Skip to content

NO-JIRA: Bump library-go to update selinux and x/crypto #2169

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ardaguclu wants to merge 1 commit into
base: main
Choose a base branch
from
Open

NO-JIRA: Bump library-go to update selinux and x/crypto #2169

ardaguclu wants to merge 1 commit into from
+7,093 −6,384

Conversation

@ardaguclu
Copy link
Member

@ardaguclu ardaguclu commented Dec 22, 2025
edited
Loading

This PR bumps library-go to update selinux and x/crypto versions, in order to fix the vulnerabilities.

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Dec 22, 2025
@openshift-ci-robot
Copy link

openshift-ci-robot commented Dec 22, 2025

@ardaguclu: This pull request explicitly references no jira issue.

Details

In response to this:

This PR fake bumps library-go to get CI signal to prevent any regressions.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@coderabbitai
Copy link

coderabbitai bot commented Dec 22, 2025
edited
Loading

Walkthrough

go.mod dependency versions updated: core golang.org/x modules, OpenShift modules, opencontainers/selinux, various Kubernetes-related indirects; new indirect cyphar modules added and a replace mapping updated for github.com/openshift/library-go. No API or exported symbols changed.

Changes

Cohort / File(s) Summary
Core golang.org/x updates
go.mod		 Bumped versions: golang.org/x/crypto v0.43.0 → v0.45.0, golang.org/x/net v0.46.0 → v0.47.0, golang.org/x/sync v0.17.0 → v0.18.0, golang.org/x/sys v0.37.0 → v0.38.0, golang.org/x/term v0.36.0 → v0.37.0, golang.org/x/text v0.30.0 → v0.31.0, golang.org/x/tools v0.37.0 → v0.38.0 (indirects included).
OpenShift / Kubernetes / container-related updates
go.mod		 Updated github.com/openshift/api and github.com/openshift/library-go pseudo-versions; bumped opencontainers/selinux v1.12.0 → v1.13.0; multiple Kubernetes-related indirects advanced to newer patch versions.
New indirects and replace mapping
go.mod		 Added indirect dependencies cyphar/filepath-securejoin v0.6.0 and cyphar/go-pathrs v0.2.1; updated/added replace mapping for github.com/openshift/library-go to a newer pseudo-version; miscellaneous reorder/cleanup in replace block.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

  • Verify transitive compatibility between updated golang.org/x modules and tooling (build/tests).
  • Check the replace mapping for github.com/openshift/library-go for intended commit/version and downstream impact.
  • Confirm Kubernetes-related indirect bumps do not introduce dependency conflicts in go.sum or during module resolution.
  • Validate necessity and safety of newly added indirects (cyphar/*) and that they are not accidentally required by other updates.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between bc97a18 and e3e3bd2.

⛔ Files ignored due to path filters (105)
  • go.sum is excluded by !**/*.sum
  • vendor/cyphar.com/go-pathrs/.golangci.yml is excluded by !vendor/**, !**/vendor/**
  • vendor/cyphar.com/go-pathrs/COPYING is excluded by !vendor/**, !**/vendor/**
  • vendor/cyphar.com/go-pathrs/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/cyphar.com/go-pathrs/handle_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/cyphar.com/go-pathrs/internal/fdutils/fd_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/cyphar.com/go-pathrs/internal/libpathrs/error_unix.go is excluded by !vendor/**, !**/vendor/**
  • vendor/cyphar.com/go-pathrs/internal/libpathrs/libpathrs_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/cyphar.com/go-pathrs/procfs/procfs_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/cyphar.com/go-pathrs/root_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/cyphar.com/go-pathrs/utils_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/COPYING.md is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/LICENSE.BSD is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/LICENSE.MPL-2.0 is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/internal/consts/consts.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/README.md is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/assert/assert.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/errors_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/at_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/fd.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/fd_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/mount_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/openat2_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/README.md is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_errors_go120.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_errors_unsupported.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_generics_go121.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_generics_unsupported.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/lookup_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/mkdir_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/open_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/openat2_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/kernelversion/kernel_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/mount_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/openat2_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/procfs/procfs_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/procfs/procfs_lookup_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir_libpathrs.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir_purego.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_libpathrs.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_purego.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs/procfs_libpathrs.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs/procfs_purego.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/opencontainers/selinux/go-selinux/selinux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/.golangci.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/AGENTS.md is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/Makefile is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/config/v1/types_infrastructure.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/envtest-releases.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/features.md is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/features/features.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1beta1/types_gcpprovider.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/library-go/pkg/crypto/crypto.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/openpgp/s2k/s2k.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/sha3/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/sha3/hashes.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/sha3/hashes_noasm.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/sha3/keccakf_amd64.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/sha3/keccakf_amd64.s is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/sha3/legacy_hash.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/sha3/legacy_keccakf.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/sha3/sha3_s390x.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/sha3/sha3_s390x.s is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/sha3/shake.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/sha3/shake_noasm.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/net/context/context.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/net/http2/frame.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/net/http2/transport.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/net/http2/writesched.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/net/http2/writesched_priority_rfc7540.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sync/errgroup/errgroup.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/cpu/cpu.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/cpu/cpu_arm64.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/cpu/cpu_arm64.s is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/mkerrors.sh is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/syscall_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/zsyscall_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/ztypes_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/windows/syscall_windows.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/windows/types_windows.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/windows/zsyscall_windows.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/term/terminal.go is excluded by !vendor/**, !**/vendor/**
  • vendor/modules.txt is excluded by !vendor/**, !**/vendor/**
📒 Files selected for processing (1)
  • go.mod
🧰 Additional context used
📓 Path-based instructions (1)
**

⚙️ CodeRabbit configuration file

-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.

Files:

  • go.mod
🔇 Additional comments (2)
go.mod (2)

44-44: The personal fork replace directive has been completely removed from go.mod. Only the direct dependency on github.com/openshift/library-go at version v0.0.0-20251222131241-289839b3ffe8 remains, which is correct.

72-72: These indirect dependencies are legitimate transitive dependencies from established container runtime and library components.

Both cyphar.com/go-pathrs v0.2.1 and github.com/cyphar/filepath-securejoin v0.6.0 are legitimately pulled in by existing dependencies: github.com/opencontainers/selinux@v1.13.0 and github.com/openshift/library-go both depend on these modules. The filepath-securejoin package is also a dependency of multiple container image and storage libraries (containers/storage, containers/image, distribution, moby/buildkit). These are expected as part of the container runtime dependency stack.

Comment @coderabbitai help to get the list of available commands and usage tips.

@ardaguclu ardaguclu mentioned this pull request Dec 22, 2025
Merged
@openshift-ci openshift-ci bot requested review from ingvagabund and tchap December 22, 2025 07:51
@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 22, 2025
@ardaguclu
Copy link
Member Author

ardaguclu commented Dec 22, 2025

/hold

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 22, 2025
coderabbitai[bot]
coderabbitai bot reviewed Dec 22, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 0bc5b13 and bc97a18.

⛔ Files ignored due to path filters (105)
  • go.sum is excluded by !**/*.sum
  • vendor/cyphar.com/go-pathrs/.golangci.yml is excluded by !vendor/**, !**/vendor/**
  • vendor/cyphar.com/go-pathrs/COPYING is excluded by !vendor/**, !**/vendor/**
  • vendor/cyphar.com/go-pathrs/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/cyphar.com/go-pathrs/handle_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/cyphar.com/go-pathrs/internal/fdutils/fd_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/cyphar.com/go-pathrs/internal/libpathrs/error_unix.go is excluded by !vendor/**, !**/vendor/**
  • vendor/cyphar.com/go-pathrs/internal/libpathrs/libpathrs_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/cyphar.com/go-pathrs/procfs/procfs_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/cyphar.com/go-pathrs/root_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/cyphar.com/go-pathrs/utils_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/COPYING.md is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/LICENSE.BSD is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/LICENSE.MPL-2.0 is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/internal/consts/consts.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/README.md is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/assert/assert.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/errors_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/at_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/fd.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/fd_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/mount_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/fd/openat2_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/README.md is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_errors_go120.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_errors_unsupported.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_generics_go121.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gocompat/gocompat_generics_unsupported.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/lookup_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/mkdir_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/open_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/gopathrs/openat2_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/kernelversion/kernel_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/mount_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/linux/openat2_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/procfs/procfs_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/internal/procfs/procfs_lookup_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir_libpathrs.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/mkdir_purego.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_libpathrs.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/open_purego.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs/procfs_libpathrs.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs/procfs_purego.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/opencontainers/selinux/go-selinux/selinux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/.golangci.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/AGENTS.md is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/Makefile is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/config/v1/types_infrastructure.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/envtest-releases.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/features.md is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/features/features.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1beta1/types_gcpprovider.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/library-go/pkg/crypto/crypto.go is excluded by !vendor/**, !**/vendor/**
  • vendor/github.com/openshift/library-go/pkg/operator/certrotation/signer.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/openpgp/s2k/s2k.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/sha3/doc.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/sha3/hashes.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/sha3/hashes_noasm.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/sha3/keccakf_amd64.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/sha3/keccakf_amd64.s is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/sha3/legacy_hash.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/sha3/legacy_keccakf.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/sha3/sha3_s390x.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/sha3/sha3_s390x.s is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/sha3/shake.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/crypto/sha3/shake_noasm.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/net/context/context.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/net/http2/frame.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/net/http2/transport.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/net/http2/writesched.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/net/http2/writesched_priority_rfc7540.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sync/errgroup/errgroup.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/cpu/cpu.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/cpu/cpu_arm64.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/cpu/cpu_arm64.s is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/mkerrors.sh is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/syscall_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/zerrors_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/zsyscall_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/unix/ztypes_linux.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/windows/syscall_windows.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/windows/types_windows.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/sys/windows/zsyscall_windows.go is excluded by !vendor/**, !**/vendor/**
  • vendor/golang.org/x/term/terminal.go is excluded by !vendor/**, !**/vendor/**
  • vendor/modules.txt is excluded by !vendor/**, !**/vendor/**
📒 Files selected for processing (1)
  • go.mod
🧰 Additional context used
📓 Path-based instructions (1)
**

⚙️ CodeRabbit configuration file

-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.

Files:

  • go.mod
🔇 Additional comments (2)
go.mod (2)

51-56: Verify Go standard library version updates for compatibility.

Lines 51–56 update several Go standard library modules to newer minor/patch versions:

  • golang.org/x/crypto v0.43.0 → v0.45.0
  • golang.org/x/net v0.46.0 → v0.47.0
  • golang.org/x/sync v0.17.0 → v0.18.0
  • golang.org/x/sys v0.37.0 → v0.38.0
  • golang.org/x/term v0.36.0 → v0.37.0

These version bumps are typically backward-compatible, but ensure the codebase has been tested against these versions and that no API changes or behavioral changes introduce regressions.

72-72: New indirect dependencies added.

Lines 72 and 101 add two new indirect dependencies:

  • cyphar.com/go-pathrs v0.2.1
  • github.com/cyphar/filepath-securejoin v0.6.0

Verify that these are legitimate transitive dependencies pulled in by updated packages (likely containers/image or related dependencies) and not accidentally introduced.

Also applies to: 101-101

@ardaguclu ardaguclu force-pushed the fake-bump-library-go branch from bc97a18 to e3e3bd2 Compare December 22, 2025 13:29
@ardaguclu ardaguclu changed the title NO-JIRA: Fake bump library-go NO-JIRA: Bump library-go to update selinux and x/crypto Dec 22, 2025
@ardaguclu
Copy link
Member Author

ardaguclu commented Dec 22, 2025

/hold cancel

@openshift-ci openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 22, 2025
@ricardomaraschini
Copy link
Contributor

ricardomaraschini commented Dec 22, 2025

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Dec 22, 2025
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Dec 22, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ardaguclu, ricardomaraschini

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ardaguclu
Copy link
Member Author

ardaguclu commented Dec 22, 2025

/retest

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Dec 22, 2025

@ardaguclu: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/okd-scos-images e3e3bd2 link true /test okd-scos-images
ci/prow/e2e-aws-ovn-serial-1of2 e3e3bd2 link true /test e2e-aws-ovn-serial-1of2

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@ardaguclu
Copy link
Member Author

ardaguclu commented Dec 23, 2025

/retest

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@ingvagabund ingvagabund Awaiting requested review from ingvagabund

@tchap tchap Awaiting requested review from tchap

Assignees

@ricardomaraschini ricardomaraschini

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ardaguclu @openshift-ci-robot @ricardomaraschini