Skip to content

build(deps): bump the golang group across 1 directory with 11 updates#229

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/golang-6a7037e41a
Open

build(deps): bump the golang group across 1 directory with 11 updates#229
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/golang-6a7037e41a

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 4, 2026
edited
Loading

Bumps the golang group with 9 updates in the / directory:

Package From To
github.com/Microsoft/hcsshim 0.13.0 0.14.1
github.com/buger/jsonparser 1.1.1 1.2.0
github.com/coreos/go-systemd/v22 22.6.0 22.7.0
github.com/godbus/dbus/v5 5.1.0 5.2.2
github.com/mattn/go-shellwords 1.0.12 1.0.13
github.com/onsi/ginkgo/v2 2.25.1 2.28.3
github.com/opencontainers/selinux 1.12.0 1.13.1
github.com/safchain/ethtool 0.6.2 0.7.0
sigs.k8s.io/knftables 0.0.18 0.0.21

Updates github.com/Microsoft/hcsshim from 0.13.0 to 0.14.1

Release notes

Sourced from github.com/Microsoft/hcsshim's releases.

v0.14.1

What's Changed

fb5aa2e94 - Maksim An (2026-04-07): upgrade dependencies to fix CI 9a434d6e1 - Dawei Wei (2026-03-06): shim: skip SandboxPlatform validation when platform is not explicitly set (#2620) 98d74bb52 - Cory Snider (2026-02-10): WCOW: restore support for client-mounted roots (#2595)

Full Changelog: microsoft/hcsshim@v0.14.0...v0.14.1

v0.14.0

This is a non-rc v0.14.0 release, which is the same as https://github.com/microsoft/hcsshim/releases/tag/v0.14.0-rc.1

What's Changed

Full Changelog: microsoft/hcsshim@v0.13.0...v0.14.0

v0.14.0-rc.1

What's Changed

... (truncated)

Commits
  • fb5aa2e upgrade dependencies to fix CI
  • 9a434d6 shim: skip SandboxPlatform validation when platform is not explicitly set (#2...
  • 98d74bb WCOW: restore support for client-mounted roots (#2595)
  • 59e0e2f Bump actions/checkout from 4 to 5 (#2499)
  • a776109 Fix console size bug
  • 0366cb2 Add default allow all policy to uvmboot
  • 144c633 Fix CUDA for non-privileged containers (#2492)
  • 0842153 Warn on incomplete vNUMA setting, clarify field names (#2466)
  • 1ee5fce Merge pull request #2456 from ambarve/hyperv_bcims
  • a2229bf Make a common utility function for appending VHD footer
  • Additional commits viewable in compare view

Updates github.com/buger/jsonparser from 1.1.1 to 1.2.0

Release notes

Sourced from github.com/buger/jsonparser's releases.

v1.2.0

What's Changed

Full Changelog: buger/jsonparser@v1.1.2...v1.2.0

v1.1.2

What's Changed

New Contributors

Full Changelog: buger/jsonparser@v1.1.1...v1.1.2

Commits
  • c172c16 Merge pull request #269 from buger/tinygo
  • 680cd2e Merge pull request #281 from buger/reqproof-assurance-hardening
  • 9dce61c Migrate review storage from reviews/ folder to per-requirement timestamps
  • c03b9ef feat: add property-based obligation classes with 24 new SYS-REQs
  • 9c46110 chore: fix spec lint warnings — remove stale parent field, set review metadata
  • 8bbb8a8 Close coverage gaps: SYS-REQ-007/008/010 fuzz harness coverage to 100%
  • 552e93b Install Z3 via apt before audit
  • 98133b4 Remove manual Z3 pre-download, now handled by proof-action
  • 1b70ead Debug Z3 pre-download: remove output suppression
  • aac1fbc Pre-download Z3 solver before audit
  • Additional commits viewable in compare view

Updates github.com/coreos/go-systemd/v22 from 22.6.0 to 22.7.0

Release notes

Sourced from github.com/coreos/go-systemd/v22's releases.

v22.7.0

This release fixes an issue with multiple calls to (e.g.) StopUnit, simplifies and improves code and documentation, and adds a few new methods.

