v0.42.2

v0.42.2 Release 🎉

This patch release addresses the following CVEs: CVE-2026-33186, CVE-2026-33810, CVE-2025-61729 and CVE-2025-61726.

Changelog

• 1e1782f New version v0.42.2

Full Changelog: v0.42.1...v0.42.2

v0.37.6

v0.37.6 Release 🎉

This patch release addresses CVE-2026-25679

Changelog

• 0be7186 New version v0.37.6

Full Changelog: v0.37.5...v0.37.6

v0.37.5

v0.37.5 Release 🎉

This patch release addresses the following CVEs: CVE-2026-34986 and CVE-2026-33186.

Changelog

• 40a7331 New version v0.37.5

Full Changelog: v0.37.4...v0.37.5

v0.44.1

v0.44.1 Release 🎉

This patch release addresses the following CVEs: CVE-2026-34986, CVE-2026-33211, and CVE-2026-33186.

Changelog

• feb2d5a New version v0.44.1

Full Changelog: v0.44.0...v0.44.1

v0.37.4

v0.37.4 Release 🎉

This patch release addresses CVE-2025-61726.

Changelog

• e2c95ec New version v0.37.4

Full Changelog: v0.37.3...v0.37.4

v0.43.1

v0.43.1 Release 🎉

This patch release addresses CVE-2025-66506 and fixes the "failed to watch: context canceled" error encountered during log streaming.

Changelog

• 9374f62 New version v0.43.1

Full Changelog: v0.43.0...v0.43.1

v0.44.0

v0.44.0 Release 🎉

This release introduces support for Pipelines v1.9.1, Triggers v0.35.0, and Chains v0.26.2, along with dependency updates to fix multiple critical CVEs.

