NO-ISSUE: Update github.com/openshift/api digest to 26dbe2a

[red-hat-konflux]

This PR contains the following updates:

Package	Type	Update	Change
github.com/openshift/api	require	digest	b7d0481 -> 26dbe2a

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[openshift-ci-robot]

@red-hat-konflux[bot]: This pull request explicitly references no jira issue.

Details

In response to this:

This PR contains the following updates:

Package	Type	Update	Change
github.com/openshift/api	require	digest	b7d0481 -> 50e2ece

---

[!WARNING]
Some dependencies could not be looked up. Check the warning logs for more information.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Updated the github.com/openshift/api dependency version in api/go.mod from v0.0.0-20240830023148-b7d0481c9094 to v0.0.0-20260209232644-126cbbe24427.

Changes

Cohort / File(s)	Summary
Dependency Update api/go.mod	Changed github.com/openshift/api require from v0.0.0-20240830023148-b7d0481c9094 to v0.0.0-20260209232644-126cbbe24427.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch konflux/mintmaker/master/github.com-openshift-api-digest

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: red-hat-konflux[bot]
Once this PR has been reviewed and has the lgtm label, please assign eranco74 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @red-hat-konflux[bot]. Thanks for your PR.

I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@api/go.mod`:
- Line 6: The PR title's referenced digest (71e91db) doesn't match the actual
pseudo-version digest in api/go.mod (618697272d69); update the PR title or
description to reflect the true dependency change, or revert/api-modify the
go.mod entry to the intended pseudo-version so they match; locate the dependency
line with "github.com/openshift/api v0.0.0-20260203111218-618697272d69" and
ensure the PR metadata uses the same digest string to avoid confusion.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@api/go.mod`:
- Line 6: Search the codebase for references to the removed OpenShift feature
gate symbols (e.g., VolumeAttributesClass, ProcMountType) and any SDN-related
feature gate constants; if found (likely via imports from
github.com/openshift/api), update those call sites to either use the equivalent
string names or guarded logic (e.g., replace usages of the exported constants
FeatureGateVolumeAttributesClass/FeatureGateProcMountType with their literal
feature gate names or conditional runtime checks), or else pin the go.mod
dependency back to the older github.com/openshift/api version; make the change
in the functions/modules that import these symbols (replace constant references
or add compatibility wrappers) so the build no longer depends on the removed
exported symbols.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# Check the openshift/api repository details and tags between the versions
git ls-files api/go.mod

Repository: openshift/cluster-api-provider-agent

Length of output: 90

---

🌐 Web query:

github.com/openshift/api v0.0.0-20260206223843 breaking changes

💡 Result:

Your version string is incomplete: a Go pseudo-version should look like v0.0.0-20260206223843-<12+ char commit> (the trailing commit hash is what uniquely identifies the code). With just v0.0.0-20260206223843 I can’t deterministically map it to one commit.

That said, on/around Feb 6, 2026, openshift/api landed these likely breaking changes (compile-time / API surface changes for Go consumers):

• Removed FeatureGate VolumeAttributesClass (including the exported Go symbol FeatureGateVolumeAttributesClass and related featuregate payload entries). This can break builds if you referenced that constant or expected it in generated featuregate manifests. [1]
• Removed FeatureGate ProcMountType (including the exported Go symbol FeatureGateProcMountType and related payload entries). Same type of build/config break as above. [2]
• Removed/graduated SDN-related feature gates (“Remove graduated SDN feature gates”), which also touched networking API validation annotations and generated manifests. If you referenced any of the removed feature-gate names/symbols (or relied on those gates gating validation), this can be breaking. [3]

Non-breaking (additive) change on Feb 6:

• Added FeatureGate DRAPartitionableDevices (new symbol/manifests). [4]

If you paste the full pseudo-version (including the -<commit> suffix), I can give the exact breaking-change list for that commit and the diff vs the previous version you were on.

Sources:
[1] openshift/api commit removing VolumeAttributesClass FeatureGate: (github.com)
[2] openshift/api commit removing ProcMountType: (github.com)
[3] openshift/api commit removing graduated SDN feature gates: (github.com)
[4] openshift/api commit adding DRAPartitionableDevices: (github.com)

Citations:

• 1: openshift/api@2994996
• 2: openshift/api@71e91db
• 3: openshift/api@0acc398
• 4: openshift/api@639b501

---

🌐 Web query:

openshift/api security advisory CVE 2025 2026

💡 Result:

OpenShift “API” security advisories / CVEs (2025–2026) — what to look at

Notable OpenShift API-server CVE in 2025

• CVE-2025-14443 — SSRF in ose-openshift-apiserver (OpenShift API Server / ImageStreamImport image reference handling). Published 2025-12-16; CVSS v3.1 8.5 (High). The affected product shown is Red Hat OpenShift Container Platform 4 (package openshift4/ose-openshift-apiserver-rhel9). [1], [2]

Example OpenShift “API” product CVE in 2026 (affects “OpenShift API for Data Protection”, among others)

• CVE-2026-22772 — SSRF in Fulcio (MetaIssuer URL validation). Red Hat Security Data API listing shows Released on 2026-01-12, CVSS v3 5.8 (moderate), and advisories including RHSA-2026:2136 and RHSA-2026:2144; affected products listed include OpenShift API for Data Protection and Red Hat OpenShift Container Platform 4. [3]

OpenShift Container Platform errata that include 2025 CVEs (example)

• RHSA-2025:0654 (OCP 4.17.14) includes fixes for CVE-2025-21613 and CVE-2025-21614 (go-git issues), among others. [4]

---

How to find all relevant OpenShift CVEs for 2025–2026 (recommended)

Use Red Hat’s Security Data API “CVE” search endpoint and filter by product name (regex-supported), severity, and a date window (after/before). The available query parameters are documented by Red Hat. [5]

Tip: For OpenShift control-plane/API-server issues, search for product OpenShift Container Platform and then review CVEs where the affected package/component is openshift-apiserver / kube-apiserver / openshift4/ose-openshift-apiserver-*.

Sources:
[1] NVD entry for CVE-2025-14443.
[2] OpenCVE details showing Red Hat-provided package/product impact for CVE-2025-14443.
[3] Red Hat Security Data API CVE listing (shows CVE-2026-22772 advisories and affected products).
[4] Red Hat errata RHSA-2025:0654 (OCP 4.17.14) CVE list.
[5] Red Hat Security Data API documentation (CVE endpoints + parameters).

---

🏁 Script executed:

# Extract and analyze the pseudo-version information
echo "Analyzing pseudo-version information:"
echo "Old version: v0.0.0-20240830023148-b7d0481c9094"
echo "New version: v0.0.0-20260206223843-639b501bb529"
echo ""
echo "Pseudo-version format: v0.0.0-YYYYMMDDHHMMSS-COMMIT"
echo "Old: August 30, 2024"
echo "New: February 6, 2026"
echo "Time gap: ~18 months"

Repository: openshift/cluster-api-provider-agent

Length of output: 330

---

Address breaking changes in openshift/api dependency update.

The update from v0.0.0-20240830023148-b7d0481c9094 to v0.0.0-20260206223843-639b501bb529 introduces breaking changes for Go consumers:

• Removed FeatureGate VolumeAttributesClass (exported Go symbol removed)
• Removed FeatureGate ProcMountType (exported Go symbol removed)
• Removed/graduated SDN-related feature gates

Verify that this codebase does not reference any of these removed feature gate constants or SDN-related gates. If it does, update the code accordingly or pin the dependency to a compatible version.

