openshift · ocp-sustaining-admins · May 1, 2026 · May 8, 2026 · coderabbitai · May 8, 2026
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -1,6 +1,8 @@
 run:
   # Default timeout is 1m, up to give more room
-  timeout: 4m
+  timeout: 10m
+  # Limit concurrency to reduce memory usage in CI
+  concurrency: 2
 
 linters:
   enable:

diff --git a/go.mod b/go.mod
@@ -6,7 +6,7 @@ toolchain go1.23.4
 
 require (
 	github.com/blang/semver/v4 v4.0.0
-	github.com/go-logr/logr v1.4.2
+	github.com/go-logr/logr v1.4.3
 	github.com/openshift/api v0.0.0-20250426060331-e577b4d83475
 	github.com/openshift/build-machinery-go v0.0.0-20250102153059-e85a1a7ecb5c
 	github.com/openshift/client-go v0.0.0-20250125113824-8e1f0b8fa9a7
@@ -17,9 +17,8 @@ require (
 	github.com/operator-framework/operator-registry v1.48.0
 	github.com/spf13/cobra v1.8.1
 	github.com/spf13/pflag v1.0.5
-	github.com/stretchr/testify v1.9.0
-	golang.org/x/net v0.30.0
-	golang.org/x/text v0.19.0
+	github.com/stretchr/testify v1.10.0
+	golang.org/x/text v0.26.0
 	helm.sh/helm/v3 v3.16.2
 	k8s.io/api v0.32.2
 	k8s.io/apiextensions-apiserver v0.32.2
@@ -32,7 +31,7 @@ require (
 )
 
 require (
-	cel.dev/expr v0.18.0 // indirect
+	cel.dev/expr v0.24.0 // indirect
 	github.com/Masterminds/semver/v3 v3.3.0 // indirect
 	github.com/Masterminds/squirrel v1.5.4 // indirect
 	github.com/NYTimes/gziphandler v1.1.1 // indirect
@@ -60,7 +59,7 @@ require (
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/cel-go v0.22.0 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
-	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect
 	github.com/google/uuid v1.6.0 // indirect
@@ -101,28 +100,30 @@ require (
 	go.etcd.io/etcd/api/v3 v3.5.16 // indirect
 	go.etcd.io/etcd/client/pkg/v3 v3.5.16 // indirect
 	go.etcd.io/etcd/client/v3 v3.5.16 // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
-	go.opentelemetry.io/otel v1.29.0 // indirect
+	go.opentelemetry.io/otel v1.37.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.29.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect
-	go.opentelemetry.io/otel/metric v1.29.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.29.0 // indirect
-	go.opentelemetry.io/otel/trace v1.29.0 // indirect
+	go.opentelemetry.io/otel/metric v1.37.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.37.0 // indirect
+	go.opentelemetry.io/otel/trace v1.37.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
-	golang.org/x/crypto v0.28.0 // indirect
+	golang.org/x/crypto v0.39.0 // indirect
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
-	golang.org/x/oauth2 v0.23.0 // indirect
-	golang.org/x/sync v0.8.0 // indirect
-	golang.org/x/sys v0.26.0 // indirect
-	golang.org/x/term v0.25.0 // indirect
+	golang.org/x/net v0.41.0 // indirect
+	golang.org/x/oauth2 v0.30.0 // indirect
+	golang.org/x/sync v0.15.0 // indirect
+	golang.org/x/sys v0.33.0 // indirect
+	golang.org/x/term v0.32.0 // indirect
 	golang.org/x/time v0.7.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240826202546-f6391c0de4c7 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7 // indirect
-	google.golang.org/grpc v1.67.1 // indirect
-	google.golang.org/protobuf v1.35.1 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 // indirect
+	google.golang.org/grpc v1.71.0 // indirect
+	google.golang.org/protobuf v1.36.6 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
@@ -137,3 +138,5 @@ require (
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )
+
+replace google.golang.org/grpc => github.com/openshift-sustaining/grpc-go v1.75.1-sec.1
diff --git a/go.sum b/go.sum
diff --git a/pkg/controller/dynamicrequiredmanifest_controller.go b/pkg/controller/dynamicrequiredmanifest_controller.go
@@ -1,6 +1,7 @@
 package controller
 
 import (
+	"context"
 	"fmt"
 
 	operatorv1 "github.com/openshift/api/operator/v1"
@@ -9,7 +10,6 @@ import (
 	"github.com/openshift/library-go/pkg/controller/factory"
 	"github.com/openshift/library-go/pkg/operator/events"
 	"github.com/openshift/library-go/pkg/operator/management"
-	"golang.org/x/net/context"
 	"k8s.io/apimachinery/pkg/api/equality"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

diff --git a/vendor/cel.dev/expr/.bazelversion b/vendor/cel.dev/expr/.bazelversion
@@ -1,2 +1,2 @@
-7.0.1
+7.3.2
 # Keep this pinned version in parity with cel-go
diff --git a/vendor/cel.dev/expr/MODULE.bazel b/vendor/cel.dev/expr/MODULE.bazel
@@ -8,26 +8,38 @@ bazel_dep(
 )
 bazel_dep(
     name = "gazelle",
-    version = "0.36.0",
+    version = "0.39.1",
     repo_name = "bazel_gazelle",
 )
 bazel_dep(
     name = "googleapis",
-    version = "0.0.0-20240819-fe8ba054a",
+    version = "0.0.0-20241220-5e258e33.bcr.1",
     repo_name = "com_google_googleapis",
 )
+bazel_dep(
+    name = "googleapis-cc",
+    version = "1.0.0",
+)
+bazel_dep(
+    name = "googleapis-java",
+    version = "1.0.0",
+)
+bazel_dep(
+    name = "googleapis-go",
+    version = "1.0.0",
+)
 bazel_dep(
     name = "protobuf",
-    version = "26.0",
+    version = "27.0",
     repo_name = "com_google_protobuf",
 )
 bazel_dep(
     name = "rules_cc",
-    version = "0.0.9",
+    version = "0.0.17",
 )
 bazel_dep(
     name = "rules_go",
-    version = "0.49.0",
+    version = "0.53.0",
     repo_name = "io_bazel_rules_go",
 )
 bazel_dep(
@@ -36,7 +48,7 @@ bazel_dep(
 )
 bazel_dep(
     name = "rules_proto",
-    version = "6.0.0",
+    version = "7.0.2",
 )
 bazel_dep(
     name = "rules_python",
@@ -50,16 +62,8 @@ python.toolchain(
     python_version = "3.11",
 )
 
-switched_rules = use_extension("@com_google_googleapis//:extensions.bzl", "switched_rules")
-switched_rules.use_languages(
-    cc = True,
-    go = True,
-    java = True,
-)
-use_repo(switched_rules, "com_google_googleapis_imports")
-
 go_sdk = use_extension("@io_bazel_rules_go//go:extensions.bzl", "go_sdk")
-go_sdk.download(version = "1.21.1")
+go_sdk.download(version = "1.22.0")
 
 go_deps = use_extension("@bazel_gazelle//:extensions.bzl", "go_deps")
 go_deps.from_file(go_mod = "//:go.mod")

diff --git a/vendor/cel.dev/expr/README.md b/vendor/cel.dev/expr/README.md
@@ -69,5 +69,3 @@ For more detail, see:
 *   [Language Definition](doc/langdef.md)
 
 Released under the [Apache License](LICENSE).
-
-Disclaimer: This is not an official Google product.
diff --git a/vendor/cel.dev/expr/cloudbuild.yaml b/vendor/cel.dev/expr/cloudbuild.yaml
@@ -1,5 +1,5 @@
 steps:
-- name: 'gcr.io/cloud-builders/bazel:7.0.1'
+- name: 'gcr.io/cloud-builders/bazel:7.3.2'
   entrypoint: bazel
   args: ['build', '...']
   id: bazel-build
Original file line number	Diff line number	Diff line change
Expand Up		@@ -69,5 +69,3 @@ For more detail, see:
		* [Language Definition](doc/langdef.md)

		Released under the [Apache License](LICENSE).

		Disclaimer: This is not an official Google product.