🚨 Update go modules (release-v0.7) (major)

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/MakeNowJust/heredoc	v1.0.0 → v2.0.1
github.com/golangci/golangci-lint	v1.63.4 → v2.8.0
github.com/santhosh-tekuri/jsonschema/v5	v5.3.1 → v6.0.2
github.com/tektoncd/pipeline	v0.66.0 → v1.9.0
gopkg.in/go-jose/go-jose.v2	v2.6.3 → v4.1.3
helm.sh/helm/v3	v3.18.6 → v4.1.0

---

Release Notes

MakeNowJust/heredoc (github.com/MakeNowJust/heredoc)

v2.0.1

Compare Source

Version 2.0.1

Fixes

• Correct import path for Go modules

v2.0.0

Compare Source

Version 2.0.0

Breaking Changes

• Treats only white space (U+0020) and horizontal tabs (U+000D) as space characters. (#​6)

golangci/golangci-lint (github.com/golangci/golangci-lint)

v2.8.0

Compare Source

Released on 2026-01-07

1. Linters new features or changes
   • godoc-lint: from 0.10.2 to 0.11.1 (new rule: require-stdlib-doclink)
   • golines: from 442fd00 to 0.14.0
   • gomoddirectives: from 0.7.1 to 0.8.0
   • gosec: from daccba6 to 2.22.11 (new rule: G116)
   • modernize: from 0.39.0 to 0.40.0 (new analyzers: stringscut, unsafefuncs)
   • prealloc: from 1.0.0 to 1.0.1 (message changes)
   • unqueryvet: from 1.3.0 to 1.4.0 (new options: check-aliased-wildcard, check-string-concat, check-format-strings, check-string-builder, check-subqueries, ignored-functions, sql-builders)
2. Linters bug fixes
   • go-critic: from 0.14.2 to 0.14.3
   • go-errorlint: from 1.8.0 to 1.9.0
   • govet: from 0.39.0 to 0.40.0
   • protogetter: from 0.3.17 to 0.3.18
   • revive: add missing enable-default-rules setting
3. Documentation
   • docs: split installation page

v2.7.2

Compare Source

Released on 2025-12-07

1. Linter bug fixes
   • gosec: from 2.22.10 to daccba6

v2.7.1

Compare Source

Released on 2025-12-04

1. Linter bug fixes
   • modernize: disable stringscut analyzer

v2.7.0

Compare Source

1. Bug fixes
   • fix: clone args used by custom command
2. Linters new features or changes
   • no-sprintf-host-port: from 0.2.0 to 0.3.1 (ignore string literals without a colon)
   • unqueryvet: from 1.2.1 to 1.3.0 (handles const and var declarations)
   • revive: from 1.12.0 to 1.13.0 (new option: enable-default-rules, new rules: forbidden-call-in-wg-go, unnecessary-if, inefficient-map-lookup)
   • modernize: from 0.38.0 to 0.39.0 (new analyzers: plusbuild, stringscut)
3. Linters bug fixes
   • perfsprint: from 0.10.0 to 0.10.1
   • wrapcheck: from 2.11.0 to 2.12.0
   • godoc-lint: from 0.10.1 to 0.10.2
4. Misc.
   • Add some flags to the custom command
5. Documentation
   • docs: split changelog v1 and v2

v2.6.2

Compare Source

Released on 2025-11-14

1. Bug fixes
   • fmt command with symlinks
   • use file depending on build configuration to invalidate cache
2. Linters bug fixes
   • testableexamples: from 1.0.0 to 1.0.1
   • testpackage: from 1.1.1 to 1.1.2

v2.6.1

Compare Source

v2.6.0

Compare Source

1. New linters
   • Add modernize analyzer suite
2. Linters new features or changes
   • arangolint: from 0.2.0 to 0.3.1
   • dupword: from 0.1.6 to 0.1.7 (new option comments-only)
   • go-critic: from 0.13.0 to 0.14.0 (new rules/checkers: zeroByteRepeat, dupOption)
   • gofumpt: from 0.9.1 to 0.9.2 ("clothe" naked returns is now controlled by the extra-rules option)
   • perfsprint: from 0.9.1 to 0.10.0 (new options: concat-loop, loop-other-ops)
   • wsl: from 5.2.0 to 5.3.0
3. Linters bug fixes
   • dupword: from 0.1.6 to 0.1.7
   • durationcheck: from 0.0.10 to 0.0.11
   • exptostd: from 0.4.4 to 0.4.5
   • fatcontext: from 0.8.1 to 0.9.0
   • forbidigo: from 2.1.0 to 2.3.0
   • ginkgolinter: from 0.21.0 to 0.21.2
   • godoc-lint: from 0.10.0 to 0.10.1
   • gomoddirectives: from 0.7.0 to 0.7.1
   • gosec: from 2.22.8 to 2.22.10
   • makezero: from 2.0.1 to 2.1.0
   • nilerr: from 0.1.1 to 0.1.2
   • paralleltest: from 1.0.14 to 1.0.15
   • protogetter: from 0.3.16 to 0.3.17
   • unparam: from 0df0534 to 5beb8c8
4. Misc.
   • fix: ignore some files to hash the version for custom build

v2.5.0

Compare Source

1. New linters
   • Add godoclint linter https://github.com/godoc-lint/godoc-lint
   • Add unqueryvet linter https://github.com/MirrexOne/unqueryvet
   • Add iotamixing linter https://github.com/AdminBenni/iota-mixing
2. Linters new features or changes
   • embeddedstructfieldcheck: from 0.3.0 to 0.4.0 (new option: empty-line)
   • err113: from aea10b5 to 0.1.1 (skip internals of Is methods for error type)
   • ginkgolinter: from 0.20.0 to 0.21.0 (new option: force-tonot)
   • gofumpt: from 0.8.0 to 0.9.1 (new rule is to "clothe" naked returns for the sake of clarity)
   • ineffassign: from 0.1.0 to 0.2.0 (new option: check-escaping-errors)
   • musttag: from 0.13.1 to 0.14.0 (support interface methods)
   • revive: from 1.11.0 to 1.12.0 (new options: identical-ifelseif-branches, identical-ifelseif-conditions, identical-switch-branches, identical-switch-conditions, package-directory-mismatch, unsecure-url-scheme, use-waitgroup-go, useless-fallthrough)
   • thelper: from 0.6.3 to 0.7.1 (skip t.Helper in functions passed to synctest.Test)
   • wsl: from 5.1.1 to 5.2.0 (improvements related to subexpressions)
3. Linters bug fixes
   • asciicheck: from 0.4.1 to 0.5.0
   • errname: from 1.1.0 to 1.1.1
   • fatcontext: from 0.8.0 to 0.8.1
   • go-printf-func-name: from 0.1.0 to 0.1.1
   • godot: from 1.5.1 to 1.5.4
   • gosec: from 2.22.7 to 2.22.8
   • nilerr: from 0.1.1 to a temporary fork
   • nilnil: from 1.1.0 to 1.1.1
   • protogetter: from 0.3.15 to 0.3.16
   • tagliatelle: from 0.7.1 to 0.7.2
   • testifylint: from 1.6.1 to 1.6.4
4. Misc.
   • fix: "no export data" errors are now handled as a standard typecheck error
5. Documentation
   • Improve nolint section about syntax

v2.4.0

Compare Source

1. Enhancements
   • 🎉 go1.25 support
2. Linters new features or changes
   • exhaustruct: from v3.3.1 to 4.0.0 (new options: allow-empty, allow-empty-rx, allow-empty-returns, allow-empty-declarations)
3. Linters bug fixes
   • godox: trim filepath from report messages
   • staticcheck: allow empty options
   • tagalign: from 1.4.2 to 1.4.3
4. Documentation
   • 🌟 New website (with a search engine)

v2.3.1

Compare Source

1. Linters bug fixes
   • gci: from 0.13.6 to 0.13.7
   • gosec: from 2.22.6 to 2.22.7
   • noctx: from 0.3.5 to 0.4.0
   • wsl: from 5.1.0 to 5.1.1
   • tagliatelle: force upper case for custom initialisms

v2.3.0

Compare Source

1. Linters new features or changes
   • ginkgolinter: from 0.19.1 to 0.20.0 (new option: force-assertion-description)
   • iface: from 1.4.0 to 1.4.1 (report message improvements)
   • noctx: from 0.3.4 to 0.3.5 (new detections: log/slog, exec, crypto/tls)
   • revive: from 1.10.0 to 1.11.0 (new rule: enforce-switch-style)
   • wsl: from 5.0.0 to 5.1.0
2. Linters bug fixes
   • gosec: from 2.22.5 to 2.22.6
   • noinlineerr: from 1.0.4 to 1.0.5
   • sloglint: from 0.11.0 to 0.11.1
3. Misc.
   • fix: panic close of closed channel

v2.2.2

Compare Source

1. Linters bug fixes
   • noinlineerr: from 1.0.3 to 1.0.4
2. Documentation
   • Improve debug keys documentation
3. Misc.
   • fix: panic close of closed channel
   • godot: add noinline value into the JSONSchema

v2.2.1

Compare Source

1. Linters bug fixes

• varnamelen: fix configuration

v2.2.0

Compare Source

1. New linters
   • Add arangolint linter https://github.com/Crocmagnon/arangolint
   • Add embeddedstructfieldcheck linter https://github.com/manuelarte/embeddedstructfieldcheck
   • Add noinlineerr linter https://github.com/AlwxSin/noinlineerr
   • Add swaggo formatter https://github.com/golangci/swaggoswag
2. Linters new features or changes
   • errcheck: add verbose option
   • funcorder: from 0.2.1 to 0.5.0 (new option alphabetical)
   • gomoddirectives: from 0.6.1 to 0.7.0 (new option ignore-forbidden)
   • iface: from 1.3.1 to 1.4.0 (new option unexported)
   • noctx: from 0.1.0 to 0.3.3 (new report messages, and new rules related to database/sql)
   • noctx: from 0.3.3 to 0.3.4 (new SQL functions detection)
   • revive: from 1.9.0 to 1.10.0 (new rules: time-date, unnecessary-format, use-fmt-print)
   • usestdlibvars: from 1.28.0 to 1.29.0 (new option time-date-month)
   • wsl: deprecation
   • wsl_v5: from 4.7.0 to 5.0.0 (major version with new configuration)
3. Linters bug fixes
   • dupword: from 0.1.3 to 0.1.6
   • exptostd: from 0.4.3 to 0.4.4
   • forbidigo: from 1.6.0 to 2.1.0
   • gci: consistently format the code
   • go-spancheck: from 0.6.4 to 0.6.5
   • goconst: from 1.8.1 to 1.8.2
   • gosec: from 2.22.3 to 2.22.4
   • gosec: from 2.22.4 to 2.22.5
   • makezero: from 1.2.0 to 2.0.1
   • misspell: from 0.6.0 to 0.7.0
   • usetesting: from 0.4.3 to 0.5.0
4. Misc.
   • exclusions: fix path-expect
   • formatters: write the input to stdout when using stdin and there are no changes
   • migration: improve the error message when trying to migrate a migrated config
   • typecheck: deduplicate errors
   • typecheck: stops the analysis after the first error
   • Deprecate print-resources-usage flag
   • Unique version per custom build
5. Documentation
   • Improves typecheck FAQ
   • Adds plugin systems recommendations
   • Add description for linters.default sets

v2.1.6

Compare Source

1. Linters bug fixes
   • godot: from 1.5.0 to 1.5.1
   • musttag: from 0.13.0 to 0.13.1
2. Documentation
   • Add note about golangci-lint v2 integration in VS Code

v2.1.5

Compare Source

Due to an error related to Snapcraft, some artifacts of the v2.1.4 release have not been published.

This release contains the same things as v2.1.3.

v2.1.4

Compare Source

Due to an error related to Snapcraft, some artifacts of the v2.1.3 release have not been published.

This release contains the same things as v2.1.3.

v2.1.3

Compare Source

1. Linters bug fixes
   • fatcontext: from 0.7.2 to 0.8.0
2. Misc.
   • migration: fix nakedret.max-func-lines: 0
   • migration: fix order of staticcheck settings
   • fix: add go.mod hash to the cache salt
   • fix: use diagnostic position for related information position

v2.1.2

Compare Source

1. Linters bug fixes
   • exptostd: from 0.4.2 to 0.4.3
   • gofumpt: from 0.7.0 to 0.8.0
   • protogetter: from 0.3.13 to 0.3.15
   • usetesting: from 0.4.2 to 0.4.3

v2.1.1

Compare Source

The release process of v2.1.0 failed due to a regression inside goreleaser.

The binaries of v2.1.0 have been published, but not the other artifacts (AUR, Docker, etc.).

v2.1.0

Compare Source

1. Enhancements
   • Add an option to display absolute paths (--path-mode=abs)
   • Add configuration path placeholder (${config-path})
   • Add warn-unused option for fmt command
   • Colored diff for fmt command (golangci-lint fmt --diff-colored)
2. New linters
   • Add funcorder linter https://github.com/manuelarte/funcorder
3. Linters new features or changes
   • go-errorlint: from 1.7.1 to 1.8.0 (automatic error comparison and type assertion fixes)
   • ⚠️ goconst: ignore-strings is deprecated and replaced by ignore-string-values
   • goconst: from 1.7.1 to 1.8.1 (new options: find-duplicates, eval-const-expressions)
   • govet: add httpmux analyzer
   • nilnesserr: from 0.1.2 to 0.2.0 (detect more cases)
   • paralleltest: from 1.0.10 to 1.0.14 (checks only _test.go files)
   • revive: from 1.7.0 to 1.9.0 (support kebab case for setting names)
   • sloglint: from 0.9.0 to 0.11.0 (autofix, new option msg-style, suggest slog.DiscardHandler)
   • wrapcheck: from 2.10.0 to 2.11.0 (new option report-internal-errors)
   • wsl: from 4.6.0 to 4.7.0 (cgo files are always excluded)
4. Linters bug fixes
   • fatcontext: from 0.7.1 to 0.7.2
   • gocritic: fix importshadow checker
   • gosec: from 2.22.2 to 2.22.3
   • ireturn: from 0.3.1 to 0.4.0
   • loggercheck: from 0.10.1 to 0.11.0
   • nakedret: from 2.0.5 to 2.0.6
   • nonamedreturns: from 1.0.5 to 1.0.6
   • protogetter: from 0.3.12 to 0.3.13
   • testifylint: from 1.6.0 to 1.6.1
   • unconvert: update to HEAD
5. Misc.
   • Fixes memory leaks when using go1.(N) with golangci-lint built with go1.(N-X)
   • Adds golangci-lint-fmt pre-commit hook
6. Documentation
   • Improvements
   • Updates section about vscode integration

