Skip to content

Update go module minor/patch updates#178

Open
red-hat-konflux-kflux-prd-rh02[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/go-module-minorpatch-updates
Open

Update go module minor/patch updates#178
red-hat-konflux-kflux-prd-rh02[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/go-module-minorpatch-updates

Conversation

@red-hat-konflux-kflux-prd-rh02

@red-hat-konflux-kflux-prd-rh02 red-hat-konflux-kflux-prd-rh02 Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence
cel.dev/expr v0.25.1v0.25.2 age confidence
cloud.google.com/go/auth v0.18.1v0.20.0 age confidence
cloud.google.com/go/iam v1.5.3v1.11.0 age confidence
cloud.google.com/go/pubsub/v2 v2.4.0v2.6.0 age confidence
github.com/ThreeDotsLabs/watermill v1.5.1v1.5.2 age confidence
github.com/ThreeDotsLabs/watermill-amqp/v3 v3.0.2v3.1.0 age confidence
github.com/ThreeDotsLabs/watermill-googlecloud/v2 v2.0.0v2.0.1 age confidence
github.com/docker/go-connections v0.6.0v0.7.0 age confidence
github.com/ebitengine/purego v0.10.0v0.10.1 age confidence
github.com/felixge/httpsnoop v1.0.4v1.1.0 age confidence
github.com/fsnotify/fsnotify v1.9.0v1.10.1 age confidence
github.com/google/cel-go v0.27.0v0.28.1 age confidence
github.com/googleapis/enterprise-certificate-proxy v0.3.12v0.3.16 age confidence
github.com/googleapis/gax-go/v2 v2.17.0v2.22.0 age confidence
github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0v2.29.0 age confidence
github.com/klauspost/compress v1.18.5v1.18.6 age confidence
github.com/moby/moby/api v1.54.1v1.54.2 age confidence
github.com/moby/moby/client v0.4.0v0.4.1 age confidence
github.com/moby/sys/sequential v0.6.0v0.7.0 age confidence
github.com/oapi-codegen/runtime v1.1.2v1.4.1 age confidence
github.com/openshift-hyperfleet/hyperfleet-api-spec v1.0.12v1.0.21 age confidence
github.com/pelletier/go-toml/v2 v2.2.4v2.3.1 age confidence
github.com/prometheus/common v0.66.1v0.68.1 age confidence
github.com/prometheus/procfs v0.17.0v0.20.1 age confidence
github.com/rabbitmq/amqp091-go v1.10.0v1.11.0 age confidence
github.com/shirou/gopsutil/v4 v4.26.3v4.26.5 age confidence
github.com/spf13/cobra v1.8.0v1.10.2 age confidence
github.com/tklauser/go-sysconf v0.3.16v0.4.0 age confidence
github.com/tklauser/numcpus v0.11.0v0.12.0 age confidence
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.65.0v0.69.0 age confidence
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0v0.69.0 age confidence
go.opentelemetry.io/contrib/propagators/autoprop v0.68.0v0.69.0 age confidence
go.opentelemetry.io/contrib/propagators/aws v1.43.0v1.44.0 age confidence
go.opentelemetry.io/contrib/propagators/b3 v1.43.0v1.44.0 age confidence
go.opentelemetry.io/contrib/propagators/jaeger v1.43.0v1.44.0 age confidence
go.opentelemetry.io/contrib/propagators/ot v1.43.0v1.44.0 age confidence
go.opentelemetry.io/otel v1.43.0v1.44.0 age confidence
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0v1.44.0 age confidence
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0v1.44.0 age confidence
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0v1.44.0 age confidence
go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.43.0v1.44.0 age confidence
go.opentelemetry.io/otel/metric v1.43.0v1.44.0 age confidence
go.opentelemetry.io/otel/sdk v1.43.0v1.44.0 age confidence
go.opentelemetry.io/otel/trace v1.43.0v1.44.0 age confidence
go.uber.org/zap v1.27.1v1.28.0 age confidence
go.yaml.in/yaml/v2 v2.4.2v2.4.4 age confidence
golang.org/x/crypto v0.49.0v0.53.0 age confidence
golang.org/x/net v0.52.0v0.56.0 age confidence
golang.org/x/oauth2 v0.35.0v0.36.0 age confidence
golang.org/x/sync v0.20.0v0.21.0 age confidence
golang.org/x/sys v0.42.0v0.46.0 age confidence
golang.org/x/text v0.35.0v0.38.0 age confidence
golang.org/x/time v0.14.0v0.15.0 age confidence
google.golang.org/api v0.266.0v0.284.0 age confidence
google.golang.org/grpc v1.80.0v1.81.1 age confidence

Release Notes

google/cel-spec (cel.dev/expr)

v0.25.2

Compare Source

What's Changed

New Contributors

Full Changelog: google/cel-spec@v0.25.1...v0.25.2

googleapis/google-cloud-go (cloud.google.com/go/auth)

v0.20.0

Compare Source

  • bigquery: Support SchemaUpdateOptions for load jobs.

  • bigtable:

    • Add SampleRowKeys.
    • cbt: Support union, intersection GCPolicy.
    • Retry admin RPCS.
    • Add trace spans to retries.

  • datastore: Add OpenCensus tracing.

  • firestore:

    • Fix queries involving Null and NaN.
    • Allow Timestamp protobuffers for time values.

  • logging: Add a WriteTimeout option.

  • spanner: Support Batch API.

  • storage: Add OpenCensus tracing.

v0.19.0

  • bigquery:

    • Support customer-managed encryption keys.

  • bigtable:

    • Improved emulator support.
    • Support GetCluster.

  • datastore:

    • Add general mutations.
    • Support pointer struct fields.
    • Support transaction options.

  • firestore:

    • Add Transaction.GetAll.
    • Support document cursors.

  • logging:

    • Support concurrent RPCs to the service.
    • Support per-entry resources.

  • profiler:

    • Add config options to disable heap and thread profiling.
    • Read the project ID from $GOOGLE_CLOUD_PROJECT when it's set.

  • pubsub:

    • BEHAVIOR CHANGE: Release flow control after ack/nack (instead of after the
      callback returns).
    • Add SubscriptionInProject.
    • Add OpenCensus instrumentation for streaming pull.

  • storage:

    • Support CORS.
ThreeDotsLabs/watermill (github.com/ThreeDotsLabs/watermill)

v1.5.2

Compare Source

What's Changed

New Contributors

Full Changelog: ThreeDotsLabs/watermill@v1.5.1...v1.5.2

ThreeDotsLabs/watermill-amqp (github.com/ThreeDotsLabs/watermill-amqp/v3)

v3.1.0

Compare Source

What's Changed

  • Bumps dependencies by @​m110 in #​35
  • Added support for pre process delivery in the marshaler by @​micbis in #​33
  • fix: Adjust notifyCloseConnection to be a buffered channel to avoid blocking during exception handling by @​nengwu765 in #​30

New Contributors

Full Changelog: ThreeDotsLabs/watermill-amqp@v3.0.2...v3.1.0

ThreeDotsLabs/watermill-googlecloud (github.com/ThreeDotsLabs/watermill-googlecloud/v2)

v2.0.1

Compare Source

What's Changed

Full Changelog: ThreeDotsLabs/watermill-googlecloud@v2.0.0...v2.0.1

docker/go-connections (github.com/docker/go-connections)

v0.7.0

Compare Source

ebitengine/purego (github.com/ebitengine/purego)

v0.10.1

Compare Source

  • Fix a concurrency bug where simultaneous FFI calls could swap return values across goroutines (#​451)
felixge/httpsnoop (github.com/felixge/httpsnoop)

v1.1.0

Compare Source

fsnotify/fsnotify (github.com/fsnotify/fsnotify)

v1.10.1

Compare Source

Changes and fixes

  • inotify: don't remove sibling watches sharing a path prefix (#​754)

  • inotify, windows: don't rename sibling watches sharing a path prefix
    (#​755)

v1.10.0

Compare Source

This version of fsnotify needs Go 1.23.

Changes and fixes

  • inotify: improve initialization error message (#​731)

  • inotify: send Rename event if recursive watch is renamed (#​696)

  • inotify: avoid copying event buffers when reading names (#​741)

  • kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#​748)

  • kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#​740)

  • windows: fix nil pointer dereference in remWatch (#​736)

  • windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#​709, #​749)

google/cel-go (github.com/google/cel-go)

v0.28.1

Compare Source

What's Changed

New Contributors

Full Changelog: google/cel-go@v0.28.0...v0.28.1

v0.28.0

Compare Source

High-Level Changes

  • Enhanced JSON Interoperability: New support for JSON names across the checker, AST, and runtime allows for more seamless data handling when working with JSON-native structures.
  • Improved Developer Tooling: Integration is now smoother thanks to new utilities for converting Go errors into cel.Issues and more descriptive, context-aware error messages.
  • Greater Environment Flexibility: You can now redeclare variables as constants and export parse limit options, providing finer control over how CEL environments are configured and constrained.
  • Native Struct Improvements: Support for mixing CEL and native values within native structs simplifies the handling of complex, hybrid data types.

🚀 Features

  • Add helper method to check whether a function has a singleton binding in #​1266
  • Helper utility for converting a Go error into cel.Issues in #​1267
  • Policy API improvements in #​1268
  • CEL Test usability requirements in #​1269
  • Better context-related error messages in #​1271
  • Sort env.Config values where reasonable in #​1273
  • Support redeclaring variables as constants in NewEnv in #​1275
  • Add support for exporting parse limit options in #​1277
  • Support mixing CEL values and native values in native structs in #​1270
  • Add checker, AST, and type-provider support for JSON names in #​1283
  • JSON field names runtime support in #​1286
  • Optionally include reachable fieldpaths in prompt in #​1285
  • REPL -- cel-spec pb2 and json name support #​1294

🐞 Bug Fixes

  • Fix support for config-based type references in #​1265
  • Check arg kinds in optional.or and .orValue impl in #​1276
  • Bazel fixes for import in #​1278
  • Support zero-value literals in presence test inlining #​1280
  • Cache concatList.Size() to prevent O(N^2) evaluation time #​1291
  • Preserve runtime error node IDs from Resolve #​1290
  • Default enable identifier escaping with backticks #​1295
  • Cap format string precision to prevent memory exhaustion #​1292

🛠️ Maintenance & Internal

  • chore: Migrate gsutil usage to gcloud storage in #​1274
  • Lint fixes for exported function/type comments in #​1279
  • Lint fixes for import in #​1287

Full Changelog: https://github.com/google/cel-go/compare/v0.27.0...v0.28.0-alpha

googleapis/enterprise-certificate-proxy (github.com/googleapis/enterprise-certificate-proxy)

v0.3.16

Compare Source

What's Changed

Full Changelog: googleapis/enterprise-certificate-proxy@v0.3.15...v0.3.16

v0.3.15

Compare Source

What's Changed

Full Changelog: googleapis/enterprise-certificate-proxy@v0.3.14...v0.3.15

v0.3.14

Compare Source

What's Changed

Full Changelog: googleapis/enterprise-certificate-proxy@v0.3.13...v0.3.14

v0.3.13

Compare Source

What's Changed

Full Changelog: googleapis/enterprise-certificate-proxy@v0.3.12...v0.3.13

googleapis/gax-go (github.com/googleapis/gax-go/v2)

v2.22.0: v2: v2.22.0

Compare Source

v2.22.0 (2026-04-14)

v2.21.0: v2: v2.21.0

Compare Source

Features

v2.20.0: v2: v2.20.0

Compare Source

Features

v2.19.0: v2: v2.19.0

Compare Source

Features
Bug Fixes

v2.18.0: v2: v2.18.0

Compare Source

Features
grpc-ecosystem/grpc-gateway (github.com/grpc-ecosystem/grpc-gateway/v2)

v2.29.0

Compare Source

What's Changed

New Contributors

Full Changelog: grpc-ecosystem/grpc-gateway@v2.28.0...v2.29.0

klauspost/compress (github.com/klauspost/compress)

v1.18.6

Compare Source

What's Changed

New Contributors

Full Changelog: klauspost/compress@v1.18.5...v1.18.6

moby/moby (github.com/moby/moby/client)

v0.4.1

Compare Source

oapi-codegen/runtime (github.com/oapi-codegen/runtime)

v1.4.1: Bug fixes

Compare Source

This is a bug fix release.

Changes in v1.4.0, coupled with changes in v2.7.0 of oapi-codegen exposed some new problems. deepObject style marshaling behavior now supports encoding unicode. UTF-8 can't be directly included in parameters, so we need to % escape it.

