Skip to content

[DNM] Release v0.42.1#2728

Closed
theakshaypant wants to merge 3 commits into
release-v0.42.xfrom
release-v0.42.1
Closed

[DNM] Release v0.42.1#2728
theakshaypant wants to merge 3 commits into
release-v0.42.xfrom
release-v0.42.1

Conversation

@theakshaypant
Copy link
Copy Markdown
Member

@theakshaypant theakshaypant commented May 14, 2026

📝 Description of the Change

Changes included:
e2a4bdb perf(informer): add TransformFuncs to reduce cache memory usage
bda0fa4 chore(deps): bump tektoncd/pipeline to v1.9.3
adb71b4 fix(deps): update go-jose to fix GHSA-78h2-9frx-2jm8
5f5514e fix(gitlab): map skipped status correctly
f541028 chore(deps): update grpc and tektoncd/pipeline

🔗 Linked GitHub Issue

Fixes #

🧪 Testing Strategy

  • Unit tests
  • Integration tests
  • End-to-end tests
  • Manual testing
  • Not Applicable

🤖 AI Assistance

AI assistance can be used for various tasks, such as code generation,
documentation, or testing.

Please indicate whether you have used AI assistance
for this PR and provide details if applicable.

  • I have not used any AI assistance for this PR.
  • I have used AI assistance for this PR.

Important

Slop will be simply rejected, if you are using AI assistance you need to make sure you
understand the code generated and that it meets the project's standards. you
need at least know how to run the code and deploy it (if needed). See
startpaac to make it easy
to deploy and test your code changes.

If the majority of the code in this PR was generated by an AI, please add a Co-authored-by trailer to your commit message.
For example:

Co-authored-by: Claude noreply@anthropic.com

✅ Submitter Checklist

  • 📝 My commit messages are clear, informative, and follow the project's How to write a git commit message guide. The Gitlint linter ensures in CI it's properly validated
  • ✨ I have ensured my commit message prefix (e.g., fix:, feat:) matches the "Type of Change" I selected above.
  • ♽ I have run make test and make lint locally to check for and fix any
    issues. For an efficient workflow, I have considered installing
    pre-commit and running pre-commit install to
    automate these checks.
  • 📖 I have added or updated documentation for any user-facing changes.
  • 🧪 I have added sufficient unit tests for my code changes.
  • 🎁 I have added end-to-end tests where feasible. See README for more details.
  • 🔎 I have addressed any CI test flakiness or provided a clear reason to bypass it.
  • If adding a provider feature, I have filled in the following and updated the provider documentation:
    • GitHub App
    • GitHub Webhook
    • Gitea/Forgejo
    • GitLab
    • Bitbucket Cloud
    • Bitbucket Data Center

@theakshaypant
fix(deps): update go-jose to fix GHSA-78h2-9frx-2jm8
92247d6 
Update go-jose v3 and v4 to patch security vulnerability in
JWE and JWS handling.

Signed-off-by: Akshay Pant <akpant@redhat.com>
@theakshaypant
chore(deps): bump tektoncd/pipeline to v1.9.3
5c12efd 
Addresses CVE-2026-40161 (GHSA-wjxp-xrpv-xpff), a high-severity
vulnerability where the git resolver API mode leaks
system-configured API tokens to user-controlled serverURL
endpoints. Also includes path traversal hardening for volume mount
validation using filepath.Clean.

Signed-off-by: Akshay Pant <akpant@redhat.com>
@theakshaypant
perf(informer): add TransformFuncs to reduce cache memory usage
1761873 
Add cache transform functions for the Repository and PipelineRun
informers, stripping large unnecessary fields before objects enter
the informer cache. Inspired by tektoncd/pipeline#9316.

For Repository objects, ManagedFields, Annotations and Status are
stripped. The reconciler never reads Repository annotations or
Status from the lister; Status is always fetched fresh via direct
API call before updates.

For PipelineRun objects, ManagedFields and large Spec and Status
fields are stripped. The watcher only needs Annotations, Spec.Status
(pending check), Status.Conditions, and timing fields. All other
data is fetched directly from the API when needed.

Benchmark results with production-realistic objects show an 89% JSON
size reduction for Repository objects (5.6KB to 600B) and 94% for
PipelineRun objects (10.7KB to 677B), with corresponding 8-10x
reductions in heap allocation per cached object.

Signed-off-by: Akshay Pant <akpant@redhat.com>
Asisted-by: Claude <noreply@anthropic.com>
gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 14, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces cache transform functions for Repository and PipelineRun objects to reduce memory consumption in the PAC watcher informer caches. By stripping non-essential fields like ManagedFields, Annotations, and large Status or Spec sub-fields before caching, the implementation significantly lowers the heap footprint. The changes include comprehensive unit tests and benchmarks demonstrating the memory savings. Additionally, several dependencies were updated, and the GitLab provider was adjusted to correctly handle the "skipped" status conclusion. I have no feedback to provide as no review comments were submitted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@theakshaypant @tekton-robot