chore(deps): update github.com/lufia/plan9stats digest to c963978

[red-hat-konflux-kflux-prd-rh02]

This PR contains the following updates:

Package	Type	Update	Change
github.com/lufia/plan9stats	indirect	digest	39d0f17 → c963978

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Configuration

📅 Schedule: Branch creation - "on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux-kflux-prd-rh02]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go get -t ./...
go: downloading github.com/spf13/pflag v1.0.10
go: downloading github.com/onsi/gomega v1.27.1
go: downloading github.com/spf13/cobra v1.8.1
go: downloading go.opentelemetry.io/otel/sdk v1.43.0
go: downloading go.opentelemetry.io/otel v1.43.0
go: downloading github.com/gorilla/handlers v1.4.2
go: downloading github.com/gorilla/mux v1.8.0
go: downloading github.com/prometheus/client_golang v1.16.0
go: downloading github.com/prometheus/client_model v0.3.0
go: downloading github.com/google/uuid v1.6.0
go: downloading gorm.io/datatypes v1.2.7
go: downloading gorm.io/gorm v1.30.0
go: downloading github.com/oapi-codegen/runtime v1.2.0
go: downloading github.com/MicahParks/jwkset v0.11.0
go: downloading github.com/MicahParks/keyfunc/v3 v3.8.0
go: downloading github.com/golang-jwt/jwt/v5 v5.3.1
go: downloading github.com/go-playground/validator/v10 v10.20.0
go: downloading github.com/mendsley/gojwk v0.0.0-20141217222730-4d5ec6e58103
go: downloading github.com/spf13/viper v1.21.0
go: downloading github.com/stretchr/testify v1.11.1
go: downloading github.com/jinzhu/inflection v1.0.0
go: downloading github.com/Masterminds/squirrel v1.1.0
go: downloading github.com/go-gormigrate/gormigrate/v2 v2.0.0
go: downloading github.com/lib/pq v1.10.9
go: downloading github.com/yaacov/tree-search-language v0.0.0-20190923184055-1c2dad2e354b
go: downloading github.com/testcontainers/testcontainers-go v0.42.0
go: downloading github.com/testcontainers/testcontainers-go/modules/postgres v0.42.0
go: downloading github.com/DATA-DOG/go-sqlmock v1.5.2
go: downloading gorm.io/driver/postgres v1.6.0
go: downloading go.uber.org/mock v0.6.0
go: downloading go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.62.0
go: downloading go.opentelemetry.io/otel/trace v1.43.0
go: downloading go.opentelemetry.io/contrib/propagators/autoprop v0.68.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0
go: downloading go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.43.0
go: downloading github.com/getkin/kin-openapi v0.133.0
go: downloading github.com/bxcodec/faker/v3 v3.2.0
go: downloading gopkg.in/resty.v1 v1.12.0
go: downloading github.com/inconshreveable/mousetrap v1.1.0
go: downloading github.com/google/go-cmp v0.7.0
go: downloading github.com/beorn7/perks v1.0.1
go: downloading github.com/cespare/xxhash/v2 v2.3.0
go: downloading github.com/prometheus/common v0.42.0
go: downloading github.com/prometheus/procfs v0.10.1
go: downloading golang.org/x/sys v0.42.0
go: downloading google.golang.org/protobuf v1.36.11
go: downloading github.com/golang/protobuf v1.5.4
go: downloading gorm.io/driver/mysql v1.5.6
go: downloading github.com/jinzhu/now v1.1.5
go: downloading golang.org/x/time v0.11.0
go: downloading github.com/gabriel-vasile/mimetype v1.4.3
go: downloading github.com/go-playground/universal-translator v0.18.1
go: downloading github.com/leodido/go-urn v1.4.0
go: downloading golang.org/x/crypto v0.49.0
go: downloading golang.org/x/text v0.35.0
go: downloading github.com/fsnotify/fsnotify v1.9.0
go: downloading github.com/go-viper/mapstructure/v2 v2.4.0
go: downloading github.com/sagikazarmark/locafero v0.11.0
go: downloading github.com/spf13/afero v1.15.0
go: downloading github.com/spf13/cast v1.10.0
go: downloading github.com/lann/builder v0.0.0-20180802200727-47ae307949d0
go: downloading github.com/davecgh/go-spew v1.1.1
go: downloading github.com/pmezard/go-difflib v1.0.0
go: downloading github.com/antlr/antlr4 v0.0.0-20190518164840-edae2a1c9b4b
go: downloading dario.cat/mergo v1.0.2
go: downloading github.com/cenkalti/backoff/v4 v4.3.0
go: downloading github.com/containerd/errdefs v1.0.0
go: downloading github.com/containerd/platforms v0.2.1
go: downloading github.com/cpuguy83/dockercfg v0.3.2
go: downloading github.com/moby/go-archive v0.2.0
go: downloading github.com/moby/moby/api v1.54.1
go: downloading github.com/moby/moby/client v0.4.0
go: downloading github.com/moby/patternmatcher v0.6.1
go: downloading github.com/opencontainers/image-spec v1.1.1
go: downloading github.com/jackc/pgx/v5 v5.6.0
go: downloading github.com/felixge/httpsnoop v1.0.4
go: downloading go.opentelemetry.io/otel/metric v1.43.0
go: downloading github.com/go-logr/logr v1.4.3
go: downloading go.opentelemetry.io/contrib/propagators/aws v1.43.0
go: downloading go.opentelemetry.io/contrib/propagators/b3 v1.43.0
go: downloading go.opentelemetry.io/contrib/propagators/jaeger v1.43.0
go: downloading go.opentelemetry.io/contrib/propagators/ot v1.43.0
go: downloading go.opentelemetry.io/proto/otlp v1.10.0
go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9
go: downloading google.golang.org/grpc v1.80.0
go: downloading github.com/go-openapi/jsonpointer v0.21.0
go: downloading github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
go: downloading github.com/oasdiff/yaml v0.0.0-20250309154309-f31be36b4037
go: downloading github.com/perimeterx/marshmallow v1.1.5
go: downloading github.com/woodsbury/decimal128 v1.3.0
go: downloading golang.org/x/net v0.52.0
go: downloading gopkg.in/yaml.v3 v3.0.1
go: downloading github.com/matttproud/golang_protobuf_extensions v1.0.4
go: downloading github.com/go-sql-driver/mysql v1.8.1
go: downloading github.com/go-logr/stdr v1.2.2
go: downloading go.opentelemetry.io/auto/sdk v1.2.1
go: downloading github.com/go-playground/locales v0.14.1
go: downloading github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8
go: downloading github.com/subosito/gotenv v1.6.0
go: downloading github.com/pelletier/go-toml/v2 v2.2.4
go: downloading go.yaml.in/yaml/v3 v3.0.4
go: downloading github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0
go: downloading github.com/containerd/log v0.1.0
go: downloading github.com/moby/sys/sequential v0.6.0
go: downloading github.com/moby/sys/user v0.4.0
go: downloading github.com/moby/sys/userns v0.1.0
go: downloading github.com/docker/go-units v0.5.0
go: downloading github.com/moby/docker-image-spec v1.3.1
go: downloading github.com/Microsoft/go-winio v0.6.2
go: downloading github.com/containerd/errdefs/pkg v0.3.0
go: downloading github.com/distribution/reference v0.6.0
go: downloading github.com/docker/go-connections v0.6.0
go: downloading github.com/opencontainers/go-digest v1.0.0
go: downloading github.com/moby/term v0.5.2
go: downloading github.com/magiconair/properties v1.8.10
go: downloading github.com/shirou/gopsutil/v4 v4.26.3
go: downloading github.com/jackc/pgpassfile v1.0.0
go: downloading github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761
go: downloading go.uber.org/multierr v1.11.0
go: downloading github.com/cenkalti/backoff/v5 v5.0.3
go: downloading github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0
go: downloading github.com/go-openapi/swag v0.23.0
go: downloading github.com/oasdiff/yaml3 v0.0.0-20250309153720-d2182401db90
go: downloading github.com/mailru/easyjson v0.7.7
go: downloading filippo.io/edwards25519 v1.1.0
go: downloading github.com/sirupsen/logrus v1.9.4
go: downloading github.com/klauspost/compress v1.18.5
go: downloading github.com/tklauser/go-sysconf v0.3.16
go: downloading github.com/jackc/puddle/v2 v2.2.2
go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9
go: downloading github.com/josharian/intern v1.0.0
go: downloading github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c
go: downloading github.com/lufia/plan9stats v0.0.0-20260330125221-c963978e514e
go: downloading github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55
go: downloading github.com/ebitengine/purego v0.10.0
go: downloading github.com/yusufpapurcu/wmi v1.2.4
go: downloading github.com/tklauser/numcpus v0.11.0
go: downloading golang.org/x/sync v0.20.0
go: downloading github.com/go-ole/go-ole v1.2.6
go: github.com/openshift-hyperfleet/hyperfleet-api/pkg/api imports
	github.com/openshift-hyperfleet/hyperfleet-api/pkg/api/openapi: cannot find module providing package github.com/openshift-hyperfleet/hyperfleet-api/pkg/api/openapi
go: module github.com/bxcodec/faker/v3 is deprecated: use github.com/go-faker/faker/v4 instead.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign rh-amarin for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @red-hat-konflux-kflux-prd-rh02[bot]. Thanks for your PR.