What's Changed

New Contributors

Full Changelog: coreos/go-systemd@v22.6.0...v22.7.0

Commits
  • 4dc4ee6 activation: stub out for plan9
  • 8f5a75c dbus: add StartTransientUnitAux for starting transient units with auxiliary u...
  • 9211a7b activation: add FilesWithNames()
  • 2c3ebed dbus: dedup result conversion code
  • aac8e00 unit: fix Deserialize deprecation notice
  • d4795ce Fix doc references
  • abb50b3 dbus: allow multiple calls for the same unit to *Unit
  • 27f6bea activation: simplify ListenersWithNames
  • e615438 sdjournal: fix copyrights
  • d25876d import1: add missing close method to conn
  • Additional commits viewable in compare view

Updates github.com/godbus/dbus/v5 from 5.1.0 to 5.2.2

Release notes

Sourced from github.com/godbus/dbus/v5's releases.

v5.2.2

What's Changed

New Contributors

Full Changelog: godbus/dbus@v5.2.1...v5.2.2

v5.2.1

What's Changed

Full Changelog: godbus/dbus@v5.2.0...v5.2.1

v5.2.0

What's Changed

... (truncated)

Commits
  • a8ac15b Merge pull request #427 from dims/drop-unused-import-in-windows-specific-code
  • e638c72 Drop ununsed import in windows specific code
  • 20d95a3 Merge pull request #422 from kolyshkin/homedir
  • d3fc3b5 Fix and simplify getHomeDir
  • 88ce463 Merge pull request #419 from kolyshkin/golangci-v2
  • feb892a ci: bump golangci-lint to v2
  • c5ff039 Ignore ST1008 warning for validSingle
  • 135663e Omit embedded fields
  • 1b92cdc variant_parser: simplify switch statement
  • d03c0be Use switch where it makes sense
  • Additional commits viewable in compare view

Updates github.com/mattn/go-shellwords from 1.0.12 to 1.0.13

Commits
  • fd1aa6c Run gofmt: add missing //go:build directives and trailing newlines
  • e73986e Treat bare ')' as syntax error regardless of ParseBacktick
  • 9a78803 Merge pull request #60 from scumfrog/security-fix-cve
  • b074fa0 fix: preserve parser compatibility for unmatched ')' handling
  • 735b5e8 Implement tests for shellwords parser functionality
  • e2951fc Fix dollarQuote state management in shellwords.go
  • 551a1d0 Update CI: Go 1.25/1.26 and latest GitHub Actions
  • f3bbb6f Merge pull request #53 from ndeloof/master
  • f6737fe parse \t as TAB, not escaped t
  • See full diff in compare view

Updates github.com/onsi/ginkgo/v2 from 2.25.1 to 2.28.3

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.28.3

2.28.3

Maintenance

Bump all dependencies

v2.28.2

2.28.2

  • Add ArtifactDir() to support Go 1.26 testing.TB interface [f3a36b6]
  • Implement shell completion [94151c8]
  • Add asan CLI option mirroring msan implementation [4d21dbb]
  • Bump uri from 1.0.3 to 1.0.4 in /docs (#1630) [c102161]
  • fix aspect ratio [9619647]
  • update logos [5779304]

v2.28.1

2.28.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

v2.28.0

2.28.0

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

can be filtered in or out with an invocation like:

ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"

Huge thanks to @​Icarus9913 for working on this!

v2.27.5

2.27.5

Fixes

Don't make a new formatter for each GinkgoT(); that's just silly and uses precious memory

v2.27.4

2.27.4

Fixes

... (truncated)

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.28.3

Maintenance

Bump all dependencies

2.28.2

  • Add ArtifactDir() to support Go 1.26 testing.TB interface [f3a36b6]
  • Implement shell completion [94151c8]
  • Add asan CLI option mirroring msan implementation [4d21dbb]
  • Bump uri from 1.0.3 to 1.0.4 in /docs (#1630) [c102161]
  • fix aspect ratio [9619647]
  • update logos [5779304]

2.28.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

2.28.0

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

can be filtered in or out with an invocation like:

ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"

Huge thanks to @​Icarus9913 for working on this!

2.27.5

Fixes

Don't make a new formatter for each GinkgoT(); that's just silly and uses precious memory

2.27.4

Fixes

  • CurrentTreeConstructionNodeReport: fix for nested container nodes [59bc751]

2.27.3

Fixes

report exit result in case of failure [1c9f356]

... (truncated)

Commits

Updates github.com/onsi/gomega from 1.38.1 to 1.40.0

Release notes

Sourced from github.com/onsi/gomega's releases.

v1.40.0

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

v1.39.1

1.39.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

v1.39.0

1.39.0

Features

Add MatchErrorStrictly which only passes if errors.Is(actual, expected) returns true. MatchError, by contrast, will fallback to string comparison.

v1.38.3

1.38.3

Fixes

make string formatitng more consistent for users who use format.Object directly

v1.38.2

1.38.2

  • roll back to go 1.23.0 [c404969]
Changelog

Sourced from github.com/onsi/gomega's changelog.