Form binding now detects maps, which makes binding to a Nullable possible. We can't use generics around Nullable[T], so we handle maps generically, assuming they're a Nullable with its behavior assumptions.

🐛 Bug fixes

📦 Dependency updates

Sponsors

We would like to thank our sponsors for their support during this release.

DevZero logo

Cybozu logo

v1.4.0: Parameter handling improvements and fixes

Compare Source

This release fixes some missing edge cases in parameter binding and styling. We now handle all the permutations of style and explode, for the first time. Lots of tests have been added to catch regressions.

🚀 New features and improvements

  • Improve deepobject unmarshalling to support nullable.Nullable and encode.TextUnmarshaler (#​45) @​j-waters
  • feat: support spaceDelimited and pipeDelimited query parameter binding (#​117) @​mromaszewicz

🐛 Bug fixes

  • Fix form/explode=false incorrectly splitting primitive string values

Configuration

📅 Schedule: Branch creation - "on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@red-hat-konflux-kflux-prd-rh02
Update go module minor/patch updates
cd111fc 
Signed-off-by: red-hat-konflux-kflux-prd-rh02 <190377777+red-hat-konflux-kflux-prd-rh02[bot]@users.noreply.github.com>
@red-hat-konflux-kflux-prd-rh02

red-hat-konflux-kflux-prd-rh02 Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum
Command failed: go get -t ./...
go: downloading github.com/openshift-hyperfleet/hyperfleet-broker v1.1.1
go: downloading github.com/prometheus/client_golang v1.23.2
go: downloading github.com/spf13/cobra v1.10.2
go: downloading github.com/spf13/pflag v1.0.10
go: downloading go.opentelemetry.io/otel/sdk v1.44.0
go: downloading gopkg.in/yaml.v3 v3.0.1
go: downloading go.opentelemetry.io/otel v1.44.0
go: downloading github.com/cenkalti/backoff/v5 v5.0.3
go: downloading go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.69.0
go: downloading github.com/spf13/viper v1.21.0
go: downloading github.com/google/cel-go v0.28.1
go: downloading github.com/cloudevents/sdk-go/v2 v2.16.2
go: downloading go.opentelemetry.io/contrib/propagators/autoprop v0.69.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.44.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.44.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.44.0
go: downloading go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.44.0
go: downloading go.opentelemetry.io/otel/trace v1.44.0
go: downloading github.com/google/uuid v1.6.0
go: downloading cloud.google.com/go/pubsub/v2 v2.6.0
go: downloading cloud.google.com/go v0.123.0
go: downloading github.com/ThreeDotsLabs/watermill v1.5.2
go: downloading github.com/ThreeDotsLabs/watermill-amqp/v3 v3.1.0
go: downloading github.com/ThreeDotsLabs/watermill-googlecloud/v2 v2.0.1
go: downloading google.golang.org/grpc v1.81.1
go: downloading google.golang.org/protobuf v1.36.11
go: downloading github.com/beorn7/perks v1.0.1
go: downloading github.com/cespare/xxhash/v2 v2.3.0
go: downloading github.com/prometheus/client_model v0.6.2
go: downloading github.com/prometheus/common v0.68.1
go: downloading github.com/prometheus/procfs v0.20.1
go: downloading golang.org/x/sys v0.46.0
go: downloading github.com/inconshreveable/mousetrap v1.1.0
go: downloading github.com/felixge/httpsnoop v1.1.0
go: downloading go.opentelemetry.io/otel/metric v1.44.0
go: downloading github.com/fsnotify/fsnotify v1.10.1
go: downloading github.com/go-viper/mapstructure/v2 v2.5.0
go: downloading github.com/sagikazarmark/locafero v0.12.0
go: downloading github.com/spf13/afero v1.15.0
go: downloading github.com/spf13/cast v1.10.0
go: downloading github.com/go-logr/logr v1.4.3
go: downloading cel.dev/expr v0.25.2
go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20260526163538-3dc84a4a5aaa
go: downloading golang.org/x/text v0.38.0
go: downloading google.golang.org/genproto v0.0.0-20260511170946-3700d4141b60
go: downloading github.com/kylelemons/godebug v1.1.0
go: downloading go.opentelemetry.io/contrib/propagators/aws v1.44.0
go: downloading go.opentelemetry.io/contrib/propagators/b3 v1.44.0
go: downloading go.opentelemetry.io/contrib/propagators/jaeger v1.44.0
go: downloading go.opentelemetry.io/contrib/propagators/ot v1.44.0
go: downloading go.opentelemetry.io/proto/otlp v1.10.0
go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20260526163538-3dc84a4a5aaa
go: downloading github.com/googleapis/gax-go/v2 v2.22.0
go: downloading go.opencensus.io v0.24.0
go: downloading golang.org/x/sync v0.21.0
go: downloading google.golang.org/api v0.284.0
go: downloading github.com/cenkalti/backoff/v3 v3.2.2
go: downloading github.com/hashicorp/go-multierror v1.1.1
go: downloading github.com/pkg/errors v0.9.1
go: downloading github.com/rabbitmq/amqp091-go v1.11.0
go: downloading github.com/lithammer/shortuuid/v3 v3.0.7
go: downloading github.com/oklog/ulid v1.3.1
go: downloading github.com/sony/gobreaker v1.0.0
go: downloading github.com/json-iterator/go v1.1.12
go: downloading github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
go: downloading github.com/subosito/gotenv v1.6.0
go: downloading github.com/pelletier/go-toml/v2 v2.3.1
go: downloading go.yaml.in/yaml/v3 v3.0.4
go: downloading github.com/go-logr/stdr v1.2.2
go: downloading go.opentelemetry.io/auto/sdk v1.2.1
go: downloading github.com/antlr4-go/antlr/v4 v4.13.1
go: downloading go.uber.org/multierr v1.11.0
go: downloading go.uber.org/zap v1.28.0
go: downloading github.com/grpc-ecosystem/grpc-gateway/v2 v2.29.0
go: downloading golang.org/x/net v0.56.0
go: downloading golang.org/x/oauth2 v0.36.0
go: downloading cloud.google.com/go/iam v1.11.0
go: downloading cloud.google.com/go/auth v0.20.0
go: downloading github.com/hashicorp/errwrap v1.1.0
go: downloading github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
go: downloading github.com/modern-go/reflect2 v1.0.2
go: downloading golang.org/x/exp v0.0.0-20240823005443-9b4947da3948
go: downloading cloud.google.com/go/compute/metadata v0.9.0
go: downloading cloud.google.com/go/auth/oauth2adapt v0.2.8
go: downloading go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.69.0
go: downloading golang.org/x/time v0.15.0
go: downloading github.com/google/s2a-go v0.1.9
go: downloading github.com/googleapis/enterprise-certificate-proxy v0.3.16
go: downloading golang.org/x/crypto v0.53.0
go: github.com/openshift-hyperfleet/hyperfleet-sentinel/internal/client imports
	github.com/openshift-hyperfleet/hyperfleet-sentinel/pkg/api/openapi: cannot find module providing package github.com/openshift-hyperfleet/hyperfleet-sentinel/pkg/api/openapi