v2.0.2

Compare Source

1. Misc.
   • Fixes flags parsing for formatters
   • Fixes the filepath used by the exclusion source option
2. Documentation
   • Adds a section about flags migration
   • Cleaning pages with v1 options

v2.0.1

Compare Source

1. Linters/formatters bug fixes
   • golines: fix settings during linter load
2. Misc.
   • Validates the version field before the configuration
   • forbidigo: fix migration

v2.0.0

Compare Source

1. Enhancements
   • 🌟 New golangci-lint fmt command with dedicated formatter configuration
   • ♻️ New golangci-lint migrate command to help migration from v1 to v2 (cf. Migration guide)
   • ⚠️ New default values (cf. Migration guide)
   • ⚠️ No exclusions by default (cf. Migration guide)
   • ⚠️ New default sort order (cf. Migration guide)
   • 🌟 New option run.relative-path-mode (cf. Migration guide)
   • 🌟 New linters configuration (cf. Migration guide)
   • 🌟 New output format configuration (cf. Migration guide)
   • 🌟 New --fast-only flag (cf. Migration guide)
   • 🌟 New option linters.exclusions.warn-unused to log a warning if an exclusion rule is unused.
2. New linters/formatters
   • Add golines formatter https://github.com/segmentio/golines
3. Linters new features
   • ⚠️ Merge staticcheck, stylecheck, gosimple into one linter (staticcheck) (cf. Migration guide)
   • go-critic: from 0.12.0 to 0.13.0
   • gomodguard: from 1.3.5 to 1.4.1 (block explicit indirect dependencies)
   • nilnil: from 1.0.1 to 1.1.0 (new option: only-two)
   • perfsprint: from 0.8.2 to 0.9.1 (checker name in the diagnostic message)
   • staticcheck: new quickfix set of rules
   • testifylint: from 1.5.2 to 1.6.0 (new options: equal-values, suite-method-signature, require-string-msg)
   • wsl: from 4.5.0 to 4.6.0 (new option: allow-cuddle-used-in-block)
4. Linters bug fixes
   • bidichk: from 0.3.2 to 0.3.3
   • errchkjson: from 0.4.0 to 0.4.1
   • errname: from 1.0.0 to 1.1.0
   • funlen: fix ignore-comments option
   • gci: from 0.13.5 to 0.13.6
   • gosmopolitan: from 1.2.2 to 1.3.0
   • inamedparam: from 0.1.3 to 0.2.0
   • intrange: from 0.3.0 to 0.3.1
   • protogetter: from 0.3.9 to 0.3.12
   • unparam: from 8a5130c to 0df0534
5. Misc.
   • 🧹 Configuration options renaming (cf. Migration guide)
   • 🧹 Remove options (cf. Migration guide)
   • 🧹 Remove flags (cf. Migration guide)
   • 🧹 Remove alternative names (cf. Migration guide)
   • 🧹 Remove or replace deprecated elements (cf. Migration guide)
   • Adds an option to display some commands as JSON:
     • golangci-lint config path --json
     • golangci-lint help linters --json
     • golangci-lint help formatters --json
     • golangci-lint linters --json
     • golangci-lint formatters --json
     • golangci-lint version --json
6. Documentation
   • Migration guide

v1.64.8

Compare Source

• Detects use of configuration files from golangci-lint v2

v1.64.7

Compare Source

1. Linters bug fixes
   • depguard: from 2.2.0 to 2.2.1
   • dupl: from 3e9179a to f665c8d
   • gosec: from 2.22.1 to 2.22.2
   • staticcheck: from 0.6.0 to 0.6.1
2. Documentation
   • Add GitLab documentation

v1.64.6

Compare Source

1. Linters bug fixes
   • asciicheck: from 0.4.0 to 0.4.1
   • contextcheck: from 1.1.5 to 1.1.6
   • errcheck: from 1.8.0 to 1.9.0
   • exptostd: from 0.4.1 to 0.4.2
   • ginkgolinter: from 0.19.0 to 0.19.1
   • go-exhaustruct: from 3.3.0 to 3.3.1
   • gocheckcompilerdirectives: from 1.2.1 to 1.3.0
   • godot: from 1.4.20 to 1.5.0
   • perfsprint: from 0.8.1 to 0.8.2
   • revive: from 1.6.1 to 1.7.0
   • tagalign: from 1.4.1 to 1.4.2

v1.64.5

Compare Source

1. Bug fixes
   • Add missing flag new-from-merge-base-flag
2. Linters bug fixes
   • asciicheck: from 0.3.0 to 0.4.0
   • forcetypeassert: from 0.1.0 to 0.2.0
   • gosec: from 2.22.0 to 2.22.1

v1.64.4

Compare Source

1. Linters bug fixes
   • gci: fix standard packages list for go1.24

v1.64.3

Compare Source

1. Linters bug fixes
   • ginkgolinter: from 0.18.4 to 0.19.0
   • go-critic: from 0.11.5 to 0.12.0
   • revive: from 1.6.0 to 1.6.1
   • gci: fix standard packages list for go1.24
2. Misc.
   • Build Docker images with go1.24

v1.64.2

Compare Source

This is the last minor release of golangci-lint v1.
The next release will be golangci-lint v2.

1. Enhancements
   • 🎉 go1.24 support
   • New issues.new-from-merge-base option
   • New run.relative-path-mode option
2. Linters new features
   • copyloopvar: from 1.1.0 to 1.2.1 (support suggested fixes)
   • exptostd: from 0.3.1 to 0.4.1 (handles golang.org/x/exp/constraints.Ordered)
   • fatcontext: from 0.5.3 to 0.7.1 (new option: check-struct-pointers)
   • perfsprint: from 0.7.1 to 0.8.1 (new options: integer-format, error-format, string-format, bool-format, and hex-format)
   • revive: from 1.5.1 to 1.6.0 (new rules: redundant-build-tag, use-errors-new. New option early-return.early-return)
3. Linters bug fixes
   • go-errorlint: from 1.7.0 to 1.7.1
   • gochecknoglobals: from 0.2.1 to 0.2.2
   • godox: from 006bad1 to 1.1.0
   • gosec: from 2.21.4 to 2.22.0
   • iface: from 1.3.0 to 1.3.1
   • nilnesserr: from 0.1.1 to 0.1.2
   • protogetter: from 0.3.8 to 0.3.9
   • sloglint: from 0.7.2 to 0.9.0
   • spancheck: fix default StartSpanMatchersSlice values
   • staticcheck: from 0.5.1 to 0.6.0
4. Deprecations
   • ⚠️ tenv is deprecated and replaced by usetesting.os-setenv: true.
   • ⚠️ exportloopref deprecation step 2
5. Misc.
   • Sanitize severities by output format
   • Avoid panic with plugin without description
6. Documentation
   • Clarify depguard configuration

v1.64.1

Compare Source

Cancelled due to CI failure.

v1.64.0

Compare Source

Cancelled due to CI failure.

santhosh-tekuri/jsonschema (github.com/santhosh-tekuri/jsonschema/v5)

v6.0.2

Compare Source

v6.0.1

Compare Source

Bug Fixes:

• fix/schema: field RecursiveRef misspelled
• fix/schema: missing Deprecated field

check https://redirect.github.com/santhosh-tekuri/jsonschema/discussions/172 to see notes for migrating from v5 to v6

v6.0.0

Compare Source

Improvements

• mixed dialect support
• custom $vocabulary support
• sermver format
• support for localisation for ValidationError
• command jv
  • support stdin
  • --insecure and --cacert flag
  • --quiet flag

check https://redirect.github.com/santhosh-tekuri/jsonschema/discussions/172 to see notes for migrating from v5 to v6

tektoncd/pipeline (github.com/tektoncd/pipeline)

v1.9.0: Tekton Pipeline release v1.9.0 LTS "Devon Rex Dreadnought"

Compare Source

🎉 hostUsers support and digest validation for http resolver 🎉

-Docs @​ v1.9.0
-Examples @​ v1.9.0

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.9.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a692b1410db6e04e5e4a25aec2e361118647fe42c5ad8d7ef3e087b5cd11463d6

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a692b1410db6e04e5e4a25aec2e361118647fe42c5ad8d7ef3e087b5cd11463d6
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.9.0/release.yaml
REKOR_UUID=108e9186e8c5677a692b1410db6e04e5e4a25aec2e361118647fe42c5ad8d7ef3e087b5cd11463d6

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.9.0@​sha256:" + .digest.sha256')

# Download the release file
curl -L "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

• ✨ feat: add ServiceAccount inheritance to Affinity Assistants (#​9253)

• ✨ Add hostUsers field support to PodTemplate (#​9227)

• ✨ feat: Add digest validation support to HTTP resolver (#​9171)

• ✨ taskrun: include actual result size in error when exceeding maxResultSize (#​8869)

Fixes

• 🐛 fix(pipelinerun): fix the issue of massive invalid status updates caused by unordered arrays, which will greatly impact the resource load and stability of the apiserver. (#​9295)

• 🐛 Fix parameter resolution for defaults with references (#​9271)

• 🐛 Fix duplicated protobuf tag in pod.Template struct (#​9229)

• 🐛 fix: Prevent excessive reconciliation when timeout disabled (#​9202)

• 🐛 fix: Detect pod configuration errors early instead of timeout (#​9197)

• 🐛 chore(ci): update cherry-pick workflow to fix multi-commit PRs (#​9320)

• 🐛 fix: validate taskRef.apiVersion format for custom tasks (#​9045)

• 🐛 test(e2e): move flaky retry/matrix tests to no-ci temporarily (#​9242)

• 🐛 fix(e2e): improve dind-sidecar probe configuration for reliability (#​9241)

Misc

• 🔨 fix: reduce CRD size by shortening verbose descriptions (#​9252)
• 🔨 ci: add KOCACHE to speed up ko builds in GitHub Actions (#​9319)
• 🔨 Improve code consistency and fix missing test annotation (#​9266)
• 🔨 Remove the GHCR migration notice from the readme (#​9237)
• 🔨 fix: release pipeline feedback (#​9210)
• 🔨 build(deps): bump go.uber.org/zap from 1.27.0 to 1.27.1 (#​9333)
• 🔨 build(deps): bump github.com/google/cel-go from 0.26.0 to 0.27.0 (#​9330)
• 🔨 build(deps): bump github/codeql-action from 4.31.9 to 4.32.0 (#​9310)
• 🔨 build(deps): bump the all group in /tekton with 3 updates (#​9309)
• 🔨 build(deps): bump chainguard-dev/actions from 1.5.12 to 1.5.13 (#​9308)
• 🔨 build(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#​9307)
• 🔨 build(deps): bump step-security/harden-runner from 2.14.0 to 2.14.1 (#​9306)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​9299)
• 🔨 build(deps): bump chainguard-dev/actions from 1.5.11 to 1.5.12 (#​9298)
• 🔨 build(deps): bump actions/setup-go from 6.1.0 to 6.2.0 (#​9297)
• 🔨 build(deps): bump actions/cache from 5.0.1 to 5.0.2 (#​9296)
• 🔨 build(deps): bump golang.org/x/sync from 0.18.0 to 0.19.0 (#​9293)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​9291)
• 🔨 build(deps): bump chainguard-dev/actions from 1.5.10 to 1.5.11 (#​9290)
• 🔨 build(deps): bump github.com/hashicorp/go-version from 1.7.0 to 1.8.0 (#​9288)
• 🔨 build(deps): bump k8s.io/apiextensions-apiserver from 0.32.8 to 0.32.11 (#​9286)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​9281)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​9268)
• 🔨 build(deps): bump chainguard/go from 2f71c4d to 0cd4986 in /tekton in the all group (#​9264)
• 🔨 build(deps): bump peter-evans/slash-command-dispatch from 5.0.1 to 5.0.2 (#​9263)
• 🔨 build(deps): bump github.com/spiffe/spire-api-sdk from 1.12.4 to 1.14.0 (#​9261)
• 🔨 build(deps): bump go.opentelemetry.io/otel/sdk from 1.38.0 to 1.39.0 (#​9259)
• 🔨 build(deps): bump github.com/cloudevents/sdk-go/v2 from 2.16.1 to 2.16.2 (#​9258)
• 🔨 build(deps): bump k8s.io/client-go from 0.32.8 to 0.32.11 (#​9256)
• 🔨 build(deps): bump google.golang.org/protobuf from 1.36.10 to 1.36.11 (#​9254)
• 🔨 .github/workflows: Add a comment to main for plumbing's shared workflows (#​9248)
• 🔨 build(deps): bump github/codeql-action from 4.31.8 to 4.31.9 (#​9247)
• 🔨 build(deps): bump the all group in /tekton with 2 updates (#​9246)
• 🔨 build(deps): bump go.opentelemetry.io/otel/trace from 1.37.0 to 1.39.0 (#​9245)
• 🔨 build(deps): bump k8s.io/apimachinery from 0.33.3 to 0.33.7 (#​9244)
• 🔨 fix(codegen): Correct JSON tags for streaming lists (#​9240)
• 🔨 Fix golangci-lint action step for large diff (#​9239)
• 🔨 Fix: CI job incorrectly skipped by file change detection (#​9238)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​9236)
• 🔨 build(deps): bump step-security/harden-runner from 2.13.3 to 2.14.0 (#​9235)
• 🔨 build(deps): bump github/codeql-action from 4.31.7 to 4.31.8 (#​9234)
• 🔨 build(deps): bump actions/cache from 4.3.0 to 5.0.1 (#​9233)
• 🔨 build(deps): bump tj-actions/changed-files from abdd2f6 to e002140 (#​9232)
• 🔨 build(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 (#​9231)
• 🔨 Add twoGiants as pipeline maintainers (#​9230)
• 🔨 fix: Add permissions to cherry-pick workflow (#​9225)
• 🔨 Proposal: test: implement parallel/serial test categorization system (#​9224)
• 🔨 github/workflows: use cherry-pick workflows from plumbing (#​9222)
• 🔨 .github/workflows: fixing go-coverage token issues (#​9221)
• 🔨 build(deps): bump the all group across 1 directory with 4 updates (#​9220)
• 🔨 build(deps): bump actions/checkout from 6.0.0 to 6.0.1 (#​9219)
• 🔨 build(deps): bump golangci/golangci-lint-action from 9.1.0 to 9.2.0 (#​9218)
• 🔨 build(deps): bump peter-evans/slash-command-dispatch from 4.0.0 to 5.0.1 (#​9217)
• 🔨 build(deps): bump step-security/harden-runner from 2.13.2 to 2.13.3 (#​9216)
• 🔨 build(deps): bump github/codeql-action from 4.31.6 to 4.31.7 (#​9215)
• 🔨 chore: enhance cherry-pick PR format with original context (#​9214)
• 🔨 Fix commit SHA of github-script action (#​9203)
• 🔨 test: limit examples test parallelism to 2 to prevent timeouts (#​9200)
• 🔨 .github/workflows: use CHATOPS_TOKEN for coverage comments (#​9198)
• 🔨 build(deps): bump actions/github-script from 7.0.1 to 8.0.0 (#​9195)
• 🔨 build(deps): bump github/codeql-action from 4.31.5 to 4.31.6 (#​9194)
• 🔨 .github/workflows: use plumbing workflow for chatops_retest (#​9192)
• 🔨 build(deps): bump github.com/jenkins-x/go-scm from 1.15.4 to 1.15.16 (#​9183)
• 🔨 build(deps): bump google.golang.org/grpc from 1.75.0 to 1.77.0 (#​9177)