1.40.0

We're adopting a new release strategy to minimize dependency bloat in projects that consume Gomega. It is a limitation of the go mod toolchain that test subdependencies of your project's direct dependencies get pulled in as indirect dependencies. In the case of Gomega, this ends up pulling in all of Ginkgo into your go.mod even if you are only using Gomega (Gomega uses Ginkgo for its own tests).

Going forward, releases will strip out all tests, tidy up the go.mod and then push this stripped down version to a new master-lite branch. These stripped-down versions will receive the vx.y.z git tag and will be picked up by the go toolchain.

Please open an issue if this new release process causes unexpected changes for your projects.

1.39.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

1.39.0

Features

Add MatchErrorStrictly which only passes if errors.Is(actual, expected) returns true. MatchError, by contrast, will fallback to string comparison.

1.38.3

Fixes

make string formatitng more consistent for users who use format.Object directly

1.38.2

  • roll back to go 1.23.0 [c404969]
Commits

Updates github.com/opencontainers/selinux from 1.12.0 to 1.13.1

Release notes

Sourced from github.com/opencontainers/selinux's releases.

v1.13.1

This release includes a minor update to reduce the minimum version requirement of the github.com/cyphar/filepath-securejoin package from v0.6.0 to v0.5.1. We did not use any of the newer features, so downgrading is a no-op but will help with downstreams that need to backport github.com/opencontainers/selinux updates.

What's Changed

New Contributors

Full Changelog: opencontainers/selinux@v1.13.0...v1.13.1

v1.13.0

What's Changed

Full Changelog: opencontainers/selinux@v1.12.0...v1.13.0

Commits
  • 5647f06 Merge pull request #242 from Luap99/securejoin
  • 69a52b8 downgrade github.com/cyphar/filepath-securejoin to v0.5.1
  • 6950c32 Merge pull request #240 from opencontainers/dependabot/github_actions/golangc...
  • 9a88c88 build(deps): bump golangci/golangci-lint-action from 8 to 9
  • 4be9937 Merge pull request #237 from cyphar/selinux-safe-procfs
  • c8cfa6f selinux: migrate to pathrs-lite procfs API
  • f2424d8 Merge pull request #236 from kolyshkin/modernize-ci
  • 648ce7f ci: add go 1.25
  • 916cab9 ci: bump golangci-lint to v2.5
  • b42e5c8 all: format sources with latest gofumpt
  • Additional commits viewable in compare view

Updates github.com/safchain/ethtool from 0.6.2 to 0.7.0

Release notes

Sourced from github.com/safchain/ethtool's releases.

v0.7.0

What's Changed

Full Changelog: safchain/ethtool@v0.6.2...v0.7.0

Commits

Updates golang.org/x/sys from 0.35.0 to 0.43.0

Commits
  • f33a730 windows: support nil security descriptor on GetNamedSecurityInfo
  • 493d172 cpu: add runtime import in cpu_darwin_arm64_other.go
  • 2c2be75 windows: use syscall.SyscallN in Proc.Call
  • a76ec62 cpu: roll back "use IsProcessorFeaturePresent to calculate ARM64 on windows"
  • eaaaaee windows/registry: correct KeyInfo.ModTime calculation
  • 942780b cpu: darwin/arm64 feature detection
  • acef388 unix/linux: Prefixmsg and PrefixCacheinfo structs
  • 3687fbd cpu: better defaults on darwin ARM64
  • 48062e9 plan9: change Note to alias syscall.Note
  • 4f23f80 windows: change Signal to alias syscall.Signal
  • Additional commits viewable in compare view

Updates sigs.k8s.io/knftables from 0.0.18 to 0.0.21

Changelog

Sourced from sigs.k8s.io/knftables's changelog.

v0.0.21

  • Updated previous List() fix to pass the --terse flag to nft list, to avoid wasting memory and CPU parsing JSON that isn't relevant to List()'s output anyway. (@danwinship)

  • Added a note about nft versions to README.md. (@danwinship)

v0.0.20

  • List() has been changed to use nft list table rather than, e.g., nft list sets, to ensure that it doesn't try to parse objects in other tables (which may have been created by newer versions of nft and might trigger crashes in older versions of nft; see https://issues.k8s.io/136786). (@danwinship based on a previous PR from @kairosci).

