Fix blocking CVEs: update RPM lockfiles and tektoncd/pipeline to v1.9.3

[jsmid1]

Cherry-picks from #3317 and #3280 to unblock EC enterprise-contract checks

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: 33bf0b94-47ca-41b8-b2d8-7ea2bc7050fa

📥 Commits

Reviewing files that changed from the base of the PR and between af341ae and ebe1253.

📒 Files selected for processing (2)

• Dockerfile
• rpms.lock.yaml

✅ Files skipped from review due to trivial changes (2)

• Dockerfile
• rpms.lock.yaml

---

📝 Walkthrough

Walkthrough

This PR updates Go module dependencies and RPM package versions. The tektoncd/pipeline module is bumped from v1.9.2 to v1.9.3 across acceptance, root, and tools Go modules. The jq RPM package in the lock file is updated from el9_7.0.2 to el9_8.2 across four CPU architectures with corresponding checksum and URL changes.

Changes

Dependency Version Bumps

Layer / File(s)	Summary
Go module pipeline dependency updates acceptance/go.mod, go.mod, tools/go.mod	The github.com/tektoncd/pipeline module is updated from v1.9.2 to v1.9.3 in all three Go module files (acceptance, root, and tools).
RPM jq package updates across architectures rpms.lock.yaml	The jq RPM package is updated from el9_7.0.2 to el9_8.2 for aarch64, ppc64le, s390x, and x86_64 architectures, with corresponding RPM URLs, checksums, and source RPM references updated.

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the main changes: updating RPM lockfiles and tektoncd/pipeline dependency to v1.9.3 to fix CVEs.
Description check	✅ Passed	The description is related to the changeset, mentioning cherry-picks to address CVEs and unblock enterprise-contract checks, which aligns with the actual dependency and lockfile updates.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[jsmid1]

/retest

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

Flag	Coverage Δ
acceptance	55.60% <ø> (ø)
generative	17.82% <ø> (ø)
integration	26.56% <ø> (ø)
unit	69.04% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.