@openshift-ci openshift-ci Bot requested review from jsell-rh and rafabene June 15, 2026 20:06
@openshift-ci

openshift-ci Bot commented Jun 15, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign ldornele for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci

openshift-ci Bot commented Jun 15, 2026

Copy link
Copy Markdown

Hi @red-hat-konflux-kflux-prd-rh02[bot]. Thanks for your PR.

I'm waiting for a openshift-hyperfleet member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@coderabbitai

coderabbitai Bot commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: ca6b2b4e-4cc4-4435-964a-b3ebc648a711

📥 Commits

Reviewing files that changed from the base of the PR and between 6cb186e and cd111fc.

📒 Files selected for processing (1)
  • go.mod
🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

  • openshift-hyperfleet/architecture (manual)
  • openshift-hyperfleet/hyperfleet-api (manual)
  • openshift-hyperfleet/hyperfleet-sentinel (manual)
  • openshift-hyperfleet/hyperfleet-adapter (manual)
  • openshift-hyperfleet/hyperfleet-broker (manual)
📝 Walkthrough

Summary by CodeRabbit

  • Chores
    • Updated multiple Go module dependencies, including OpenTelemetry libraries (v1.44.0), CLI frameworks, and transitive dependencies. These updates bring performance improvements, security patches, and bug fixes from upstream projects while maintaining compatibility.

Walkthrough

go.mod receives a batch of version bumps with no changes to the module path or Go directive. Direct dependencies upgraded include oapi-codegen/runtime, openshift-hyperfleet/hyperfleet-api-spec, spf13/cobra, spf13/viper, and testcontainers-go. The OpenTelemetry stack advances from v1.43.0 to v1.44.0 across core, OTLP exporters, metric, and contrib instrumentation packages (otelgrpc, otelhttp). Indirect transitive bumps cover cel-go, klauspost/compress, rabbitmq/amqp091-go, gopsutil, golang.org/x/*, google.golang.org/grpc, and prometheus/* among others.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Supply chain surface — items requiring explicit verification (CWE-1357, CWE-829):

  • github.com/openshift-hyperfleet/hyperfleet-api-spec is a first-party module. Confirm the bumped version was produced from a controlled release pipeline, not an opportunistic tag. A compromised API spec module directly poisons generated client/server stubs across the Go K8s platform.
  • testcontainers-go has a history of pulling Docker socket access at test time. Verify no new privileged capability requests were introduced in the bumped release (check upstream changelog for CVE advisories).
  • klauspost/compress — patch bump; verify against any disclosed decompression bomb vectors (related CWE-400).
  • rabbitmq/amqp091-go — confirm no protocol-level deserialization changes that could affect the Broker component's message handling trust boundary.
  • go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc — this package instruments gRPC interceptors. Any behavioral change here affects the Sentinel/Adapter observability path; review upstream release notes for interceptor ordering or context propagation changes that could leak trace data cross-tenant.
  • golang.org/x/net, golang.org/x/crypto — always check for patched CVEs in x/ bumps. Confirm no CVE was left unpatched by using govulncheck against the new go.sum.

Action required: Run govulncheck ./... and go mod verify in CI before merging. A go.sum diff is not present in this PR — confirm it was updated atomically with go.mod to prevent dependency confusion (CWE-494).

🚥 Pre-merge checks | ✅ 10 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name Status Explanation Resolution
Title check ❓ Inconclusive The title 'Update go module minor/patch updates' is vague and generic, using non-descriptive language that does not clearly convey what specific dependencies or systems are being updated. Replace with a more specific title that identifies key updated packages, e.g., 'Update Go dependencies: OpenTelemetry v1.44.0, gRPC, and stdlib extensions' or focus on the most critical modules.
✅ Passed checks (10 passed)
Check name Status Explanation
Description check ✅ Passed The PR description is comprehensive and directly related to the changeset, detailing 50+ Go module dependency updates with specific version changes across cloud, observability, and infrastructure ecosystems.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output ✅ Passed PR contains only go.mod/go.sum dependency updates; comprehensive search found zero log statements exposing tokens, passwords, credentials, or secrets in non-test source code.
No Hardcoded Secrets ✅ Passed PR contains only go.mod dependency updates with no hardcoded secrets, API keys, tokens, passwords, or embedded credentials found in code or configuration files.
No Weak Cryptography ✅ Passed No weak cryptography detected. Zero imports of banned crypto/md5, crypto/des, crypto/rc4, crypto/sha1. golang.org/x/crypto v0.53.0 is secure. gRPC v1.81.1 enforces TLS 1.2+. No custom crypto or har...
No Injection Vectors ✅ Passed No injection vectors detected: CWE-89 (no SQL queries), CWE-78 (no exec.Command), CWE-79 (no template.HTML), CWE-502 (no yaml.Unmarshal). Application code uses fmt.Sprintf only for telemetry/loggin...
No Privileged Containers ✅ Passed No privileged containers found. Root user only in Dockerfile build stage (documented), runtime uses UID 65532. Helm enforces allowPrivilegeEscalation=false, runAsUser=65532, all capabilities droppe...
No Pii Or Sensitive Data In Logs ✅ Passed PR modifies only go.mod with dependency version bumps. No code changes, no new logging statements, no PII/sensitive data exposure introduced. Existing logging uses only resource IDs and operational...

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch konflux/mintmaker/main/go-module-minorpatch-updates
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch konflux/mintmaker/main/go-module-minorpatch-updates

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jsell-rh jsell-rh Awaiting requested review from jsell-rh

@rafabene rafabene Awaiting requested review from rafabene

Assignees

No one assigned

Labels

needs-ok-to-test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants