Skip to content

chore(deps): bump sigstore/scaffolding from 039e0ece31c5fc9fe0466d2f7b289ed643b88fdb to fb8d1817d2571303daf88f49d3a23daeb7474e84#1716

Open
dependabot[bot] wants to merge 1 commit into
release-v0.20.xfrom
dependabot/github_actions/release-v0.20.x/sigstore/scaffolding-fb8d1817d2571303daf88f49d3a23daeb7474e84
Open

chore(deps): bump sigstore/scaffolding from 039e0ece31c5fc9fe0466d2f7b289ed643b88fdb to fb8d1817d2571303daf88f49d3a23daeb7474e84#1716
dependabot[bot] wants to merge 1 commit into
release-v0.20.xfrom
dependabot/github_actions/release-v0.20.x/sigstore/scaffolding-fb8d1817d2571303daf88f49d3a23daeb7474e84

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor

Bumps sigstore/scaffolding from 039e0ece31c5fc9fe0466d2f7b289ed643b88fdb to fb8d1817d2571303daf88f49d3a23daeb7474e84.

Changelog

Sourced from sigstore/scaffolding's changelog.

Scaffolding Release Process

Prerequisites

You should be part of the scaffolding-codeowners or sigstore-oncall groups, which are defined within the community repo.

Steps

Sync tags

Ensure that sure your local branch is up-to-date from the upstream:

git pull upstream main --tags

Pick a new version number

The scaffolding repo uses semver. Your first step is to determine the latest tag used.

List the latest tags in date order:

git tag | tail

Example output:

...
v0.0.0
v0.1.0

Show a list of changes since the latest version (v0.1.0):

git log v0.1.0..

If the commits include a new feature or breaking change, bump the minor version. If it only includes bug fixes, bump the patch version.

Tagging

Once you have a version number in mind, tag it locally:

git tag -a v0.2.0 -m v0.2.0

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump sigstore/scaffolding
a6b2260 
Bumps [sigstore/scaffolding](https://github.com/sigstore/scaffolding) from 039e0ece31c5fc9fe0466d2f7b289ed643b88fdb to fb8d1817d2571303daf88f49d3a23daeb7474e84.
- [Release notes](https://github.com/sigstore/scaffolding/releases)
- [Changelog](https://github.com/sigstore/scaffolding/blob/main/release.md)
- [Commits](sigstore/scaffolding@039e0ec...fb8d181)

---
updated-dependencies:
- dependency-name: sigstore/scaffolding
  dependency-version: fb8d1817d2571303daf88f49d3a23daeb7474e84
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. labels Jun 23, 2026
@tekton-robot tekton-robot requested review from lcarva and wlynch June 23, 2026 07:35
@tekton-robot

tekton-robot commented Jun 23, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign priyawadhwa after the PR has been reviewed.
You can assign the PR to them by writing /assign @priyawadhwa in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jun 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lcarva lcarva Awaiting requested review from lcarva

@wlynch wlynch Awaiting requested review from wlynch

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Used by dependabot - identifies all PRs created by dependabot kind/misc Categorizes issue or PR as a miscellaneuous one. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. release-note-none Denotes a PR that doesnt merit a release note. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tekton-robot