Update google.golang.org/genproto/googleapis/rpc digest to 7ab31c2

[red-hat-konflux-kflux-prd-rh02]

This PR contains the following updates:

Package	Type	Update	Change
google.golang.org/genproto/googleapis/rpc	indirect	digest	9d38bb4 → 7ab31c2

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Configuration

📅 Schedule: Branch creation - "on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux-kflux-prd-rh02]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go get -t ./...
go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20260610212136-7ab31c22f7ad
go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9
go: github.com/openshift-hyperfleet/hyperfleet-api/pkg/api imports
	github.com/openshift-hyperfleet/hyperfleet-api/pkg/api/openapi: cannot find module providing package github.com/openshift-hyperfleet/hyperfleet-api/pkg/api/openapi
go: module github.com/bxcodec/faker/v3 is deprecated: use github.com/go-faker/faker/v4 instead.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 843539fe-13df-491b-bd2c-f5d187993ec4

📥 Commits

Reviewing files that changed from the base of the PR and between b4bff38 and d9be8e2.

📒 Files selected for processing (1)

• go.mod

🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

• openshift-hyperfleet/architecture (manual)
• openshift-hyperfleet/hyperfleet-api (manual)
• openshift-hyperfleet/hyperfleet-sentinel (manual)
• openshift-hyperfleet/hyperfleet-adapter (manual)
• openshift-hyperfleet/hyperfleet-broker (manual)

---

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Updated project dependencies for improved stability and compatibility.

Walkthrough

go.mod replaces the existing indirect dependency version for google.golang.org/genproto/googleapis/rpc with a new pseudo-version referencing commit 7ab31c22f7ad. No other dependencies, Go version, or directives are modified.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

---

Supply chain flag. This is a pseudo-version pinning to a raw commit hash (7ab31c22f7ad) rather than a tagged release. Pseudo-versions bypass the semantic versioning guarantees that the Go module proxy enforces for tagged releases. Relevant risk: CWE-1104 (Use of Unmaintained Third-Party Components), and tangentially CWE-494 (Download of Code Without Integrity Check) if the proxy cache is bypassed.

Confirm:

• go.sum was updated and the hash for 7ab31c22f7ad is committed alongside this change.
• The commit 7ab31c22f7ad is reachable on the public google.golang.org/genproto upstream — not a fork or shadow module (CWE-441, Unintended Proxy).
• This bump was intentional and not injected via an automated tool or CI bot without review.

🚥 Pre-merge checks | ✅ 10 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
No Injection Vectors	⚠️ Warning	go.mod line 150 contains malformed version string "7ab31c22f7ad" instead of valid semver format. The modification breaks go.mod syntax: version must be v1.2.3 format, not a bare commit hash.	Correct line 150 from "google.golang.org/genproto/googleapis/rpc 7ab31c22f7ad // indirect" to proper pseudo-version format "google.golang.org/genproto/googleapis/rpc v0.0.0--7ab31c22f7ad // indirect".

✅ Passed checks (10 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly and specifically describes the main change: updating a Go module dependency digest.
Description check	✅ Passed	The description is related to the changeset, providing dependency update details in a structured format with version digests.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output	✅ Passed	go.mod contains no log statements; SEC-02 applies to log output in code. Configuration-only change poses no log exfiltration risk.
No Hardcoded Secrets	✅ Passed	No hardcoded secrets detected. The hash 7ab31c22f7ad is a legitimate git commit hash for googleapis/go-genproto, not a credential or secret material.
No Weak Cryptography	✅ Passed	No weak cryptography detected. Code uses strong RSA/RS256 for JWT signing, no MD5/DES/RC4/ECB/SHA1 for security, no custom crypto implementations, no timing attacks on secrets.
No Privileged Containers	✅ Passed	No privileged container configurations detected. Dockerfile and Helm manifests enforce non-root execution (UID 65532), drop all capabilities, and prohibit privilege escalation per security standards.
No Pii Or Sensitive Data In Logs	✅ Passed	PR contains only go.mod dependency digest update with no source code changes; logging check not applicable to module dependency files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch konflux/mintmaker/main/google.golang.org-genproto-googleapis-rpc-digest

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch konflux/mintmaker/main/google.golang.org-genproto-googleapis-rpc-digest

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.12.2)

level=error msg="Running error: context loading failed: failed to load packages: failed to load packages: failed to load with go/packages: err: exit status 1: stderr: go: updates to go.mod needed, disabled by -mod=readonly; to update it:\n\tgo mod tidy\n"

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign tirthct for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @red-hat-konflux-kflux-prd-rh02[bot]. Thanks for your PR.

I'm waiting for a openshift-hyperfleet member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.