From ab7a72169d713a62bd2e0daca3dd10c45840d720 Mon Sep 17 00:00:00 2001
From: "octo-sts[bot]" <157150467+octo-sts@users.noreply.github.com>
Date: Mon, 8 Dec 2025 21:18:53 +0000
Subject: [PATCH] skaffold/2.17.0-r2: fix GHSA-4qg8-fj49-pxjh
 <!--ci-cve-scan:must-fix: GHSA-4qg8-fj49-pxjh-->

---
 skaffold.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/skaffold.yaml b/skaffold.yaml
index ac454b0ff78..5c76602636c 100644
--- a/skaffold.yaml
+++ b/skaffold.yaml
@@ -1,7 +1,7 @@
 package:
   name: skaffold
   version: "2.17.0"
-  epoch: 2 # CVE-2025-61729
+  epoch: 3 # GHSA-4qg8-fj49-pxjh
   description: Easy and Repeatable Kubernetes Development
   copyright:
     - license: Apache-2.0
@@ -23,6 +23,7 @@ pipeline:
     with:
       deps: |-
         golang.org/x/crypto@v0.45.0
+        github.com/sigstore/timestamp-authority@v2.0.3
 
   - uses: go/build
     with: