[main] NO-ISSUE: fix CVE-2026-33186

[andrej1991]

Summary by CodeRabbit

• Chores
  • Updated indirect Go module dependencies to latest compatible versions for improved stability and compatibility.

[openshift-ci-robot]

@andrej1991: This pull request explicitly references no jira issue.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Walkthrough

Updated indirect Go module dependencies to newer versions, including cel.dev/expr (v0.25.1), envoyproxy packages (v1.36.0, v1.3.0), OpenTelemetry GCP detector (v1.39.0), golang.org/x/oauth2 (v0.34.0), and google.golang.org/grpc (v1.79.3).

Changes

Cohort / File(s)	Summary
Go Module Dependencies go.mod	Updated seven indirect dependency versions across CEL expression, Envoy Proxy, OpenTelemetry, OAuth2, and gRPC packages.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Test Structure And Quality	⚠️ Warning	Added Ginkgo tests lack explicit timeouts in Eventually calls and meaningful failure messages in assertions, reducing debuggability.	Add explicit timeouts to Eventually calls and include descriptive messages in all assertions to improve test diagnostics and maintainability.
Stable And Deterministic Test Names	❓ Inconclusive	Unable to execute shell commands directly to examine PR changes and identify Ginkgo test files with dynamic names.	Please provide the specific files or code sections from the PR to analyze for dynamic Ginkgo test naming patterns.

✅ Passed checks (8 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title references a specific CVE (CVE-2026-33186) and indicates a fix, which aligns with the changeset of updating Go module dependencies that likely address security vulnerabilities.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Microshift Test Compatibility	✅ Passed	This PR only updates Go module dependency versions in go.mod (+7/-7 lines). No new Ginkgo e2e tests are added.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	The custom check for Single Node OpenShift (SNO) test compatibility does not apply to this pull request. The PR exclusively modifies go.mod to update indirect Go module dependency versions related to a CVE fix, with no test files added or modified.
Topology-Aware Scheduling Compatibility	✅ Passed	Custom check for topology-aware scheduling compatibility is not applicable; PR only updates indirect Go module versions in go.mod without modifying deployment manifests, operator code, or controllers.
Ote Binary Stdout Contract	✅ Passed	Pull request adds and modifies files with proper logging configuration using controller-runtime's zap logger and logrus, both defaulting to stderr with no stdout corruption.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR updates Go module dependencies in go.mod and vendor files only, with no new Ginkgo e2e tests added, making the custom IPv6 and disconnected network test compatibility check not applicable.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.11.4)

Command failed

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: andrej1991
Once this PR has been reviewed and has the lgtm label, please assign browsell for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Line 267: The replace directive currently mapping golang.org/x/oauth2 to
github.com/openshift/golang-oauth2 v0.26.1-... is out of date relative to newer
OpenShift fork releases (v0.27.0, v0.28.0); update the replace directive for
module github.com/openshift/golang-oauth2 to the appropriate newer tag (e.g.,
v0.27.0 or v0.28.0) so the required golang.org/x/oauth2 v0.34.0 resolves to the
intended fork version, and run `go mod tidy` to verify and lock the chosen
version.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 9d2cbfde-c6df-4be2-a725-72f83c7a87fc

📥 Commits

Reviewing files that changed from the base of the PR and between 99a951c and 74d0da1.

⛔ Files ignored due to path filters (203)

• go.sum is excluded by !**/*.sum
• vendor/cel.dev/expr/BUILD.bazel is excluded by !**/vendor/**, !vendor/**
• vendor/cel.dev/expr/MODULE.bazel is excluded by !**/vendor/**, !vendor/**
• vendor/cel.dev/expr/checked.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/cel.dev/expr/eval.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/cel.dev/expr/explain.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/cel.dev/expr/syntax.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/cel.dev/expr/value.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/udpa/annotations/migrate.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/udpa/annotations/migrate.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/udpa/annotations/security.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/udpa/annotations/security.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/udpa/annotations/sensitive.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/udpa/annotations/status.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/udpa/annotations/status.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/udpa/annotations/versioning.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/udpa/annotations/versioning.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/udpa/type/v1/typed_struct.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/udpa/type/v1/typed_struct.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/annotations/v3/migrate.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/annotations/v3/migrate.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/annotations/v3/security.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/annotations/v3/security.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/annotations/v3/sensitive.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/annotations/v3/status.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/annotations/v3/status.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/annotations/v3/versioning.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/annotations/v3/versioning.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/core/v3/authority.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/core/v3/authority.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/core/v3/cidr.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/core/v3/cidr.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/core/v3/collection_entry.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/core/v3/collection_entry.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/core/v3/context_params.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/core/v3/context_params.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/core/v3/extension.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/core/v3/extension.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/core/v3/resource.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/core/v3/resource.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/core/v3/resource_locator.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/core/v3/resource_locator.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/core/v3/resource_name.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/core/v3/resource_name.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/data/orca/v3/orca_load_report.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/data/orca/v3/orca_load_report.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/service/orca/v3/orca.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/service/orca/v3/orca.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/service/orca/v3/orca_grpc.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/type/matcher/v3/cel.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/type/matcher/v3/cel.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/type/matcher/v3/domain.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/type/matcher/v3/domain.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/type/matcher/v3/http_inputs.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/type/matcher/v3/http_inputs.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/type/matcher/v3/ip.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/type/matcher/v3/ip.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/type/matcher/v3/matcher.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/type/matcher/v3/matcher.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/type/matcher/v3/range.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/type/matcher/v3/range.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/type/matcher/v3/regex.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/type/matcher/v3/regex.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/type/matcher/v3/string.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/type/matcher/v3/string.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/type/v3/cel.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/type/v3/cel.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/type/v3/range.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/type/v3/range.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/type/v3/typed_struct.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/cncf/xds/go/xds/type/v3/typed_struct.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/bootstrap/v3/bootstrap.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/bootstrap/v3/bootstrap.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/bootstrap/v3/bootstrap_vtproto.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/common/mutation_rules/v3/mutation_rules.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/common/mutation_rules/v3/mutation_rules.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/common/mutation_rules/v3/mutation_rules_vtproto.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/address.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/config_source.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/grpc_service.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/grpc_service.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/grpc_service_vtproto.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/health_check.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/protocol.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/protocol.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/proxy_protocol.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/proxy_protocol.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/core/v3/proxy_protocol_vtproto.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3/load_report.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/listener/v3/listener_components.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/metrics/v3/stats.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/metrics/v3/stats.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/metrics/v3/stats_vtproto.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/overload/v3/overload.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/route/v3/route_components.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/route/v3/route_components.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/route/v3/route_components_vtproto.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/trace/v3/zipkin.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/trace/v3/zipkin.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/config/trace/v3/zipkin_vtproto.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager_vtproto.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/client_side_weighted_round_robin/v3/client_side_weighted_round_robin_vtproto.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/common/v3/common.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/common/v3/common.pb.validate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/common/v3/common_vtproto.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3/value.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/envoyproxy/protoc-gen-validate/validate/BUILD is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/contrib/detectors/gcp/version.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/balancer/balancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer_grpc.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/balancer/pickfirst/internal/internal.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/balancer/pickfirst/pickfirst.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/balancer/subconn.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/balancer/weightedroundrobin/balancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/balancer/weightedroundrobin/scheduler.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/balancer/weightedtarget/weightedtarget.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/balancer_wrapper.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/clientconn.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/credentials/alts/internal/conn/record.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker_grpc.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/credentials/tls.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/encoding/encoding.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/encoding/gzip/gzip.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/experimental/stats/metricregistry.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/experimental/stats/metrics.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/interceptor.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/envconfig/envconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/experimental.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/hierarchy/hierarchy.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/idle/idle.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/internal.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/proto/grpc_lookup_v1/rls_grpc.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/stats/metrics_recorder_list.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/transport/client_stream.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/transport/controlbuf.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/transport/http2_client.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/transport/http2_server.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/transport/http_util.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/transport/transport.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/balancer/cdsbalancer/cdsbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/balancer/cdsbalancer/cluster_watcher.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/balancer/clusterimpl/clusterimpl.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/balancer/clusterimpl/picker.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/balancer/clustermanager/clustermanager.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/balancer/clusterresolver/clusterresolver.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/balancer/clusterresolver/configbuilder.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/balancer/clusterresolver/resource_resolver_dns.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/balancer/clusterresolver/resource_resolver_eds.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/balancer/outlierdetection/balancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/balancer/outlierdetection/subconn_wrapper.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/balancer/priority/balancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/balancer/priority/balancer_child.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/balancer/priority/balancer_priority.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/balancer/wrrlocality/balancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/bootstrap/bootstrap.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/clients/internal/buffer/unbounded.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/ads_stream.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/authority.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/channel.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/clientimpl_watchers.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/resource_watcher.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/clients/xdsclient/xdsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/clusterspecifier/rls/rls.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/matcher/string_matcher.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/resolver/serviceconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/resolver/watch_service.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/resolver/xds_resolver.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/server/listener_wrapper.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/server/rds_handler.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/xds.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/xdsclient/client.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/xdsclient/clientimpl.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/xdsclient/clientimpl_watchers.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/xdsclient/resource_types.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/cluster_resource_type.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/endpoints_resource_type.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/filter_chain.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/listener_resource_type.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/resource_type.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/route_config_resource_type.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/type_eds.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/type_rds.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/unmarshal_eds.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/unmarshal_lds.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/unmarshal_rds.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/xdsclient/xdsresource/xdsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/xds/xdsdepmgr/xds_dependency_manager.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/mem/buffer_pool.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/mem/buffers.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/resolver/resolver.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/resolver_wrapper.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/rpc_util.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/server.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/stats/opentelemetry/opentelemetry.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/stream.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/version.go is excluded by !**/vendor/**, !vendor/**
• vendor/modules.txt is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (1)

