Bump the gomod group with 7 updates #410

dependabot · 2025-11-10T17:07:22Z

Bumps the gomod group with 7 updates:

Package	From	To
github.com/operator-framework/api	`0.34.0`	`0.36.0`
github.com/go-openapi/jsonreference	`0.21.2`	`0.21.3`
github.com/google/gnostic-models	`0.6.9`	`0.7.0`
github.com/modern-go/reflect2	`1.0.2`	`1.0.3-0.20250322232337-35a7c28c31ee`
golang.org/x/oauth2	`0.32.0`	`0.33.0`
golang.org/x/sync	`0.17.0`	`0.18.0`
golang.org/x/sys	`0.37.0`	`0.38.0`

Updates github.com/operator-framework/api from 0.34.0 to 0.36.0

Release notes

Sourced from github.com/operator-framework/api's releases.

v0.36.0

What's Changed

Bump sigs.k8s.io/controller-runtime from 0.22.1 to 0.22.2 in the k8s-dependencies group by @dependabot[bot] in operator-framework/api#452

Bump sigs.k8s.io/controller-runtime from 0.22.2 to 0.22.3 in the k8s-dependencies group by @dependabot[bot] in operator-framework/api#453

bump go version to fix GO-2025-3956 by @grokspawn in operator-framework/api#455

Full Changelog: operator-framework/api@v0.35.0...v0.36.0

v0.35.0

Notice

This release updates to k8s 1.34

What's Changed

Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 by @dependabot[bot] in operator-framework/api#445

Bump github.com/stretchr/testify from 1.11.0 to 1.11.1 by @dependabot[bot] in operator-framework/api#446

Bump github.com/google/cel-go from 0.26.0 to 0.26.1 by @dependabot[bot] in operator-framework/api#448

Bump actions/setup-go from 5 to 6 by @dependabot[bot] in operator-framework/api#449

Bump actions/stale from 9 to 10 by @dependabot[bot] in operator-framework/api#450

Bump the k8s-dependencies group with 5 updates by @dependabot[bot] in operator-framework/api#447

Bump the k8s-dependencies group with 5 updates by @dependabot[bot] in operator-framework/api#451

Full Changelog: operator-framework/api@v0.34.0...v0.35.0

Commits

28121db bump go version to fix GO-2025-3956 (#455)
e9c7bb5 Bump sigs.k8s.io/controller-runtime in the k8s-dependencies group (#453)
67b6d64 Bump sigs.k8s.io/controller-runtime in the k8s-dependencies group (#452)
bef2351 Bump the k8s-dependencies group with 5 updates (#451)
a7542c5 Bump the k8s-dependencies group with 5 updates (#447)
ee2250b Bump actions/stale from 9 to 10 (#450)
8835256 Bump actions/setup-go from 5 to 6 (#449)
37c0110 Bump github.com/google/cel-go from 0.26.0 to 0.26.1 (#448)
29bdb09 Bump github.com/stretchr/testify from 1.11.0 to 1.11.1 (#446)
9ba7f1a Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#445)
See full diff in compare view

Updates github.com/go-openapi/jsonreference from 0.21.2 to 0.21.3

Commits

d5ff0ea tests: replaced stretchr/testify by go-openapi/testify
5cee2c3 chore: updated license marks in source files
See full diff in compare view

Updates github.com/google/gnostic-models from 0.6.9 to 0.7.0

Commits

82b4ba0 Fix go.mod
1214835 update yaml library to go.yaml.in/yaml
511df6b update README to 2025
fbe822a Update README to 2024
d9cde49 chore: omit comparison to bool constant
8f45726 chore: unnecessary use of fmt.Sprintf
d47ab80 add manual trigger github actions
164b47f Disable protoc download in CI
See full diff in compare view

Updates github.com/modern-go/reflect2 from 1.0.2 to 1.0.3-0.20250322232337-35a7c28c31ee

Commits

See full diff in compare view

Updates golang.org/x/oauth2 from 0.32.0 to 0.33.0

Commits

f28b0b5 all: fix some comments
fd15e0f x/oauth2: populate RetrieveError from DeviceAuth
See full diff in compare view

Updates golang.org/x/sync from 0.17.0 to 0.18.0

Commits

1966f53 errgroup: fix some typos in comment
See full diff in compare view

Updates golang.org/x/sys from 0.37.0 to 0.38.0

Commits

15129aa cpu: also use MRS instruction in getmmfr1
ed38ca2 unix: add SizeofNhmsg and SizeofNexthopGrp
3675c4c cpu: use MRS instruction to read arm64 system registers
2a15272 unix: add consts for ELF handling
6239615 cpu: add HPDS, LOR, PAN detection for arm64
ea436ef windows: add iphlpapi routing functions
28c5bda unix: add SetMemPolicy and its mode/flag values
b731f78 unix/linux: switch to ubuntu 25.04, Go 1.25.1
See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
github.com/operator-framework/api	[>= 0.35.a, < 0.36]
github.com/google/gnostic-models	[>= 0.7.0.a, < 0.7.1]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the gomod group with 7 updates: | Package | From | To | | --- | --- | --- | | [github.com/operator-framework/api](https://github.com/operator-framework/api) | `0.34.0` | `0.36.0` | | [github.com/go-openapi/jsonreference](https://github.com/go-openapi/jsonreference) | `0.21.2` | `0.21.3` | | [github.com/google/gnostic-models](https://github.com/google/gnostic-models) | `0.6.9` | `0.7.0` | | [github.com/modern-go/reflect2](https://github.com/modern-go/reflect2) | `1.0.2` | `1.0.3-0.20250322232337-35a7c28c31ee` | | [golang.org/x/oauth2](https://github.com/golang/oauth2) | `0.32.0` | `0.33.0` | | [golang.org/x/sync](https://github.com/golang/sync) | `0.17.0` | `0.18.0` | | [golang.org/x/sys](https://github.com/golang/sys) | `0.37.0` | `0.38.0` | Updates `github.com/operator-framework/api` from 0.34.0 to 0.36.0 - [Release notes](https://github.com/operator-framework/api/releases) - [Changelog](https://github.com/operator-framework/api/blob/master/RELEASE.md) - [Commits](operator-framework/api@v0.34.0...v0.36.0) Updates `github.com/go-openapi/jsonreference` from 0.21.2 to 0.21.3 - [Commits](go-openapi/jsonreference@v0.21.2...v0.21.3) Updates `github.com/google/gnostic-models` from 0.6.9 to 0.7.0 - [Commits](google/gnostic-models@v0.6.9...v0.7.0) Updates `github.com/modern-go/reflect2` from 1.0.2 to 1.0.3-0.20250322232337-35a7c28c31ee - [Release notes](https://github.com/modern-go/reflect2/releases) - [Commits](https://github.com/modern-go/reflect2/commits) Updates `golang.org/x/oauth2` from 0.32.0 to 0.33.0 - [Commits](golang/oauth2@v0.32.0...v0.33.0) Updates `golang.org/x/sync` from 0.17.0 to 0.18.0 - [Commits](golang/sync@v0.17.0...v0.18.0) Updates `golang.org/x/sys` from 0.37.0 to 0.38.0 - [Commits](golang/sys@v0.37.0...v0.38.0) --- updated-dependencies: - dependency-name: github.com/operator-framework/api dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gomod - dependency-name: github.com/go-openapi/jsonreference dependency-version: 0.21.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: gomod - dependency-name: github.com/google/gnostic-models dependency-version: 0.7.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: gomod - dependency-name: github.com/modern-go/reflect2 dependency-version: 1.0.3-0.20250322232337-35a7c28c31ee dependency-type: indirect update-type: version-update:semver-patch dependency-group: gomod - dependency-name: golang.org/x/oauth2 dependency-version: 0.33.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: gomod - dependency-name: golang.org/x/sync dependency-version: 0.18.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: gomod - dependency-name: golang.org/x/sys dependency-version: 0.38.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: gomod ... Signed-off-by: dependabot[bot] <[email protected]>

openshift-ci · 2025-11-10T17:07:29Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign gparvin for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

dhaiducek · 2025-11-10T17:10:01Z

This is bumping the Go version (which causes a skew with the framework) as well as updates to K8s packages. Going to skip it for now.

dependabot · 2025-11-10T17:10:03Z

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Nov 10, 2025

openshift-ci bot added the dco-signoff: yes label Nov 10, 2025

openshift-ci bot requested review from jan-law and yiraeChristineKim November 10, 2025 17:07

dhaiducek closed this Nov 10, 2025

dependabot bot deleted the dependabot/go_modules/gomod-9e7b7005ec branch November 10, 2025 17:10

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the gomod group with 7 updates #410

Bump the gomod group with 7 updates #410

Uh oh!

dependabot bot commented on behalf of github Nov 10, 2025

Uh oh!

openshift-ci bot commented Nov 10, 2025

Uh oh!

dhaiducek commented Nov 10, 2025

Uh oh!

dependabot bot commented on behalf of github Nov 10, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Bump the gomod group with 7 updates #410

Bump the gomod group with 7 updates #410

Uh oh!

Conversation

dependabot bot commented on behalf of github Nov 10, 2025

v0.36.0

What's Changed

v0.35.0

Notice

What's Changed

Uh oh!

openshift-ci bot commented Nov 10, 2025

Uh oh!

dhaiducek commented Nov 10, 2025

Uh oh!

dependabot bot commented on behalf of github Nov 10, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants