Skip to content

Bump the k8s group across 1 directory with 2 updates#1458

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/k8s-5297f6ae2f
Open

Bump the k8s group across 1 directory with 2 updates#1458
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/k8s-5297f6ae2f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the k8s group with 2 updates in the / directory: k8s.io/apimachinery and k8s.io/kubectl.

Updates k8s.io/apimachinery from 0.35.4 to 0.36.2

Commits
  • ae3f98e Update dependencies to v0.36.2 tag
  • 2ec982d Merge pull request #139508lalitc375/automated-cherry-pick-of-#139480
  • 6a88102 Fix wrong marking of errors
  • efb7f26 Merge remote-tracking branch 'origin/master' into release-1.36
  • d966e56 Update github.com/moby/spdystream from v0.5.0 to v0.5.1
  • 79b3632 Merge pull request #137864 from yongruilin/dv-dra-mismatch
  • a8822f7 Add slice and map union member support with tests
  • 7dba2d0 Use IsZero instead of IsNil for union ratcheting check
  • d95710f Fix union validation ratcheting when oldObj is nil
  • 729062d Merge pull request #137849 from bryantbiggs/deps/update-kube-openapi
  • Additional commits viewable in compare view

Updates k8s.io/kubectl from 0.35.0 to 0.36.2

Commits
  • 7f7757a Update dependencies to v0.36.2 tag
  • 2a397b1 Merge pull request #138500soltysh/automated-cherry-pick-of-#138499
  • 8598401 Escape path inside the container
  • 50e8956 Merge remote-tracking branch 'origin/master' into release-1.36
  • 3f435ca Merge pull request #138346 from dashpole/update_otel_prop
  • 36707c8 Merge remote-tracking branch 'origin/master' into release-1.36
  • 5e5dfaa Update github.com/moby/spdystream from v0.5.0 to v0.5.1
  • 777119f update go.opentelemetry.io/otel to v1.41.0
  • 02b6975 pause: fix version drift in various files
  • 82a3c05 Merge pull request #137906 from aramase/aramase/c/grpc_v1.79.0
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Summary by CodeRabbit

  • Chores
    • Updated the Go version to a newer release.
    • Refreshed several Kubernetes-related libraries and other supporting dependencies.
    • Removed a couple of no-longer-needed indirect dependencies.

Bumps the k8s group with 2 updates in the / directory: [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) and [k8s.io/kubectl](https://github.com/kubernetes/kubectl).


Updates `k8s.io/apimachinery` from 0.35.4 to 0.36.2
- [Commits](kubernetes/apimachinery@v0.35.4...v0.36.2)

Updates `k8s.io/kubectl` from 0.35.0 to 0.36.2
- [Commits](kubernetes/kubectl@v0.35.0...v0.36.2)

---
updated-dependencies:
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: k8s
- dependency-name: k8s.io/kubectl
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: k8s
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels Jul 1, 2026
@openshift-ci openshift-ci Bot requested review from dorzel and r4f4 July 1, 2026 05:53
@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Walkthrough

This PR updates go.mod: the Go toolchain moves from 1.25.7 to 1.26.0, core Kubernetes modules (k8s.io/api, apimachinery, client-go, kubectl) are bumped to v0.36.2, several indirect dependencies are updated, and two indirect requirements (go-cmp, httpcache) are removed.

Changes

Dependency Version Updates

Layer / File(s) Summary
Go toolchain and core Kubernetes module updates
go.mod
Go directive updated to 1.26.0; k8s.io/api, apimachinery, client-go bumped to v0.36.2, and kubectl to v0.36.2.
Indirect dependency updates and removals
go.mod
protobuf, cli-runtime, component-base, klog/v2, kube-openapi, utils, kustomize/api, kustomize/kyaml, and structured-merge-diff/v6 versions updated; go-cmp and httpcache indirect requirements removed.

