Update google.golang.org/genproto/googleapis/api digest to 7ab31c2

[red-hat-konflux-kflux-prd-rh02]

This PR contains the following updates:

Package	Type	Update	Change
google.golang.org/genproto/googleapis/api	indirect	digest	9d38bb4 → 7ab31c2

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Configuration

📅 Schedule: Branch creation - "on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux-kflux-prd-rh02]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go get -t ./...
go: downloading github.com/spf13/cobra v1.8.1
go: downloading go.opentelemetry.io/otel/sdk v1.43.0
go: downloading github.com/gorilla/handlers v1.4.2
go: downloading go.opentelemetry.io/otel v1.43.0
go: downloading github.com/gorilla/mux v1.8.0
go: downloading github.com/prometheus/client_golang v1.16.0
go: downloading github.com/onsi/gomega v1.27.1
go: downloading github.com/prometheus/client_model v0.3.0
go: downloading github.com/spf13/pflag v1.0.10
go: downloading github.com/google/uuid v1.6.0
go: downloading gorm.io/datatypes v1.2.7
go: downloading gorm.io/gorm v1.30.0
go: downloading github.com/oapi-codegen/runtime v1.2.0
go: downloading github.com/go-playground/validator/v10 v10.20.0
go: downloading github.com/MicahParks/jwkset v0.11.0
go: downloading github.com/MicahParks/keyfunc/v3 v3.8.0
go: downloading github.com/spf13/viper v1.21.0
go: downloading github.com/golang-jwt/jwt/v5 v5.3.1
go: downloading github.com/stretchr/testify v1.11.1
go: downloading github.com/mendsley/gojwk v0.0.0-20141217222730-4d5ec6e58103
go: downloading github.com/jinzhu/inflection v1.0.0
go: downloading github.com/Masterminds/squirrel v1.1.0
go: downloading github.com/go-gormigrate/gormigrate/v2 v2.0.0
go: downloading github.com/yaacov/tree-search-language v0.0.0-20190923184055-1c2dad2e354b
go: downloading github.com/DATA-DOG/go-sqlmock v1.5.2
go: downloading gorm.io/driver/postgres v1.6.0
go: downloading github.com/lib/pq v1.10.9
go: downloading github.com/testcontainers/testcontainers-go v0.42.0
go: downloading github.com/testcontainers/testcontainers-go/modules/postgres v0.42.0
go: downloading go.uber.org/mock v0.6.0
go: downloading go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0
go: downloading go.opentelemetry.io/otel/trace v1.43.0
go: downloading go.opentelemetry.io/contrib/propagators/autoprop v0.68.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0
go: downloading go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.43.0
go: downloading github.com/getkin/kin-openapi v0.133.0
go: downloading github.com/inconshreveable/mousetrap v1.1.0
go: downloading github.com/beorn7/perks v1.0.1
go: downloading github.com/cespare/xxhash/v2 v2.3.0
go: downloading github.com/prometheus/common v0.42.0
go: downloading github.com/prometheus/procfs v0.10.1
go: downloading golang.org/x/sys v0.42.0
go: downloading google.golang.org/protobuf v1.36.11
go: downloading github.com/google/go-cmp v0.7.0
go: downloading github.com/golang/protobuf v1.5.4
go: downloading gorm.io/driver/mysql v1.5.6
go: downloading github.com/jinzhu/now v1.1.5
go: downloading github.com/gabriel-vasile/mimetype v1.4.3
go: downloading github.com/go-playground/universal-translator v0.18.1
go: downloading github.com/leodido/go-urn v1.4.0
go: downloading golang.org/x/crypto v0.49.0
go: downloading golang.org/x/text v0.35.0
go: downloading golang.org/x/time v0.11.0
go: downloading github.com/fsnotify/fsnotify v1.9.0
go: downloading github.com/go-viper/mapstructure/v2 v2.4.0
go: downloading github.com/sagikazarmark/locafero v0.11.0
go: downloading github.com/spf13/afero v1.15.0
go: downloading github.com/spf13/cast v1.10.0
go: downloading github.com/davecgh/go-spew v1.1.1
go: downloading github.com/pmezard/go-difflib v1.0.0
go: downloading github.com/lann/builder v0.0.0-20180802200727-47ae307949d0
go: downloading github.com/antlr/antlr4 v0.0.0-20190518164840-edae2a1c9b4b
go: downloading github.com/jackc/pgx/v5 v5.6.0
go: downloading dario.cat/mergo v1.0.2
go: downloading github.com/cenkalti/backoff/v4 v4.3.0
go: downloading github.com/containerd/errdefs v1.0.0
go: downloading github.com/containerd/platforms v0.2.1
go: downloading github.com/cpuguy83/dockercfg v0.3.2
go: downloading github.com/moby/go-archive v0.2.0
go: downloading github.com/moby/moby/api v1.54.1
go: downloading github.com/moby/moby/client v0.4.0
go: downloading github.com/moby/patternmatcher v0.6.1
go: downloading github.com/opencontainers/image-spec v1.1.1
go: downloading github.com/felixge/httpsnoop v1.0.4
go: downloading go.opentelemetry.io/otel/metric v1.43.0
go: downloading github.com/go-logr/logr v1.4.3
go: downloading github.com/bxcodec/faker/v3 v3.2.0
go: downloading gopkg.in/resty.v1 v1.12.0
go: downloading go.opentelemetry.io/contrib/propagators/aws v1.43.0
go: downloading go.opentelemetry.io/contrib/propagators/b3 v1.43.0
go: downloading go.opentelemetry.io/contrib/propagators/jaeger v1.43.0
go: downloading go.opentelemetry.io/contrib/propagators/ot v1.43.0
go: downloading go.opentelemetry.io/proto/otlp v1.10.0
go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20260526163538-3dc84a4a5aaa
go: downloading google.golang.org/grpc v1.80.0
go: downloading github.com/go-openapi/jsonpointer v0.21.0
go: downloading github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
go: downloading github.com/oasdiff/yaml v0.0.0-20250309154309-f31be36b4037
go: downloading github.com/perimeterx/marshmallow v1.1.5
go: downloading github.com/woodsbury/decimal128 v1.3.0
go: downloading github.com/matttproud/golang_protobuf_extensions v1.0.4
go: downloading golang.org/x/net v0.52.0
go: downloading gopkg.in/yaml.v3 v3.0.1
go: downloading github.com/go-logr/stdr v1.2.2
go: downloading go.opentelemetry.io/auto/sdk v1.2.1
go: downloading github.com/go-sql-driver/mysql v1.8.1
go: downloading github.com/go-playground/locales v0.14.1
go: downloading github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8
go: downloading github.com/subosito/gotenv v1.6.0
go: downloading github.com/pelletier/go-toml/v2 v2.2.4
go: downloading go.yaml.in/yaml/v3 v3.0.4
go: downloading github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0
go: downloading github.com/jackc/pgpassfile v1.0.0
go: downloading github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761
go: downloading github.com/containerd/log v0.1.0
go: downloading github.com/moby/sys/sequential v0.6.0
go: downloading github.com/moby/sys/user v0.4.0
go: downloading github.com/moby/sys/userns v0.1.0
go: downloading github.com/docker/go-units v0.5.0
go: downloading github.com/moby/docker-image-spec v1.3.1
go: downloading github.com/moby/term v0.5.2
go: downloading github.com/Microsoft/go-winio v0.6.2
go: downloading github.com/containerd/errdefs/pkg v0.3.0
go: downloading github.com/distribution/reference v0.6.0
go: downloading github.com/docker/go-connections v0.6.0
go: downloading github.com/opencontainers/go-digest v1.0.0
go: downloading github.com/magiconair/properties v1.8.10
go: downloading github.com/shirou/gopsutil/v4 v4.26.3
go: downloading github.com/cenkalti/backoff/v5 v5.0.3
go: downloading github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0
go: downloading go.uber.org/multierr v1.11.0
go: downloading github.com/go-openapi/swag v0.23.0
go: downloading github.com/oasdiff/yaml3 v0.0.0-20250309153720-d2182401db90
go: downloading github.com/mailru/easyjson v0.7.7
go: downloading filippo.io/edwards25519 v1.1.0
go: downloading github.com/jackc/puddle/v2 v2.2.2
go: downloading github.com/sirupsen/logrus v1.9.4
go: downloading github.com/klauspost/compress v1.18.5
go: downloading github.com/tklauser/go-sysconf v0.3.16
go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20260610212136-7ab31c22f7ad
go: downloading github.com/josharian/intern v1.0.0
go: downloading golang.org/x/sync v0.20.0
go: downloading github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c
go: downloading github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0
go: downloading github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55
go: downloading github.com/ebitengine/purego v0.10.0
go: downloading github.com/yusufpapurcu/wmi v1.2.4
go: downloading github.com/tklauser/numcpus v0.11.0
go: downloading github.com/go-ole/go-ole v1.2.6
go: github.com/openshift-hyperfleet/hyperfleet-api/pkg/api imports
	github.com/openshift-hyperfleet/hyperfleet-api/pkg/api/openapi: cannot find module providing package github.com/openshift-hyperfleet/hyperfleet-api/pkg/api/openapi
go: module github.com/bxcodec/faker/v3 is deprecated: use github.com/go-faker/faker/v4 instead.

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Updated an indirect dependency to the latest revision for improved compatibility and stability.

Walkthrough

go.mod updates the indirect dependency google.golang.org/genproto/googleapis/api from pseudo-version v0.0.0-20260401024825-9d38bb4040a9 to revision v0.0.0-...-7ab31c22f7ad. No other dependencies, directives, or module declarations are modified.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

---

Supply chain flag — CWE-1357 / CWE-829.

• This is an indirect dependency bump using a pseudo-version commit hash, not a tagged release. Pseudo-version hashes are not pinned to a signed, auditable release artifact. Verify 7ab31c22f7ad resolves to an expected, reviewed commit in the upstream googleapis/go-genproto repository.
• Confirm go.sum has been updated with the matching hash for this revision. An absent or mismatched go.sum entry is a supply chain integrity gap.
• This module is on the API call path for gRPC/protobuf contracts across the platform (API, Adapter, Broker components). A compromised genproto revision could silently alter wire types or service descriptors — verify the diff of the upstream commit before merging.
• No CVE is currently published against this specific revision, but the use of untagged commits rather than semver releases bypasses standard vulnerability scanning tooling (e.g., govulncheck, Dependabot) — CWE-1357 applies.

🚥 Pre-merge checks | ✅ 11

✅ Passed checks (11 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title accurately describes the main change: updating a specific Go module dependency digest to a new revision.
Description check	✅ Passed	Description is directly related to the changeset, providing clear details about the dependency update with package name, type, and digest change.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output	✅ Passed	No log statements found containing tokens, passwords, credentials, or secrets. Database connections use LogSafeConnectionString() masking. JWT validation logs status only, not token values.
No Hardcoded Secrets	✅ Passed	No hardcoded secrets detected. The change updates a dependency digest to a Git commit hash (7ab31c22f7ad), which is legitimate version control metadata, not a credential or sensitive value.
No Weak Cryptography	✅ Passed	Comprehensive scan of 209 Go source files found no usage of banned cryptographic primitives (crypto/md5, crypto/des, crypto/rc4, crypto/sha1, ECB mode, custom crypto, or non-constant-time compariso...
No Injection Vectors	✅ Passed	PR modifies only go.mod with no code changes. Comprehensive AST/ripgrep searches for SQL injection (CWE-89), command injection (CWE-78), template injection (CWE-79), and YAML deserialization (CWE-5...
No Privileged Containers	✅ Passed	PR only modifies go.mod; no Kubernetes/OpenShift manifests, Helm templates, or Dockerfiles are changed. Check for privileged containers not applicable.
No Pii Or Sensitive Data In Logs	✅ Passed	No logging statements expose PII or sensitive data. Request logging is properly masked via MaskingMiddleware with regex patterns for emails, credit cards, API keys, and form-encoded credentials. HT...

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch konflux/mintmaker/main/google.golang.org-genproto-googleapis-api-digest

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch konflux/mintmaker/main/google.golang.org-genproto-googleapis-api-digest

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.12.2)

level=error msg="Running error: context loading failed: failed to load packages: failed to load packages: failed to load with go/packages: err: exit status 1: stderr: go: updates to go.mod needed, disabled by -mod=readonly; to update it:\n\tgo mod tidy\n"

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Line 149: The google.golang.org/genproto/googleapis/api module revision has
been updated in go.mod to the new version shown at line 149, but go.sum still
contains the checksum for the old revision (v0.0.0-20260401024825-9d38bb4040a9),
creating a module resolution mismatch. Run go mod tidy to regenerate go.sum and
ensure it includes the correct checksum for the new revision, which will restore
module integrity and reproducibility.
- Line 149: The version for the google.golang.org/genproto/googleapis/api
dependency is malformed and violates Go module version syntax. The current
pseudo-version 7ab31c22f7ad is missing the required v0.0.0- prefix and
timestamp. Update this dependency entry to follow the correct pseudo-version
format of v0.0.0-<YYYYMMDDHHMMSS>-<COMMITHASH>, such as
v0.0.0-20260401024825-7ab31c22f7ad, to resolve go mod tidy and build failures.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: e7ed6f4c-c143-4cf9-acb5-7fd101858e7c

📥 Commits

Reviewing files that changed from the base of the PR and between b4bff38 and b4fcb2b.

📒 Files selected for processing (1)

• go.mod

🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

• openshift-hyperfleet/architecture (manual)
• openshift-hyperfleet/hyperfleet-api (manual)
• openshift-hyperfleet/hyperfleet-sentinel (manual)
• openshift-hyperfleet/hyperfleet-adapter (manual)
• openshift-hyperfleet/hyperfleet-broker (manual)

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

go.sum/go.mod sync failure — reproducibility broken (CWE-829).

go.sum still contains checksums for the old revision (v0.0.0-20260401024825-9d38bb4040a9), not the new one. This mismatch breaks module resolution integrity. Update go.sum to include the checksum entry for the new revision, or run go mod tidy to regenerate.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` at line 149, The google.golang.org/genproto/googleapis/api module
revision has been updated in go.mod to the new version shown at line 149, but
go.sum still contains the checksum for the old revision
(v0.0.0-20260401024825-9d38bb4040a9), creating a module resolution mismatch. Run
go mod tidy to regenerate go.sum and ensure it includes the correct checksum for
the new revision, which will restore module integrity and reproducibility.

---

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Malformed pseudo-version: missing v0.0.0- prefix and timestamp.

Line 149 contains google.golang.org/genproto/googleapis/api 7ab31c22f7ad // indirect. This violates Go module version syntax. The correct format is v0.0.0-<YYYYMMDDHHMMSS>-<COMMITHASH> (e.g., v0.0.0-20260401024825-7ab31c22f7ad). The current syntax will cause go mod tidy and build failures.

🐛 Proposed fix

-	google.golang.org/genproto/googleapis/api 7ab31c22f7ad // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-7ab31c22f7ad // indirect

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	google.golang.org/genproto/googleapis/api 7ab31c22f7ad // indirect
	google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-7ab31c22f7ad // indirect

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` at line 149, The version for the
google.golang.org/genproto/googleapis/api dependency is malformed and violates
Go module version syntax. The current pseudo-version 7ab31c22f7ad is missing the
required v0.0.0- prefix and timestamp. Update this dependency entry to follow
the correct pseudo-version format of v0.0.0-<YYYYMMDDHHMMSS>-<COMMITHASH>, such
as v0.0.0-20260401024825-7ab31c22f7ad, to resolve go mod tidy and build
failures.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign aredenba-rh for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @red-hat-konflux-kflux-prd-rh02[bot]. Thanks for your PR.

I'm waiting for a openshift-hyperfleet member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.