chore(deps): update google.golang.org/genproto/googleapis/api digest to 87f3d3e

[red-hat-konflux-kflux-prd-rh02]

This PR contains the following updates:

Package	Type	Update	Change
google.golang.org/genproto/googleapis/api	indirect	digest	9d38bb4 → 87f3d3e

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Configuration

📅 Schedule: Branch creation - "on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux-kflux-prd-rh02]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go get -t ./...
go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20260610212136-7ab31c22f7ad
go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20260618152121-87f3d3e198d3
go: downloading github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0
go: github.com/openshift-hyperfleet/hyperfleet-api/pkg/api imports
	github.com/openshift-hyperfleet/hyperfleet-api/pkg/api/openapi: cannot find module providing package github.com/openshift-hyperfleet/hyperfleet-api/pkg/api/openapi
go: module github.com/bxcodec/faker/v3 is deprecated: use github.com/go-faker/faker/v4 instead.

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Updated an indirect dependency to a newer revision to improve compatibility and stability.

Walkthrough

go.mod updates the indirect dependency google.golang.org/genproto/googleapis/api from pseudo-version v0.0.0-20260401024825-9d38bb4040a9 to revision 87f3d3e198d3. No other dependencies, directives, or module declarations are modified.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

---

Supply chain flag — CWE-1357 / CWE-829.

• This is an indirect dependency bump using a pseudo-version commit hash, not a tagged release. Pseudo-version hashes are not pinned to a signed, auditable release artifact. Verify 87f3d3e198d3 resolves to an expected, reviewed commit in the upstream googleapis/go-genproto repository.
• Confirm go.sum has been updated with the matching hash for this revision. An absent or mismatched go.sum entry is a supply chain integrity gap.
• This module is on the API call path for gRPC/protobuf contracts across the platform (API, Sentinel, Adapter, Broker components). A compromised genproto revision could silently alter wire types or service descriptors — verify the diff of the upstream commit before merging.
• No CVE is currently published against this specific revision, but the use of untagged commits rather than semver releases bypasses standard vulnerability scanning tooling (e.g., govulncheck, Dependabot) — CWE-1357 applies.

🚥 Pre-merge checks | ✅ 11

✅ Passed checks (11 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: updating google.golang.org/genproto/googleapis/api digest in go.mod as a chore dependency update.
Description check	✅ Passed	The description clearly documents the dependency update from digest 9d38bb4 to 87f3d3e, includes configuration details, and relates directly to the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output	✅ Passed	Verified all modified non-test Go files (145 files checked): no log statements include tokens, passwords, credentials, or secrets as fields or interpolated strings. Connection strings use redactPas...
No Hardcoded Secrets	✅ Passed	No hardcoded secrets found. The change updates a Go dependency using a standard Git commit hash (87f3d3e198d3), which is a public reference identifier, not an API key, token, credential, or other s...
No Weak Cryptography	✅ Passed	PR updates only go.mod (dependency digest change). Source code audit found zero instances of md5, rc4, SHA1 for security, ECB, or custom cryptographic implementations. No weak cryptography introduced.
No Injection Vectors	✅ Passed	No injection vectors detected (CWE-89, CWE-78, CWE-79, CWE-502). Code uses parameterized queries, validated inputs, whitelisted values, and avoids dangerous patterns.
No Privileged Containers	✅ Passed	PR changes only go.mod dependency digest. No Kubernetes/OpenShift manifests, Helm templates, or Dockerfiles were modified. Check is inapplicable to pure dependency updates.
No Pii Or Sensitive Data In Logs	✅ Passed	PR contains only a dependency version update in go.mod with no source code changes or logging statements; check for PII in logs is not applicable.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch konflux/mintmaker/main/google.golang.org-genproto-googleapis-api-digest

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch konflux/mintmaker/main/google.golang.org-genproto-googleapis-api-digest

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.12.2)

level=error msg="Running error: context loading failed: failed to load packages: failed to load packages: failed to load with go/packages: err: exit status 1: stderr: go: updates to go.mod needed, disabled by -mod=readonly; to update it:\n\tgo mod tidy\n"

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Line 149: The google.golang.org/genproto/googleapis/api module revision has
been updated in go.mod to the new version shown at line 149, but go.sum still
contains the checksum for the old revision (v0.0.0-20260401024825-9d38bb4040a9),
creating a module resolution mismatch. Run go mod tidy to regenerate go.sum and
ensure it includes the correct checksum for the new revision, which will restore
module integrity and reproducibility.
- Line 149: The version for the google.golang.org/genproto/googleapis/api
dependency is malformed and violates Go module version syntax. The current
pseudo-version 7ab31c22f7ad is missing the required v0.0.0- prefix and
timestamp. Update this dependency entry to follow the correct pseudo-version
format of v0.0.0-<YYYYMMDDHHMMSS>-<COMMITHASH>, such as
v0.0.0-20260401024825-7ab31c22f7ad, to resolve go mod tidy and build failures.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: e7ed6f4c-c143-4cf9-acb5-7fd101858e7c

📥 Commits

Reviewing files that changed from the base of the PR and between b4bff38 and b4fcb2b.

📒 Files selected for processing (1)

• go.mod

🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

• openshift-hyperfleet/architecture (manual)
• openshift-hyperfleet/hyperfleet-api (manual)
• openshift-hyperfleet/hyperfleet-sentinel (manual)
• openshift-hyperfleet/hyperfleet-adapter (manual)
• openshift-hyperfleet/hyperfleet-broker (manual)

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

go.sum/go.mod sync failure — reproducibility broken (CWE-829).

go.sum still contains checksums for the old revision (v0.0.0-20260401024825-9d38bb4040a9), not the new one. This mismatch breaks module resolution integrity. Update go.sum to include the checksum entry for the new revision, or run go mod tidy to regenerate.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` at line 149, The google.golang.org/genproto/googleapis/api module
revision has been updated in go.mod to the new version shown at line 149, but
go.sum still contains the checksum for the old revision
(v0.0.0-20260401024825-9d38bb4040a9), creating a module resolution mismatch. Run
go mod tidy to regenerate go.sum and ensure it includes the correct checksum for
the new revision, which will restore module integrity and reproducibility.

---

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Malformed pseudo-version: missing v0.0.0- prefix and timestamp.

Line 149 contains google.golang.org/genproto/googleapis/api 7ab31c22f7ad // indirect. This violates Go module version syntax. The correct format is v0.0.0-<YYYYMMDDHHMMSS>-<COMMITHASH> (e.g., v0.0.0-20260401024825-7ab31c22f7ad). The current syntax will cause go mod tidy and build failures.

🐛 Proposed fix

-	google.golang.org/genproto/googleapis/api 7ab31c22f7ad // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-7ab31c22f7ad // indirect

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	google.golang.org/genproto/googleapis/api 7ab31c22f7ad // indirect
	google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-7ab31c22f7ad // indirect

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` at line 149, The version for the
google.golang.org/genproto/googleapis/api dependency is malformed and violates
Go module version syntax. The current pseudo-version 7ab31c22f7ad is missing the
required v0.0.0- prefix and timestamp. Update this dependency entry to follow
the correct pseudo-version format of v0.0.0-<YYYYMMDDHHMMSS>-<COMMITHASH>, such
as v0.0.0-20260401024825-7ab31c22f7ad, to resolve go mod tidy and build
failures.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign aredenba-rh for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @red-hat-konflux-kflux-prd-rh02[bot]. Thanks for your PR.

I'm waiting for a openshift-hyperfleet member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

go.mod (1)

149-149: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Malformed pseudo-version breaks module resolution (CWE-829).

Line 149 specifies 87f3d3e198d3 as a bare commit hash, violating Go module version syntax. Go requires pseudo-versions in the format v0.0.0-<YYYYMMDDHHMMSS>-<commithash>. This malformed entry will fail go mod tidy, go build, and dependency resolution. Example: v0.0.0-20260401024825-87f3d3e198d3.

[critical_blocker]

🔧 Proposed fix

-	google.golang.org/genproto/googleapis/api 87f3d3e198d3 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-87f3d3e198d3 // indirect

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` at line 149, The dependency google.golang.org/genproto/googleapis/api
at line 149 uses a bare commit hash (87f3d3e198d3) which violates Go module
version syntax. Replace the bare commit hash with a properly formatted
pseudo-version following the pattern v0.0.0-<YYYYMMDDHHMMSS>-<commithash>, for
example v0.0.0-20260401024825-87f3d3e198d3, to ensure Go module resolution works
correctly with go mod tidy and go build commands.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Line 149: The dependency google.golang.org/genproto/googleapis/api on line 149
uses a bare commit hash `87f3d3e198d3` which is not a valid Go module version
format. Replace this with a proper Go pseudo-version in the format
`v0.0.0-YYYYMMDDHHMMSS-COMMITHASH` where the timestamp and commit hash
correspond to the actual commit. After updating the version string in go.mod,
run `go mod tidy` to regenerate the go.sum file with the correct checksums that
match the updated dependency declarations and ensure build reproducibility.

---

Duplicate comments:
In `@go.mod`:
- Line 149: The dependency google.golang.org/genproto/googleapis/api at line 149
uses a bare commit hash (87f3d3e198d3) which violates Go module version syntax.
Replace the bare commit hash with a properly formatted pseudo-version following
the pattern v0.0.0-<YYYYMMDDHHMMSS>-<commithash>, for example
v0.0.0-20260401024825-87f3d3e198d3, to ensure Go module resolution works
correctly with go mod tidy and go build commands.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: b827670b-edfa-4d9c-87c8-a5debd0ec0b1

📥 Commits

Reviewing files that changed from the base of the PR and between b4fcb2b and c14f1e6.

📒 Files selected for processing (1)

• go.mod

🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

• openshift-hyperfleet/architecture (manual)
• openshift-hyperfleet/hyperfleet-api (manual)
• openshift-hyperfleet/hyperfleet-sentinel (manual)
• openshift-hyperfleet/hyperfleet-adapter (manual)
• openshift-hyperfleet/hyperfleet-broker (manual)

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify go.sum contains entry for the corrected pseudo-version once fixed
rg -A2 'google.golang.org/genproto/googleapis/api' go.sum

Repository: openshift-hyperfleet/hyperfleet-api

Length of output: 593

---

🏁 Script executed:

#!/bin/bash
# Check actual go.mod around line 149
echo "=== go.mod line 145-155 ==="
sed -n '145,155p' go.mod

echo -e "\n=== Full go.mod google.golang.org/genproto entries ==="
rg 'google\.golang\.org/genproto' go.mod

echo -e "\n=== Full go.sum google.golang.org/genproto entries ==="
rg 'google\.golang\.org/genproto' go.sum | head -20

Repository: openshift-hyperfleet/hyperfleet-api

Length of output: 2078

---

go.mod/go.sum sync broken — invalid version format prevents build verification (CWE-829).

Line 149 declares google.golang.org/genproto/googleapis/api 87f3d3e198d3 using a bare commit hash, which is not a valid Go module version. Go requires pseudo-version format (v0.0.0-YYYYMMDDHHMMSS-COMMITHASH). Additionally, go.sum contains only entries for v0.0.0-20260401024825-9d38bb4040a9, creating a sync mismatch — no checksums exist for the declared dependency. This breaks reproducible builds and prevents integrity verification.

Correct the version to a proper pseudo-version and run go mod tidy to regenerate go.sum checksums.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` at line 149, The dependency google.golang.org/genproto/googleapis/api
on line 149 uses a bare commit hash `87f3d3e198d3` which is not a valid Go
module version format. Replace this with a proper Go pseudo-version in the
format `v0.0.0-YYYYMMDDHHMMSS-COMMITHASH` where the timestamp and commit hash
correspond to the actual commit. After updating the version string in go.mod,
run `go mod tidy` to regenerate the go.sum file with the correct checksums that
match the updated dependency declarations and ensure build reproducibility.

Source: Coding guidelines

[ciaranRoche]

Closing — Renovate produced a malformed go.mod entry (bare commit hash 87f3d3e198d3 instead of a valid Go pseudo-version v0.0.0-YYYYMMDDHHMMSS-hash). This is a known Renovate bug with Go module digest updates.

The genproto/googleapis/api dependency was updated naturally via go mod tidy in #237 (HYPERFLEET-1264).

Our renovate.json disables digest-type Go module updates to prevent this, but this PR predates that fix.

[red-hat-konflux-kflux-prd-rh02]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for the google.golang.org/genproto/googleapis/api 87f3d3e update again.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.