Bump github.com/sigstore/fulcio from 1.7.1 to 1.8.5 by dependabot[bot] · Pull Request #2700

Bump github.com/sigstore/fulcio from 1.7.1 to 1.8.5 by dependabot[bot] · Pull Request #2700 · tektoncd/cli

bot added dependencies

Used by dependabot - identifies all PRs created by dependabot

kind/misc

Categorizes issue or PR as a miscellaneuous one.

ok-to-test

Indicates a non-member PR verified by an org member that is safe to test.

release-note-none

Denotes a PR that doesnt merit a release note.

labels

Jan 13, 2026

tekton-robot added the approved

Indicates a PR has been approved by an approver from all required OWNERS files.

label

Feb 5, 2026

tekton-robot added needs-rebase

Indicates a PR cannot be merged because it has merge conflicts with HEAD.

and removed lgtm

Indicates that a PR is ready to be merged.

labels

Feb 5, 2026

This release fixes GHSA-59jp-pj84-45mr - Server-side request forgery
via MetaIssuer regex bypass.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

tekton-robot added size/M

Denotes a PR that changes 30-99 lines, ignoring generated files.

and removed needs-rebase

Indicates a PR cannot be merged because it has merge conflicts with HEAD.

size/XXL

Denotes a PR that changes 1000+ lines, ignoring generated files.

labels

Feb 5, 2026

dependabot bot deleted the dependabot/go_modules/github.com/sigstore/fulcio-1.8.5 branch

February 5, 2026 10:51