Build(deps): Bump k8s.io/apimachinery from 0.34.3 to 0.35.3

[dependabot]

Bumps k8s.io/apimachinery from 0.34.3 to 0.35.3.

Commits

• 72d71ea Merge remote-tracking branch 'origin/master' into release-1.35
• e2a2dbc Bump golang.org/x/crypto to v0.45.0
• 2e9c228 Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
• f274aac vendor: update vendor and license metadata after replacing BeTrue usage in cs...
• 9445443 Resolve lint restriction on BeTrue by introducing Succeed() with contextual e...
• 52154f7 Update vendored dependencies
• 5a348c5 KEP-5471: Extend tolerations operators (#134665)
• 6f89492 Merge pull request #133648 from richabanker/merged-discovery
• c77dde2 util/sort: Add MergePreservingRelativeOrder for topological sorting
• 729c13d Merge pull request #134624 from yt2985/podcertificates-beta
• Additional commits viewable in compare view

[coderabbitai]

Walkthrough

Bumped Go toolchain in go.mod from go 1.24.13 to go 1.25.0; upgraded k8s.io/apimachinery from v0.34.3 to v0.35.4; removed indirect dependency github.com/gogo/protobuf v1.3.2. No exported APIs were changed.

Changes

Cohort / File(s)	Summary
Dependency Management go.mod	Updated Go directive to go 1.25.0; upgraded direct dependency k8s.io/apimachinery to v0.35.4; removed indirect dependency github.com/gogo/protobuf v1.3.2.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title states the bump is to version 0.35.3, but the raw_summary indicates the actual upgrade is to v0.35.4, creating a discrepancy.	Update the title to reflect the correct version: 'Build(deps): Bump k8s.io/apimachinery from 0.34.3 to 0.35.4'

✅ Passed checks (2 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The pull request description is clearly related to the changeset, documenting the bump of k8s.io/apimachinery from 0.34.3 to 0.35.3 with specific commit details.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/go_modules/k8s.io/apimachinery-0.35.3

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign rcampos2029 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift-online member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Line 3: CI workflows are still pinning older Go versions; update the GitHub
Actions workflow steps that set go-version to match the module's "go 1.25.0"
directive by changing the go-version values to 1.25.0 in the publish-release
workflow and check-pull-request workflow (the entries currently at go-version:
1.22 / 1.23), specifically the go setup steps in publish-release.yaml and
check-pull-request.yaml so all go-version fields read 1.25.0.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 5f259ad1-5648-47b0-9295-0d7228e8d3af

📥 Commits

Reviewing files that changed from the base of the PR and between f1347f6 and 981899d.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Read-only check: find places that pin or reference Go versions/toolchains.
fd -HI 'go\.mod|Dockerfile|Makefile|\.tool-versions|.*\.ya?ml$|.*\.json$' \
| xargs rg -n -C2 '(^go [0-9]+\.[0-9]+(\.[0-9]+)?$|golang:[0-9]+\.[0-9]+|setup-go|GO_VERSION|toolchain go[0-9]+\.[0-9]+)'

Repository: openshift-online/ocm-cli

Length of output: 1186

---

Update CI workflows to use Go 1.25.0 to match the go.mod directive.

The go directive in go.mod specifies Go 1.25.0, but CI workflows pin to Go 1.22 and 1.23. Update:

• .github/workflows/publish-release.yaml (line 45)
• .github/workflows/check-pull-request.yaml (lines 51, 77)

All should use go-version: 1.25.0 to match the module directive.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 3, CI workflows are still pinning older Go versions; update
the GitHub Actions workflow steps that set go-version to match the module's "go
1.25.0" directive by changing the go-version values to 1.25.0 in the
publish-release workflow and check-pull-request workflow (the entries currently
at go-version: 1.22 / 1.23), specifically the go setup steps in
publish-release.yaml and check-pull-request.yaml so all go-version fields read
1.25.0.

[openshift-ci]

rebase

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[dependabot]

Superseded by #1097.