Skip to content

Bump github.com/openshift-online/ocm-sdk-go from 0.1.456 to 0.1.500#30

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/openshift-online/ocm-sdk-go-0.1.500
Closed

Bump github.com/openshift-online/ocm-sdk-go from 0.1.456 to 0.1.500#30
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/github.com/openshift-online/ocm-sdk-go-0.1.500

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 6, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/openshift-online/ocm-sdk-go from 0.1.456 to 0.1.500.

Release notes

Sourced from github.com/openshift-online/ocm-sdk-go's releases.

Release 0.1.500

  • Update model to 0.0.454
    • Add the ZeroEgress type and include in the AWS as a field.

Release 0.1.499

  • [OCM-22967](https://redhat.atlassian.net/browse/OCM-22967) | fix: removing pgx dependency

Release 0.1.498

  • Update model to 0.0.453
    • Add OidcIssuerUrl field to ARO-HCP Azure type for workload identity federation
    • Add Visibility field and AzureKmsEncryptionVisibility type to AzureKmsEncryption

Release 0.1.497

  • Update model to 0.0.452
    • Add the AvailableChannels method to the Version resource

Release 0.1.496

  • Update model to 0.0.451
    • Add the GcpDnsDomain type and include in the DNSDomain as a field.

Release 0.1.495

  • Update model to 0.0.450
    • Add ImageDigestMirrors field to ClusterRegistryConfig for ARO-HCP.

Release 0.1.494

  • Update model to 0.0.449
    • Add ARO-HCP ControlPlaneUpgradePolicies resource to manage control plane upgrade policies
    • Add ARO-HCP NodePoolUpgradePolicies resource to manage node pool upgrade policies
    • Simplify ARO-HCP upgrade policy types by removing scheduling-related fields (Schedule, ScheduleType, UpgradeType, NextRun, EnableMinorVersionUpgrades)

Release 0.1.493

  • Update model to 0.0.448
    • Add VnetIntegrationSubnetResourceID field to ARO-HCP Azure type for SWIFT networking (Azure Container Networking Interface) support
    • Expose ARO-HCP cluster's provision shard subresource GET endpoint
    • Expose ARO-HCP provision shard global endpoints

Release 0.1.492

  • Update model to 0.0.447
    • Make Topology attribute of ARO-HCP ProvisionShard required and restrict its allowed value to shared
    • Expand EtcdEncryption attribute description for ROSA-HCP Clusters

Release 0.1.491

  • Update model to 0.0.446
    • Add AzureShard and ProvisionShardMaestroConfig to ARO-HCP ProvisionShard

... (truncated)

Changelog

Sourced from github.com/openshift-online/ocm-sdk-go's changelog.

0.1.500 Apr 01 2026

  • Update model to 0.0.454
    • Add the ZeroEgress type and include in the AWS as a field.

0.1.499 Mar 31 2026

  • [OCM-22967](https://redhat.atlassian.net/browse/OCM-22967) | fix: removing pgx dependency

0.1.498 Mar 11 2026

  • Update model to 0.0.453
    • Add OidcIssuerUrl field to ARO-HCP Azure type for workload identity federation
    • Add Visibility field and AzureKmsEncryptionVisibility type to AzureKmsEncryption

0.1.497 Feb 25 2026

  • Update model to 0.0.452
    • Add the AvailableChannels method to the Version resource

0.1.496 Feb 24 2026

  • Update model to 0.0.451
    • Add the GcpDnsDomain type and include in the DNSDomain as a field.

0.1.495 Feb 23 2026

  • Update model to 0.0.450
    • Add ImageDigestMirrors field to ClusterRegistryConfig for ARO-HCP.