🤖 Prompt for AI Agents

In `@api/go.mod` at line 6, Search the codebase for references to the removed
OpenShift feature gate symbols (e.g., VolumeAttributesClass, ProcMountType) and
any SDN-related feature gate constants; if found (likely via imports from
github.com/openshift/api), update those call sites to either use the equivalent
string names or guarded logic (e.g., replace usages of the exported constants
FeatureGateVolumeAttributesClass/FeatureGateProcMountType with their literal
feature gate names or conditional runtime checks), or else pin the go.mod
dependency back to the older github.com/openshift/api version; make the change
in the functions/modules that import these symbols (replace constant references
or add compatibility wrappers) so the build no longer depends on the removed
exported symbols.

[red-hat-konflux]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: api/go.sum

Command failed: go get -t ./...
go: downloading sigs.k8s.io/controller-runtime v0.22.4
go: downloading k8s.io/client-go v0.34.2
go: downloading sigs.k8s.io/cluster-api v1.11.0
go: downloading k8s.io/apimachinery v0.35.1
go: downloading github.com/openshift/api v0.0.0-20260316200755-26dbe2a81aa7
go: downloading sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730
go: downloading sigs.k8s.io/yaml v1.6.0
go: downloading sigs.k8s.io/structured-merge-diff/v6 v6.3.1
go: downloading k8s.io/kube-openapi v0.0.0-20251125145642-4e65d59e963e
go: downloading k8s.io/utils v0.0.0-20251002143259-bc988d571ff4
go: downloading k8s.io/klog/v2 v2.130.1
go: downloading sigs.k8s.io/randfill v1.0.0
go: downloading gopkg.in/inf.v0 v0.9.1
go: downloading github.com/fxamacker/cbor/v2 v2.9.0
go: downloading golang.org/x/net v0.47.0
go: downloading go.yaml.in/yaml/v2 v2.4.3
go: downloading github.com/x448/float16 v0.8.4
go: downloading github.com/go-logr/logr v1.4.3
go: downloading github.com/json-iterator/go v1.1.12
go: downloading github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee
go: downloading github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
go: downloading golang.org/x/text v0.31.0
go: downloading k8s.io/api v0.35.1
go: downloading k8s.io/apiextensions-apiserver v0.34.2
go: downloading github.com/emicklei/go-restful/v3 v3.13.0
go: downloading github.com/go-openapi/jsonreference v0.21.3
go: downloading github.com/go-openapi/swag v0.25.3
go: downloading github.com/google/gnostic-models v0.7.1
go: downloading github.com/pkg/errors v0.9.1
go: downloading github.com/google/go-cmp v0.7.0
go: downloading github.com/onsi/gomega v1.38.2
go: downloading github.com/go-openapi/jsonpointer v0.22.3
go: downloading github.com/go-openapi/swag/yamlutils v0.25.3
go: downloading github.com/go-openapi/swag/loading v0.25.3
go: downloading github.com/go-openapi/swag/cmdutils v0.25.3
go: downloading github.com/go-openapi/swag/stringutils v0.25.3
go: downloading github.com/go-openapi/swag/fileutils v0.25.3
go: downloading github.com/go-openapi/swag/mangling v0.25.3
go: downloading github.com/go-openapi/swag/netutils v0.25.3
go: downloading github.com/go-openapi/swag/conv v0.25.3
go: downloading github.com/go-openapi/swag/jsonutils v0.25.3
go: downloading github.com/go-openapi/swag/typeutils v0.25.3
go: downloading github.com/go-openapi/swag/jsonname v0.25.3
go: downloading go.yaml.in/yaml/v3 v3.0.4
go: downloading google.golang.org/protobuf v1.36.10
go: downloading github.com/gogo/protobuf v1.3.2
go: downloading k8s.io/api v0.35.2
go: github.com/openshift/cluster-api-provider-agent/api/v1beta1 imports
	k8s.io/client-go/kubernetes/scheme imports
	k8s.io/api/storagemigration/v1alpha1: cannot find module providing package k8s.io/api/storagemigration/v1alpha1