Skip to content

[cherry-pick: release-v0.71.x] bump fulcio and cosign to fix cve CVE-2025-66506 #3158

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
tekton-robot wants to merge 1 commit into
base: release-v0.71.x
Choose a base branch
from
Open

[cherry-pick: release-v0.71.x] bump fulcio and cosign to fix cve CVE-2025-66506 #3158

tekton-robot wants to merge 1 commit into from
+3 −0

Conversation

@tekton-robot
Copy link
Contributor

@tekton-robot tekton-robot commented Jan 13, 2026

This is a cherry-pick of #3146

Changes

fixes cve CVE-2025-66506

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

See the contribution guide for more details.

Release Notes

NONE

@tekton-robot tekton-robot added the release-note-none Denotes a PR that doesnt merit a release note. label Jan 13, 2026
@tekton-robot
Copy link
Contributor Author

tekton-robot commented Jan 13, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign jkandasa after the PR has been reviewed.
You can assign the PR to them by writing /assign @jkandasa in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jan 13, 2026
@anithapriyanatarajan
Copy link
Contributor

anithapriyanatarajan commented Jan 13, 2026

/hold

@tekton-robot tekton-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 13, 2026
@anithapriyanatarajan
Copy link
Contributor

anithapriyanatarajan commented Jan 13, 2026

The cherry-pick does not include all files. @jkhelil - Do we need this in 0.71.x?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@piyush-garg piyush-garg Awaiting requested review from piyush-garg

@PuneetPunamiya PuneetPunamiya Awaiting requested review from PuneetPunamiya

Assignees

No one assigned

Labels

do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. release-note-none Denotes a PR that doesnt merit a release note. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tekton-robot @anithapriyanatarajan @jkhelil