CNTRLPLANE-2808: bump golang.org/x dependencies in / and /api modules

[jparrill]

Summary

• Updates golang.org/x/crypto, net, oauth2, sys, term, text, mod and tools to latest versions
• Applies the update to both the root module (/) and the API module (/api/), keeping vendor directories in sync
• Fixes the inconsistent vendoring issue seen in Dependabot PR build(deps): bump the golang-dependencies group with 3 updates #7718, where only the root module was updated

Context

Dependabot treats / and /api/ as independent modules and generates separate PRs for each. When shared golang.org/x/* dependencies are bumped only in the root module, make verify fails because api/vendor/modules.txt is out of sync with api/go.mod.

• Supersedes build(deps): bump the golang-dependencies group with 3 updates #7718
• Ref: CNTRLPLANE-2808

Test plan

• make verify passes (CI)
• make build passes (CI)
• make test passes (CI)

🤖 Generated with Claude Code

Summary by CodeRabbit

Release Notes

• Chores
  • Updated multiple Go module dependencies to newer versions.

[openshift-ci-robot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[coderabbitai]

Walkthrough

Multiple Go module dependencies are updated across api/go.mod and go.mod to newer patch and minor versions, including golang.org/x packages for networking, cryptography, OAuth2, and utilities. No code or API changes are involved.

Changes

Cohort / File(s)	Summary
Go Module Dependencies api/go.mod, go.mod	Updated indirect and direct golang.org/x dependencies (crypto, net, oauth2, sys, term, text, mod, tools) to newer patch/minor versions. No functional code changes.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Stable And Deterministic Test Names	✅ Passed	Pull request modifies only Go module dependency files (go.mod and go.sum) with no changes to test files, making the dynamic test names check inapplicable.
Test Structure And Quality	✅ Passed	PR contains only Go module manifest changes with no test code modifications, so test quality requirements do not apply.
Title check	✅ Passed	The title clearly and specifically describes the main change: bumping golang.org/x dependencies in multiple modules, which matches the changeset exactly.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[jparrill]

/area ci-tooling

[jparrill]

/area api remove

[openshift-ci]

@jparrill: The label(s) area/remove cannot be applied, because the repository doesn't have them.

Details

In response to this:

/area api remove

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci-robot]

@jparrill: This pull request references CNTRLPLANE-2808 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Summary

• Updates golang.org/x/crypto, net, oauth2, sys, term, text, mod and tools to latest versions
• Applies the update to both the root module (/) and the API module (/api/), keeping vendor directories in sync
• Fixes the inconsistent vendoring issue seen in Dependabot PR build(deps): bump the golang-dependencies group with 3 updates #7718, where only the root module was updated

Context

Dependabot treats / and /api/ as independent modules and generates separate PRs for each. When shared golang.org/x/* dependencies are bumped only in the root module, make verify fails because api/vendor/modules.txt is out of sync with api/go.mod.

Supersedes #7718

Ref: CNTRLPLANE-2808

Test plan

• make verify passes (CI)
• make build passes (CI)
• make test passes (CI)

🤖 Generated with Claude Code

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@jparrill: This pull request references CNTRLPLANE-2808 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Summary

• Updates golang.org/x/crypto, net, oauth2, sys, term, text, mod and tools to latest versions
• Applies the update to both the root module (/) and the API module (/api/), keeping vendor directories in sync
• Fixes the inconsistent vendoring issue seen in Dependabot PR build(deps): bump the golang-dependencies group with 3 updates #7718, where only the root module was updated

Context

Dependabot treats / and /api/ as independent modules and generates separate PRs for each. When shared golang.org/x/* dependencies are bumped only in the root module, make verify fails because api/vendor/modules.txt is out of sync with api/go.mod.

• Supersedes build(deps): bump the golang-dependencies group with 3 updates #7718
• Ref: CNTRLPLANE-2808

Test plan

• make verify passes (CI)
• make build passes (CI)
• make test passes (CI)

🤖 Generated with Claude Code

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@jparrill: This pull request references CNTRLPLANE-2808 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Summary

• Updates golang.org/x/crypto, net, oauth2, sys, term, text, mod and tools to latest versions
• Applies the update to both the root module (/) and the API module (/api/), keeping vendor directories in sync
• Fixes the inconsistent vendoring issue seen in Dependabot PR build(deps): bump the golang-dependencies group with 3 updates #7718, where only the root module was updated

Context

Dependabot treats / and /api/ as independent modules and generates separate PRs for each. When shared golang.org/x/* dependencies are bumped only in the root module, make verify fails because api/vendor/modules.txt is out of sync with api/go.mod.

• Supersedes build(deps): bump the golang-dependencies group with 3 updates #7718
• Ref: CNTRLPLANE-2808

Test plan

• make verify passes (CI)
• make build passes (CI)
• make test passes (CI)

🤖 Generated with Claude Code

Summary by CodeRabbit

Release Notes

• Chores
• Updated multiple Go module dependencies to newer versions.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

@jparrill: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[bryan-cox]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bryan-cox, jparrill

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [bryan-cox,jparrill]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[bryan-cox]

/verified bypass

[openshift-ci-robot]

@bryan-cox: The verified label has been added.

Details

In response to this:

/verified bypass

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.