I'm waiting for a openshift-hyperfleet member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 12025163-5dee-4712-bfd0-5d9701387b2a

📥 Commits

Reviewing files that changed from the base of the PR and between 24ec42b and 8e1aa76.

📒 Files selected for processing (1)

• go.mod

🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

• openshift-hyperfleet/architecture (manual)
• openshift-hyperfleet/hyperfleet-api (manual)
• openshift-hyperfleet/hyperfleet-sentinel (manual)
• openshift-hyperfleet/hyperfleet-adapter (manual)
• openshift-hyperfleet/hyperfleet-broker (manual)

---

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Updated project dependencies to latest versions.

Walkthrough

go.mod updates the indirect dependency github.com/lufia/plan9stats from the pseudo-version v0.0.0-20211012122336-39d0f177ccd0 to the bare commit hash c963978e514e. No exported or public entities are altered.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

---

Supply chain surface — flag for review:

• CWE-829 (Inclusion of Functionality from Untrusted Control Sphere): Pinning to a bare commit hash (c963978e514e) instead of a tagged semver release means there is no signed tag, no release note, and no go.sum-enforced version provenance beyond the hash itself. Verify go.sum was updated atomically with this change.
• CWE-494 (Download of Code Without Integrity Check): Confirm the new hash appears in go.sum with a valid h1: hash. A go.mod-only change without a corresponding go.sum update is a red flag.
• No associated CVE for lufia/plan9stats at this hash is publicly known, but untagged commits bypass standard vulnerability scanner matching (e.g., govulncheck, OSV) — scanners key on semver tags.
• Prefer a tagged release (e.g., v0.0.0-YYYYMMDDHHMMSS-<hash> pseudo-version generated by go get) over a raw commit hash to maintain reproducible builds.

🚥 Pre-merge checks | ✅ 11

✅ Passed checks (11 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: updating the github.com/lufia/plan9stats dependency digest to c963978.
Description check	✅ Passed	The description is related to the changeset, providing details about the dependency update including the package name, type, and digest change.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output	✅ Passed	PR contains only a go.mod/go.sum dependency digest update for an indirect, unused dependency. No logging statements exist in the codebase to contain secrets.
No Hardcoded Secrets	✅ Passed	No hardcoded secrets, API keys, tokens, passwords, private keys, or base64-encoded credentials found. The digest c963978e514e is a git commit hash, not a secret. Routine Go module digest update.
No Weak Cryptography	✅ Passed	plan9stats is a non-cryptographic system statistics library. No weak crypto usage (md5/des/rc4/SHA1 for security, ECB, custom crypto, non-constant-time comparisons) detected in application code or...
No Injection Vectors	✅ Passed	No injection vectors (CWE-89, CWE-78, CWE-79, CWE-502) present. PR contains only a malformed go.mod dependency entry that will fail Go module validation but introduces no code injection patterns.
No Privileged Containers	✅ Passed	PR only updates go.mod dependency digest; no Kubernetes/Helm/Docker files modified. Existing configs enforce allowPrivilegeEscalation:false, runAsUser:65532, capabilities.drop:[ALL].
No Pii Or Sensitive Data In Logs	✅ Passed	This commit adds source code files with structured logging using slog and custom logger helpers that actively mask sensitive headers and do not log raw request/response bodies, credentials, or PII...

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch konflux/mintmaker/main/github.com-lufia-plan9stats-digest

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch konflux/mintmaker/main/github.com-lufia-plan9stats-digest

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.12.2)

level=error msg="Running error: context loading failed: failed to load packages: failed to load packages: failed to load with go/packages: err: exit status 1: stderr: go: updates to go.mod needed, disabled by -mod=readonly; to update it:\n\tgo mod tidy\n"

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[ciaranRoche]

Closing — superseded by #237 (HYPERFLEET-1264). This indirect dependency (lufia/plan9stats) was updated naturally via go mod tidy as part of the batch dependency update.

The artifact update failure on this PR was caused by the same missing pkg/api/openapi package issue, which is resolved in #237.