Skip to content

Update google.golang.org/genproto digest to f0a9213#211

Open
red-hat-konflux-kflux-prd-rh02[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/google.golang.org-genproto-digest
Open

Update google.golang.org/genproto digest to f0a9213#211
red-hat-konflux-kflux-prd-rh02[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/google.golang.org-genproto-digest

Conversation

@red-hat-konflux-kflux-prd-rh02

@red-hat-konflux-kflux-prd-rh02 red-hat-konflux-kflux-prd-rh02 Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
google.golang.org/genproto indirect digest 4cfbd41f0a9213

Warning

Some dependencies could not be looked up. Check the warning logs for more information.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "on monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@openshift-ci

openshift-ci Bot commented Jul 6, 2026

Copy link
Copy Markdown

Hi @red-hat-konflux-kflux-prd-rh02[bot]. Thanks for your PR.

I'm waiting for a openshift-hyperfleet member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@coderabbitai

coderabbitai Bot commented Jul 6, 2026

Copy link
Copy Markdown
📝 Walkthrough

Walkthrough

go.mod updates indirect requirements in cloud.google.com/go, github.com/googleapis/*, golang.org/x/*, google.golang.org/api, google.golang.org/genproto, and google.golang.org/grpc. No source files change. Supply-chain surface change; CWE-829 applies. No CVE is cited in the diff.

Estimated code review effort: 1 (Trivial) | ~5 minutes

🚥 Pre-merge checks | ✅ 11
✅ Passed checks (11 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output ✅ Passed No Go source files changed; only go.mod/go.sum were updated, and no token/password/credential/secret log fields or interpolations were introduced (CWE-532).
No Hardcoded Secrets ✅ Passed No hardcoded secrets: diff only updates go.mod/go.sum module versions and checksums; no credentials, tokens, passwords, or auth URLs. CWE-798 not present.
No Weak Cryptography ✅ Passed PASS: only go.mod/go.sum changed; no source diff or repo hits for md5/des/rc4/SHA1/ECB or weak secret comparisons. No CWE-327/328 introduced.
No Injection Vectors ✅ Passed Only go.mod/go.sum changed; no SQL string concat, exec.Command, template.HTML, or yaml.Unmarshal sinks in code. No CWE-89/78/79/502 injection vector introduced.
No Privileged Containers ✅ Passed PR only changes go.mod/go.sum; no Kubernetes/OpenShift manifests, Helm templates, or Dockerfiles were modified.
No Pii Or Sensitive Data In Logs ✅ Passed PASS: Diff only updates go.mod/go.sum; no logging statements or request/body handling were added, so no CWE-532 exposure is introduced.
Title check ✅ Passed The title matches one real change in the PR, even though the diff also updates several other dependencies.
Description check ✅ Passed The description is directly about the genproto digest update shown in the changeset.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch konflux/mintmaker/main/google.golang.org-genproto-digest
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch konflux/mintmaker/main/google.golang.org-genproto-digest

Comment @coderabbitai help to get the list of available commands.

@rafabene

rafabene commented Jul 6, 2026

Copy link
Copy Markdown
Member

Closing — waiting for Go 1.26 bump (HYPERFLEET-1311). Renovate will recreate with proper go.sum after the bump.

@rafabene rafabene closed this Jul 6, 2026
@rafabene rafabene reopened this Jul 6, 2026
@rafabene

rafabene commented Jul 6, 2026

Copy link
Copy Markdown
Member

/ok-to-test

@hyperfleet-ci-bot

hyperfleet-ci-bot Bot commented Jul 6, 2026

Copy link
Copy Markdown

Risk Score: 0 — risk/low

Signal Detail Points
PR size 122 lines +0
Sensitive paths none +0

Computed by hyperfleet-risk-scorer

@red-hat-konflux-kflux-prd-rh02 red-hat-konflux-kflux-prd-rh02 Bot force-pushed the konflux/mintmaker/main/google.golang.org-genproto-digest branch from d1a66c9 to 9a74fb4 Compare July 6, 2026 20:03
@red-hat-konflux-kflux-prd-rh02 red-hat-konflux-kflux-prd-rh02 Bot changed the title Update google.golang.org/genproto digest to 925bb5d Update google.golang.org/genproto digest to b6c8e81 Jul 6, 2026
@rafabene

rafabene commented Jul 7, 2026

Copy link
Copy Markdown
Member

/retest

@red-hat-konflux-kflux-prd-rh02 red-hat-konflux-kflux-prd-rh02 Bot force-pushed the konflux/mintmaker/main/google.golang.org-genproto-digest branch from 9a74fb4 to ff3a18d Compare July 7, 2026 20:03
@red-hat-konflux-kflux-prd-rh02 red-hat-konflux-kflux-prd-rh02 Bot changed the title Update google.golang.org/genproto digest to b6c8e81 Update google.golang.org/genproto digest to f0a9213 Jul 7, 2026
@red-hat-konflux-kflux-prd-rh02

Copy link
Copy Markdown
Contributor Author

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 16 additional dependencies were updated

Details:

Package Change
cloud.google.com/go/auth v0.18.1 -> v0.18.2
cloud.google.com/go/iam v1.5.3 -> v1.11.0
cloud.google.com/go/pubsub/v2 v2.4.0 -> v2.5.1
github.com/googleapis/enterprise-certificate-proxy v0.3.12 -> v0.3.14
github.com/googleapis/gax-go/v2 v2.17.0 -> v2.21.0
golang.org/x/crypto v0.49.0 -> v0.53.0
golang.org/x/net v0.52.0 -> v0.56.0
golang.org/x/oauth2 v0.35.0 -> v0.36.0
golang.org/x/sync v0.20.0 -> v0.21.0
golang.org/x/sys v0.42.0 -> v0.46.0
golang.org/x/text v0.35.0 -> v0.38.0
golang.org/x/time v0.14.0 -> v0.15.0
google.golang.org/api v0.266.0 -> v0.274.0
google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 -> v0.0.0-20260630182238-925bb5da69e7
google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 -> v0.0.0-20260630182238-925bb5da69e7
google.golang.org/grpc v1.80.0 -> v1.81.1

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
go.mod (1)

8-9: 🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

Keep the oapi-codegen runtime deps in go.mod (go.mod:8-9,39-49)

make generate still emits client code that imports github.com/oapi-codegen/runtime, and that runtime still pulls github.com/apapsch/go-jsonmerge/v2. Removing either is a CWE-829 supply-chain mismatch and can break make generate / make build.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` around lines 8 - 9, Keep the oapi-codegen runtime dependencies in
go.mod by preserving the github.com/oapi-codegen/runtime and
github.com/apapsch/go-jsonmerge/v2 entries alongside the existing
generated-client deps. Do not remove these runtime modules from go.mod, since
the generated client code still references them via make generate and related
build paths; verify the dependency set remains consistent with the generated
code and the oapi-codegen-related symbols it imports.

Sources: Coding guidelines, Path instructions

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@go.mod`:
- Around line 8-9: Keep the oapi-codegen runtime dependencies in go.mod by
preserving the github.com/oapi-codegen/runtime and
github.com/apapsch/go-jsonmerge/v2 entries alongside the existing
generated-client deps. Do not remove these runtime modules from go.mod, since
the generated client code still references them via make generate and related
build paths; verify the dependency set remains consistent with the generated
code and the oapi-codegen-related symbols it imports.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: acdff546-63b3-4ce6-bbf4-f73683243146

📥 Commits

Reviewing files that changed from the base of the PR and between 9a74fb4 and ff3a18d.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum, !**/go.sum
📒 Files selected for processing (1)
  • go.mod
🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

  • openshift-hyperfleet/architecture (manual)
  • openshift-hyperfleet/hyperfleet-api (manual)
  • openshift-hyperfleet/hyperfleet-sentinel (manual)
  • openshift-hyperfleet/hyperfleet-adapter (manual)
  • openshift-hyperfleet/hyperfleet-broker (manual)

@rafabene rafabene changed the title Update google.golang.org/genproto digest to f0a9213 rebase! Update google.golang.org/genproto digest to f0a9213 Jul 8, 2026
Signed-off-by: red-hat-konflux-kflux-prd-rh02 <190377777+red-hat-konflux-kflux-prd-rh02[bot]@users.noreply.github.com>
@red-hat-konflux-kflux-prd-rh02 red-hat-konflux-kflux-prd-rh02 Bot changed the title rebase! Update google.golang.org/genproto digest to f0a9213 Update google.golang.org/genproto digest to f0a9213 Jul 8, 2026
@red-hat-konflux-kflux-prd-rh02 red-hat-konflux-kflux-prd-rh02 Bot force-pushed the konflux/mintmaker/main/google.golang.org-genproto-digest branch from ff3a18d to 1d3bf5e Compare July 8, 2026 16:03

@rafabene rafabene left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@rafabene

rafabene commented Jul 8, 2026

Copy link
Copy Markdown
Member

/lgtm

@openshift-ci

openshift-ci Bot commented Jul 8, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rafabene

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the approved label Jul 8, 2026
@openshift-ci

openshift-ci Bot commented Jul 8, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rafabene

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant