build(deps): bump github.com/openshift-online/ocm-cli from 1.0.10 to 1.0.12#910
Conversation
dependabot
bot
added
area/dependency
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
WalkthroughUpdated Go module dependency declarations: direct bumps for Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
Hi @dependabot[bot]. Thanks for your PR. I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with Regular contributors should join the org to skip this step. Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: dependabot[bot] The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
dependabot
bot
force-pushed
the
dependabot/go_modules/github.com/openshift-online/ocm-cli-1.0.12
branch
from
b7107e9 to
f03e4b9
Compare
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@go.mod`:
- Around line 34-37: The go.mod has mismatched k8s.io versions:
k8s.io/apimachinery is v0.34.3 while k8s.io/api, k8s.io/cli-runtime, and
k8s.io/client-go are v0.30.3; pick a single minor version and make all four
entries (k8s.io/api, k8s.io/apimachinery, k8s.io/cli-runtime, k8s.io/client-go)
use that same minor (e.g., update all to v0.34.3 or downgrade apimachinery to
v0.30.3), then run module resolution (e.g., go get ./... or go get
k8s.io/client-go@<target>) and verify build/tests to ensure compatibility.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 6c0bd93d-0e39-4c2f-bafa-741aedf85c5d
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum
📒 Files selected for processing (1)
go.mod
| k8s.io/api v0.30.3 | ||
| k8s.io/apimachinery v0.30.3 | ||
| k8s.io/apimachinery v0.34.3 | ||
| k8s.io/cli-runtime v0.30.3 | ||
| k8s.io/client-go v0.30.3 |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Verify direct k8s module minor-version alignment in go.mod.
awk '
$1 ~ /^k8s\.io\/(api|apimachinery|cli-runtime|client-go)$/ {
gsub(/^v/, "", $2)
split($2, a, ".")
minor = a[2]
printf "%s %s minor=%s\n", $1, $2, minor
seen[minor]++
}
END {
print "----"
count=0
for (m in seen) count++
if (count > 1) {
print "MISMATCH: multiple k8s minor versions detected among direct deps."
exit 2
} else {
print "OK: direct k8s deps are on the same minor version."
}
}
' go.modRepository: openshift/backplane-cli
Length of output: 268
Align core k8s.io/* modules to the same minor version.
k8s.io/apimachinery is pinned to v0.34.3 while k8s.io/api, k8s.io/cli-runtime, and k8s.io/client-go remain on v0.30.3. This 4-minor-version gap introduces a major compatibility risk—Kubernetes libraries are tightly coupled by version and version skew can cause type mismatches and runtime behavior differences. All core k8s.io/* direct dependencies should be aligned to the same minor version.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@go.mod` around lines 34 - 37, The go.mod has mismatched k8s.io versions:
k8s.io/apimachinery is v0.34.3 while k8s.io/api, k8s.io/cli-runtime, and
k8s.io/client-go are v0.30.3; pick a single minor version and make all four
entries (k8s.io/api, k8s.io/apimachinery, k8s.io/cli-runtime, k8s.io/client-go)
use that same minor (e.g., update all to v0.34.3 or downgrade apimachinery to
v0.30.3), then run module resolution (e.g., go get ./... or go get
k8s.io/client-go@<target>) and verify build/tests to ensure compatibility.
8d7e8e3 to
4eb516c
Compare
There was a problem hiding this comment.
♻️ Duplicate comments (1)
go.mod (1)
34-37:⚠️ Potential issue | 🔴 CriticalCRITICAL: k8s.io module version skew remains unresolved.
As flagged in previous review,
k8s.io/apimachineryat v0.34.3 is 4 minor versions ahead ofk8s.io/api,k8s.io/cli-runtime, andk8s.io/client-goat v0.30.3. Kubernetes modules are tightly coupled and this version gap creates significant compatibility risks including type mismatches and runtime failures. All corek8s.io/*dependencies must be aligned to the same minor version before merging.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@go.mod` around lines 34 - 37, The go.mod has k8s.io/apimachinery at v0.34.3 while k8s.io/api, k8s.io/cli-runtime, and k8s.io/client-go are at v0.30.3, causing unsafe version skew; align all k8s.io/* modules to the same minor version (pick a single minor version such as v0.30.3 or v0.34.3) by updating the module versions for k8s.io/apimachinery, k8s.io/api, k8s.io/cli-runtime, and k8s.io/client-go to the chosen version and then refresh dependencies (e.g., run go get <module>@<chosen-version> and go mod tidy) so the code compiles against a consistent Kubernetes API surface.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In `@go.mod`:
- Around line 34-37: The go.mod has k8s.io/apimachinery at v0.34.3 while
k8s.io/api, k8s.io/cli-runtime, and k8s.io/client-go are at v0.30.3, causing
unsafe version skew; align all k8s.io/* modules to the same minor version (pick
a single minor version such as v0.30.3 or v0.34.3) by updating the module
versions for k8s.io/apimachinery, k8s.io/api, k8s.io/cli-runtime, and
k8s.io/client-go to the chosen version and then refresh dependencies (e.g., run
go get <module>@<chosen-version> and go mod tidy) so the code compiles against a
consistent Kubernetes API surface.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 7aa0a2a5-1e89-4266-8fc4-d7c45f0e74ba
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum
📒 Files selected for processing (1)
go.mod
dependabot
bot
force-pushed
the
dependabot/go_modules/github.com/openshift-online/ocm-cli-1.0.12
branch
from
4eb516c to
46dab0e
Compare
There was a problem hiding this comment.
♻️ Duplicate comments (1)
go.mod (1)
34-37:⚠️ Potential issue | 🔴 Criticalk8s.io version mismatch remains unresolved.
The k8s.io modules continue to have misaligned versions:
k8s.io/apimachineryis atv0.34.3whilek8s.io/api,k8s.io/cli-runtime, andk8s.io/client-goremain atv0.30.3. This 4-minor-version gap poses compatibility risks as these libraries are tightly coupled.All core
k8s.io/*direct dependencies should be aligned to the same minor version before merging.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@go.mod` around lines 34 - 37, The go.mod currently has mismatched k8s.io module versions (k8s.io/apimachinery at v0.34.3 while k8s.io/api, k8s.io/cli-runtime, and k8s.io/client-go are at v0.30.3); align all core k8s.io/* entries to the same minor version (pick one consistent version such as v0.34.3) by updating the k8s.io/api, k8s.io/cli-runtime, and k8s.io/client-go module lines to match k8s.io/apimachinery, then run go get to fetch that version and go mod tidy to reconcile transitive deps so all k8s.io modules are on the same minor release.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In `@go.mod`:
- Around line 34-37: The go.mod currently has mismatched k8s.io module versions
(k8s.io/apimachinery at v0.34.3 while k8s.io/api, k8s.io/cli-runtime, and
k8s.io/client-go are at v0.30.3); align all core k8s.io/* entries to the same
minor version (pick one consistent version such as v0.34.3) by updating the
k8s.io/api, k8s.io/cli-runtime, and k8s.io/client-go module lines to match
k8s.io/apimachinery, then run go get to fetch that version and go mod tidy to
reconcile transitive deps so all k8s.io modules are on the same minor release.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 26781552-7281-440c-ab34-ba83854b6006
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum
📒 Files selected for processing (1)
go.mod
Bumps [github.com/openshift-online/ocm-cli](https://github.com/openshift-online/ocm-cli) from 1.0.10 to 1.0.12. - [Release notes](https://github.com/openshift-online/ocm-cli/releases) - [Changelog](https://github.com/openshift-online/ocm-cli/blob/main/CHANGES.md) - [Commits](openshift-online/ocm-cli@v1.0.10...v1.0.12) --- updated-dependencies: - dependency-name: github.com/openshift-online/ocm-cli dependency-version: 1.0.12 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/go_modules/github.com/openshift-online/ocm-cli-1.0.12
branch
from
46dab0e to
77aea0b
Compare
|
@dependabot[bot]: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Bumps github.com/openshift-online/ocm-cli from 1.0.10 to 1.0.12.
Release notes
Sourced from github.com/openshift-online/ocm-cli's releases.
Changelog
Sourced from github.com/openshift-online/ocm-cli's changelog.
Commits
cf631c9Merge pull request #1040 from rcampos2029/release_1.0.12285310dRelease v1.0.12ad0f63achore | bump konflux references (#1039)7c2d3c0[OCM-21267](https://redhat.atlassian.net/browse/OCM-21267) | fix: update konflux references (#1034)70430be[OCM-21266](https://redhat.atlassian.net/browse/OCM-21266) | fix: changed dns zone flag name and limited support for gcp (#1030)18d9a17[OCM-22016](https://redhat.atlassian.net/browse/OCM-22016) | fix: go version 1.24.13 (#1033)e54d259[OCM-22604](https://redhat.atlassian.net/browse/OCM-22604) | fix: cli dns zone deletion protection when clusters are still lin...f071751[OCM-21266](https://redhat.atlassian.net/browse/OCM-21266) | fix: only list gcp dns zones defined by the user (#1031)a9072b2[OCM-22578](https://redhat.atlassian.net/browse/OCM-22578) | fix: ocm gcp list dns-zone output width columns (#1029)036315c[OCM-22579](https://redhat.atlassian.net/browse/OCM-22579) | fix: ocm gcp delete dns-zone fails when project is none (#1028)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)