Dependency bump#672
Conversation
|
Important Review skippedReview was skipped due to path filters ⛔ Files ignored due to path filters (2)
CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including ⚙️ Run configurationConfiguration used: Repository YAML (base), Central YAML (inherited) Review profile: CHILL Plan: Enterprise Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
WalkthroughUpdates Go toolchain baseline from 1.26 to 1.25, refreshes direct and indirect ChangesDependency and Toolchain Updates
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes 🚥 Pre-merge checks | ✅ 14 | ❌ 1❌ Failed checks (1 inconclusive)
✅ Passed checks (14 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #672 +/- ##
=======================================
Coverage 54.33% 54.33%
=======================================
Files 123 123
Lines 6212 6212
=======================================
Hits 3375 3375
Misses 2631 2631
Partials 206 206 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@go.mod`:
- Line 87: The go.mod file still pins an indirect vulnerable dependency,
github.com/moby/spdystream v0.5.0, so update the direct module that brings it in
(likely k8s.io/client-go or another Kubernetes-related dependency) to a release
that depends on a patched spdystream version, or otherwise override it to a
fixed release if needed. Use the module graph around github.com/moby/spdystream
and the affected dependency entry in go.mod to identify the transitive source,
then refresh the dependency set so the indirect requirement resolves to a
non-vulnerable version.
- Around line 7-41: The dependency set is mismatched:
sigs.k8s.io/controller-runtime is still on v0.21.0 while the k8s.io/api,
k8s.io/apimachinery, and k8s.io/client-go modules are on v0.35.1. Update the
controller-runtime requirement to the matching v0.23.x line, or alternatively
downgrade the Kubernetes modules to the compatible v0.33.x series. Keep the
version alignment consistent across the Kubernetes stack so the go.mod set stays
supported.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Central YAML (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: 7e2e92ef-5870-4c48-b916-d4ae33e48924
⛔ Files ignored due to path filters (23)
boilerplate/_data/backing-image-tagis excluded by!boilerplate/**boilerplate/_data/last-boilerplate-commitis excluded by!boilerplate/**boilerplate/_lib/subscriber-propose-updateis excluded by!boilerplate/**boilerplate/openshift/golang-osd-e2e/updateis excluded by!boilerplate/**boilerplate/openshift/golang-osd-operator/OWNERS_ALIASESis excluded by!boilerplate/**boilerplate/openshift/golang-osd-operator/docs/pre-commit.mdis excluded by!boilerplate/**boilerplate/openshift/golang-osd-operator/updateis excluded by!boilerplate/**build/Dockerfileis excluded by!build/**build/Dockerfile.olm-registryis excluded by!build/**deploy_pko/.test-fixtures/config-with-proxy/Cleanup-OLM-Job.yamlis excluded by!**/.test-fixtures/**deploy_pko/.test-fixtures/config-with-proxy/ClusterRole-managed-upgrade-operator.yamlis excluded by!**/.test-fixtures/**deploy_pko/.test-fixtures/config-with-proxy/ClusterRoleBinding-managed-upgrade-operator.yamlis excluded by!**/.test-fixtures/**deploy_pko/.test-fixtures/config-with-proxy/ConfigMap-trusted-ca-bundle.yamlis excluded by!**/.test-fixtures/**deploy_pko/.test-fixtures/config-with-proxy/CustomResourceDefinition-upgradeconfigs.upgrade.managed.openshift.io.yamlis excluded by!**/.test-fixtures/**deploy_pko/.test-fixtures/config-with-proxy/Deployment-managed-upgrade-operator.yamlis excluded by!**/.test-fixtures/**deploy_pko/.test-fixtures/config-with-proxy/Role-managed-upgrade-operator-other.yamlis excluded by!**/.test-fixtures/**deploy_pko/.test-fixtures/config-with-proxy/Role-managed-upgrade-operator.yamlis excluded by!**/.test-fixtures/**deploy_pko/.test-fixtures/config-with-proxy/Role-prometheus-k8s.yamlis excluded by!**/.test-fixtures/**deploy_pko/.test-fixtures/config-with-proxy/RoleBinding-managed-upgrade-operator-other.yamlis excluded by!**/.test-fixtures/**deploy_pko/.test-fixtures/config-with-proxy/RoleBinding-managed-upgrade-operator.yamlis excluded by!**/.test-fixtures/**deploy_pko/.test-fixtures/config-with-proxy/RoleBinding-prometheus-k8s.yamlis excluded by!**/.test-fixtures/**deploy_pko/.test-fixtures/config-with-proxy/ServiceAccount-managed-upgrade-operator.yamlis excluded by!**/.test-fixtures/**go.sumis excluded by!**/*.sum
📒 Files selected for processing (5)
.ci-operator.yaml.tekton/OWNERSOWNERS_ALIASESgo.modtest/e2e/Dockerfile
💤 Files with no reviewable changes (2)
- .tekton/OWNERS
- OWNERS_ALIASES
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@prek.toml`:
- Line 37: The golangci-lint version update is only applied in prek.toml, but
the enforced CI/local prek configuration still points at the old revision.
Update hack/prek.ci.toml so the prek-ci hook uses the same golangci-lint rev as
prek.toml, and keep .pre-commit-config.yaml aligned if it still defines the same
hook. Verify the sync in the prek-related config entries rather than only
changing the top-level config.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Central YAML (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: eb039d86-a6cc-44f4-adc2-296fa6079c14
⛔ Files ignored due to path filters (14)
deploy_pko/.test-fixtures/config-with-proxy/Cleanup-OLM-Job.yamlis excluded by!**/.test-fixtures/**deploy_pko/.test-fixtures/config-with-proxy/ClusterRole-managed-upgrade-operator.yamlis excluded by!**/.test-fixtures/**deploy_pko/.test-fixtures/config-with-proxy/ClusterRoleBinding-managed-upgrade-operator.yamlis excluded by!**/.test-fixtures/**deploy_pko/.test-fixtures/config-with-proxy/ConfigMap-trusted-ca-bundle.yamlis excluded by!**/.test-fixtures/**deploy_pko/.test-fixtures/config-with-proxy/CustomResourceDefinition-upgradeconfigs.upgrade.managed.openshift.io.yamlis excluded by!**/.test-fixtures/**deploy_pko/.test-fixtures/config-with-proxy/Deployment-managed-upgrade-operator.yamlis excluded by!**/.test-fixtures/**deploy_pko/.test-fixtures/config-with-proxy/Role-managed-upgrade-operator-other.yamlis excluded by!**/.test-fixtures/**deploy_pko/.test-fixtures/config-with-proxy/Role-managed-upgrade-operator.yamlis excluded by!**/.test-fixtures/**deploy_pko/.test-fixtures/config-with-proxy/Role-prometheus-k8s.yamlis excluded by!**/.test-fixtures/**deploy_pko/.test-fixtures/config-with-proxy/RoleBinding-managed-upgrade-operator-other.yamlis excluded by!**/.test-fixtures/**deploy_pko/.test-fixtures/config-with-proxy/RoleBinding-managed-upgrade-operator.yamlis excluded by!**/.test-fixtures/**deploy_pko/.test-fixtures/config-with-proxy/RoleBinding-prometheus-k8s.yamlis excluded by!**/.test-fixtures/**deploy_pko/.test-fixtures/config-with-proxy/ServiceAccount-managed-upgrade-operator.yamlis excluded by!**/.test-fixtures/**go.sumis excluded by!**/*.sum
📒 Files selected for processing (4)
deploy/crds/upgrade.managed.openshift.io_upgradeconfigs.yamldeploy_pko/Cleanup-OLM-Job.yamlgo.modprek.toml
✅ Files skipped from review due to trivial changes (2)
- deploy/crds/upgrade.managed.openshift.io_upgradeconfigs.yaml
- deploy_pko/Cleanup-OLM-Job.yaml
🚧 Files skipped from review as they are similar to previous changes (1)
- go.mod
|
/retest |
|
@chamalabey: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: chamalabey, tkong-redhat The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest |
What type of PR is this?
CVE fix
What this PR does / why we need it?
Dependency update for MUO
Which Jira/Github issue(s) this PR fixes?
Fixes #ROSAENG-60414
Special notes for your reviewer:
Pre-checks (if applicable):
Summary by CodeRabbit