Update Konflux references

[red-hat-konflux]

This PR contains the following updates:

Package	Change	Notes
quay.io/konflux-ci/tekton-catalog/task-apply-tags	0.2 -> 0.3	⚠️migration⚠️
quay.io/konflux-ci/tekton-catalog/task-buildah	4b93d02 -> 97b6465
quay.io/konflux-ci/tekton-catalog/task-clamav-scan	b2f2559 -> 78f0349
quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check	808fe09 -> 1cf21de
quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks	da4f6a5 -> 329b149
quay.io/konflux-ci/tekton-catalog/task-git-clone	d17249e -> 865cdbe
quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies	ef5c49a -> 81f9fc2
quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan	0041778 -> f2df541
quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check	10d6a41 -> fb08092
quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check	0.3 -> 0.4	⚠️migration⚠️
quay.io/konflux-ci/tekton-catalog/task-show-sbom	beb0616 -> e2c1b4e

---

Configuration

📅 Schedule: Branch creation - Between 05:00 AM and 11:59 PM, only on Saturday ( * 5-23 * * 6 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[decko]

@sourcery-ai review

[SourceryAI]

Hi @decko! 👋

Only authors and team members can run @sourcery-ai commands on public repos.

If you are a team member, install the @sourcery-ai bot to get access ✨

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Updates Konflux Tekton catalog task bundle references in the pulp PR/push pipelines to newer digests and bumps apply-tags from 0.2 to 0.3, aligning both pipelines with the latest catalog tasks.

Flow diagram for pulp pipelines using updated Konflux tasks

graph TD
  Start["Start pipeline run (pulp-pull-request or pulp-push)"] --> PrefetchDependencies["Run prefetch-dependencies (bundle 0.2@sha256:2eb8ac0f56702c9870723616b3d94a7895e25938fa01d4ce6ae2d5282c968a56)"]
  PrefetchDependencies --> DeprecatedImageCheck["Run deprecated-image-check (bundle 0.5@sha256:1cf21de671be4c97d4973b60c09c912997cd15b65c30b93a07eff1b24f43a1f8)"]
  DeprecatedImageCheck --> EcosystemCertPreflightChecks["Run ecosystem-cert-preflight-checks (bundle 0.2@sha256:b612fd73d81822113e2c12f44a72eed218540aaa8e9f3e42223bddb01a0689cb)"]
  EcosystemCertPreflightChecks --> ApplyTags["Run apply-tags (bundle 0.3@sha256:510b6d2a3b188adeb716e49566b57d611ab36bd69a2794b5ddfc11dbf014c2ca)"]
  ApplyTags --> End["Pipeline completed"]

Loading

File-Level Changes

Change	Details	Files
Refresh Tekton task bundle references for Konflux pipelines and bump apply-tags to the new major task version.	Update task-prefetch-dependencies bundle digest while keeping version 0.2 consistent across pull-request and push pipelines. Update task-deprecated-image-check bundle digest for version 0.5 in both pipelines. Update task-ecosystem-cert-preflight-checks bundle digest for version 0.2 in both pipelines. Bump task-apply-tags from version 0.2 to 0.3 and update its bundle digest in both pipelines, which may require following the upstream migration guide.	.tekton/pulp-pull-request.yaml .tekton/pulp-push.yaml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've reviewed your changes and they look great!

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}