Dependency Dashboard

[renovate]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Config Migration Needed

• Select this checkbox to let Renovate create an automated Config Migration PR.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• Update quay.io/konflux-ci/tekton-catalog/task-buildah Docker tag to v0.3

Detected dependencies

dockerfile

Containerfile

• registry.access.redhat.com/ubi9/ubi-micro latest@sha256:a434c4babbc08a8d0a7f227154b46f0df0a4b701af0796716cb5305807b2b2b3

github-actions

.github/workflows/auto-merge.yaml

.github/workflows/release.yaml

• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• sigstore/cosign-installer v3.8.0@c56c2d3e59e4281cc41dea2217323ba5694b171e
• anchore/sbom-action v0.18.0@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0
• redhat-actions/podman-login v1@4934294ad0449894bcd1e9f191899d7292469603
• redhat-actions/buildah-build v2@7a95fa7ee0f02d552a32753e7414641a04307056
• redhat-actions/push-to-registry v2@5ed88d269cf581ea9ef6dd6806d01562096bee9c
• slsa-framework/slsa-github-generator v2.0.0
• enterprise-contract/action-validate-image v1.0.360

.github/workflows/scorecards.yml

• step-security/harden-runner v2.10.4@cb605e52c26070c328afc4562f0b4ada7618a84e
• actions/checkout v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683
• ossf/scorecard-action v2.4.0@62b2cac7ed8198b15735ed49ab1e5cf35480ba46
• actions/upload-artifact v4.6.0@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08
• github/codeql-action v3.28.8@dd746615b3b9d728a6a37ca2045b68ca76d4841a

tekton

.tekton/build-pipeline.yaml

• quay.io/konflux-ci/tekton-catalog/task-init 0.2@sha256:4c6712db9419461b8c8a39523c012cb0dc061fb58563bb9170b3777d74f54659
• quay.io/konflux-ci/tekton-catalog/task-git-clone 0.1@sha256:d091a9e19567a4cbdc5acd57903c71ba71dc51d749a4ba7477e689608851e981
• quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies 0.1@sha256:29bbe92528ed10c9f36f5565c2cca5837806fe7a0e2cde31b73098384ce69aae
• quay.io/konflux-ci/tekton-catalog/task-buildah 0.2@sha256:824acb0a077b6b353a495d2a2153a3f4cbd8ead892ca7e876a95b6f1d5404a98
• quay.io/konflux-ci/tekton-catalog/task-buildah-remote 0.3@sha256:2597eafd865bf7010091d568ca50c2bb09ae63d43818f8ea0f87cdbcabad47c9
• quay.io/konflux-ci/tekton-catalog/task-build-image-manifest 0.1@sha256:83b1298888f108a03e78b98a4b115bc156e17e5741754f3fae63e9cacb1dc3a4
• quay.io/konflux-ci/tekton-catalog/task-source-build 0.1@sha256:9d8f146d0474440165db38a3efdf55da73856de332ebf8d598197f92156ee44e
• quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check 0.4@sha256:241f87f75a6e4303fbd64b32ba1715d76fe3805c48a6c21829e6a564bcc3a576
• quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan 0.2@sha256:3bf6d1bcd57af1095b06b4c489f965551364b1f1f72a807de9cab3c23142dca5
• quay.io/konflux-ci/tekton-catalog/task-clair-scan 0.2@sha256:f636f2cbe91d9d4d9685a38c8bc680a36e17f568ec0e60a93da82d1284b488c5
• quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check 0.3@sha256:30cc34ccf6ca34e7f0951fd508fe4436d07388e7244baab77baf4ef9bdcefff4
• quay.io/konflux-ci/tekton-catalog/task-clamav-scan 0.2@sha256:0db068e8a59612472a2483f5113893d0c5c9102e9ad7647d9a4789360e5bc2dc
• quay.io/konflux-ci/tekton-catalog/task-verify-signed-rpms 0.1@sha256:f20cb69f1bc97daaac31ea6ee5efd0fccbeb5ed5dc3575512478fea74bd16376
• quay.io/konflux-ci/tekton-catalog/task-show-sbom 0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0
• quay.io/konflux-ci/tekton-catalog/task-summary 0.2@sha256:870d9a04d9784840a90b7bf6817cd0d0c4edfcda04b1ba1868cae625a3c3bfcc

.tekton/golden-container-pull-request.yaml

.tekton/golden-container-push.yaml

---

• Check this box to trigger a request for Renovate to run again on this repository

[lcarva]

Jobs can be seen here: https://developer.mend.io/github/enterprise-contract/golden-container