  • A new ListAll() method has been added to help work around the fact that List() is now much less efficient with large tables. (@danwinship).

  • ListElements() now correctly handles maps/sets with concatenated keys/values including CIDR values. (#32 (@danwinship)

v0.0.19

  • Added the ability to use a single knftables.Interface (and a single knftables.Transaction) with multiple tables/families. To do this, pass "" for the family and table name to knftables.New, and then manually fill in the Table and Family fields in all Objects you create. (@danwinship)

  • Added tx.Destroy(), corresponding to nft destroy. Since nft destroy requires a new-ish kernel (6.3) and CLI (1.0.8), there are also two new knftables.New() options: RequireDestroy if you want construction to fail on older systems, or EmulateDestroy if you want knftables to try to emulate "destroy" on older systems, with some limitations. See README.md for more details. (@danwinship)

  • Added Counter objects and the tx.Reset() verb, to support nftables counters. (#20) (@aroradaman)

  • Added Table.Flags and Chain.Policy. (Note that at this time the "owner" and "persist" table flags can't usefully be used with

... (truncated)

Commits
  • 4533189 v0.0.21
  • 3c18540 Belatedly add issue links to CHANGELOG.md
  • 15df2ff Add another note to the README about nft versions
  • 09eabef Merge pull request #40 from danwinship/list-terse

@dependabot
build(deps): bump the golang group across 1 directory with 11 updates
2e51dc9 
Bumps the golang group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/Microsoft/hcsshim](https://github.com/Microsoft/hcsshim) | `0.13.0` | `0.14.1` |
| [github.com/buger/jsonparser](https://github.com/buger/jsonparser) | `1.1.1` | `1.2.0` |
| [github.com/coreos/go-systemd/v22](https://github.com/coreos/go-systemd) | `22.6.0` | `22.7.0` |
| [github.com/godbus/dbus/v5](https://github.com/godbus/dbus) | `5.1.0` | `5.2.2` |
| [github.com/mattn/go-shellwords](https://github.com/mattn/go-shellwords) | `1.0.12` | `1.0.13` |
| [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) | `2.25.1` | `2.28.3` |
| [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) | `1.12.0` | `1.13.1` |
| [github.com/safchain/ethtool](https://github.com/safchain/ethtool) | `0.6.2` | `0.7.0` |
| [sigs.k8s.io/knftables](https://github.com/kubernetes-sigs/knftables) | `0.0.18` | `0.0.21` |



Updates `github.com/Microsoft/hcsshim` from 0.13.0 to 0.14.1
- [Release notes](https://github.com/Microsoft/hcsshim/releases)
- [Commits](microsoft/hcsshim@v0.13.0...v0.14.1)

Updates `github.com/buger/jsonparser` from 1.1.1 to 1.2.0
- [Release notes](https://github.com/buger/jsonparser/releases)
- [Commits](buger/jsonparser@v1.1.1...v1.2.0)

Updates `github.com/coreos/go-systemd/v22` from 22.6.0 to 22.7.0
- [Release notes](https://github.com/coreos/go-systemd/releases)
- [Commits](coreos/go-systemd@v22.6.0...v22.7.0)

Updates `github.com/godbus/dbus/v5` from 5.1.0 to 5.2.2
- [Release notes](https://github.com/godbus/dbus/releases)
- [Commits](godbus/dbus@v5.1.0...v5.2.2)

Updates `github.com/mattn/go-shellwords` from 1.0.12 to 1.0.13
- [Commits](mattn/go-shellwords@v1.0.12...v1.0.13)

Updates `github.com/onsi/ginkgo/v2` from 2.25.1 to 2.28.3
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](onsi/ginkgo@v2.25.1...v2.28.3)

Updates `github.com/onsi/gomega` from 1.38.1 to 1.40.0
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](onsi/gomega@v1.38.1...v1.40.0)

Updates `github.com/opencontainers/selinux` from 1.12.0 to 1.13.1
- [Release notes](https://github.com/opencontainers/selinux/releases)
- [Commits](opencontainers/selinux@v1.12.0...v1.13.1)

Updates `github.com/safchain/ethtool` from 0.6.2 to 0.7.0
- [Release notes](https://github.com/safchain/ethtool/releases)
- [Commits](safchain/ethtool@v0.6.2...v0.7.0)

Updates `golang.org/x/sys` from 0.35.0 to 0.43.0
- [Commits](golang/sys@v0.35.0...v0.43.0)

