Because of the following SBOM issue, we need to update the buildah tekton tasks to 0.5.

This includes both the rhdh and rhdh-plugin-catalog repos.

At the same time we should update all the other tasks. Can use these scripts, with the --minor flag to pull in minor version bumps and report on migration steps needed after updating:

• https://gitlab.cee.redhat.com/rhidp/rhdh/-/blob/rhdh-1-rhel-9/.tekton/updateDigests.sh
• https://gitlab.cee.redhat.com/rhidp/rhdh-plugin-catalog/-/blob/rhdh-1-rhel-9/.tekton/updateDigests.sh

What happened?
The buildah task (and all of its variants) version 0.4, revisions released on August 25th or later, stopped including the content reported by Hermeto in the final SBOM.

This means that if your builds are hermetic, use prefetching and use one of the affected revisions (see the affected-tasks.txt attachment), they're not getting the SBOM quality they should be.

What do you need to do?
MintMaker will automatically send PRs to update your buildah tasks from version 0.4 to 0.5. Merge this update as soon as possible.

Version 0.4 is deprecated and, starting in early October, builds that use it will fail Conforma validation (i.e. they will not be release-able).

We apologize for the problems and are working on improving the test coverage to avoid these problems in the future.

ref. https://issues.redhat.com/browse/STONEBLD-3789