Estimated code review effort: 1 (Trivial) | ~3 minutes

Suggested labels: review_needed_junior_swe, review_depth_standard

Suggested reviewers: N/A

Poem:
A rabbit hopped through go.mod's grass,
Bumping versions as seasons pass,
Kubectl and client-go climb the hill,
Two old deps swept off, standing still,
1.26 now lights the way at last. 🐇

🚥 Pre-merge checks | ✅ 15
✅ Passed checks (15 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title matches the main Dependabot change by describing a k8s dependency group bump in the root directory.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed The PR only updates go.mod dependency pins; no *_test.go or Ginkgo title changes are present, so no unstable test names were introduced.
Test Structure And Quality ✅ Passed No Ginkgo test files were changed; this Dependabot PR only updates go.mod deps/toolchain, so the test-quality check is not applicable.
Microshift Test Compatibility ✅ Passed PR only changes go.mod/go.sum for dependency bumps; no new Ginkgo/e2e tests or MicroShift-sensitive APIs were added.
Single Node Openshift (Sno) Test Compatibility ✅ Passed PR only updates go.mod dependency versions; no Ginkgo e2e tests or SNO-sensitive test logic were added or changed.
Topology-Aware Scheduling Compatibility ✅ Passed Only go.mod dependency/toolchain bumps changed; no deployment manifests, operator code, or controllers introducing scheduling constraints.
Ote Binary Stdout Contract ✅ Passed PR only updates go.mod; no process-level code or stdout-writing setup was changed, so no new OTE stdout contract risk is introduced.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed Only go.mod dependency pins changed; no new Ginkgo e2e tests or network-using test code was added.
No-Weak-Crypto ✅ Passed PR only updates go.mod dependency versions; the changed file has no MD5/SHA1/DES/RC4/3DES/Blowfish/ECB or custom secret-compare code.
Container-Privileges ✅ Passed PR is go.mod-only; repo search found no changed manifests or flagged privileged settings like privileged/hostPID/hostNetwork/allowPrivilegeEscalation.
No-Sensitive-Data-In-Logs ✅ Passed PR only updates go.mod dependencies/toolchain; no logging code or sensitive-data output was added.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/go_modules/k8s-5297f6ae2f

Comment @coderabbitai help to get the list of available commands.

@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign aguidirh for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Jul 1, 2026
@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Line 3: The Go toolchain version is inconsistent between the module config and
the Docker build image. Update the version pin in go.mod and the matching
toolchain download/version reference in the Dockerfile so both use the same Go
release, keeping the change centered on the go directive and the Dockerfile
installation setup.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 8aa11d5c-a260-4403-af65-737ef533a00b

📥 Commits

Reviewing files that changed from the base of the PR and between c3552e2 and ad44f3c.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum
📒 Files selected for processing (1)
  • go.mod

Comment thread go.mod
module github.com/openshift/oc-mirror/v2

go 1.25.7
go 1.26.0

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== go.mod =="
git ls-files go.mod && sed -n '1,20p' go.mod

echo
echo "== Dockerfile candidates =="
git ls-files | rg '(^|/)(Dockerfile|dockerfile|.*Dockerfile.*)$' || true

echo
echo "== Go version/toolchain references =="
rg -n --hidden --glob '!**/vendor/**' --glob '!**/.git/**' \
  '\bgo1\.[0-9]+(\.[0-9]+)?\b|\bgo [0-9]+\.[0-9]+(\.[0-9]+)?\b|GOVERSION|GO_VERSION|toolchain ' \
  . || true

Repository: openshift/oc-mirror

Length of output: 4575


Align the Go toolchain pin before merging.

go 1.26.0 conflicts with the repo’s Dockerfile, which still downloads go1.23.5, so builds using that image will fail until the toolchain version is updated to match.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` at line 3, The Go toolchain version is inconsistent between the
module config and the Docker build image. Update the version pin in go.mod and
the matching toolchain download/version reference in the Dockerfile so both use
the same Go release, keeping the change centered on the go directive and the
Dockerfile installation setup.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants