun.throttle.enable-namespace' to 'true' in the 'config-observability' ConfigMap

• ✨ TEP-0154: Enable concise resolver syntax - stage 1 (#​7845)

TEP-0154: Enable concise resolver syntax

• ✨ Add reason tag to duration metrics (#​7812)

The reason tag has been added to the duration metrics of taskrun and pipelinerun.

Fixes

• 🐛 Propagate params in pipelines (#​7930)

Enable propagating params in Pipelines.

• 🐛 Fix version mismatch of aws-sdk-go-v2 (#​7921)

Fixing "401 Not Authorized" using Image from private AWS ECR without specifying "command" or "script" in Task.

• 🐛 allow for retry on typically transient k8s errors in both core controller and resolver for remote resolution (#​7894)

This fix address the lack of retry on transient kubernetes errors during remote resolution for tasks, etc.

• 🐛 Fix: Faulty Remote Resource Accepted by Remote Resolution (#​7952)
• 🐛 minor followup to PR 7894 (#​7950)
• 🐛 fix: prevent repeated setting of pipeline name label (#​7732)
• 🐛 fix: when using remote resources, the related metrics tag name is wrong (#​7731)

Misc

• 🔨 Deprecate current resolution framework (#​7945)

Mark current resolver framework as deprecated. Note: we are not removing the interface to be compatible with our Go policy.

• 🔨 misc: promote stepAction to beta (#​7920)

promote StepActions to beta

• 🔨 fix: artifactsFlag (#​7914)

fix defaultEnableArtifacts flag uses wrong name

• 🔨 Upgraded Remote Resolution Framework (#​7910)

Upgraded remote resolution framework.

• 🔨 Bump go.opentelemetry.io/otel from 1.26.0 to 1.27.0 (#​7975)
• 🔨 Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.26.0 to 1.27.0 (#​7972)
• 🔨 chore(deps): bump github/codeql-action from 3.25.5 to 3.25.6 (#​7968)
• 🔨 chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 (#​7967)
• 🔨 chore(deps): bump github.com/golangci/golangci-lint from 1.58.1 to 1.58.2 in /tools (#​7966)
• 🔨 chore(deps): bump github.com/containerd/containerd from 1.7.15 to 1.7.17 (#​7961)
• 🔨 chore(deps): bump k8s.io/client-go from 0.27.13 to 0.27.14 in /test/custom-task-ctrls/wait-task-beta (#​7949)
• 🔨 chore(deps): bump k8s.io/api from 0.27.13 to 0.27.14 in /test/custom-task-ctrls/wait-task-beta (#​7948)
• 🔨 chore(deps): bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#​7947)
• 🔨 chore(deps): bump github.com/spiffe/spire-api-sdk from 1.9.4 to 1.9.6 (#​7946)
• 🔨 chore(deps): bump the all group in /tekton with 3 updates (#​7944)
• 🔨 chore(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#​7943)
• 🔨 chore(deps): bump github/codeql-action from 3.25.3 to 3.25.5 (#​7942)
• 🔨 chore(deps): bump tj-actions/changed-files from 44.3.0 to 44.4.0 (#​7941)
• 🔨 Add image replacement for amd64 specific image for entrypoint-resolution test and update docker-in-docker test image for Power. (#​7937)
• 🔨 chore(deps): bump github.com/golangci/golangci-lint from 1.58.0 to 1.58.1 in /tools (#​7936)
• 🔨 chore(deps): bump step-security/harden-runner from 2.7.0 to 2.7.1 (#​7934)
• 🔨 chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#​7933)
• 🔨 chore(deps): bump the all group in /tekton with 4 updates (#​7932)
• 🔨 chore(deps): bump google.golang.org/protobuf from 1.34.0 to 1.34.1 (#​7931)
• 🔨 chore(deps): bump github.com/jenkins-x/go-scm from 1.14.30 to 1.14.34 (#​7928)
• 🔨 chore(deps): bump github.com/golangci/golangci-lint from 1.57.2 to 1.58.0 in /tools (#​7927)
• 🔨 chore(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.0 (#​7926)
• 🔨 chore(deps): bump the all group in /tekton with 2 updates (#​7925)
• 🔨 chore(deps): bump actions/checkout from 4.1.3 to 4.1.4 (#​7924)
• 🔨 chore(deps): bump github/codeql-action from 3.25.1 to 3.25.3 (#​7923)

Docs

• 📖 Update releases.md for v0.59 (#​7917)
• 📖 v1beta1 fields updated to v1 in docs and examples (#​7873)

Thanks

Thanks to these contributors who contributed to v0.60.0!

• ❤️ @​Sachin-Itagi
• ❤️ @​afrittoli
• ❤️ @​chitrangpatel
• ❤️ @​cugykw
• ❤️ @​dependabot[bot]
• ❤️ @​ericzzzzzzz
• ❤️ @​gabemontero
• ❤️ @​khrm
• ❤️ @​ppitonak
• ❤️ @​seternate

Extra shout-out for awesome release notes:

• 😍 @​chitrangpatel
• 😍 @​ericzzzzzzz
• 😍 @​gabemontero
• 😍 @​khrm
• 😍 @​seternate

v0.59.1: Tekton Pipeline release v0.59.1 "Scottish Fold Sox"

Compare Source

-Docs @​ v0.59.1
-Examples @​ v0.59.1

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.1/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77ae4f504cabd702466f22af01eb77b6e7d131fbccfa54291a0438b7301f13f5180

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ae4f504cabd702466f22af01eb77b6e7d131fbccfa54291a0438b7301f13f5180
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.1/release.yaml
REKOR_UUID=24296fb24b8ad77ae4f504cabd702466f22af01eb77b6e7d131fbccfa54291a0438b7301f13f5180

##### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.59.1@​sha256:" + .digest.sha256')

##### Download the release file
curl "$RELEASE_FILE" > release.yaml

##### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [release-v0.59.x] fix: when using remote resources, the related metrics tag name is wrong (#​7955)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v0.59.1!

• ❤️ @​tekton-robot

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot

v0.59.0: Tekton Pipeline release v0.59.0 "Scottish Fold Sox" LTS

Compare Source

🎉 Artifact Metadata, Improved StepActions and Improved Stability 🎉

-Docs @​ v0.59.0
-Examples @​ v0.59.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77afedce0421f9d0b300ed47db5907cad59970fed93f978290fd32680173c43e675

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77afedce0421f9d0b300ed47db5907cad59970fed93f978290fd32680173c43e675
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.59.0/release.yaml
REKOR_UUID=24296fb24b8ad77afedce0421f9d0b300ed47db5907cad59970fed93f978290fd32680173c43e675

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.59.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Upgrade Notices

Tekton v0.59 minimum Kubernetes version is 1.27.

Changes

Features

• ✨ Add a feature flag to disable inline spec (#​7844)

Add a feature flag disable-inline-spec to disable embedded spec in Pipeline(PipelineSpec/TaskSpec), Taskrun(TaskSpec), and Pipelinerun. (PipelineSpec) By default, the inline specs will be enabled. Only if the flag is set to "pipeline", "pipelinerun" and "taskrun" or a combination like "pipeline,pipelinerun" would the inline spec be disabled for Pipeline, PipelineRun, or TaskRun.

• ✨ Add description to StepActions (#​7831)

Add description to StepActions

• ✨ kind/feat: Surface artifacts through termination message (#​7714)

Surface artifact metadata through termination message

Fixes

• 🐛 fix: resolve pod creation failure on retry when using (#​7887)

fix: resolve pod creation failure on retry when using workspace.<name>.volume

• 🐛 Fix ImagePullTimeout to use Initialized (#​7882)

Fix ImagePullTimeout to use "PodInitialized" or "PodReadyToStartContainers" PodCondition transition time

• 🐛 Enable Param Substitution in StepAction resolver reference params (#​7872)

Enable Param Substitution in StepAction resolver reference params

• 🐛 validate TaskRun retries in TestRunSpec is greater than or equal to zero (#​7836)

fix: the retries value has not been verified

• 🐛 fix: stepresult intepolations does not accept multiple matches (#​7830)

fix: cannot use multiple step results at the same time for interpolation.

• 🐛 Fix the naming for Metrics as per convention (#​7810)

We introduce new metrics with compliant naming.
Gauge metrics: Gauge metrics shouldn't end with count as it implies a counter.
Counter metrics: Counter metrics shouldn't end with count as it implies a counter from the histogram. Instead, we should use total.

Previous Metrics are deprecated because they don't satisfy the Prometheus naming convention. Consult https://github.com/tektoncd/pipeline/blob/main/docs/metrics.md to know the updated names and tags.

• 🐛 Remove conversion configuration for (#​7796)

Remove conversion webhook configuration from the ClusterTask CRD, it doesn't need it.

• 🐛 Do not register for conversion (#​7795)

Removed StepAction from the conversion webhook to reduce the log spam that it isn't configured for it.

• 🐛 fix: ensure default type for params in remote tasks to prevent pipeline failures (#​7776)

fix: resolve issues that may cause pipeline failures when using remote resources

• 🐛 fix: do not set default kind when taskRef resolver is present (#​7763)

fix: do not set default kind when taskRef resolver is present

• 🐛 fix(taskrun): emit warning for missing secret in ServiceAccount instead of failing (#​7761)

fix(taskrun): emit warning for missing secret in ServiceAccount instead of failing

• 🐛 Fix: Merge StepTemplate with Step containing Results and Params (#​7757)

Fix: Merge StepTemplate with Step containing Results and Params

• 🐛 fix: the params in step replace other fields in step that are not in stepaction (#​7755)

Pass only the fields in stepaction and replace these fields with the params in step.

• 🐛 Fix bugfix-release.sh behavior when there is nothing to release (#​7860)
• 🐛 [StepActions] when using a stepTemplate the ref gets removed (#​7813)

Misc

• 🔨 Update docker/docker to v26.0.0 (#​7842)

Update docker/docker dependency to v26.0.0

• 🔨 Bump knative/pkg to 1.13 and k8s.io to 0.28.5 (#​7808)

knative/pkg dependency is now 1.13 and k8s.io dependencies are 0.28.x.
In addition, this makes the minimum kubernetes version supported by tektoncd/pipeline to be 1.27.

• 🔨 Update golangci version and configuration, and fix errors (#​7832)
• 🔨 Fix: add notes for why not to import the dependency pkg for OptimisticLockErrorMsg (#​7780)
• 🔨 Fix shell for tag-images step (#​7912)
• 🔨 Fix the shell in crane image (#​7911)
• 🔨 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.25.0 to 1.26.0 (#​7908)
• 🔨 chore(deps): bump go.opentelemetry.io/otel/sdk from 1.25.0 to 1.26.0 (#​7905)
• 🔨 chore(deps): bump the all group in /tekton with 4 updates (#​7900)
• 🔨 chore(deps): bump tj-actions/changed-files from 44.0.1 to 44.3.0 (#​7899)
• 🔨 chore(deps): bump actions/checkout from 4.1.2 to 4.1.3 (#​7898)
• 🔨 chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.3 (#​7897)
• 🔨 chore(deps): bump github/codeql-action from 3.25.0 to 3.25.1 (#​7896)
• 🔨 chore(deps): bump k8s.io/client-go from 0.27.11 to 0.27.13 in /test/custom-task-ctrls/wait-task-beta (#​7891)
• 🔨 chore(deps): bump k8s.io/api from 0.27.12 to 0.27.13 in /test/custom-task-ctrls/wait-task-beta (#​7890)
• 🔨 chore(deps): bump code.gitea.io/sdk/gitea from 0.17.1 to 0.18.0 (#​7889)
• 🔨 chore(deps): bump the all group in /tekton with 4 updates (#​7885)
• 🔨 chore(deps): bump github/codeql-action from 3.24.10 to 3.25.0 (#​7884)
• 🔨 kind/misc: add error log (#​7874)
• 🔨 chore(deps): bump the all group in /tekton with 4 updates (#​7868)
• 🔨 chore(deps): bump tj-actions/changed-files from 44.0.0 to 44.0.1 (#​7867)
• 🔨 chore(deps): bump google.golang.org/grpc from 1.63.0 to 1.63.2 (#​7866)
• 🔨 chore(deps): bump github.com/spiffe/spire-api-sdk from 1.9.3 to 1.9.4 (#​7862)
• 🔨 chore(deps): bump github/codeql-action from 3.24.9 to 3.24.10 (#​7861)
• 🔨 release: add a small script to "automate" bugfix releases (#​7855)
• 🔨 chore: fix function names in comment (#​7853)
• 🔨 chore(deps): bump github.com/containerd/containerd from 1.7.14 to 1.7.15 (#​7849)
• 🔨 chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.24.0 to 1.25.0 (#​7848)
• 🔨 chore(deps): bump github.com/spiffe/spire-api-sdk from 1.9.2 to 1.9.3 (#​7847)
• 🔨 .github/workflow: update (and harden) codeql workflow (#​7843)
• 🔨 chore(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 (#​7835)
• 🔨 chore(deps): bump google.golang.org/grpc from 1.62.1 to 1.63.0 (#​7834)
• 🔨 chore(deps): bump github.com/jenkins-x/go-scm from 1.14.29 to 1.14.30 (#​7829)
• 🔨 Initiate Conformance Test Suite (#​7826)
• 🔨 chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.2 to 1.8.3 (#​7825)
• 🔨 chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.7 to 2.2.0 (#​7824)
• 🔨 chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.2 to 1.8.3 (#​7823)
• 🔨 chore(deps): bump github.com/sigstore/sigstore from 1.8.1 to 1.8.3 (#​7821)
• 🔨 chore(deps): bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 (#​7820)
• 🔨 chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.2 to 1.8.3 (#​7819)
• 🔨 chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.2 to 1.8.3 (#​7818)
• 🔨 chore(deps): bump tj-actions/changed-files from 43.0.1 to 44.0.0 (#​7817)
• 🔨 chore(deps): bump github.com/golangci/golangci-lint from 1.57.1 to 1.57.2 in /tools (#​7816)
• 🔨 chore(deps): bump github.com/jenkins-x/go-scm from 1.14.26 to 1.14.29 (#​7815)
• 🔨 chore(deps): bump github.com/spiffe/spire-api-sdk from 1.9.1 to 1.9.2 (#​7806)
• 🔨 chore(deps): bump tj-actions/changed-files from 43.0.0 to 43.0.1 (#​7803)
• 🔨 chore(deps): bump github/codeql-action from 3.24.8 to 3.24.9 (#​7802)
• 🔨 chore(deps): bump github.com/golangci/golangci-lint from 1.56.2 to 1.57.1 in /tools (#​7785)
• 🔨 chore(deps): bump github.com/spiffe/spire-api-sdk from 1.9.0 to 1.9.1 (#​7784)
• 🔨 chore(deps): bump github.com/google/cel-go from 0.20.0 to 0.20.1 (#​7783)
• 🔨 chore(deps): bump github.com/cloudevents/sdk-go/v2 from 2.15.1 to 2.15.2 (#​7782)
• 🔨 chore(deps): bump github.com/google/go-containerregistry from 0.19.0 to 0.19.1 (#​7781)
• 🔨 chore(deps): Migrate to github.com/go-jose/go-jose/v3 (#​7750)
• 🔨 .github/workflows: make codeql a bit quicker (#​7728)
• 🔨 Replace out of date publish images with cgr.dev equivalents. (#​7359)
• 🔨 Update golang/x/net to handle GO-2024-2687 (#​7841)

Docs

• 📖 fix(docs): correct closing bracket in CEL expressions (#​7903)
• 📖 remove ref release-pipeline-nightly.yaml (#​7864)
• 📖 Fix: update golangci-lint docs link (#​7790)
• 📖 Documenting latest release - 0.58 (#​7786)
• 📖 updating releases file to include 0.53.4 and 0.56.2 (#​7741)
• 📖 fix imagePullBackOff doc (#​7679)

Thanks

Thanks to these contributors who contributed to v0.59.0!

• ❤️ @​JeromeJu
• ❤️ @​Ma-YuXin
• ❤️ @​afrittoli
• ❤️ @​chitrangpatel
• ❤️ @​cugykw
• ❤️ @​dependabot[bot]
• ❤️ @​ericzzzzzzz
• ❤️ @​garethjevans
• ❤️ @​isibeni
• ❤️ @​kgcarr
• ❤️ @​khrm
• ❤️ @​l-qing
• ❤️ @​lunarwhite
• ❤️ @​lvyaoting
• ❤️ @​pritidesai
• ❤️ @​skaegi
• ❤️ @​vdemeester
• ❤️ @​wlynch

Extra shout-out for awesome release notes:

• 😍 @​Ma-YuXin
• 😍 @​chitrangpatel
• 😍 @​cugykw
• 😍 @​ericzzzzzzz
• 😍 @​khrm
• 😍 @​l-qing
• 😍 @​skaegi
• 😍 @​vdemeester

v0.58.0: Tekton Pipeline release v0.58.0 "Bombay Robbie"

Compare Source

🎉 displayName in childReferences and dynamic specifications of secrets and configmaps in workspaces 🎉

-Docs @​ v0.58.0
-Examples @​ v0.58.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.58.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77ad32de0077ddf3d746f9072f2d536cec99e2add11d56d964943ea86f5265aec54

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77ad32de0077ddf3d746f9072f2d536cec99e2add11d56d964943ea86f5265aec54
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.58.0/release.yaml
REKOR_UUID=24296fb24b8ad77ad32de0077ddf3d746f9072f2d536cec99e2add11d56d964943ea86f5265aec54

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.58.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ TEP-0147: introduce feature flag to guard artifacts feature (#​7705)

Introduces a feature flag enable-artifacts.

• ✨ TEP 0147: add inputs/outputs to stepState (#​7703)

introduce inputs/outputs to stepState for future artifacts work

• ✨ implementing TEP-0150 - in (#​7683)

A fully resolved displayName is now available in childReferences along with the pipelineTaskName. This is mainly beneficial to parameterize and easily distinguish matrix instances of the task.

• ✨ feat: support for variable interpolation in workspace.* (in PipelineRun and TaskRun) (#​7671)

feat: support for variable interpolation in workspace.* (in PipelineRun and TaskRun)

Fixes

• 🐛 fix: avoid panic when used pipelineRef or pipelineSpec in pipeline task (#​7722)

fix: avoid panic when used pipelineRef or pipelineSpec in pipeline task

• 🐛 fix: pipeline execution status test case index error (#​7742)
• 🐛 Migrate jaeger to otel API (#​7547)

Misc

• 🔨 chore(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 (#​7774)
• 🔨 chore(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 (#​7773)
• 🔨 chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#​7772)
• 🔨 chore(deps): bump tj-actions/changed-files from 42.1.0 to 43.0.0 (#​7771)
• 🔨 chore(deps): bump github.com/containerd/containerd from 1.7.13 to 1.7.14 (#​7770)
• 🔨 chore(deps): bump github/codeql-action from 3.24.6 to 3.24.8 (#​7769)
• 🔨 chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 (#​7768)
• 🔨 chore(deps): bump k8s.io/api from 0.27.11 to 0.27.12 in /test/custom-task-ctrls/wait-task-beta (#​7767)
• 🔨 chore(deps): bump tj-actions/changed-files from 42.0.5 to 42.1.0 (#​7747)
• 🔨 chore(deps): bump github/codeql-action from 3.24.5 to 3.24.6 (#​7735)
• 🔨 chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.1 to 1.8.2 (#​7727)
• 🔨 chore(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.1 to 1.8.2 (#​7723)
• 🔨 chore(deps): bump github/codeql-action from 3.24.3 to 3.24.5 (#​7719)
• 🔨 chore(deps): bump tj-actions/changed-files from 42.0.4 to 42.0.5 (#​7718)
• 🔨 chore(deps): bump github.com/spiffe/spire-api-sdk from 1.8.7 to 1.9.0 (#​7712)
• 🔨 chore(deps): bump go.opentelemetry.io/otel/sdk from 1.23.1 to 1.24.0 (#​7710)
• 🔨 chore(deps): bump go.opentelemetry.io/otel from 1.23.1 to 1.24.0 (#​7709)
• 🔨 chore(deps): bump google.golang.org/grpc from 1.61.1 to 1.62.0 (#​7702)
• 🔨 chore(deps): bump go.uber.org/zap from 1.26.0 to 1.27.0 (#​7696)
• 🔨 chore(deps): bump github.com/cloudevents/sdk-go/v2 from 2.14.0 to 2.15.1 (#​7695)
• 🔨 chore(deps): bump github.com/golangci/golangci-lint from 1.56.1 to 1.56.2 in /tools (#​7676)
• 🔨 fix: reduce warnings caused by woke scan results (#​7558)
• 🔨 Bump github.com/docker/docker from 24.0.0+incompatible to 24.0.7+incompatible (#​7526)

Docs

• 📖 [TEP-0129] Move CRDs definition and update multi-tenancy docs accordingly (#​7598)

Document simple installation instructions for a Tekton multi-tenancy setup.

• 📖 docs: changing the variable camel cases (#​7701)
• 📖 fix:add missing documentation link (#​7697)
• 📖 Fix link to CEL in WhenExpression docs (#​7692)
• 📖 Fix typo in additional configs doc (#​7689)
• 📖 Add release v0.57.0 to the list of releases (#​7687)
• 📖 Add feature flags recording demo for developer guide (#​7662)
• 📖 docs: optimize examples for propagating results (#​7554)

Thanks

Thanks to these contributors who contributed to v0.58.0!

• ❤️ @​AlanGreene
• ❤️ @​JeromeJu
• ❤️ @​afrittoli
• ❤️ @​cugykw
• ❤️ @​dependabot[bot]
• ❤️ @​ericzzzzzzz
• ❤️ @​katmutua
• ❤️ @​kmjayadeep
• ❤️ @​l-qing
• ❤️ @​pritidesai
• ❤️ @​vdemeester

Extra shout-out for awesome release notes:

• 😍 @​afrittoli
• 😍 @​ericzzzzzzz
• 😍 @​l-qing
• 😍 @​pritidesai

v0.57.0: Tekton Pipeline release v0.57.0 "Burmilla Baymax"

Compare Source

-Docs @​ v0.57.0
-Examples @​ v0.57.0

Installation one-liner

kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.57.0/release.yaml

Attestation

The Rekor UUID for this release is 24296fb24b8ad77add7b0a9a7946185efd5c044009544db4ec1a3799c4b6a95285f979f1fd78cc75

Obtain the attestation:

REKOR_UUID=24296fb24b8ad77add7b0a9a7946185efd5c044009544db4ec1a3799c4b6a95285f979f1fd78cc75
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://storage.googleapis.com/tekton-releases/pipeline/previous/v0.57.0/release.yaml
REKOR_UUID=24296fb24b8ad77add7b0a9a7946185efd5c044009544db4ec1a3799c4b6a95285f979f1fd78cc75

### Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v0.57.0@​sha256:" + .digest.sha256')

### Download the release file
curl "$RELEASE_FILE" > release.yaml

### For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ Allow for the specified duration (#​7666)

Configure default-imagepullbackoff-timeout to allow imagePullBackOff to retry and wait for the specified duration before failing the pipeline.

• ✨ Add granular termination reason in container termination message (#​7565)

Steps in a TaskRun will have more granular termination reasons indicating what exactly happened in new terminationReason field: Completed, Continued, Error, TimeoutExceeded, Skipped, TaskRunCancelled

Fixes

• 🐛 fix(pipeline): correct warning path for duplicate param name in pipeline tasks (#​7651)

fix: correct warning path for duplicate param name in pipeline tasks

• 🐛 The field in Final Task cannot parse ordinary Task status information. (#​7637)

The status of the referenced ordinary task is replaced before calculating the final task when.cel.

• 🐛 fix: prevent modification of annotations on completed TaskRuns (#​7603)

fix: the pipeline controller will no longer modify any annotation it has set on completed pipelineruns

• 🐛 allow pipeline runs whose task/custom runs have been deleted still timeout (#​7557)

PipelineRuns that timeout will no longer be blocked on reaching a terminal, cancelled state if their underlying TaskRuns or CustomRuns were deleted beforehand.

• 🐛 update docker-in-docker testimage for s390x (#​7652)

Misc

• 🔨 Update releases.md (#​7587)

Created v0.56 LTS release.

• 🔨 matrix name updated to end with the instance count (#​7563)

taskRun names updated to end with the instance count for all fan out instances of matrix.

• 🔨 Isolate new env nightly feature flag test (#​7686)
• 🔨 chore(deps): bump github/codeql-action from 3.24.0 to 3.24.3 (#​7685)
• 🔨 chore(deps): bump tj-actions/changed-files from 42.0.2 to 42.0.4 (#​7684)
• 🔨 chore(deps): bump github.com/opencontainers/image-spec from 1.1.0-rc6 to 1.1.0 (#​7682)
• 🔨 chore(deps): bump github.com/google/cel-go from 0.19.0 to 0.20.0 (#​7681)
• 🔨 chore(deps): bump k8s.io/client-go from 0.27.8 to 0.27.11 in /test/custom-task-ctrls/wait-task-beta (#​7673)
• 🔨 chore(deps): bump google.golang.org/grpc from 1.61.0 to 1.61.1 (#​7670)
• 🔨 Patch Release v0.56.1 (#​7665)
• 🔨 Patch Release v0.56.1 (#​7663)
• 🔨 chore(deps): bump go.opentelemetry.io/otel/sdk from 1.22.0 to 1.23.1 (#​7659)
• 🔨 chore(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 (#​7658)
• 🔨 Update e2e-test script for per-feature flag test (#​7657)
• 🔨 Fix typo in publish task (#​7648)
• 🔨 Bump github.com/golangci/golangci-lint from 1.55.1 to 1.56.1 in /tools (#​7646)
• 🔨 Bump go.opentelemetry.io/otel from 1.22.0 to 1.23.1 (#​7645)
• 🔨 Bump github.com/opencontainers/image-spec from 1.1.0-rc3 to 1.1.0-rc6 (#​7635)
• 🔨 Bump github/codeql-action from 3.23.1 to 3.24.0 (#​7634)
• 🔨 TEP-0138 New features to use Per-feature flag struct (#​7633)
• 🔨 Bump github.com/containerd/containerd from 1.6.19 to 1.7.13 (#​7628)
• 🔨 Per-feature Flag Test Suite (#​7627)
• 🔨 Bump github.com/google/go-containerregistry from 0.18.0 to 0.19.0 (#​7624)
• 🔨 Bump tj-actions/changed-files from 42.0.0 to 42.0.2 (#​7622)
• 🔨 Bump actions/upload-artifact from 4.2.0 to 4.3.0 (#​7620)
• 🔨 Bump github.com/google/go-containerregistry from 0.17.0 to 0.18.0 (#​7616)
• 🔨 Bump google.golang.org/grpc from 1.60.1 to 1.61.0 (#​7612)
• 🔨 Bump github.com/google/uuid from 1.5.0 to 1.6.0 (#​7611)
• 🔨 Bump github.com/opencontainers/image-spec from 1.1.0-rc3 to 1.1.0-rc.6 (#​7610)
• 🔨 Bump github.com/containerd/containerd from 1.6.19 to 1.7.12 (#​7609)
• 🔨 Bump go.opentelemetry.io/otel/sdk from 1.21.0 to 1.22.0 (#​7606)
• 🔨 Bump github.com/jenkins-x/go-scm from 1.14.25 to 1.14.26 (#​7605)
• 🔨 Bump github.com/opencontainers/image-spec from 1.1.0-rc5 to 1.1.0-rc.6 (#​7604)
• 🔨 Bump code.gitea.io/sdk/gitea from 0.16.0 to 0.17.1 (#​7597)
• 🔨 Bump github.com/containerd/containerd from 1.7.11 to 1.7.12 (#​7596)
• 🔨 Bump github.com/google/cel-go from 0.18.1 to 0.19.0 (#​7594)
• 🔨 Bump tj-actions/changed-files from 41.1.1 to 42.0.0 (#​7593)
• 🔨 Bump github/codeql-action from 3.23.0 to 3.23.1 (#​7592)
• 🔨 Bump actions/upload-artifact from 4.1.0 to 4.2.0 (#​7591)
• 🔨 Bump go.opentelemetry.io/otel from 1.21.0 to 1.22.0 (#​7586)
• 🔨 Bump github.com/jenkins-x/go-scm from 1.14.24 to 1.14.25 (#​7585)
• 🔨 Bump github.com/spiffe/go-spiffe/v2 from 2.1.5 to 2.1.7 (#​7584)
• 🔨 Bump github.com/google/go-containerregistry from 0.17.0 to 0.18.0 (#​7583)
• 🔨 Bump github.com/go-git/go-git/v5 from 5.10.0 to 5.11.0 (#​7582)
• 🔨 Error sweep: fix error messages for timing out Runs (#​7572)
• 🔨 Label user error for failed TaskRunStatus message (#​7543)
• 🔨 Add pre-commit rules (#​7367)

Docs

• 📖 Pipeline v0.44.x LTS End of Life (#​7613)

Release v0.44 LTS is EOL

Thanks

Thanks to these contributors who contributed to v0.57.0!

• ❤️ @​AlanGreene
• ❤️ @​Basavaraju-G
• ❤️ @​JeromeJu
• ❤️ @​afrittoli
• ❤️ @​chitrangpatel
• ❤️ @​cugykw
• ❤️ @​dependabot[bot]
• ❤️ @​gabemontero
• ❤️ @​l-qing
• ❤️ @​pritidesai
• ❤️ @​renzodavid9
• ❤️ [@​ro

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[ti-chi-bot]

I Skip it since the diff size(191536 bytes > 80000 bytes) is too large

[ti-chi-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign wuhuizuo for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• cloudevents-server/OWNERS
• tibuild/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ti-chi-bot]

I Skip it since the diff size(189354 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(189354 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(187797 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(187887 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(186883 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(187014 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(193614 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(193521 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(194800 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(194800 bytes > 80000 bytes) is too large

[ti-chi-bot]

I Skip it since the diff size(194800 bytes > 80000 bytes) is too large

[renovate]

ℹ Artifact update notice

File name: tibuild/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 44 additional dependencies were updated

Details:

Package	Change
github.com/cloudevents/sdk-go/v2	v2.14.0 -> v2.15.2
golang.org/x/net	v0.24.0 -> v0.25.0
contrib.go.opencensus.io/exporter/prometheus	v0.4.0 -> v0.4.2
github.com/census-instrumentation/opencensus-proto	v0.3.0 -> v0.4.1
github.com/cespare/xxhash/v2	v2.1.2 -> v2.2.0
github.com/evanphx/json-patch/v5	v5.6.0 -> v5.8.0
github.com/go-kit/log	v0.1.0 -> v0.2.1
github.com/go-logfmt/logfmt	v0.5.0 -> v0.5.1
github.com/go-logr/logr	v1.2.2 -> v1.4.1
github.com/go-openapi/jsonpointer	v0.19.5 -> v0.19.6
github.com/go-openapi/jsonreference	v0.19.6 -> v0.20.2
github.com/go-openapi/swag	v0.19.15 -> v0.22.3
github.com/golang/protobuf	v1.5.2 -> v1.5.4
github.com/google/go-containerregistry	v0.8.1-0.20220216220642-00c59d91847c -> v0.19.1
github.com/google/uuid	v1.3.0 -> v1.6.0
github.com/prometheus/client_golang	v1.11.1 -> v1.18.0
github.com/prometheus/client_model	v0.2.0 -> v0.5.0
github.com/prometheus/common	v0.32.1 -> v0.46.0
github.com/prometheus/procfs	v0.6.0 -> v0.12.0
github.com/prometheus/statsd_exporter	v0.21.0 -> v0.22.7
go.uber.org/multierr	v1.7.0 -> v1.11.0
go.uber.org/zap	v1.22.0 -> v1.27.0
golang.org/x/crypto	v0.22.0 -> v0.23.0
golang.org/x/oauth2	v0.0.0-20220223155221-ee480838109b -> v0.20.0
golang.org/x/sync	v0.1.0 -> v0.7.0
golang.org/x/sys	v0.19.0 -> v0.20.0
golang.org/x/term	v0.19.0 -> v0.20.0
golang.org/x/text	v0.14.0 -> v0.15.0
golang.org/x/time	v0.0.0-20220224211638-0e9765cccd65 -> v0.5.0
golang.org/x/tools	v0.7.0 -> v0.17.0
gomodules.xyz/jsonpatch/v2	v2.2.0 -> v2.4.0
google.golang.org/api	v0.70.0 -> v0.171.0
google.golang.org/grpc	v1.44.0 -> v1.64.0
google.golang.org/protobuf	v1.30.0 -> v1.34.1
k8s.io/api	v0.23.9 -> v0.28.5
k8s.io/apimachinery	v0.23.9 -> v0.29.0
k8s.io/client-go	v0.23.9 -> v0.28.5
k8s.io/klog/v2	v2.70.2-0.20220707122935-0990e81f1a8f -> v2.110.1
k8s.io/kube-openapi	v0.0.0-20220124234850-424119656bbf -> v0.0.0-20231010175941-2dd684a91f00
k8s.io/utils	v0.0.0-20220210201930-3a6ce19ff2f9 -> v0.0.0-20230726121419-3b25d923346b
knative.dev/pkg	v0.0.0-20220805012121-7b8b06028e4f -> v0.0.0-20240116073220-b488e7be5902
sigs.k8s.io/json	v0.0.0-20211208200746-9f7c6b3444d2 -> v0.0.0-20221116044647-bc3834ca7abd
sigs.k8s.io/structured-merge-diff/v4	v4.2.1 -> v4.4.1
sigs.k8s.io/yaml	v1.3.0 -> v1.4.0

File name: cloudevents-server/go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 41 additional dependencies were updated

Details:

Package	Change
github.com/cloudevents/sdk-go/v2	v2.14.0 -> v2.15.2
k8s.io/apimachinery	v0.23.9 -> v0.29.0
contrib.go.opencensus.io/exporter/prometheus	v0.4.0 -> v0.4.2
github.com/go-kit/log	v0.1.0 -> v0.2.1
github.com/go-logfmt/logfmt	v0.5.0 -> v0.5.1
github.com/go-logr/logr	v1.2.2 -> v1.4.1
github.com/go-openapi/jsonreference	v0.20.1 -> v0.20.2
github.com/golang/protobuf	v1.5.3 -> v1.5.4
github.com/google/go-containerregistry	v0.8.1-0.20220216220642-00c59d91847c -> v0.19.1
github.com/google/uuid	v1.4.0 -> v1.6.0
github.com/grpc-ecosystem/grpc-gateway/v2	v2.11.3 -> v2.20.0
github.com/hashicorp/golang-lru	v0.5.4 -> v1.0.2
github.com/imdario/mergo	v0.3.12 -> v0.3.13
github.com/mitchellh/copystructure	v1.0.0 -> v1.2.0
github.com/mitchellh/reflectwalk	v1.0.1 -> v1.0.2
github.com/prometheus/client_golang	v1.11.1 -> v1.18.0
github.com/prometheus/client_model	v0.4.0 -> v0.5.0
github.com/prometheus/common	v0.32.1 -> v0.46.0
github.com/prometheus/procfs	v0.6.0 -> v0.12.0
github.com/prometheus/statsd_exporter	v0.21.0 -> v0.22.7
go.uber.org/multierr	v1.9.0 -> v1.11.0
go.uber.org/zap	v1.24.0 -> v1.27.0
golang.org/x/crypto	v0.19.0 -> v0.23.0
golang.org/x/net	v0.21.0 -> v0.25.0
golang.org/x/oauth2	v0.15.0 -> v0.20.0
golang.org/x/sync	v0.6.0 -> v0.7.0
golang.org/x/sys	v0.17.0 -> v0.20.0
golang.org/x/term	v0.17.0 -> v0.20.0
golang.org/x/text	v0.14.0 -> v0.15.0
gomodules.xyz/jsonpatch/v2	v2.2.0 -> v2.4.0
google.golang.org/api	v0.153.0 -> v0.171.0
google.golang.org/genproto/googleapis/api	v0.0.0-20231106174013-bbf56f31fb17 -> v0.0.0-20240520151616-dc85e6b867a5
k8s.io/api	v0.23.9 -> v0.28.5
k8s.io/client-go	v0.23.9 -> v0.28.5
k8s.io/klog/v2	v2.70.2-0.20220707122935-0990e81f1a8f -> v2.110.1
k8s.io/kube-openapi	v0.0.0-20220124234850-424119656bbf -> v0.0.0-20231010175941-2dd684a91f00
k8s.io/utils	v0.0.0-20220210201930-3a6ce19ff2f9 -> v0.0.0-20230726121419-3b25d923346b
knative.dev/pkg	v0.0.0-20220805012121-7b8b06028e4f -> v0.0.0-20240116073220-b488e7be5902
sigs.k8s.io/json	v0.0.0-20211208200746-9f7c6b3444d2 -> v0.0.0-20221116044647-bc3834ca7abd
sigs.k8s.io/structured-merge-diff/v4	v4.2.1 -> v4.4.1
sigs.k8s.io/yaml	v1.3.0 -> v1.4.0