Docs

• 📖 chore: fix YAML indentation in release cheat sheet (#​9226)
• 📖 Remove beta note from projected workspaces and csi as they are stable (#​9208)
• 📖 Update releases.md for 1.7 (#​9205)

Thanks

Thanks to these contributors who contributed to v1.9.0!

• ❤️ @​AlanGreene
• ❤️ @​BastiaanN
• ❤️ @​Pangjiping
• ❤️ @​SarthakPandey2002
• ❤️ @​a-ateek
• ❤️ @​ab-ghosh
• ❤️ @​afrittoli
• ❤️ @​anithapriyanatarajan
• ❤️ @​dependabot[bot]
• ❤️ @​infernus01
• ❤️ @​khrm
• ❤️ @​twoGiants
• ❤️ @​vdemeester
• ❤️ @​waveywaves
• ❤️ @​zakisk

Extra shout-out for awesome release notes:

• 😍 @​Pangjiping
• 😍 @​SarthakPandey2002
• 😍 @​a-ateek
• 😍 @​ab-ghosh
• 😍 @​khrm
• 😍 @​twoGiants
• 😍 @​vdemeester
• 😍 @​zakisk

v1.7.0: Tekton Pipeline release v1.7.0 "LaPerm Little Helper"

Compare Source

🎉 Bug fixes, stability improvements and dependency updates 🎉

-Docs @​ v1.7.0
-Examples @​ v1.7.0

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.7.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a0af3ff47db2d68605b227b75af0aa40d87262257e2b9295f35454fe3d050ed38

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a0af3ff47db2d68605b227b75af0aa40d87262257e2b9295f35454fe3d050ed38
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.7.0/release.yaml
REKOR_UUID=108e9186e8c5677a0af3ff47db2d68605b227b75af0aa40d87262257e2b9295f35454fe3d050ed38

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.7.0@​sha256:" + .digest.sha256')

# Download the release file
curl -L "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Fixes

• 🐛 fix: Populate step statuses before TaskRun timeout handling (#​9184)

Fix a race condition on timeout that would result in a TaskRun status without steps statuses.

• 🐛 fix: panic in v1beta1 matrix validation for invalid result refs (#​9135)

Resolved an issue where Pipelines with invalid result references in matrix parameters would cause a panic during validation (v1beta1 API)

• 🐛 Use patch instead of update to replace sidecars with nop image (#​9128)

Fixed race condition causing TaskRuns to fail with 409 conflict error when stopping sidecars.
StopSidecars now uses Patch instead of Update to avoid conflicts with concurrent kubelet pod status updates.

