Build(deps): Bump cloud.google.com/go/iam from 1.5.3 to 1.6.0

[dependabot]

Bumps cloud.google.com/go/iam from 1.5.3 to 1.6.0.

Release notes

Sourced from cloud.google.com/go/iam's releases.

iam: v1.6.0

v1.6.0 (2026-03-26)

Features

• update image to us-central1-docker.pkg.dev/cloud-sdk-librarian-prod/images-prod/librarian-go@sha256:f9f9065a893591ad505df3384f409e9d404132d8c83b5d4bcbb8ae1650553b3b (9a2be95c)

shopping: v1.6.0

v1.6.0 (2026-03-23)

Features

• Add CreateTestAccount RPC to Accounts service for creating test-only Merchant Center accounts (PiperOrigin-RevId: 884882604) (790bab51)

• add product rating fields to CSS API v1. This is in preparation for an upcoming feature and the new fields are not yet used. (PiperOrigin-RevId: 882470295) (790bab51)

• update products_common fields to include handling_cutoff_timezone , shipping_handling_business_days, shipping_transit_business_days (PiperOrigin-RevId: 881874426) (790bab51)

Documentation

• A comment for field size_types in message .google.shopping.css.v1.Attributes is changed (PiperOrigin-RevId: 882470295) (790bab51)

• A comment for field name in message .google.shopping.css.v1.GetCssProductRequest is changed (PiperOrigin-RevId: 882470295) (790bab51)

• Update Region to support radius_area and clarify area type exclusivity (PiperOrigin-RevId: 884882604) (790bab51)

• Update DeleteUser method description (PiperOrigin-RevId: 884882604) (790bab51)

• Update Account.account_name documentation for naming restrictions (PiperOrigin-RevId: 884882604) (790bab51)

• A comment for field name in message .google.shopping.css.v1.AccountLabel is changed (PiperOrigin-RevId: 882470295) (790bab51)

• Refine DeveloperRegistration.developer_email behavior description (PiperOrigin-RevId: 884882604) (790bab51)

• Add product-ratings to Program documentation (PiperOrigin-RevId: 884882604) (790bab51)

• Clarify CheckoutSettings.eligible_destinations usage (PiperOrigin-RevId: 884882604) (790bab51)

• A comment for field name in message .google.shopping.css.v1.CssProductInput is changed (PiperOrigin-RevId: 882470295) (790bab51)

• Improve TermsOfServiceKind.MERCHANT_CENTER comment (PiperOrigin-RevId: 884882604) (790bab51)

cloudquotas 1.6.0

1.6.0 (2026-02-05)

Features

• Hierarchical Quota Adjuster (PiperOrigin-RevId: 863242165) (611f2392)

Documentation

... (truncated)

Changelog

Sourced from cloud.google.com/go/iam's changelog.

1.6.0 (2023-01-26)

Features

• documentai/apiv1beta3: Add REST transport (f7b0822)
• documentai: Add REST client (06a54a1)
• documentai: Added field_mask field in DocumentOutputConfig.GcsOutputConfig in document_io.proto (2a0b1ae)
• documentai: Added font_family to document.proto feat: added ImageQualityScores message to document.proto feat: added PropertyMetadata and EntityTypeMetadata to document_schema.proto (9c5d6c8)
• documentai: Added TrainProcessorVersion, EvaluateProcessorVersion, GetEvaluation, and ListEvaluations v1beta3 APIs feat: added evaluation.proto feat: added document_schema field in ProcessorVersion processor.proto feat: added image_quality_scores field in Document.Page in document.proto feat: added font_family field in Document.Style in document.proto (ac0c5c2)
• documentai: Exposed GetProcessorType to v1 (447afdd)
• documentai: Exposed GetProcessorType to v1beta3 (447afdd)
• documentai: Rewrite signatures in terms of new location (3c4b2b3)
• documentai: Rewrite signatures in terms of new types for betas (9f303f9)
• documentai: Start generating proto message types (563f546)
• documentai: Start generating stubs dir (de2d180)

1.5.0 (2023-01-26)

⚠ BREAKING CHANGES

• documentai: Changed the name field for ProcessRequest and BatchProcessorRequest to accept * so the name field can accept Processor and ProcessorVersion.

Features

• documentai/apiv1beta3: Add REST transport (f7b0822)
• documentai: Add REST client (06a54a1)
• documentai: Added field_mask field in DocumentOutputConfig.GcsOutputConfig in document_io.proto (2a0b1ae)
• documentai: Added field_mask to ProcessRequest object in document_processor_service.proto feat: Added parent_ids to Revision object in document.proto feat: Added integer_values, float_values and non_present to Entity object in document.proto feat: Added corrected_key_text, correct_value_text to FormField object in document.proto feat: Added OperationMetadata resource feat!: Added Processor Management and Processor Version support to v1 library (370e23e)
• documentai: Added font_family to document.proto feat: added ImageQualityScores message to document.proto feat: added PropertyMetadata and EntityTypeMetadata to document_schema.proto (9c5d6c8)
• documentai: Added TrainProcessorVersion, EvaluateProcessorVersion, GetEvaluation, and ListEvaluations v1beta3 APIs feat: added evaluation.proto feat: added document_schema field in ProcessorVersion processor.proto feat: added image_quality_scores field in Document.Page in document.proto feat: added font_family field in Document.Style in document.proto (ac0c5c2)
• documentai: Exposed GetProcessorType to v1 (447afdd)
• documentai: Exposed GetProcessorType to v1beta3 (447afdd)
• documentai: Rewrite signatures in terms of new location (3c4b2b3)
• documentai: Rewrite signatures in terms of new types for betas (9f303f9)
• documentai: Start generating proto message types (563f546)
• documentai: Start generating stubs dir (de2d180)

Documentation

• documentai: Fix minor docstring formatting (370e23e)

Miscellaneous Chores

• documentai: Release v1.5.0 (#6522) (4169a66)

1.15.0 (2023-01-26)

... (truncated)

Commits

• 947c9ac chore: release main (#7211)
• 06a54a1 chore: fixup commit messages (#7210)
• fd71cba feat(bigquery/datapolicies): start generating apiv1 (#7204)
• 633fead chore(all): auto-regenerate gapics (#7208)
• 02c04a7 chore(storage): refactor retention_period to retention_duration (#7203)
• 92d9d4c refactor: augment private getWriteStream with view support (#7196)
• 3592917 chore(storage): fix checksum for grpc simple write (#7195)
• a7720e4 chore(storage): fix checksums for gRPC uploads (#7193)
• 94723a2 chore(run): regen snippets for run/apiv2 (#7192)
• ca3c0b3 test(storage): skip a consistently failing test (#7189)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coderabbitai]

Walkthrough

Updated Go toolchain version from 1.24.13 to 1.25.0 and bumped direct and indirect dependencies, including cloud.google.com/go/iam, github.com/googleapis/gax-go/v2, Google API libraries, OpenTelemetry components, and golang.org/x libraries. No exported API changes.

Changes

Cohort / File(s)	Summary
Go Module Toolchain and Direct Dependencies go.mod	Updated Go toolchain from v1.24.13 to v1.25.0. Upgraded direct dependencies: cloud.google.com/go/iam (v1.5.3 → v1.6.0), github.com/googleapis/gax-go/v2 (v2.16.0 → v2.18.0), and bumped golang.org/x/term, golang.org/x/text, google.golang.org/api, and google.golang.org/grpc.
Indirect Dependencies go.mod	Updated indirect dependencies including cloud.google.com/go/auth, github.com/googleapis/enterprise-certificate-proxy, OpenTelemetry components (v1.39.0 → v1.40.0), various golang.org/x/* libraries, and google.golang.org/genproto* pseudo-versions.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: bumping the cloud.google.com/go/iam dependency from 1.5.3 to 1.6.0, which is the primary focus of this PR.
Description check	✅ Passed	The description is related to the changeset, providing detailed release notes, changelog information, and commit history for the cloud.google.com/go/iam dependency update.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/go_modules/cloud.google.com/go/iam-1.6.0

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign rcampos2029 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift-online member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

go.mod (1)

6-31: Scope drift: dependency-only PR now includes broad stack upgrades

This PR objective is an IAM bump, but it also upgrades gax, grpc, google API stack, OTel, x/*, and genproto. Recommend splitting into: (1) cloud.google.com/go/iam targeted bump, (2) bulk dependency/toolchain refresh. It will reduce blast radius and simplify rollback if regressions appear.

Also applies to: 40-40, 100-100, 142-146, 149-159

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` around lines 6 - 31, This change set intended to bump
cloud.google.com/go/iam also contains broad upgrades (gax-go, grpc, google API,
golang.org/x/*, genproto, OTel, etc. listed in go.mod) which widens the blast
radius; revert all unrelated dependency bumps in go.mod so only
cloud.google.com/go/iam is updated in this PR (ensure the version line for
cloud.google.com/go/iam is the only modification), then create a separate
follow-up PR that performs the coordinated bulk refresh for
github.com/googleapis/gax-go/v2, google.golang.org/grpc, google.golang.org/api,
golang.org/x/text, golang.org/x/term, genproto/OTel-related modules and any
other entries shown in go.mod to keep the IAM bump isolated and easier to
test/rollback.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Line 3: go.mod declares go 1.25.0 but CI workflows are pinned to older Go
versions; open go.mod and the workflow files check-pull-request.yaml and
publish-release.yaml and either update all go-version entries in those workflows
to "1.25.0" to match go.mod or change the go directive in go.mod back to the
lower version used in CI; ensure every occurrence of go-version in both
check-pull-request.yaml and publish-release.yaml is consistent with the go.mod
setting before merging.

---

Nitpick comments:
In `@go.mod`:
- Around line 6-31: This change set intended to bump cloud.google.com/go/iam
also contains broad upgrades (gax-go, grpc, google API, golang.org/x/*,
genproto, OTel, etc. listed in go.mod) which widens the blast radius; revert all
unrelated dependency bumps in go.mod so only cloud.google.com/go/iam is updated
in this PR (ensure the version line for cloud.google.com/go/iam is the only
modification), then create a separate follow-up PR that performs the coordinated
bulk refresh for github.com/googleapis/gax-go/v2, google.golang.org/grpc,
google.golang.org/api, golang.org/x/text, golang.org/x/term,
genproto/OTel-related modules and any other entries shown in go.mod to keep the
IAM bump isolated and easier to test/rollback.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4e9c2ef3-042c-408c-8c95-3c4b87a554b4

📥 Commits

Reviewing files that changed from the base of the PR and between e8f8ba0 and c048e8c.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify Go version pins across common project automation files.
# Expected: all references align with 1.25.x (or intentionally allow it).

fd -HI 'go\.mod|go\.work|Dockerfile|Containerfile|Makefile|\.tool-versions|\.github/workflows' . \
  | xargs -r rg -n --no-heading -e 'go 1\.' -e 'go-version' -e 'golang:' -e 'GOLANG_VERSION' -e 'GO_VERSION'

Repository: openshift-online/ocm-cli

Length of output: 140

---

🏁 Script executed:

#!/bin/bash
# Check for CI/workflow files and their Go version specifications

echo "=== Checking for .github/workflows ==="
find .github/workflows -type f 2>/dev/null | head -20

echo -e "\n=== Checking for Dockerfile or Containerfile ==="
fd -HI '(Dockerfile|Containerfile)' . | head -20

echo -e "\n=== Checking for .tool-versions if not found above ==="
[ -f .tool-versions ] && cat .tool-versions || echo "No .tool-versions file"

echo -e "\n=== Checking workflow files for go-version or go: patterns ==="
if [ -d .github/workflows ]; then
  cat .github/workflows/*.{yml,yaml} 2>/dev/null | grep -i -E '(go.*version|uses:.*setup-go|golang)' | head -20
fi

Repository: openshift-online/ocm-cli

Length of output: 689

---

🏁 Script executed:

#!/bin/bash
# Check Dockerfile for Go version
echo "=== Dockerfile content ==="
cat ./docker/Dockerfile | head -30

echo -e "\n=== Detailed workflow version breakdown ==="
echo "check-pull-request.yaml Go versions:"
grep -n 'go-version' .github/workflows/check-pull-request.yaml || echo "No go-version found"

echo -e "\npublish-release.yaml Go versions:"
grep -n 'go-version' .github/workflows/publish-release.yaml || echo "No go-version found"

Repository: openshift-online/ocm-cli

Length of output: 1413

---

Update CI workflows to Go 1.25.0 before merging

go.mod specifies go 1.25.0, but CI workflows are pinned to earlier versions:

• .github/workflows/check-pull-request.yaml: lines 51 and 77 use go-version: 1.22 and 1.23
• .github/workflows/publish-release.yaml: line 45 uses go-version: 1.23

CI jobs will fail during build with the module dependency requirements. Update all workflow go-version values to 1.25.0, or revert go.mod to align with current CI pins.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 3, go.mod declares go 1.25.0 but CI workflows are pinned to
older Go versions; open go.mod and the workflow files check-pull-request.yaml
and publish-release.yaml and either update all go-version entries in those
workflows to "1.25.0" to match go.mod or change the go directive in go.mod back
to the lower version used in CI; ensure every occurrence of go-version in both
check-pull-request.yaml and publish-release.yaml is consistent with the go.mod
setting before merging.