Changelog 📋

• 2e0e403 New version v0.44.0

What's Changed

• Bump golangci/golangci-lint-action from 9.0.0 to 9.1.0 by @dependabot[bot] in #2661
• Bump actions/setup-go from 6.0.0 to 6.1.0 by @dependabot[bot] in #2662
• Bump chainguard-dev/actions from 1.5.9 to 1.5.10 by @dependabot[bot] in #2663
• Bump github/codeql-action from 4.31.3 to 4.31.5 by @dependabot[bot] in #2664
• Update README and choco with latest release by @pratap0007 in #2666
• Bump github.com/docker/cli from 29.0.2+incompatible to 29.0.3+incompatible in the go-docker-dependencies group by @dependabot[bot] in #2665
• Bump actions/checkout from 5.0.0 to 6.0.0 by @dependabot[bot] in #2660
• Bump github.com/tektoncd/hub from 1.23.1 to 1.23.2 by @dependabot[bot] in #2659
• Bump github.com/golangci/golangci-lint/v2 from 2.6.2 to 2.7.0 in /tools by @dependabot[bot] in #2671
• Bump go.uber.org/zap from 1.27.0 to 1.27.1 by @dependabot[bot] in #2657
• Bump github.com/golangci/golangci-lint/v2 from 2.7.0 to 2.7.2 in /tools by @dependabot[bot] in #2676
• Bump step-security/harden-runner from 2.13.2 to 2.13.3 by @dependabot[bot] in #2677
• Bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in #2679
• Bump github.com/spf13/cobra from 1.10.1 to 1.10.2 by @dependabot[bot] in #2673
• Bump github.com/docker/cli from 29.0.4+incompatible to 29.1.1+incompatible in the go-docker-dependencies group by @dependabot[bot] in #2668
• Bump github.com/tektoncd/hub from 1.23.2 to 1.23.4 by @dependabot[bot] in #2672
• Bump actions/upload-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in #2684
• Bump step-security/harden-runner from 2.13.3 to 2.14.0 by @dependabot[bot] in #2685
• Bump github/codeql-action from 4.31.5 to 4.31.8 by @dependabot[bot] in #2683
• Bump golangci/golangci-lint-action from 9.1.0 to 9.2.0 by @dependabot[bot] in #2680
• Bump the go-k8s-dependencies group with 3 updates by @dependabot[bot] in #2687
• Bump github/codeql-action from 4.31.8 to 4.31.9 by @dependabot[bot] in #2690
• Bump github.com/docker/cli from 29.1.2+incompatible to 29.1.3+incompatible in the go-docker-dependencies group by @dependabot[bot] in #2686
• Bump golang.org/x/term from 0.37.0 to 0.38.0 by @dependabot[bot] in #2689
• Bump github.com/golangci/golangci-lint/v2 from 2.7.2 to 2.8.0 in /tools by @dependabot[bot] in #2694
• Bump github.com/tektoncd/hub from 1.23.4 to 1.23.6 by @dependabot[bot] in #2692
• Bump github.com/tektoncd/pipeline from 1.6.0 to 1.7.0 by @dependabot[bot] in #2693
• Fix fialed to watch context canceled error when streaming logs by @pratap0007 in #2681
• Bump github/codeql-action from 4.31.9 to 4.31.10 by @dependabot[bot] in #2697
• Bump chainguard-dev/actions from 1.5.10 to 1.5.12 by @dependabot[bot] in #2702
• Bump actions/setup-go from 6.1.0 to 6.2.0 by @dependabot[bot] in #2703
• Bump actions/checkout from 6.0.1 to 6.0.2 by @dependabot[bot] in #2707
• Bump github/codeql-action from 4.31.10 to 4.31.11 by @dependabot[bot] in #2708
• Bump chainguard-dev/actions from 1.5.12 to 1.5.13 by @dependabot[bot] in #2709
• Bump step-security/harden-runner from 2.14.0 to 2.14.1 by @dependabot[bot] in #2710
• Bump chainguard-dev/actions from 1.5.13 to 1.5.14 by @dependabot[bot] in #2714
• Bump github.com/sigstore/cosign/v2 from 2.6.1 to 2.6.2 by @pratap0007 in #2715
• Bump github.com/docker/cli from 29.1.3+incompatible to 29.1.4+incompatible in the go-docker-dependencies group by @dependabot[bot] in #2696
• Bump github.com/sigstore/sigstore from 1.9.6-0.20250729224751-181c5d3339b3 to 1.10.4 by @dependabot[bot] in #2706
• Bump github.com/sigstore/rekor from 1.4.2 to 1.5.0 by @dependabot[bot] in #2705
• Bump github.com/sigstore/fulcio from 1.7.1 to 1.8.5 by @dependabot[bot] in #2700
• Bump github.com/theupdateframework/go-tuf/v2 from 2.2.0 to 2.4.1 by @dependabot[bot] in #2711
• Bump github.com/tektoncd/pipeline from 1.7.0 to 1.9.0 by @dependabot[bot] in #2720
• Bump golang.org/x/term from 0.38.0 to 0.39.0 by @dependabot[bot] in #2721
• Bump github.com/tektoncd/chains from 0.26.0 to 0.26.2 by @dependabot[bot] in #2722
• Update goreleaser version to v2.13.3 by @pratap0007 in #2726
• Bump github/codeql-action from 4.31.11 to 4.32.2 by @dependabot[bot] in #2724
• Bump step-security/harden-runner from 2.14.1 to 2.14.2 by @dependabot[bot] in #2723
• Bump chainguard-dev/actions from 1.5.14 to 1.5.16 by @dependabot[bot] in #2725
• Bump golang.org/x/term from 0.39.0 to 0.40.0 by @dependabot[bot] in #2727
• Bump github/codeql-action from 4.32.2 to 4.32.3 by @dependabot[bot] in #2731
• Bump chainguard-dev/actions from 1.5.16 to 1.6.1 by @dependabot[bot] in #2732
• fix: update the release script to fetch tasks from artifacthub by @pratap0007 in #2719
• Bump github.com/golangci/golangci-lint/v2 from 2.8.0 to 2.10.0 in /tools by @dependabot[bot] in #2733
• Bump the go-k8s-dependencies group with 3 updates by @dependabot[bot] in #2729
• Bump github.com/golangci/golangci-lint/v2 from 2.10.0 to 2.10.1 in /tools by @dependabot[bot] in #2735
• Bump github.com/tektoncd/triggers from 0.34.0 to 0.35.0 by @dependabot[bot] in #2730
• Bump github.com/tektoncd/pipeline from 1.9.0 to 1.9.1 by @dependabot[bot] in #2737
• Bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 by @dependabot[bot] in #2736
• Bump github.com/google/go-containerregistry from 0.20.7 to 0.21.0 by @dependabot[bot] in #2738
• Makefile: fix lint-go with workflow version and project Go toolchain by @pratap0007 in #2734
• Switch hub dependency org to openshift-pipelines by @pratap0007 in #2739

Full Changelog: v0.43.0...v0.44.0

v0.37.3

v0.37.3 Release 🎉

This patch release fixes CVEs CVE-2025-66506, CVE-2025-12044, CVE-2025-11621 and CVE-2025-66564.

Changelog

• 085896b New version v0.37.3

Full Changelog: v0.37.2...v0.37.3

v0.42.1

v0.42.1 Release 🎉

This patch release fixes CVEs CVE-2025-47913, CVE-2025-66564, CVE-2025-66506, CVE-2025-12044 and CVE-2025-11621.

Changelog

• e3c8b70 New version v0.42.1

Full Changelog: v0.42.0...v0.42.1

v0.37.2

v0.37.2 Release 🎉

This patch release fixes CVEs GO-2025-3488, GO-2025-3553, GO-2025-3487, and GO-2024-2887.

Changelog

• 9df524b New version v0.37.2

Full Changelog: v0.37.1...v0.37.2