• 🐛 fix: Add missing comma in slash commands workflow (#​9157)
• 🐛 Fix tekton/publish sed for combined-based-image digest replacement (#​9119)
• 🐛 examples: reduce the size of the matrix to reduce flakiness (#​9187)

Misc

• 🔨 Migrate tests images out of dockerhub. (#​9158)
• 🔨 refactor: add clock injection to cache for testing (#​9142)
• 🔨 Remove deprecated // +build directive from most files (#​9118)
• 🔨 build(deps): bump tj-actions/changed-files from 6da3c88 to abdd2f6 (#​9196)
• 🔨 chore(release-pipeline): update references to oci bucket (#​9189)
• 🔨 .github/workflows: fix e2e-matrix-extras (#​9185)
• 🔨 build(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 (#​9181)
• 🔨 build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#​9180)
• 🔨 build(deps): bump golangci/golangci-lint-action from 9.0.0 to 9.1.0 (#​9179)
• 🔨 .github: add a dependabot configuration to monitor .ko.yaml (#​9173)
• 🔨 feat: Add GitHub Actions cherry-pick slash command (#​9172)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​9170)
• 🔨 build(deps): bump actions/dependency-review-action from 4.8.1 to 4.8.2 (#​9169)
• 🔨 build(deps): bump actions/setup-go from 6.0.0 to 6.1.0 (#​9168)
• 🔨 build(deps): bump tj-actions/changed-files from 7006987 to 6da3c88 (#​9167)
• 🔨 build(deps): bump chainguard-dev/actions from 1.5.3 to 1.5.10 (#​9166)
• 🔨 build(deps): bump github/codeql-action from 4.31.0 to 4.31.5 (#​9165)
• 🔨 Fix commit SHA of actions/github-script in e2e-extras workflow (#​9161)
• 🔨 Fix the e2e-extras slash command (#​9160)
• 🔨 examples: make sure we use the same image for sidecar and step (#​9139)
• 🔨 fix(ci): correct grep patterns in detect job (#​9137)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​9134)
• 🔨 build(deps): bump chainguard-dev/actions from 1.5.7 to 1.5.8 (#​9133)
• 🔨 build(deps): bump tj-actions/changed-files from 0ff001d to 7006987 (#​9132)
• 🔨 build(deps): bump step-security/harden-runner from 2.13.1 to 2.13.2 (#​9131)
• 🔨 build(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 (#​9130)
• 🔨 fix: label checker action reference (#​9129)
• 🔨 Update releases.md after 1.6.0 release (#​9127)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​9124)
• 🔨 build(deps): bump tj-actions/changed-files from dbf178c to 0ff001d (#​9122)
• 🔨 feat: upload release manifests to oracle cloud (#​9121)
• 🔨 test: reduce the number of examples tests running in parallel (#​9114)
• 🔨 Run less e2e matrix by default (#​9109)
• 🔨 ci: skip running builds and tests if no code changed (#​8768)
• 🔨 fix: update tekton setup action (#​9126)
• 🔨 build(deps): bump github.com/docker/docker from 26.1.5+incompatible to 28.0.0+incompatible in /test/resolver-with-timeout (#​9182)

Thanks

Thanks to these contributors who contributed to v1.7.0!

• ❤️ @​AlanGreene
• ❤️ @​aThorp96
• ❤️ [@​anithapriyanatarajan](https://redirect.github.com/anithap

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: acceptance/go.sum

Command failed: go get -t ./...
go: gopkg.in/go-jose/[email protected]: parsing go.mod:
	module declares its path as: github.com/go-jose/go-jose/v4
	        but was required as: gopkg.in/go-jose/go-jose.v4

File name: tools/go.sum

Command failed: go get -t ./...
go: module helm.sh/helm/[email protected] requires go >= 1.25.0; switching to go1.25.6
go: github.com/conforma/cli/tools imports
	github.com/golangci/golangci-lint/cmd/golangci-lint imports
	github.com/golangci/golangci-lint/pkg/commands imports
	github.com/golangci/golangci-lint/pkg/lint/lintersdb imports
	github.com/golangci/golangci-lint/pkg/golinters imports
	github.com/golangci/gofmt/goimports: cannot find module providing package github.com/golangci/gofmt/goimports
go: github.com/conforma/cli/tools imports
	github.com/golangci/golangci-lint/cmd/golangci-lint imports
	github.com/golangci/golangci-lint/pkg/commands imports
	github.com/golangci/golangci-lint/pkg/lint/lintersdb imports
	github.com/golangci/golangci-lint/pkg/golinters imports
	github.com/nunnatsa/ginkgolinter/types: cannot find module providing package github.com/nunnatsa/ginkgolinter/types

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

Flag	Coverage Δ
generative	69.55% <ø> (ø)
integration	69.55% <ø> (ø)
unit	69.55% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[renovate]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.