Updates `sigs.k8s.io/knftables` from 0.0.18 to 0.0.21
- [Changelog](https://github.com/kubernetes-sigs/knftables/blob/master/CHANGELOG.md)
- [Commits](kubernetes-sigs/knftables@v0.0.18...v0.0.21)

---
updated-dependencies:
- dependency-name: github.com/Microsoft/hcsshim
  dependency-version: 0.14.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang
- dependency-name: github.com/buger/jsonparser
  dependency-version: 1.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang
- dependency-name: github.com/coreos/go-systemd/v22
  dependency-version: 22.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang
- dependency-name: github.com/godbus/dbus/v5
  dependency-version: 5.2.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang
- dependency-name: github.com/mattn/go-shellwords
  dependency-version: 1.0.13
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: golang
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-version: 2.28.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang
- dependency-name: github.com/onsi/gomega
  dependency-version: 1.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang
- dependency-name: github.com/opencontainers/selinux
  dependency-version: 1.13.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang
- dependency-name: github.com/safchain/ethtool
  dependency-version: 0.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang
- dependency-name: golang.org/x/sys
  dependency-version: 0.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang
- dependency-name: sigs.k8s.io/knftables
  dependency-version: 0.0.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: golang
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update Go code labels May 4, 2026
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 4, 2026
edited
Loading

Walkthrough

Updated Go version from 1.24.0 to 1.25.0 in go.mod and bumped multiple direct and indirect dependencies, including github.com/Microsoft/hcsshim, github.com/onsi/ginkgo/v2, github.com/onsi/gomega, golang.org/x/sys, and others. Removed go.uber.org/automaxprocs from the indirect requires list.

Changes

Dependency and Toolchain Update

Layer / File(s) Summary
Go Toolchain Version
go.mod		 Go version directive updated from 1.24.0 to 1.25.0.
Direct Dependencies
go.mod		 Eleven direct dependencies bumped, including github.com/Microsoft/hcsshim, github.com/buger/jsonparser, github.com/coreos/go-systemd/v22, github.com/godbus/dbus/v5, github.com/mattn/go-shellwords, github.com/onsi/ginkgo/v2, github.com/onsi/gomega, github.com/opencontainers/selinux, github.com/safchain/ethtool, golang.org/x/sys, and sigs.k8s.io/knftables.
Indirect Dependencies
go.mod		 Multiple indirect dependencies updated (e.g., github.com/containerd/*, github.com/google/pprof, golang.org/x/*, google.golang.org/genproto/googleapis/rpc, google.golang.org/grpc); go.uber.org/automaxprocs removed from requires.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 12
✅ Passed checks (12 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately describes the main change: a dependency bump across the golang group with specific version updates to 11 Go modules.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed PR only modifies go.mod and go.sum files with no changes to test files, making this Ginkgo test naming check not applicable.
Test Structure And Quality ✅ Passed PR is a dependency update modifying only go.mod and go.sum files with no test code changes, making test structure review not applicable.
Microshift Test Compatibility ✅ Passed This PR only modifies go.mod to update dependencies and Go version; no new Ginkgo e2e tests are added.
Single Node Openshift (Sno) Test Compatibility ✅ Passed This PR is a dependency update that only modifies the go.mod file and does not add any new Ginkgo e2e tests. The custom check for Single Node OpenShift (SNO) test compatibility is specifically applicable when new Ginkgo tests are added. Since no new e2e tests are introduced, the SNO compatibility check is not applicable and passes by default.
Topology-Aware Scheduling Compatibility ✅ Passed Pull request contains only go.mod dependency updates without modifying deployment manifests, operator code, or scheduling configurations.
Ote Binary Stdout Contract ✅ Passed PR only modifies go.mod and go.sum files for dependency updates with no source code changes, eliminating stdout violation risk.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed PR only modifies go.mod and Go toolchain version; no new Ginkgo e2e tests added, so custom check not applicable.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/go_modules/golang-6a7037e41a

Comment @coderabbitai help to get the list of available commands and usage tips.

@openshift-ci openshift-ci Bot requested review from bpickard22 and s1061123 May 4, 2026 13:02
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented May 4, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign bpickard22 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label May 4, 2026
@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented May 4, 2026

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

coderabbitai[bot]
coderabbitai Bot reviewed May 4, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Line 55: The go.mod currently pins the indirect dependency
google.golang.org/grpc at v1.72.2 which is affected by GHSA-p77j-4mvh-x3m3;
update the module requirement for google.golang.org/grpc to a fixed release
(preferably v1.81.0 or at minimum v1.79.3) and run `go get`/`go mod tidy` to
refresh the lockfile so the resolved version is upgraded across the build.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 34387c15-1305-4293-8b5d-84e9ed2352f0

📥 Commits

Reviewing files that changed from the base of the PR and between 747ad66 and 2e51dc9.

⛔ Files ignored due to path filters (299)
  • go.sum is excluded by !**/*.sum
  • vendor/github.com/Microsoft/hcsshim/.golangci.yml is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/Microsoft/hcsshim/hcn/hcnerrors.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/Microsoft/hcsshim/internal/log/hook.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/Microsoft/hcsshim/internal/oc/exporter.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/Microsoft/hcsshim/internal/protocol/guestrequest/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/Microsoft/hcsshim/internal/safefile/safeopen.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/Microsoft/hcsshim/internal/security/grantvmgroupaccess.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/Microsoft/hcsshim/internal/wclayer/importlayer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/Microsoft/hcsshim/internal/winapi/cimfs.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/Microsoft/hcsshim/internal/winapi/devices.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/buger/jsonparser/.gitignore is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/buger/jsonparser/.travis.yml is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/buger/jsonparser/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/buger/jsonparser/bytes.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/buger/jsonparser/bytes_safe.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/buger/jsonparser/bytes_unsafe.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/buger/jsonparser/escape.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/buger/jsonparser/fuzz.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/buger/jsonparser/parser.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/buger/jsonparser/proof.yaml is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/containerd/typeurl/v2/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/containerd/typeurl/v2/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/containerd/typeurl/v2/types_gogo.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/coreos/go-systemd/v22/activation/files.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/coreos/go-systemd/v22/activation/files_stub.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/coreos/go-systemd/v22/activation/files_unix.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/coreos/go-systemd/v22/activation/listeners.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/COPYING.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/LICENSE.BSD is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/LICENSE.MPL-2.0 is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/internal/consts/consts.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/assert/assert.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/errors_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/at_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/fd.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/fd_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/mount_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/openat2_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_errors_go120.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_errors_unsupported.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_generics_go121.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_generics_unsupported.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/kernelversion/kernel_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/mount_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/openat2_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/procfs/procfs_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/procfs/procfs_lookup_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/lookup_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/openat2_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs/procfs_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/.cirrus.yml is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/.golangci.yml is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/SECURITY.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/auth.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/auth_default_other.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/auth_default_windows.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/auth_sha1_windows.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/call.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/conn.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/conn_darwin.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/conn_other.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/conn_unix.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/conn_windows.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/dbus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/decoder.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/default_handler.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/encoder.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/export.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/homedir.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/match.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/message.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/object.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/sequential_handler.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/server_interfaces.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/sig.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/transport_nonce_tcp.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/transport_unix.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/transport_unixcred_freebsd.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/transport_unixcred_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/variant.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/variant_lexer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/godbus/dbus/v5/variant_parser.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/google/pprof/profile/profile.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/google/pprof/profile/proto.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mattn/go-shellwords/shellwords.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mattn/go-shellwords/util_posix.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mattn/go-shellwords/util_windows.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/core_dsl.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/decorator_dsl.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/automaxprocs.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/cgroup.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/cgroups.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/cgroups2.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/cpu_quota_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/cpu_quota_unsupported.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/errors.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/mountpoint.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/runtime.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/subsys.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/ginkgo/command/command.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/ginkgo/command/program.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/profiles_and_reports.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/run.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/ginkgo/main.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/ginkgo/run/run_command.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/ginkgo_t_dsl.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/internal/focus.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/internal/group.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/internal/node.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/internal/ordering.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/internal/reporters/gojson.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/internal/reporters/gojson_event_writer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/internal/reporters/gojson_reporter.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/internal/suite.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/internal/testingtproxy/testing_t_proxy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/reporters/default_reporter.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/reporters/gojson_report.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/reporters/junit_report.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/reporters/teamcity_report.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/reporting_dsl.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/table_dsl.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/types/config.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/types/errors.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/types/flags.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/types/semver_filter.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/types/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/ginkgo/v2/types/version.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/gomega/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/gomega/format/format.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/gomega/gomega_dsl.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/gomega/matchers.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/gomega/matchers/have_key_matcher.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/gomega/matchers/have_key_with_value_matcher.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/gomega/matchers/match_error_strictly_matcher.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/gomega/matchers/support/goraph/edge/edge.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/opencontainers/selinux/go-selinux/selinux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go is excluded by !**/vendor/**, !vendor/**