• go.mod

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check the OpenShift golang-oauth2 fork for recent security-related commits

echo "=== Checking OpenShift golang-oauth2 fork for updates after March 2025 ==="
gh api repos/openshift/golang-oauth2/commits --jq '.[] | select(.commit.committer.date > "2025-03-10") | {date: .commit.committer.date, message: .commit.message, sha: .sha}' | head -20

echo ""
echo "=== Checking for tags after v0.26.1 ==="
gh api repos/openshift/golang-oauth2/tags --jq '.[] | select(.name > "v0.26.1") | {name: .name, commit: .commit.sha}'

Repository: openshift/image-based-install-operator

Length of output: 910

---

🏁 Script executed:

sed -n '260,270p' go.mod

Repository: openshift/image-based-install-operator

Length of output: 536

---

🏁 Script executed:

sed -n '320,330p' go.mod

Repository: openshift/image-based-install-operator

Length of output: 1097

---

🏁 Script executed:

# Check if there are any comments explaining the replace directive
sed -n '300,330p' go.mod

Repository: openshift/image-based-install-operator

Length of output: 2042

---

Update the replace directive to a newer version of the OpenShift fork.

The golang.org/x/oauth2 require block specifies v0.34.0, but the replace directive at line 325 overrides it with github.com/openshift/golang-oauth2 v0.26.1-0.20250310184649-06a918c6239d (from March 10, 2025). The actual version used will be v0.26.1 from the OpenShift fork. Newer versions are available in that fork (v0.27.0, v0.28.0); verify which version should be used and update the replace directive accordingly.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 267, The replace directive currently mapping
golang.org/x/oauth2 to github.com/openshift/golang-oauth2 v0.26.1-... is out of
date relative to newer OpenShift fork releases (v0.27.0, v0.28.0); update the
replace directive for module github.com/openshift/golang-oauth2 to the
appropriate newer tag (e.g., v0.27.0 or v0.28.0) so the required
golang.org/x/oauth2 v0.34.0 resolves to the intended fork version, and run `go
mod tidy` to verify and lock the chosen version.

[andrej1991]

/retest

[openshift-ci]

@andrej1991: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.