v0.37.6

v0.37.6 Release 🎉

This patch release addresses CVE-2026-25679

Changelog

• 0be7186 New version v0.37.6

Full Changelog: v0.37.5...v0.37.6

v0.37.5

v0.37.5 Release 🎉

This patch release addresses the following CVEs: CVE-2026-34986 and CVE-2026-33186.

Changelog

• 40a7331 New version v0.37.5

Full Changelog: v0.37.4...v0.37.5

v0.44.1

v0.44.1 Release 🎉

This patch release addresses the following CVEs: CVE-2026-34986, CVE-2026-33211, and CVE-2026-33186.

Changelog

• feb2d5a New version v0.44.1

Full Changelog: v0.44.0...v0.44.1

v0.37.4

v0.37.4 Release 🎉

This patch release addresses CVE-2025-61726.

Changelog

• e2c95ec New version v0.37.4

Full Changelog: v0.37.3...v0.37.4

v0.43.1

v0.43.1 Release 🎉

This patch release addresses CVE-2025-66506 and fixes the "failed to watch: context canceled" error encountered during log streaming.

Changelog

• 9374f62 New version v0.43.1

Full Changelog: v0.43.0...v0.43.1

v0.44.0

v0.44.0 Release 🎉

This release introduces support for Pipelines v1.9.1, Triggers v0.35.0, and Chains v0.26.2, along with dependency updates to fix multiple critical CVEs.

Changelog 📋

• 2e0e403 New version v0.44.0

What's Changed

• Bump golangci/golangci-lint-action from 9.0.0 to 9.1.0 by @dependabot[bot] in #2661
• Bump actions/setup-go from 6.0.0 to 6.1.0 by @dependabot[bot] in #2662
• Bump chainguard-dev/actions from 1.5.9 to 1.5.10 by @dependabot[bot] in #2663
• Bump github/codeql-action from 4.31.3 to 4.31.5 by @dependabot[bot] in #2664
• Update README and choco with latest release by @pratap0007 in #2666
• Bump github.com/docker/cli from 29.0.2+incompatible to 29.0.3+incompatible in the go-docker-dependencies group by @dependabot[bot] in #2665
• Bump actions/checkout from 5.0.0 to 6.0.0 by @dependabot[bot] in #2660
• Bump github.com/tektoncd/hub from 1.23.1 to 1.23.2 by @dependabot[bot] in #2659
• Bump github.com/golangci/golangci-lint/v2 from 2.6.2 to 2.7.0 in /tools by @dependabot[bot] in #2671
• Bump go.uber.org/zap from 1.27.0 to 1.27.1 by @dependabot[bot] in #2657
• Bump github.com/golangci/golangci-lint/v2 from 2.7.0 to 2.7.2 in /tools by @dependabot[bot] in #2676
• Bump step-security/harden-runner from 2.13.2 to 2.13.3 by @dependabot[bot] in #2677
• Bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in #2679
• Bump github.com/spf13/cobra from 1.10.1 to 1.10.2 by @dependabot[bot] in #2673
• Bump github.com/docker/cli from 29.0.4+incompatible to 29.1.1+incompatible in the go-docker-dependencies group by @dependabot[bot] in #2668
• Bump github.com/tektoncd/hub from 1.23.2 to 1.23.4 by @dependabot[bot] in #2672
• Bump actions/upload-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in #2684
• Bump step-security/harden-runner from 2.13.3 to 2.14.0 by @dependabot[bot] in #2685
• Bump github/codeql-action from 4.31.5 to 4.31.8 by @dependabot[bot] in #2683
• Bump golangci/golangci-lint-action from 9.1.0 to 9.2.0 by @dependabot[bot] in #2680
• Bump the go-k8s-dependencies group with 3 updates by @dependabot[bot] in #2687
• Bump github/codeql-action from 4.31.8 to 4.31.9 by @dependabot[bot] in #2690
• Bump github.com/docker/cli from 29.1.2+incompatible to 29.1.3+incompatible in the go-docker-dependencies group by @dependabot[bot] in #2686
• Bump golang.org/x/term from 0.37.0 to 0.38.0 by @dependabot[bot] in #2689
• Bump github.com/golangci/golangci-lint/v2 from 2.7.2 to 2.8.0 in /tools by @dependabot[bot] in #2694
• Bump github.com/tektoncd/hub from 1.23.4 to 1.23.6 by @dependabot[bot] in #2692
• Bump github.com/tektoncd/pipeline from 1.6.0 to 1.7.0 by @dependabot[bot] in #2693
• Fix fialed to watch context canceled error when streaming logs by @pratap0007 in #2681
• Bump github/codeql-action from 4.31.9 to 4.31.10 by @dependabot[bot] in #2697
• Bump chainguard-dev/actions from 1.5.10 to 1.5.12 by @dependabot[bot] in #2702
• Bump actions/setup-go from 6.1.0 to 6.2.0 by @dependabot[bot] in #2703
• Bump actions/checkout from 6.0.1 to 6.0.2 by @dependabot[bot] in #2707
• Bump github/codeql-action from 4.31.10 to 4.31.11 by @dependabot[bot] in #2708
• Bump chainguard-dev/actions from 1.5.12 to 1.5.13 by @dependabot[bot] in #2709
• Bump step-security/harden-runner from 2.14.0 to 2.14.1 by @dependabot[bot] in #2710
• Bump chainguard-dev/actions from 1.5.13 to 1.5.14 by @dependabot[bot] in #2714
• Bump github.com/sigstore/cosign/v2 from 2.6.1 to 2.6.2 by @pratap0007 in #2715
• Bump github.com/docker/cli from 29.1.3+incompatible to 29.1.4+incompatible in the go-docker-dependencies group by @dependabot[bot] in #2696
• Bump github.com/sigstore/sigstore from 1.9.6-0.20250729224751-181c5d3339b3 to 1.10.4 by @dependabot[bot] in #2706
• Bump github.com/sigstore/rekor from 1.4.2 to 1.5.0 by @dependabot[bot] in #2705
• Bump github.com/sigstore/fulcio from 1.7.1 to 1.8.5 by @dependabot[bot] in #2700
• Bump github.com/theupdateframework/go-tuf/v2 from 2.2.0 to 2.4.1 by @dependabot[bot] in #2711
• Bump github.com/tektoncd/pipeline from 1.7.0 to 1.9.0 by @dependabot[bot] in #2720
• Bump golang.org/x/term from 0.38.0 to 0.39.0 by @dependabot[bot] in #2721
• Bump github.com/tektoncd/chains from 0.26.0 to 0.26.2 by @dependabot[bot] in #2722
• Update goreleaser version to v2.13.3 by @pratap0007 in #2726
• Bump github/codeql-action from 4.31.11 to 4.32.2 by @dependabot[bot] in #2724
• Bump step-security/harden-runner from 2.14.1 to 2.14.2 by @dependabot[bot] in #2723
• Bump chainguard-dev/actions from 1.5.14 to 1.5.16 by @dependabot[bot] in #2725
• Bump golang.org/x/term from 0.39.0 to 0.40.0 by @dependabot[bot] in #2727
• Bump github/codeql-action from 4.32.2 to 4.32.3 by @dependabot[bot] in #2731
• Bump chainguard-dev/actions from 1.5.16 to 1.6.1 by @dependabot[bot] in #2732
• fix: update the release script to fetch tasks from artifacthub by @pratap0007 in #2719
• Bump github.com/golangci/golangci-lint/v2 from 2.8.0 to 2.10.0 in /tools by @dependabot[bot] in #2733
• Bump the go-k8s-dependencies group with 3 updates by @dependabot[bot] in #2729
• Bump github.com/golangci/golangci-lint/v2 from 2.10.0 to 2.10.1 in /tools by @dependabot[bot] in #2735
• Bump github.com/tektoncd/triggers from 0.34.0 to 0.35.0 by @dependabot[bot] in #2730
• Bump github.com/tektoncd/pipeline from 1.9.0 to 1.9.1 by @dependabot[bot] in #2737
• Bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 by @dependabot[bot] in #2736
• Bump github.com/google/go-containerregistry from 0.20.7 to 0.21.0 by @dependabot[bot] in #2738
• Makefile: fix lint-go with workflow version and project Go toolchain by @pratap0007 in #2734
• Switch hub dependency org to openshift-pipelines by @pratap0007 in #2739

Full Changelog: v0.43.0...v0.44.0

v0.37.3

v0.37.3 Release 🎉

This patch release fixes CVEs CVE-2025-66506, CVE-2025-12044, CVE-2025-11621 and CVE-2025-66564.

Changelog

• 085896b New version v0.37.3

Full Changelog: v0.37.2...v0.37.3

v0.42.1

v0.42.1 Release 🎉

This patch release fixes CVEs CVE-2025-47913, CVE-2025-66564, CVE-2025-66506, CVE-2025-12044 and CVE-2025-11621.

Changelog

• e3c8b70 New version v0.42.1

Full Changelog: v0.42.0...v0.42.1

v0.37.2

v0.37.2 Release 🎉

This patch release fixes CVEs GO-2025-3488, GO-2025-3553, GO-2025-3487, and GO-2024-2887.

Changelog

• 9df524b New version v0.37.2

Full Changelog: v0.37.1...v0.37.2

v0.43.0

v0.43.0 Release 🎉

This release adds support for Pipelines v1.6.0, Triggers v0.34.0, and Chains v0.26.0. It introduces the new --resolvertype flag in tkn p start --last command to rerun resolver-based PipelineRuns, fixes command usage text and lint errors, optimizes cross-compilation to reduce disk usage in CI, and updates various dependencies.

Changelog📋

• f622481 New version v0.43.0

Features ✨

• Add --resolvertype flag to rerun a resolver based pipelinerun by @pratap0007 in #2615

Fixes 🐛

• Fix pronoun in command usage text by @st3penta in #2617
• Fix lint errors by @pratap0007 in #2656

Misc 🔨

• Add Shiv (pratap0007) as a maintainer by @vdemeester in #2591

• Update README and choco with latest release by @vinamra28 in #2602

• Bump github/codeql-action from 3.29.10 to 3.30.0 by @dependabot[bot] in #2603

• Bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 by @dependabot[bot] in #2599

• Bump actions/setup-go from 5.5.0 to 6.0.0 by @dependabot[bot] in #2609

• Bump github/codeql-action from 3.30.0 to 3.30.3 by @dependabot[bot] in #2612

• Bump step-security/harden-runner from 2.13.0 to 2.13.1 by @dependabot[bot] in #2613

• fix: optimize cross-compilation to prevent disk space exhaustion by @pratap0007 in #2621

• Bump github.com/spf13/pflag from 1.0.7 to 1.0.10 by @dependabot[bot] in #2606

• Bump github/codeql-action from 3.30.3 to 4.30.8 by @dependabot[bot] in #2622

• Bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 in /tools by @dependabot[bot] in #2597

• Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 by @dependabot[bot] in #2605

• Bump github.com/golangci/golangci-lint/v2 from 2.1.6 to 2.5.0 in /tools by @dependabot[bot] in #2614

• Bump github.com/tektoncd/pipeline from 1.3.1 to 1.5.0 by @dependabot[bot] in #2618

• Bump the go-k8s-dependencies group with 3 updates by @dependabot[bot] in #2623

• Bump github.com/tektoncd/hub from 1.22.2 to 1.22.4 by @dependabot[bot] in #2611

• Bump golang.org/x/term from 0.34.0 to 0.36.0 by @dependabot[bot] in #2624

• Bump github/codeql-action from 4.30.8 to 4.30.9 by @dependabot[bot] in #2628

• Bump the go-docker-dependencies group with 2 updates by @dependabot[bot] in #2607

• Bump github.com/in-toto/go-witness from 0.8.1 to 0.9.1 by @dependabot[bot] in #2627

• Pin actions by commit SHA by @AlanGreene in #2620

• Bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in #2629

• Bump github/codeql-action from 4.30.9 to 4.31.0 by @dependabot[bot] in #2630

• Bump chainguard-dev/actions from 1.5.3 to 1.5.7 by @dependabot[bot] in #2631

• Bump github.com/golangci/golangci-lint/v2 from 2.5.0 to 2.6.0 in /tools by @dependabot[bot] in #2632

• Bump github.com/tektoncd/pipeline from 1.5.0 to 1.6.0 by @dependabot[bot] in #2633

• Bump github/codeql-action from 4.31.0 to 4.31.2 by @dependabot[bot] in #2634

• Bump github.com/golangci/golangci-lint/v2 from 2.6.0 to 2.6.1 in /tools by @dependabot[bot] in #2636

• Bump github.com/tektoncd/hub from 1.22.4 to 1.22.5 by @dependabot[bot] in #2635

• Bump github.com/tektoncd/hub from 1.22.5 to 1.23.0 by @dependabot[bot] in #2638

• Bump github.com/tektoncd/triggers from 0.33.0 to 0.34.0 by @dependabot[bot] in #2641

• Bump step-security/harden-runner from 2.13.1 to 2.13.2 by @dependabot[bot] in #2643

• Bump chainguard-dev/actions from 1.5.7 to 1.5.8 by @dependabot[bot] in #2642

• Bump golangci/golangci-lint-action from 8.0.0 to 9.0.0 by @dependabot[bot] in #2644

• Bump the go-docker-dependencies group with 2 updates by @dependabot[bot] in #2639

• Bump golang.org/x/term from 0.36.0 to 0.37.0 by @dependabot[bot] in #2645

• Bump github.com/golangci/golangci-lint/v2 from 2.6.1 to 2.6.2 in /tools by @dependabot[bot] in #2647

• Bump the go-k8s-dependencies group with 3 updates by @dependabot[bot] in #2646

• Bump github/codeql-action from 4.31.2 to 4.31.3 by @dependabot[bot] in #2650

• Bump chainguard-dev/actions from 1.5.8 to 1.5.9 by @dependabot[bot] in #2651

• Bump github.com/docker/cli from 29.0.0+incompatible to 29.0.1+incompatible in the go-docker-dependencies group by @dependabot[bot] in #2649

• Bump github.com/tektoncd/chains from 0.25.1 to 0.26.0 and fix tests by @pratap0007 in #2640

• Bump github.com/sigstore/cosign/v2 from 2.6.0 to 2.6.1 by @dependabot[bot] in #2625

• Bump github.com/docker/cli from 29.0.1+incompatible to 29.0.2+incompatible in the go-docker-dependencies group by @dependabot[bot] in #2652

• Bump github.com/tektoncd/hub from 1.23.0 to 1.23.1 by @dependabot[bot] in #2654

• Bump the go-k8s-dependencies group with 3 updates by @dependabot[bot] in #2653

• Bump golang.org/x/crypto from 0.43.0 to 0.45.0 by @dependabot[bot] in #2655

Thanks ❤️

• @st3penta
• @AlanGreene
• @pratap0007
• @vinamra28
• @vdemeester

Full Changelog: v0.42.0...v0.43.0