  • vendor/go.uber.org/automaxprocs/.codecov.yml is excluded by !**/vendor/**, !vendor/**
  • vendor/go.uber.org/automaxprocs/.gitignore is excluded by !**/vendor/**, !vendor/**
  • vendor/go.uber.org/automaxprocs/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
  • vendor/go.uber.org/automaxprocs/CODE_OF_CONDUCT.md is excluded by !**/vendor/**, !vendor/**
  • vendor/go.uber.org/automaxprocs/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
  • vendor/go.uber.org/automaxprocs/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/go.uber.org/automaxprocs/Makefile is excluded by !**/vendor/**, !vendor/**
  • vendor/go.uber.org/automaxprocs/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/go.uber.org/automaxprocs/automaxprocs.go is excluded by !**/vendor/**, !vendor/**
  • vendor/go.uber.org/automaxprocs/internal/cgroups/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/go.uber.org/automaxprocs/maxprocs/maxprocs.go is excluded by !**/vendor/**, !vendor/**
  • vendor/go.uber.org/automaxprocs/maxprocs/version.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/mod/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/mod/PATENTS is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/mod/semver/semver.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/escape.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/iter.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/node.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/nodetype_string.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/parse.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/net/html/render.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sync/errgroup/errgroup.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/affinity_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/fdset.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/ifreq_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/ioctl_signed.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/ioctl_unsigned.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/mkall.sh is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/mkerrors.sh is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/syscall_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/syscall_netbsd.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/syscall_solaris.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/syscall_unix.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_386.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_arm.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_mips.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zsyscall_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/ztypes_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/windows/aliases.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/windows/dll_windows.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/windows/registry/key.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/windows/registry/zsyscall_windows.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/windows/security_windows.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/windows/syscall_windows.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/windows/types_windows.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/sys/windows/zsyscall_windows.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/text/encoding/japanese/eucjp.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/text/encoding/japanese/iso2022jp.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/text/encoding/japanese/shiftjis.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/text/encoding/korean/euckr.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/text/encoding/simplifiedchinese/gbk.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/text/encoding/simplifiedchinese/hzgb2312.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/text/encoding/traditionalchinese/big5.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/text/encoding/unicode/unicode.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/go/ast/inspector/cursor.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/go/ast/inspector/inspector.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/go/ast/inspector/iter.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/go/gcexportdata/importer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/go/packages/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/go/packages/external.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/go/packages/golist.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/go/packages/golist_overlay.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/go/packages/loadmode_string.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/go/packages/packages.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/go/packages/visit.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/go/types/objectpath/objectpath.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/go/types/typeutil/callee.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/go/types/typeutil/imports.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/go/types/typeutil/map.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/go/types/typeutil/methodsetcache.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/go/types/typeutil/ui.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/aliases/aliases.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/event/core/event.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/event/core/export.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/event/core/fast.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/event/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/event/event.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/event/keys/keys.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/event/keys/standard.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/event/keys/util.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/event/label/label.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/gcimporter/bimport.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/gcimporter/exportdata.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/gcimporter/iexport.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/gcimporter/iimport.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/gcimporter/predeclared.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/gcimporter/support.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/gcimporter/ureader.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/gocommand/invoke.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/gocommand/invoke_notunix.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/gocommand/invoke_unix.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/gocommand/vendor.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/gocommand/version.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/packagesinternal/packages.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/pkgbits/codes.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/pkgbits/decoder.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/pkgbits/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/pkgbits/encoder.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/pkgbits/flags.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/pkgbits/reloc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/pkgbits/support.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/pkgbits/sync.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/pkgbits/syncmarker_string.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/pkgbits/version.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/stdlib/deps.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/stdlib/import.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/stdlib/manifest.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/stdlib/stdlib.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/typeparams/common.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/typeparams/coretype.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/typeparams/free.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/typeparams/normalize.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/typeparams/termlist.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/typeparams/typeterm.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/typesinternal/classify_call.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/typesinternal/element.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/typesinternal/errorcode.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/typesinternal/errorcode_string.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/typesinternal/fx.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/typesinternal/isnamed.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/typesinternal/qualifier.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/typesinternal/recv.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/typesinternal/toonew.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/typesinternal/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/typesinternal/varkind.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/typesinternal/varkind_go124.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/typesinternal/zerovalue.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/versions/features.go is excluded by !**/vendor/**, !vendor/**
  • vendor/golang.org/x/tools/internal/versions/gover.go is excluded by !**/vendor/**, !vendor/**
📒 Files selected for processing (1)
  • go.mod

Comment thread go.mod
golang.org/x/text v0.36.0 // indirect
golang.org/x/tools v0.44.0 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20250218202821-56aae31c358a // indirect
google.golang.org/grpc v1.72.2 // indirect
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "Resolved grpc version:"
go list -m -f '{{.Version}}' google.golang.org/grpc

echo
echo "Why grpc is in the build graph:"
go mod why -m google.golang.org/grpc

Repository: openshift/containernetworking-plugins

Length of output: 2857

🌐 Web query:

GHSA-p77j-4mvh-x3m3 grpc authz bypass advisory

💡 Result:

GHSA-p77j-4mvh-x3m3 describes an authorization bypass in gRPC-Go caused by improper input validation of the HTTP/2 :path pseudo-header when it is missing the mandatory leading slash. What happens - If a client sends HTTP/2 :path values like "Service/Method" instead of "/Service/Method", gRPC-Go may still route the request to the correct handler. - However, path-based authorization logic (including the official RBAC in google.golang.org/grpc/authz, and/or custom interceptors that rely on info.FullMethod / grpc.Method(ctx)) may evaluate the non-canonical, raw path string. - As a result, "deny" rules that are written for canonical paths (starting with "/") may not match, allowing the request to bypass authorization when the policy has a fallback/allow behavior. Impact / who is affected - Affects gRPC-Go servers that: 1) use path-based authorization interceptors (grpc/authz RBAC or equivalents), and 2) have security policies with deny rules for canonical paths but otherwise allow other requests by default (fallback allow). - Exploitation requires the attacker to be able to send raw HTTP/2 frames with malformed :path directly to the gRPC server. Fixed in - Upgrade to gRPC-Go v1.79.3 or newer (the advisory notes this as the fixed tagged release; also references the latest master branch). Recommended mitigations (if you can’t upgrade immediately) - Use a validating outermost interceptor that rejects malformed method/path before authorization interceptors run (returning codes.Unimplemented per the advisory). - Ensure your infrastructure/proxies enforce strict HTTP/2 compliance and reject/normalize requests where :path does not start with a leading slash. - Harden authorization policy toward a default-deny posture (explicitly allow what’s needed; deny everything else). Related CVE - The issue is also listed as CVE-2026-33186 in NVD.

Citations:

🌐 Web query:

gRPC-Go latest version releases 2026

💡 Result:

The latest version of gRPC-Go is v1.81.0, released on 2026-05-04. The previous version is v1.80.0, released on 2026-04-01. As of today (2026-05-04), v1.81.0 is the most recent stable release listed on the official GitHub releases page and pkg.go.dev.

Citations:

Upgrade google.golang.org/grpc to address GHSA-p77j-4mvh-x3m3 authorization bypass.

Your go.mod pins google.golang.org/grpc v1.72.2 (indirect), which is affected by GHSA-p77j-4mvh-x3m3. This vulnerability allows authorization bypass in gRPC-Go servers using path-based authorization when HTTP/2 :path pseudo-headers lack the mandatory leading slash. Update to v1.81.0 (or at minimum v1.79.3 where the fix was released).

✅ Proposed change 
-	google.golang.org/grpc v1.72.2 // indirect
+	google.golang.org/grpc v1.81.0 // indirect

Reference: GHSA-p77j-4mvh-x3m3 / CVE-2026-33186

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
google.golang.org/grpc v1.72.2 // indirect
google.golang.org/grpc v1.81.0 // indirect
🧰 Tools
🪛 OSV Scanner (2.3.5)

[CRITICAL] 55-55: google.golang.org/grpc 1.72.2: Authorization bypass in gRPC-Go via missing leading slash in :path in google.golang.org/grpc

(GO-2026-4762)

[CRITICAL] 55-55: google.golang.org/grpc 1.72.2: gRPC-Go has an authorization bypass via missing leading slash in :path

(GHSA-p77j-4mvh-x3m3)

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 55, The go.mod currently pins the indirect dependency
google.golang.org/grpc at v1.72.2 which is affected by GHSA-p77j-4mvh-x3m3;
update the module requirement for google.golang.org/grpc to a fixed release
(preferably v1.81.0 or at minimum v1.79.3) and run `go get`/`go mod tidy` to
refresh the lockfile so the resolved version is upgraded across the build.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@bpickard22 bpickard22 Awaiting requested review from bpickard22

@s1061123 s1061123 Awaiting requested review from s1061123

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update Go code needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants