Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Pin k8s.io dependencies to v0.20.7 #567

Merged
merged 1 commit into from
Aug 24, 2021

Conversation

priyawadhwa
Copy link
Contributor

Tekton Chains depends on knative, which is pinned to v0.20.7. Unfortunately, Chains can't depend on both knative and cosign unless either knative upgrades or cosign is pinned to v0.20.7.

If we don't want to downgrade, we can discuss other options in this issue I opened in knative: knative/pkg#2232

Signed-off-by: Priya Wadhwa [email protected]

Chains depends on knative, which is pineed to v0.20.7. Without this, Chains can't depend on both knative and cosign @ HEAD.

Signed-off-by: Priya Wadhwa <[email protected]>
@dlorenc
Copy link
Member

dlorenc commented Aug 24, 2021

Will this make dependabot not send updates?

@priyawadhwa
Copy link
Contributor Author

Looks like there's a PR open for that (dependabot/dependabot-core#4140), but for now it probably will send updates :(

@priyawadhwa priyawadhwa merged commit 7b08e21 into sigstore:main Aug 24, 2021
@priyawadhwa priyawadhwa deleted the dependency branch August 24, 2021 19:17
@cpanato cpanato added this to the v1.1.0 milestone Aug 25, 2021
@jerbob92
Copy link

Looks like there's a PR open for that (dependabot/dependabot-core#4140), but for now it probably will send updates :(

PR has been merged :) Release should be on its way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants