Skip to content

SANDBOX-1357: update kube & openshift dependencies to 4.19 #547

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rsoaresd merged 13 commits into from
Sep 16, 2025
Merged

SANDBOX-1357: update kube & openshift dependencies to 4.19 #547

Show file tree
Hide file tree
Changes from 12 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
94e0128
SANDBOX-1357: update kube & openshift dependencies to 4.19
Sep 4, 2025
3118a9e
update
Sep 4, 2025
dbcdf13
try
rsoaresd Sep 4, 2025
1367bab
clean
rsoaresd Sep 4, 2025
ef1d5f6
fix
rsoaresd Sep 4, 2025
b700531
update golang.org/x/net
rsoaresd Sep 9, 2025
d10c64d
go mod tidy
rsoaresd Sep 10, 2025
75c3c3b
Merge branch 'master' into upgrade_4_19_registration_service
rsoaresd Sep 10, 2025
70cec98
clean
rsoaresd Sep 10, 2025
c731502
update replace
rsoaresd Sep 10, 2025
724652d
Merge branch 'master' into upgrade_4_19_registration_service
rsoaresd Sep 11, 2025
48279d2
update
rsoaresd Sep 11, 2025
6145c9e
remove replace
rsoaresd Sep 16, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .golangci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ linters:
- testifylint
- unparam
- zerologlint
- copyloopvar
disable:
- contextcheck
- noctx
Expand Down
29 changes: 1 addition & 28 deletions .govulncheck.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,28 +1 @@
ignored-vulnerabilities:
# Request smuggling due to acceptance of invalid chunked data in net/http
# Found in Found in: net/http/internal@go1.22.12
# Fixed in Fixed in: net/http/internal@go1.23.8
- id: GO-2025-3563
info: https://pkg.go.dev/vuln/GO-2025-3563
silence-until: 2025-09-17

# Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net
# Found in Found in: golang.org/x/net/html@v0.33.0
# Fixed in Fixed in: golang.org/x/net/html@v0.38.0
- id: GO-2025-3595
info: https://pkg.go.dev/vuln/GO-2025-3595
silence-until: 2025-09-17

# Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall
# Found in Found in: os@go1.22.12
# Fixed in Fixed in: os@go1.23.10
- id: GO-2025-3750
info: https://pkg.go.dev/vuln/GO-2025-3750
silence-until: 2025-09-17

# Sensitive headers not cleared on cross-origin redirect in net/http
# Found in Found in: net/http@go1.22.12
# Fixed in Fixed in: net/http@go1.23.10
- id: GO-2025-3751
info: https://pkg.go.dev/vuln/GO-2025-3751
silence-until: 2025-09-17
ignored-vulnerabilities: []
2 changes: 1 addition & 1 deletion README.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ This is the Developer Sandbox Registration Service repository. It implements the

== Build

Requires Go version 1.22.x (1.22.12 or higher) - download for your development environment https://golang.org/dl/[here].
Requires Go version 1.23.x (1.23.12 or higher) - download for your development environment https://golang.org/dl/[here].

This repository uses https://github.com/golang/go/wiki/Modules[Go modules].

Expand Down
72 changes: 37 additions & 35 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
module github.com/codeready-toolchain/registration-service

go 1.22.0
go 1.23.0

toolchain go1.22.12
toolchain go1.23.12

require (
github.com/aws/aws-sdk-go v1.44.100
Expand All @@ -13,10 +13,10 @@ require (
github.com/pkg/errors v0.9.1
github.com/stretchr/testify v1.10.0
gopkg.in/h2non/gock.v1 v1.0.14
k8s.io/api v0.31.2
k8s.io/apimachinery v0.31.2
k8s.io/client-go v0.31.2
sigs.k8s.io/controller-runtime v0.19.7
k8s.io/api v0.32.2
k8s.io/apimachinery v0.32.2
k8s.io/client-go v0.32.2
sigs.k8s.io/controller-runtime v0.20.4
)

require (
Expand All @@ -35,8 +35,8 @@ require (
github.com/prometheus/client_golang v1.19.1
github.com/prometheus/client_model v0.6.1
github.com/prometheus/common v0.55.0
github.com/spf13/pflag v1.0.5
go.uber.org/zap v1.26.0
github.com/spf13/pflag v1.0.6
go.uber.org/zap v1.27.0
gopkg.in/go-jose/go-jose.v2 v2.6.3
gotest.tools v2.2.0+incompatible
k8s.io/klog v1.0.0
Expand All @@ -61,15 +61,16 @@ require (
github.com/cloudflare/circl v1.6.1 // indirect
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0 // indirect
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
github.com/evanphx/json-patch/v5 v5.9.0 // indirect
github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
github.com/evanphx/json-patch/v5 v5.9.11 // indirect
github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
github.com/gabriel-vasile/mimetype v1.4.3 // indirect
github.com/go-errors/errors v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/btree v1.1.3 // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/go-github/v52 v52.0.0 // indirect
github.com/google/go-querystring v1.1.0 // indirect
Expand Down Expand Up @@ -104,31 +105,29 @@ require (
go.opentelemetry.io/otel v1.28.0 // indirect
go.opentelemetry.io/otel/metric v1.28.0 // indirect
go.opentelemetry.io/otel/trace v1.28.0 // indirect
go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
golang.org/x/arch v0.7.0 // indirect
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
google.golang.org/api v0.177.0 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240826202546-f6391c0de4c7 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7 // indirect
google.golang.org/grpc v1.65.0 // indirect
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
k8s.io/apiextensions-apiserver v0.31.2 // indirect
k8s.io/cli-runtime v0.31.2 // indirect
k8s.io/kubectl v0.31.2 // indirect
k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 // indirect
sigs.k8s.io/kustomize/api v0.17.2 // indirect
sigs.k8s.io/kustomize/kyaml v0.17.1 // indirect
k8s.io/apiextensions-apiserver v0.32.2 // indirect
k8s.io/cli-runtime v0.32.1 // indirect
k8s.io/kubectl v0.32.1 // indirect
k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect
sigs.k8s.io/kustomize/api v0.18.0 // indirect
sigs.k8s.io/kustomize/kyaml v0.18.1 // indirect
)

require (
github.com/cheekybits/is v0.0.0-20150225183255-68e9c0620927 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/gin-contrib/sse v0.1.0 // indirect
github.com/go-logr/zapr v1.3.0 // indirect
github.com/go-openapi/jsonpointer v0.19.6 // indirect
github.com/go-openapi/jsonpointer v0.21.0 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
github.com/go-openapi/swag v0.22.4 // indirect
github.com/go-openapi/swag v0.23.0 // indirect
github.com/go-playground/locales v0.14.1 // indirect
github.com/go-playground/universal-translator v0.18.1 // indirect
github.com/go-playground/validator/v10 v10.19.0 // indirect
Expand All @@ -151,28 +150,31 @@ require (
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
// using latest commit from 'github.com/openshift/api branch release-4.16'
github.com/openshift/api v0.0.0-20250410062700-d6c84c55a124
github.com/openshift/api v0.0.0-20250904140438-5b2b8cafdd82
github.com/pelletier/go-toml/v2 v2.1.1 // indirect
Comment on lines 151 to 154
Copy link

@coderabbitai coderabbitai bot Sep 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Confirm OpenShift API branch matches the target 4.19 update.

The comment says “release-4.16” while the PR targets 4.19. Ensure this tracks the correct branch for 4.19, or update the comment/dependency accordingly.

🌐 Web query:

Which branch/tag of github.com/openshift/api corresponds to OpenShift 4.19? Is there guidance on matching k8s 1.32 (v0.32.x) with the proper openshift/api branch?

💡 Result:

Short answer: use the release-4.19 branch of github.com/openshift/api. OpenShift 4.19 is based on Kubernetes 1.32 (k8s v0.32.x), so match the openshift/api release-4.19 branch with k8s v0.32.x client libraries. [1][2][3]

Sources

  • openshift/api branches (release-4.19 branch). [1]
  • OpenShift 4.19 docs stating it uses Kubernetes 1.32. [2][3]

Replace the incorrect 'release-4.16' comment and pin openshift/api to release-4.19 (OpenShift 4.19 → Kubernetes 1.32 / k8s v0.32.x).

Change the inline comment and verify the go.mod revision is from the release-4.19 branch (or update the dependency to the release-4.19 commit/tag) and ensure k8s client libraries are v0.32.x.

File: go.mod Lines: 151-154

	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
	// using latest commit from 'github.com/openshift/api branch release-4.16'
	github.com/openshift/api v0.0.0-20250904140438-5b2b8cafdd82
	github.com/pelletier/go-toml/v2 v2.1.1 // indirect
🤖 Prompt for AI Agents 
In go.mod around lines 151-154, the inline comment incorrectly references
'release-4.16' and the openshift/api module needs to be pinned to release-4.19;
update the comment to reflect "using latest commit from
'github.com/openshift/api branch release-4.19'", replace the current
github.com/openshift/api pseudo-version with a commit or tag from the
release-4.19 branch (or the canonical release-4.19 tag), and ensure any
Kubernetes client library dependencies in go.mod are upgraded/changed to v0.32.x
to match OpenShift 4.19 compatibility.

github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/ttacon/builder v0.0.0-20170518171403-c099f663e1c2 // indirect
github.com/ttacon/libphonenumber v1.2.1 // indirect
github.com/ugorji/go/codec v1.2.12 // indirect
go.uber.org/atomic v1.10.0
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/crypto v0.31.0 // indirect
golang.org/x/net v0.33.0 // indirect
golang.org/x/oauth2 v0.21.0 // indirect
golang.org/x/sync v0.10.0 // indirect
golang.org/x/sys v0.28.0 // indirect
golang.org/x/term v0.27.0 // indirect
golang.org/x/text v0.21.0 // indirect
golang.org/x/crypto v0.36.0 // indirect
golang.org/x/net v0.38.0 // indirect
golang.org/x/oauth2 v0.23.0 // indirect
golang.org/x/sync v0.12.0 // indirect
golang.org/x/sys v0.31.0 // indirect
golang.org/x/term v0.30.0 // indirect
golang.org/x/text v0.23.0 // indirect
golang.org/x/time v0.8.0 // indirect
google.golang.org/protobuf v1.34.2 // indirect
google.golang.org/protobuf v1.35.1 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
)

replace github.com/codeready-toolchain/api => github.com/rsoaresd/api v0.0.0-20250910155735-270447f471cd

replace github.com/codeready-toolchain/toolchain-common => github.com/rsoaresd/toolchain-common v0.0.0-20250910164142-aabf15684683
Loading
Loading