0.1.494 Feb 12 2026

  • Update model to 0.0.449
    • Add ARO-HCP ControlPlaneUpgradePolicies resource to manage control plane upgrade policies
    • Add ARO-HCP NodePoolUpgradePolicies resource to manage node pool upgrade policies
    • Simplify ARO-HCP upgrade policy types by removing scheduling-related fields (Schedule, ScheduleType, UpgradeType, NextRun, EnableMinorVersionUpgrades)

0.1.493 Jan 25 2026

  • Update model to 0.0.448
    • Add VnetIntegrationSubnetResourceID field to ARO-HCP Azure type for SWIFT networking (Azure Container Networking Interface) support
    • Expose ARO-HCP cluster's provision shard subresource GET endpoint
    • Expose ARO-HCP provision shard global endpoints

0.1.492

  • Update model to 0.0.447
    • Make Topology attribute of ARO-HCP ProvisionShard required and restrict its allowed value to shared
    • Expand EtcdEncryption attribute description for ROSA-HCP Clusters

0.1.491

  • Update model to 0.0.446
    • Add AzureShard and ProvisionShardMaestroConfig to ARO-HCP ProvisionShard

... (truncated)

Commits
  • 529cfd7 Merge pull request #1167 from marcolan018/ocm-23443
  • 4c9e685 chore: bump version to 0.1.500
  • 585c1b9 [OCM-23443](https://redhat.atlassian.net/browse/OCM-23443) | feat: add ZeroEgress into AWS
  • f19f64f Merge pull request #1153 from gurnben/add-makefile-quick-start
  • 25c4d91 Merge pull request #1152 from gurnben/add-dependabot
  • ed7e088 Merge pull request #1151 from gurnben/readme-and-docs-improvements
  • c43e011 Merge pull request #1150 from gurnben/agent-readiness-improvements
  • 697fd8a Add one-command build/setup: README.md (Quick Start section)
  • a5482fd Add Dependabot configuration for dependency security scanning
  • 08f46d2 Improve README structure: add missing Installation, Usage, and Development se...
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels May 6, 2026
@coderabbitai

coderabbitai Bot commented May 6, 2026

Copy link
Copy Markdown

Summary by CodeRabbit

  • Chores
    • Updated project dependencies and runtime version to latest compatible versions for improved stability.

Walkthrough

This PR updates the Go module manifest (go.mod) with multiple dependency version changes: Go directive set to 1.24.0, ocm-sdk-go bumped to v0.1.500, github.com/golang-jwt/jwt/v4 to v4.5.2, adds ocm-api-model/* indirect deps, and updates several golang.org/x/* indirect modules.

Changes

Go module manifest updates

Layer / File(s) Summary
Go directive
go.mod
Change go directive from 1.24 to 1.24.0.
Primary SDK bump
go.mod
github.com/openshift-online/ocm-sdk-go upgraded from v0.1.456 to v0.1.500.
JWT library
go.mod
github.com/golang-jwt/jwt/v4 (indirect) upgraded from v4.4.1 to v4.5.2.
New ocm-api-model indirects
go.mod
Added github.com/openshift-online/ocm-api-model/clientapi and .../model at v0.0.454 (indirect).
golang.org/x/ indirect bumps*
go.mod
Updated indirect modules: golang.org/x/netv0.39.0, golang.org/x/sysv0.32.0, golang.org/x/termv0.31.0, golang.org/x/textv0.24.0, golang.org/x/toolsv0.32.0.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title directly and clearly identifies the main change: bumping the ocm-sdk-go dependency from v0.1.456 to v0.1.500, which matches the primary modification in go.mod.
Description check ✅ Passed The description comprehensively documents the dependency bump with release notes, changelog entries, and commit references that directly relate to the ocm-sdk-go version update in the changeset.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/go_modules/github.com/openshift-online/ocm-sdk-go-0.1.500

Comment @coderabbitai help to get the list of available commands and usage tips.

@openshift-ci openshift-ci Bot requested review from bmeng and ravitri May 6, 2026 04:37
@openshift-ci

openshift-ci Bot commented May 6, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign dustman9000 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label May 6, 2026
@openshift-ci

openshift-ci Bot commented May 6, 2026

Copy link
Copy Markdown

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift-online member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Around line 63-64: Update the two ocm-api-model module versions in go.mod from
v0.0.454 to the existing tag v0.0.453: change
github.com/openshift-online/ocm-api-model/clientapi and
github.com/openshift-online/ocm-api-model/model to reference v0.0.453, then run
`go mod tidy` (or equivalent) to refresh the lockfile and verify the build;
ensure no other references still point to v0.0.454.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: b28170df-de23-4f3b-bc86-86cf66530357

📥 Commits

Reviewing files that changed from the base of the PR and between fd99cf8 and 4733aaf.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum
📒 Files selected for processing (1)
  • go.mod

Comment thread go.mod
Comment on lines +63 to +64
github.com/openshift-online/ocm-api-model/clientapi v0.0.454 // indirect
github.com/openshift-online/ocm-api-model/model v0.0.454 // indirect

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify ocm-api-model dependencies at v0.0.454 exist

echo "=== Checking ocm-api-model/clientapi v0.0.454 ==="
gh api repos/openshift-online/ocm-api-model/tags --jq '.[] | select(.name == "clientapi/v0.0.454") | .name' 2>/dev/null || echo "clientapi v0.0.454 not found as expected tag"

echo -e "\n=== Checking ocm-api-model/model v0.0.454 ==="
gh api repos/openshift-online/ocm-api-model/tags --jq '.[] | select(.name == "model/v0.0.454") | .name' 2>/dev/null || echo "model v0.0.454 not found as expected tag"

# Alternative: Check if they resolve via go
echo -e "\n=== Attempting to resolve via go list ==="
go list -m -versions github.com/openshift-online/ocm-api-model/clientapi@v0.0.454 2>&1
go list -m -versions github.com/openshift-online/ocm-api-model/model@v0.0.454 2>&1

Repository: openshift-online/rosa-e2e

Length of output: 1875


🌐 Web query:

ocm-api-model clientapi v0.0.454 release GitHub

💡 Result:

Result: I could not find a GitHub release for openshift-online/ocm-api-model at version v0.0.454. What I found instead (authoritative sources): - The repository’s latest release is v0.0.453, published 2026-03-11, and the releases page lists only up to that version in the data returned by search. [1][2][3] - The tag page I could locate is for v0.0.453 (not v0.0.454). [2] Because I didn’t find any release/tag named v0.0.454 in the repository’s GitHub releases/tag pages via search, there’s no v0.0.454 release information (release notes / CHANGES.md diff / commit) I can cite. If you meant a different repo (e.g., open-cluster-management-io/api, guidewire-oss/ocm-api, or another fork) or a different version string, tell me the exact GitHub owner/repo and version format you expect, and I’ll re-check.

Citations:


🌐 Web query:

ocm-api-model model v0.0.454 release GitHub

💡 Result:

I couldn’t find any GitHub release/tag for openshift-online/ocm-api-model with version v0.0.454. What I found instead: - The repository’s GitHub Releases page shows the latest release as v0.0.453 (published 2026-03-11). [1][2] - A direct lookup for v0.0.454 on the releases/tag URL didn’t return a matching release page, while v0.0.453 has a release/tag page. [3] If you meant a different repository (for example a fork or a different package name than ocm-api-model), tell me the exact GitHub org/repo (or the correct version string) and I’ll re-run the search.

Citations:


Update ocm-api-model dependencies to v0.0.453.

Version v0.0.454 does not exist in the openshift-online/ocm-api-model repository. The latest available release is v0.0.453 (published 2026-03-11). Both github.com/openshift-online/ocm-api-model/clientapi and github.com/openshift-online/ocm-api-model/model must be updated to v0.0.453.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` around lines 63 - 64, Update the two ocm-api-model module versions in
go.mod from v0.0.454 to the existing tag v0.0.453: change
github.com/openshift-online/ocm-api-model/clientapi and
github.com/openshift-online/ocm-api-model/model to reference v0.0.453, then run
`go mod tidy` (or equivalent) to refresh the lockfile and verify the build;
ensure no other references still point to v0.0.454.

Bumps [github.com/openshift-online/ocm-sdk-go](https://github.com/openshift-online/ocm-sdk-go) from 0.1.456 to 0.1.500.
- [Release notes](https://github.com/openshift-online/ocm-sdk-go/releases)
- [Changelog](https://github.com/openshift-online/ocm-sdk-go/blob/main/CHANGES.md)
- [Commits](openshift-online/ocm-sdk-go@v0.1.456...v0.1.500)

---
updated-dependencies:
- dependency-name: github.com/openshift-online/ocm-sdk-go
  dependency-version: 0.1.500
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/openshift-online/ocm-sdk-go-0.1.500 branch from 4733aaf to 9acf744 Compare May 13, 2026 06:10

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Line 74: The dependency golang.org/x/oauth2 is pinned to v0.23.0 which
contains security advisories; update the module declaration for
golang.org/x/oauth2 in go.mod to at least v0.27.0 (preferably v0.36.0) and then
run go get golang.org/x/oauth2@v0.36.0 (or go get golang.org/x/oauth2@v0.27.0)
followed by go mod tidy to update go.sum; verify by rebuilding and running tests
to ensure no breaking changes in any code referencing golang.org/x/oauth2.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: c969a063-ae64-4ce5-b052-8071ec03cb09

📥 Commits

Reviewing files that changed from the base of the PR and between 4733aaf and 9acf744.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum
📒 Files selected for processing (1)
  • go.mod

Comment thread go.mod
github.com/x448/float16 v0.8.4 // indirect
golang.org/x/net v0.33.0 // indirect
golang.org/x/net v0.39.0 // indirect
golang.org/x/oauth2 v0.23.0 // indirect

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

What is the first patched golang.org/x/oauth2 version for GO-2025-3488 and GHSA-6v2p-p543-phr9, and what upgrade version is currently recommended?

💡 Result:

For GO-2025-3488 and GHSA-6v2p-p543-phr9 in golang.org/x/oauth2, the first patched version is v0.27.0 (both advisories list 0.27.0 as the fixed/patched version; earlier versions are affected) [1][2]. As of 2026-05-13, the currently recommended upgrade version is the latest golang.org/x/oauth2 release, v0.36.0 [3][4].

Citations:


Upgrade golang.org/x/oauth2 from v0.23.0 to at least v0.27.0 (or preferably the latest v0.36.0) to fix GO-2025-3488 and GHSA-6v2p-p543-phr9.

v0.23.0 has HIGH severity advisories that are resolved in v0.27.0 and later.

🧰 Tools
🪛 OSV Scanner (2.3.8)

[HIGH] 74-74: golang.org/x/oauth2 0.23.0: Unexpected memory consumption during token parsing in golang.org/x/oauth2

(GO-2025-3488)


[HIGH] 74-74: golang.org/x/oauth2 0.23.0: golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability

(GHSA-6v2p-p543-phr9)

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` at line 74, The dependency golang.org/x/oauth2 is pinned to v0.23.0
which contains security advisories; update the module declaration for
golang.org/x/oauth2 in go.mod to at least v0.27.0 (preferably v0.36.0) and then
run go get golang.org/x/oauth2@v0.36.0 (or go get golang.org/x/oauth2@v0.27.0)
followed by go mod tidy to update go.sum; verify by rebuilding and running tests
to ensure no breaking changes in any code referencing golang.org/x/oauth2.

@dependabot @github

dependabot Bot commented on behalf of github May 20, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #55.

@dependabot dependabot Bot closed this May 20, 2026
@dependabot dependabot Bot deleted the dependabot/go_modules/github.com/openshift-online/ocm-sdk-go-0.1.500 branch May 20, 2026 09:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants