[Release-4.21]OCPBUGS-80840,OCPBUGS-80839: Bump google.golang.org/grpc to v1.79.3

[MrSanketkumar]

Summary by CodeRabbit

• Chores
  • Updated project dependencies across the repository, including OpenTelemetry, gRPC/protobuf, CEL expression library, and various golang.org/x modules.
  • Impact: aligns with newer platform libraries for improved compatibility, stability, and security; refreshes indirect dependency versions with no API changes.

[openshift-ci-robot]

@MrSanketkumar: This pull request references Jira Issue OCPBUGS-80840, which is invalid:

• release note text must be set and not match the template OR release note type must be set to "Release Note Not Required". For more information you can reference the OpenShift Bug Process.
• expected dependent Jira Issue OCPBUGS-83997 to be in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but it is Closed (Duplicate) instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Walkthrough

Dependency version bumps in the repository: top-level go.mod and two OpenShift submodule go.mod files updated. Changes include golang.org/x/* modules, cel.dev/expr, OpenTelemetry components (to v1.39.x family), and google.golang.org/grpc/genproto/protobuf revisions.

Changes

Dependency version bumps

Layer / File(s)	Summary
Top-level require updates go.mod	Updated indirects: golang.org/x/sync v0.18.0 → v0.19.0, cel.dev/expr v0.24.0 → v0.25.1, and upgraded OpenTelemetry-related indirects and google.golang.org/grpc / genproto / protobuf versions toward v1.79.x / v1.36.x / v1.39.x family.
Submodule manifests openshift/default-catalog-consistency/go.mod, openshift/tests-extension/go.mod	Applied aligned dependency bumps in submodule go.mod files: github.com/go-jose/go-jose/v4 indirect v4.1.1 → v4.1.3, broad golang.org/x/* updates (crypto, net, oauth2, mod, sync, sys, term, text, tools), and OpenTelemetry / gRPC / genproto / protobuf version updates.
Indirect/version lockstep details go.mod, openshift/*/go.mod	Multiple transitive/indirect lines updated to maintain compatibility: golang.org/x/crypto → v0.46.0, golang.org/x/net → v0.48.0, google.golang.org/protobuf → v1.36.10, and matching genproto revisions; other indirects adjusted accordingly.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 1 warning)

Check name	Status	Explanation	Resolution
Stable And Deterministic Test Names	❌ Error	Ginkgo test file uses dynamic test titles with fmt.Sprintf and variable image names in It() calls, violating stable test name requirement.	Replace fmt.Sprintf calls in test titles with static strings. Use fixed titles like "validates multiarch support" and "validates images". Move image variables to test body assertions only.
Title check	⚠️ Warning	The title references grpc v1.79.3 but the changeset includes extensive dependency updates beyond grpc, including OpenTelemetry, golang.org/x modules, and cel.dev/expr across multiple go.mod files.	Update the title to reflect the broader scope of updates, such as 'Bump dependencies: google.golang.org/grpc v1.79.3 and OpenTelemetry stack' or similar to accurately represent all significant changes.

✅ Passed checks (10 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Test Structure And Quality	✅ Passed	PR adds one Ginkgo test file meeting quality requirements: single responsibility per test, descriptive messages, resource cleanup, no excessive waits.
Microshift Test Compatibility	✅ Passed	PR updates Go module dependencies only (google.golang.org/grpc v1.79.3, OpenTelemetry v1.39.0+, golang.org/x packages). No new Ginkgo e2e tests added, so check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No new Ginkgo e2e tests added. PR only updates Go module dependencies (grpc, OpenTelemetry, etc.) in go.mod files. SNO compatibility check not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	PR only updates Go module dependencies in go.mod files. No deployment manifests, operator code, or scheduling constraints are added or modified. Check is not applicable.
Ote Binary Stdout Contract	✅ Passed	The PR updates dependencies in go.mod. The openshift/tests-extension/cmd/main.go entry point has no stdout writes in process-level code. No stdout contract violations detected.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR updates dependencies in go.mod only. No new Ginkgo e2e tests added. Existing tests use image.LocationFor() for disconnected environment support.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[MrSanketkumar]

/jira refresh

[openshift-ci-robot]

@MrSanketkumar: This pull request references Jira Issue OCPBUGS-80840, which is invalid:

• release note text must be set and not match the template OR release note type must be set to "Release Note Not Required". For more information you can reference the OpenShift Bug Process.
• expected dependent Jira Issue OCPBUGS-83997 to be in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but it is Closed (Duplicate) instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[MrSanketkumar]

@coderabbitai review

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: MrSanketkumar
Once this PR has been reviewed and has the lgtm label, please assign perdasilva for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• DOWNSTREAM_OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[openshift-ci-robot]

@MrSanketkumar: This pull request references Jira Issue OCPBUGS-80840, which is invalid:

• expected dependent Jira Issue OCPBUGS-83997 to be in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but it is Closed (Duplicate) instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

Summary by CodeRabbit

• Chores
• Updated project dependencies to latest versions.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Line 221: The go.mod currently pins a vulnerable opentelemetry SDK (module
go.opentelemetry.io/otel/sdk at v1.39.0); update that dependency to v1.43.0 or
later to remediate the HIGH advisories (GO-2026-4394 / GHSA-9h8m-3fm2-qjrq /
GHSA-hfvc-g4fc-pqhx) and then refresh the module graph (e.g., run go get
go.opentelemetry.io/otel/sdk@v1.43.0 or newer and run go mod tidy) so the
lockfile and transitive deps are updated.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: a96d5dda-89b6-4ec5-824f-cfe0aa972b2b

📥 Commits

Reviewing files that changed from the base of the PR and between d0f315f and 933c5ea.

⛔ Files ignored due to path filters (151)

• go.sum is excluded by !**/*.sum
• vendor/cel.dev/expr/BUILD.bazel is excluded by !**/vendor/**, !vendor/**
• vendor/cel.dev/expr/MODULE.bazel is excluded by !**/vendor/**, !vendor/**
• vendor/cel.dev/expr/checked.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/cel.dev/expr/eval.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/cel.dev/expr/explain.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/cel.dev/expr/syntax.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/cel.dev/expr/value.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/id.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/number.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/span.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/status.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/traces.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/value.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/auto/sdk/span.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/auto/sdk/tracer.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/.codespellignore is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/.golangci.yml is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/.lycheeignore is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/RELEASING.md is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/VERSIONING.md is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/attribute/encoder.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/attribute/set.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/attribute/type_string.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/baggage/baggage.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/dependencies.Dockerfile is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/internal/global/meter.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/metric.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/metric/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/propagation/trace_context.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/internal/env/env.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/internal/x/x.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/resource/builtin.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/resource/container.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/resource/env.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/resource/host_id.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/resource/host_id_bsd.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/resource/host_id_linux.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/resource/host_id_unsupported.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/resource/host_id_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/resource/os.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/resource/os_release_unix.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/resource/os_unix.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/resource/os_unsupported.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/resource/process.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/resource/resource.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/batch_span_processor.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/id_generator.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/sampling.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/simple_span_processor.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/snapshot.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/span.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/span_limits.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/tracer.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/trace/version.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/sdk/version.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/semconv/v1.34.0/MIGRATION.md is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/semconv/v1.34.0/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/semconv/v1.34.0/attribute_group.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/semconv/v1.34.0/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/semconv/v1.34.0/error_type.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/semconv/v1.34.0/exception.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/semconv/v1.34.0/schema.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/semconv/v1.37.0/error_type.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/trace/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/trace/span.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/version.go is excluded by !**/vendor/**, !vendor/**
• vendor/go.opentelemetry.io/otel/versions.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/http2/transport.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/trace/events.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sync/errgroup/errgroup.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu_arm64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu_arm64.s is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/mkerrors.sh is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_386.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_arm.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mips.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/text/encoding/unicode/unicode.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/balancer/balancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/balancer/pickfirst/internal/internal.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/balancer/pickfirst/pickfirst.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/balancer/pickfirst/pickfirstleaf/pickfirstleaf.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/balancer/roundrobin/roundrobin.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/balancer/subconn.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/balancer_wrapper.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/clientconn.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/credentials/credentials.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/credentials/tls.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/encoding/encoding.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/encoding/gzip/gzip.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/experimental/stats/metricregistry.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/experimental/stats/metrics.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/health/grpc_health_v1/health.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/health/grpc_health_v1/health_grpc.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/interceptor.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/envconfig/envconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/envconfig/xds.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/experimental.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/idle/idle.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/internal.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/resolver/delegatingresolver/delegatingresolver.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/stats/metrics_recorder_list.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/transport/client_stream.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/transport/controlbuf.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/transport/flowcontrol.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/transport/handler_server.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/transport/http2_client.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/transport/http2_server.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/transport/http_util.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/transport/server_stream.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/internal/transport/transport.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/mem/buffer_pool.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/mem/buffer_slice.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/mem/buffers.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/preloader.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/resolver/resolver.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/resolver_wrapper.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/rpc_util.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/server.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/stream.go is excluded by !**/vendor/**, !vendor/**
• vendor/google.golang.org/grpc/version.go is excluded by !**/vendor/**, !vendor/**
• vendor/modules.txt is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (1)

• go.mod

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

`What is the first fixed version of go.opentelemetry.io/otel/sdk for:

• GO-2026-4394
• GHSA-9h8m-3fm2-qjrq
• GHSA-hfvc-g4fc-pqhx
  Please include the affected version ranges and patched version ranges from official advisory sources.`

💡 Result:

GO-2026-4394 (GHSA-9h8m-3fm2-qjrq, CVE-2026-24051): First fixed version of go.opentelemetry.io/otel/sdk is v1.40.0. Affected range: Go >=1.21.0 before v1.40.0 [1][2][3]. Patched in v1.40.0 and later [3][4]. GHSA-hfvc-g4fc-pqhx: First fixed version of go.opentelemetry.io/otel/sdk is v1.43.0. Affected range: >= v1.15.0, <= v1.42.0 [5]. Patched in v1.43.0 and later [5][6]. Note: This is an incomplete fix for the prior vulnerability, affecting BSD/Solaris platforms [5]. No separate GO-ID found in pkg.go.dev searches.

Citations:

• 1: https://pkg.go.dev/vuln/GO-2026-4394
• 2: https://osv.dev/vulnerability/GO-2026-4394
• 3: GHSA-9h8m-3fm2-qjrq
• 4: https://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.40.0
• 5: GHSA-hfvc-g4fc-pqhx
• 6: googleapis/google-cloud-go@b4c40aa

---

Security blocker: go.opentelemetry.io/otel/sdk v1.39.0 has multiple HIGH advisories

Line 221 pins a vulnerable version (GO-2026-4394, GHSA-9h8m-3fm2-qjrq, GHSA-hfvc-g4fc-pqhx). Bump to v1.43.0 or later to address all reported vulnerabilities and refresh the module graph before merge.

🧰 Tools

🪛 OSV Scanner (2.3.6)

[HIGH] 221-221: go.opentelemetry.io/otel/sdk 1.39.0: OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking in go.opentelemetry.io/otel/sdk

(GO-2026-4394)

---

[HIGH] 221-221: go.opentelemetry.io/otel/sdk 1.39.0: OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking

(GHSA-9h8m-3fm2-qjrq)

---

[HIGH] 221-221: go.opentelemetry.io/otel/sdk 1.39.0: opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking

(GHSA-hfvc-g4fc-pqhx)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` at line 221, The go.mod currently pins a vulnerable opentelemetry SDK
(module go.opentelemetry.io/otel/sdk at v1.39.0); update that dependency to
v1.43.0 or later to remediate the HIGH advisories (GO-2026-4394 /
GHSA-9h8m-3fm2-qjrq / GHSA-hfvc-g4fc-pqhx) and then refresh the module graph
(e.g., run go get go.opentelemetry.io/otel/sdk@v1.43.0 or newer and run go mod
tidy) so the lockfile and transitive deps are updated.

[MrSanketkumar]

/retest-required

[rissh]

/retitle [Release-4.21]OCPBUGS-80840,OCPBUGS-80839: Bump google.golang.org/grpc to v1.79.3

[openshift-ci-robot]

@MrSanketkumar: This pull request references Jira Issue OCPBUGS-80840, which is invalid:

• expected dependent Jira Issue OCPBUGS-83997 to be in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but it is Closed (Duplicate) instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

This pull request references Jira Issue OCPBUGS-80839, which is valid. The bug has been moved to the POST state.

7 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.21.z) matches configured target version for branch (4.21.z)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)
• release note text is set and does not match the template
• dependent bug Jira Issue OCPBUGS-81194 is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
• dependent Jira Issue OCPBUGS-81194 targets the "4.22.0" version, which is one of the valid target versions: 4.22.0
• bug has dependents

No GitHub users were found matching the public email listed for the QA contact in Jira (ocp-sustaining-admins@redhat.com), skipping review request.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Summary by CodeRabbit

• Chores
• Updated project dependencies to latest versions.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[MrSanketkumar]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[openshift-ci-robot]

@MrSanketkumar: This pull request references Jira Issue OCPBUGS-80840, which is invalid:

• expected dependent Jira Issue OCPBUGS-83997 to be in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but it is Closed (Duplicate) instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

This pull request references Jira Issue OCPBUGS-80839, which is valid.

7 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.21.z) matches configured target version for branch (4.21.z)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)
• release note text is set and does not match the template
• dependent bug Jira Issue OCPBUGS-81194 is in the state Closed (Done), which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
• dependent Jira Issue OCPBUGS-81194 targets the "4.22.0" version, which is one of the valid target versions: 4.22.0
• bug has dependents

No GitHub users were found matching the public email listed for the QA contact in Jira (ocp-sustaining-admins@redhat.com), skipping review request.

Details

In response to this:

Summary by CodeRabbit

• Chores
• Updated project dependencies across the repository. Key updates include OpenTelemetry components, gRPC and protobuf stacks, CEL expression library, and various golang.org/x modules.
• Resulting impact: alignment with newer platform libraries, improved compatibility and stability, and refreshed indirect dependency versions.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

go.mod (1)

217-222: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Security blocker: OpenTelemetry core/sdk are pinned to vulnerable versions.

Lines 217–222 pin go.opentelemetry.io/otel* at v1.39.0, which is affected by high-severity advisories (including GHSA-mh2-q3fh-2475 for otel and GHSA-9h8m-3fm2-qjrq / GHSA-hfvc-g4fc-pqhx for otel/sdk). Please bump the OTel stack to a fixed floor (sdk >= v1.43.0; otel >= v1.41.0).

🔧 Suggested patch (aligned family)

-	go.opentelemetry.io/otel v1.39.0 // indirect
-	go.opentelemetry.io/otel/metric v1.39.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.39.0 // indirect
-	go.opentelemetry.io/otel/trace v1.39.0 // indirect
+	go.opentelemetry.io/otel v1.43.0 // indirect
+	go.opentelemetry.io/otel/metric v1.43.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.43.0 // indirect
+	go.opentelemetry.io/otel/trace v1.43.0 // indirect

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` around lines 217 - 222, Update the pinned OpenTelemetry modules in
go.mod to non-vulnerable releases: raise go.opentelemetry.io/otel to at least
v1.41.0 and go.opentelemetry.io/otel/sdk to at least v1.43.0 (and bump related
packages like go.opentelemetry.io/otel/metric, go.opentelemetry.io/otel/trace,
and go.opentelemetry.io/otel/exporters/otlp/otlptrace* to matching compatible
versions) by editing the version strings for those module entries and then run
your Go module update (e.g., go get) and tests to ensure compatibility; target
aligned family versions so otel, otel/sdk, otel/metric, otel/trace, and
otlptrace packages are mutually compatible.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@openshift/default-catalog-consistency/go.mod`:
- Line 46: The go.mod currently pins the vulnerable dependency
"github.com/go-jose/go-jose/v4 v4.1.3"; update that module to "v4.1.4" (or
newer) in go.mod, then run "go get github.com/go-jose/go-jose/v4@v4.1.4" (or the
desired newer version) and "go mod tidy" to refresh go.sum, and commit the
updated go.mod and go.sum so the CVE-2026-34986 denial-of-service fix is
applied.

---

Duplicate comments:
In `@go.mod`:
- Around line 217-222: Update the pinned OpenTelemetry modules in go.mod to
non-vulnerable releases: raise go.opentelemetry.io/otel to at least v1.41.0 and
go.opentelemetry.io/otel/sdk to at least v1.43.0 (and bump related packages like
go.opentelemetry.io/otel/metric, go.opentelemetry.io/otel/trace, and
go.opentelemetry.io/otel/exporters/otlp/otlptrace* to matching compatible
versions) by editing the version strings for those module entries and then run
your Go module update (e.g., go get) and tests to ensure compatibility; target
aligned family versions so otel, otel/sdk, otel/metric, otel/trace, and
otlptrace packages are mutually compatible.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: c8cba45b-c1bd-43cf-8d54-cbb5438c6498

📥 Commits

Reviewing files that changed from the base of the PR and between 933c5ea and cf7df47.

⛔ Files ignored due to path filters (297)

• go.sum is excluded by !**/*.sum
• openshift/default-catalog-consistency/go.sum is excluded by !**/*.sum
• openshift/default-catalog-consistency/vendor/github.com/go-jose/go-jose/v4/CHANGELOG.md is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/github.com/go-jose/go-jose/v4/README.md is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/github.com/go-jose/go-jose/v4/crypter.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/github.com/go-jose/go-jose/v4/jwk.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/github.com/go-jose/go-jose/v4/shared.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/github.com/go-jose/go-jose/v4/signing.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/github.com/go-jose/go-jose/v4/symmetric.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/github.com/go-jose/go-jose/v4/symmetric_legacy.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/openpgp/s2k/s2k.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/salsa20/salsa/hsalsa20.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/sha3/doc.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/sha3/hashes.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/sha3/hashes_noasm.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/sha3/keccakf.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/sha3/keccakf_amd64.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/sha3/keccakf_amd64.s is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/sha3/sha3.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/sha3/sha3_s390x.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/sha3/sha3_s390x.s is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/sha3/shake.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/sha3/shake_noasm.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/mod/semver/semver.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/context/context.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/html/escape.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/html/parse.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/html/render.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/http2/config.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/http2/config_go124.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/http2/config_pre_go124.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/http2/frame.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/http2/gotrack.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/http2/http2.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/http2/server.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/http2/timer.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/http2/transport.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/http2/writesched.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/http2/writesched_roundrobin.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/internal/httpcommon/request.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/trace/events.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/oauth2/deviceauth.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/oauth2/oauth2.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/oauth2/pkce.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/oauth2/token.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/oauth2/transport.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sync/errgroup/errgroup.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/cpu/cpu_arm64.s is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/plan9/pwd_plan9.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/affinity_linux.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/fdset.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/ifreq_linux.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/mkall.sh is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/mkerrors.sh is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/syscall_linux.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/syscall_netbsd.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/syscall_solaris.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_386.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zsyscall_linux.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/ztypes_linux.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/windows/syscall_windows.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/windows/types_windows.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/windows/zsyscall_windows.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/term/terminal.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/text/encoding/japanese/eucjp.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/text/encoding/japanese/iso2022jp.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/text/encoding/japanese/shiftjis.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/text/encoding/korean/euckr.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/text/encoding/simplifiedchinese/gbk.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/text/encoding/simplifiedchinese/hzgb2312.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/text/encoding/traditionalchinese/big5.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/text/encoding/unicode/unicode.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/text/unicode/bidi/core.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/go/ast/inspector/cursor.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/go/packages/golist.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/go/packages/visit.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/go/types/typeutil/map.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/event/core/event.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/gcimporter/bimport.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/gcimporter/iexport.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/gcimporter/iimport.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/gcimporter/iimport_go122.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/stdlib/deps.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/stdlib/import.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/stdlib/manifest.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/typeparams/normalize.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/typesinternal/element.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/typesinternal/qualifier.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/typesinternal/types.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/typesinternal/varkind.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/typesinternal/zerovalue.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/versions/features.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/CONTRIBUTING.md is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/balancer/balancer.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/balancer/pickfirst/internal/internal.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/balancer/pickfirst/pickfirst.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/balancer/pickfirst/pickfirstleaf/pickfirstleaf.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/balancer/roundrobin/roundrobin.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/balancer/subconn.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/balancer_wrapper.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go is excluded by !**/*.pb.go, !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/clientconn.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/credentials/credentials.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/credentials/tls.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/encoding/encoding.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/encoding/proto/proto.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/experimental/stats/metricregistry.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/experimental/stats/metrics.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/interceptor.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/buffer/unbounded.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/channelz/trace.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/envconfig/xds.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/experimental.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/idle/idle.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/internal.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/resolver/delegatingresolver/delegatingresolver.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/stats/metrics_recorder_list.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/transport/client_stream.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/transport/controlbuf.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/transport/flowcontrol.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/transport/handler_server.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/transport/http2_client.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/transport/http2_server.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/transport/http_util.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/transport/server_stream.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/transport/transport.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/mem/buffer_pool.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/mem/buffer_slice.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/mem/buffers.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/preloader.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/resolver/resolver.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/resolver_wrapper.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/rpc_util.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/server.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/stream.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/version.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/protobuf/internal/editionssupport/editions.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/protobuf/internal/filedesc/desc.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/protobuf/internal/filedesc/editions.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/protobuf/internal/version/version.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/protobuf/reflect/protodesc/desc.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/protobuf/reflect/protodesc/proto.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/modules.txt is excluded by !**/vendor/**
• openshift/tests-extension/go.sum is excluded by !**/*.sum
• openshift/tests-extension/vendor/cel.dev/expr/BUILD.bazel is excluded by !**/vendor/**
• openshift/tests-extension/vendor/cel.dev/expr/MODULE.bazel is excluded by !**/vendor/**
• openshift/tests-extension/vendor/cel.dev/expr/checked.pb.go is excluded by !**/*.pb.go, !**/vendor/**
• openshift/tests-extension/vendor/cel.dev/expr/eval.pb.go is excluded by !**/*.pb.go, !**/vendor/**
• openshift/tests-extension/vendor/cel.dev/expr/explain.pb.go is excluded by !**/*.pb.go, !**/vendor/**
• openshift/tests-extension/vendor/cel.dev/expr/syntax.pb.go is excluded by !**/*.pb.go, !**/vendor/**
• openshift/tests-extension/vendor/cel.dev/expr/value.pb.go is excluded by !**/*.pb.go, !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/id.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/number.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/span.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/status.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/traces.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/value.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/auto/sdk/span.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/auto/sdk/tracer.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/.codespellignore is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/.golangci.yml is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/.lycheeignore is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/CHANGELOG.md is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/CODEOWNERS is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/LICENSE is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/Makefile is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/README.md is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/RELEASING.md is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/SECURITY-INSIGHTS.yml is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/VERSIONING.md is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/encoder.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/filter.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/hash.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/internal/attribute.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/internal/xxhash/xxhash.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/iterator.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/key.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/kv.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/set.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/type_string.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/value.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/baggage/baggage.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/codes/codes.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/dependencies.Dockerfile is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/internal/global/internal_logging.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/internal/global/meter.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/internal/global/trace.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/metric.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/metric/LICENSE is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/metric/config.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/propagation/baggage.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/propagation/propagation.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/propagation/trace_context.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/LICENSE is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/internal/x/features.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/internal/x/x.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/builtin.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/container.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/env.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/host_id.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_bsd.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_linux.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_unsupported.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_windows.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/os.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/os_release_unix.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/os_unix.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/os_unsupported.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/process.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/resource.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/batch_span_processor.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/doc.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/id_generator.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/internal/env/env.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/batch_span_processor.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/doc.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/simple_span_processor.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/tracer.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/provider.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/sampling.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/simple_span_processor.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/snapshot.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/span.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/span_limits.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/tracer.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/version.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/version.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.34.0/MIGRATION.md is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.34.0/README.md is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.34.0/attribute_group.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.34.0/doc.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.34.0/exception.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.34.0/schema.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/MIGRATION.md is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/README.md is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/attribute_group.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/doc.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/error_type.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/exception.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/otelconv/metric.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/schema.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/LICENSE is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/auto.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/config.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/hex.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/attr.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/id.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/value.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/noop.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/noop/noop.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/span.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/trace.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/tracestate.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/version.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/versions.yaml is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/curve25519/curve25519.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/cipher.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/client_auth.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/common.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/doc.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/handshake.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/kex.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/keys.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/mac.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/messages.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/server.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/ssh_gss.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/streamlocal.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/tcpip.go is excluded by !**/vendor/**

📒 Files selected for processing (3)

• go.mod
• openshift/default-catalog-consistency/go.mod
• openshift/tests-extension/go.mod

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

find . -name "go.mod" -path "*openshift/default-catalog-consistency*" -type f

Repository: openshift/operator-framework-operator-controller

Length of output: 139

---

🌐 Web query:

GHSA-78h2-9frx-2jm8 go-jose vulnerability

💡 Result:

GHSA-78h2-9frx-2jm8 is a go-jose (go-jose/go-jose) vulnerability titled “Panic in JWE decryption”, with CVE-2026-34986. It can be triggered during JSON Web Encryption (JWE) decryption, where go-jose may panic (leading to denial of service) if the JWE header’s alg indicates a key wrapping algorithm (ending in “KW”, except the GCMKW variants) and the JWE encrypted_key field is empty. [1] Affected / fixed versions (per the upstream advisory): - github.com/go-jose/go-jose/v3: affected < 3.0.5; fixed in 3.0.5. [1] - github.com/go-jose/go-jose/v4: affected < 4.1.4; fixed in 4.1.4. [1] Reachability / exploitation details (from the advisory): - The panic occurs when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length derived from the (empty) encrypted_key. [1] - The code path is reachable by parsing a JWE (ParseEncrypted / ParseEncryptedJSON / ParseEncryptedCompact) followed by Decrypt on the resulting object. [1] - A mitigation/workaround is that if the application passes a keyAlgorithms list to the parse functions that does not include key wrapping algorithms (alg values ending in “KW”), then parsing will fail and the application is unaffected. [1] - If you accept JWE Compact Serialization, you can prevalidate that the encrypted_key field (the data between the first and second “.” in the compact form) is non-empty. [1] Practical guidance: 1) Upgrade go-jose to at least the patched versions (v3 >= 3.0.5 or v4 >= 4.1.4). [1] 2) If you can’t upgrade immediately, ensure your accepted key algorithm set excludes *KW algorithms, or add input validation to reject JWE objects with an empty encrypted_key when using key wrapping algs. [1] Additional note from a vendor scan writeup: a product may detect CVE-2026-34986 transitively via a vulnerable go-jose version, but mark the component “not affected” if the vulnerable code path is not reachable in that product’s runtime context. [2]

Citations:

• 1: GHSA-78h2-9frx-2jm8
• 2: https://knowledge.broadcom.com/external/article/435970/cve202634986-ghsa78h29frx2jm8-detected.html

---

🌐 Web query:

CVE-2026-34986 go-jose

💡 Result:

CVE-2026-34986 is a denial-of-service (panic) vulnerability in the go-jose library’s JWE decryption path. Specifically, in go-jose versions prior to 4.1.4 (v4) and prior to 3.0.5 (v3), decrypting a JWE object can panic when: (1) the JWE header alg indicates a key wrapping algorithm (ends with KW, with exceptions A128GCMKW/A192GCMKW/A256GCMKW), and (2) the JWE encrypted_key field is empty [1][2]. Impact / what happens - The panic occurs because cipher.KeyUnwrap() (in go-jose’s key_wrap.go) attempts to allocate a slice using a zero or negative length derived from the length of encrypted_key [1][2]. - This panic can crash the process, i.e., an attacker may cause a denial of service by sending a crafted JWE object [1][2]. Reachability details - The vulnerable code path is reachable by parsing a JWE (via ParseEncrypted(), ParseEncryptedJSON(), or ParseEncryptedCompact()), followed by calling Decrypt() on the resulting object [1][2]. - If the application configures the parser with a list of accepted key algorithms that does not include any key wrapping algorithms, parsing will fail and the application is unaffected [1][2]. - It can also be triggered by directly calling cipher.KeyUnwrap() with ciphertext shorter than 16 bytes, though this is described as less common [1][2]. Fixed versions / remediation - Upgrade go-jose v4 to 4.1.4 or later, and upgrade go-jose v3 to 3.0.5 or later to fix the JWE decryption panic [1][3][4]. - go-jose’s 4.1.4 release notes explicitly state it “Fixes Panic in JWE decryption” and reference the GHSA advisory for this issue [3]. If you tell me which go-jose major version your application uses (v3 vs v4) and the versions you currently run, I can map that to the exact “affected/unaffected” status and suggest the minimal upgrade target.

Citations:

• 1: https://nvd.nist.gov/vuln/detail/CVE-2026-34986
• 2: GHSA-78h2-9frx-2jm8
• 3: https://github.com/go-jose/go-jose/releases/tag/v4.1.4
• 4: https://osv.dev/vulnerability/GHSA-78h2-9frx-2jm8

---

🏁 Script executed:

cat -n ./openshift/default-catalog-consistency/go.mod | sed -n '40,52p'

Repository: openshift/operator-framework-operator-controller

Length of output: 856

---

Security blocker: github.com/go-jose/go-jose/v4 v4.1.3 is vulnerable to GHSA-78h2-9frx-2jm8.

Line 46 pins a version affected by CVE-2026-34986, a denial-of-service vulnerability in JWE decryption that can cause a panic when parsing a JWE with an empty encrypted_key field and a key wrapping algorithm. Bump to v4.1.4 or newer to fix.

🔧 Suggested patch

-	github.com/go-jose/go-jose/v4 v4.1.3 // indirect
+	github.com/go-jose/go-jose/v4 v4.1.4 // indirect

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	github.com/go-jose/go-jose/v4 v4.1.3 // indirect
	github.com/go-jose/go-jose/v4 v4.1.4 // indirect

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@openshift/default-catalog-consistency/go.mod` at line 46, The go.mod
currently pins the vulnerable dependency "github.com/go-jose/go-jose/v4 v4.1.3";
update that module to "v4.1.4" (or newer) in go.mod, then run "go get
github.com/go-jose/go-jose/v4@v4.1.4" (or the desired newer version) and "go mod
tidy" to refresh go.sum, and commit the updated go.mod and go.sum so the
CVE-2026-34986 denial-of-service fix is applied.

[MrSanketkumar]

/retest-required

[MrSanketkumar]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (2)

openshift/default-catalog-consistency/go.mod (1)

46-46: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Security blocker: go-jose/v4 v4.1.3 is still vulnerable.

Line 46 keeps a version affected by GHSA-78h2-9frx-2jm8. Please bump to v4.1.4 or newer and refresh module resolution.

Suggested patch

-	github.com/go-jose/go-jose/v4 v4.1.3 // indirect
+	github.com/go-jose/go-jose/v4 v4.1.4 // indirect

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@openshift/default-catalog-consistency/go.mod` at line 46, Update the
vulnerable dependency github.com/go-jose/go-jose/v4 from v4.1.3 to v4.1.4 (or
newer) in the go.mod entry and refresh module resolution; after changing the
version run your module resolution to update go.sum and ensure the new version
is pinned (e.g., using the Go module commands that fetch and tidy dependencies)
so the GHSA-78h2-9frx-2jm8 vulnerability is resolved.

go.mod (1)

217-222: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Security blocker: OpenTelemetry modules are still pinned to vulnerable versions.

go.opentelemetry.io/otel v1.39.0 (Line 217) and go.opentelemetry.io/otel/sdk v1.39.0 (Line 221) are flagged with HIGH advisories in the scanner output. Please bump the OpenTelemetry set (otel, otel/sdk, otel/metric, otel/trace) to a non-vulnerable release family and refresh the module graph before merge.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` around lines 217 - 222, Bump the OpenTelemetry modules to a
non-vulnerable release family by updating the versions for
go.opentelemetry.io/otel, go.opentelemetry.io/otel/sdk,
go.opentelemetry.io/otel/metric, and go.opentelemetry.io/otel/trace (and align
related packages go.opentelemetry.io/otel/exporters/otlp/otlptrace and
otlptrace/otlptracegrpc) to a patched release; then refresh the module graph
(e.g., run go get for the chosen versions and go mod tidy) so go.mod/go.sum
reflect the updated, non-vulnerable versions before merging.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@openshift/tests-extension/go.mod`:
- Around line 80-85: The listed OpenTelemetry modules (go.opentelemetry.io/otel,
go.opentelemetry.io/otel/metric, go.opentelemetry.io/otel/sdk,
go.opentelemetry.io/otel/trace and the exporter modules
go.opentelemetry.io/otel/exporters/otlp/otlptrace and
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc) are pinned to
vulnerable versions; update these module versions in the go.mod to v1.43.0 or
later (ensure otlptrace modules are also bumped to v1.43.0+) so CVE-2026-24051
and CVE-2026-39882 are addressed, then run go get or tidy to refresh go.sum and
verify tests build.

---

Duplicate comments:
In `@go.mod`:
- Around line 217-222: Bump the OpenTelemetry modules to a non-vulnerable
release family by updating the versions for go.opentelemetry.io/otel,
go.opentelemetry.io/otel/sdk, go.opentelemetry.io/otel/metric, and
go.opentelemetry.io/otel/trace (and align related packages
go.opentelemetry.io/otel/exporters/otlp/otlptrace and otlptrace/otlptracegrpc)
to a patched release; then refresh the module graph (e.g., run go get for the
chosen versions and go mod tidy) so go.mod/go.sum reflect the updated,
non-vulnerable versions before merging.

In `@openshift/default-catalog-consistency/go.mod`:
- Line 46: Update the vulnerable dependency github.com/go-jose/go-jose/v4 from
v4.1.3 to v4.1.4 (or newer) in the go.mod entry and refresh module resolution;
after changing the version run your module resolution to update go.sum and
ensure the new version is pinned (e.g., using the Go module commands that fetch
and tidy dependencies) so the GHSA-78h2-9frx-2jm8 vulnerability is resolved.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: f0d33dae-e4aa-4599-9a3a-08c483699286

📥 Commits

Reviewing files that changed from the base of the PR and between cf7df47 and 4a3d67e.

⛔ Files ignored due to path filters (297)

• go.sum is excluded by !**/*.sum
• openshift/default-catalog-consistency/go.sum is excluded by !**/*.sum
• openshift/default-catalog-consistency/vendor/github.com/go-jose/go-jose/v4/CHANGELOG.md is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/github.com/go-jose/go-jose/v4/README.md is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/github.com/go-jose/go-jose/v4/crypter.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/github.com/go-jose/go-jose/v4/jwk.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/github.com/go-jose/go-jose/v4/shared.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/github.com/go-jose/go-jose/v4/signing.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/github.com/go-jose/go-jose/v4/symmetric.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/openpgp/s2k/s2k.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/salsa20/salsa/hsalsa20.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/sha3/doc.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/sha3/hashes.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/sha3/hashes_noasm.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/sha3/keccakf.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/sha3/keccakf_amd64.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/sha3/keccakf_amd64.s is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/sha3/sha3.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/sha3/sha3_s390x.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/sha3/sha3_s390x.s is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/sha3/shake.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/crypto/sha3/shake_noasm.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/mod/semver/semver.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/context/context.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/html/escape.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/html/parse.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/html/render.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/http2/config.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/http2/config_go124.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/http2/config_pre_go124.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/http2/frame.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/http2/gotrack.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/http2/http2.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/http2/server.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/http2/timer.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/http2/transport.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/http2/writesched.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/http2/writesched_roundrobin.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/internal/httpcommon/request.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/net/trace/events.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/oauth2/deviceauth.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/oauth2/oauth2.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/oauth2/pkce.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/oauth2/token.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/oauth2/transport.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sync/errgroup/errgroup.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/cpu/cpu_arm64.s is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/plan9/pwd_plan9.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/affinity_linux.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/fdset.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/ifreq_linux.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/mkall.sh is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/mkerrors.sh is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/syscall_linux.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/syscall_netbsd.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/syscall_solaris.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_386.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zsyscall_linux.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/ztypes_linux.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/windows/syscall_windows.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/windows/types_windows.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/sys/windows/zsyscall_windows.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/term/terminal.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/text/encoding/japanese/eucjp.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/text/encoding/japanese/iso2022jp.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/text/encoding/japanese/shiftjis.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/text/encoding/korean/euckr.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/text/encoding/simplifiedchinese/gbk.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/text/encoding/simplifiedchinese/hzgb2312.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/text/encoding/traditionalchinese/big5.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/text/encoding/unicode/unicode.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/text/unicode/bidi/core.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/go/ast/inspector/cursor.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/go/packages/golist.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/go/packages/visit.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/go/types/typeutil/map.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/event/core/event.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/gcimporter/bimport.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/gcimporter/iexport.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/gcimporter/iimport.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/gcimporter/iimport_go122.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/stdlib/deps.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/stdlib/import.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/stdlib/manifest.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/typeparams/normalize.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/typesinternal/element.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/typesinternal/qualifier.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/typesinternal/types.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/typesinternal/varkind.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/typesinternal/zerovalue.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/golang.org/x/tools/internal/versions/features.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/CONTRIBUTING.md is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/balancer/balancer.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/balancer/pickfirst/internal/internal.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/balancer/pickfirst/pickfirst.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/balancer/pickfirst/pickfirstleaf/pickfirstleaf.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/balancer/roundrobin/roundrobin.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/balancer/subconn.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/balancer_wrapper.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go is excluded by !**/*.pb.go, !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/clientconn.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/credentials/credentials.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/credentials/tls.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/encoding/encoding.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/encoding/proto/proto.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/experimental/stats/metricregistry.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/experimental/stats/metrics.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/interceptor.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/buffer/unbounded.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/channelz/trace.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/envconfig/xds.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/experimental.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/idle/idle.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/internal.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/resolver/delegatingresolver/delegatingresolver.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/stats/metrics_recorder_list.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/transport/client_stream.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/transport/controlbuf.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/transport/flowcontrol.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/transport/handler_server.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/transport/http2_client.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/transport/http2_server.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/transport/http_util.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/transport/server_stream.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/internal/transport/transport.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/mem/buffer_pool.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/mem/buffer_slice.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/mem/buffers.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/preloader.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/resolver/resolver.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/resolver_wrapper.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/rpc_util.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/server.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/stream.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/grpc/version.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/protobuf/internal/editionssupport/editions.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/protobuf/internal/filedesc/desc.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/protobuf/internal/filedesc/desc_init.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/protobuf/internal/filedesc/desc_lazy.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/protobuf/internal/filedesc/editions.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/protobuf/internal/version/version.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/protobuf/reflect/protodesc/desc.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/google.golang.org/protobuf/reflect/protodesc/proto.go is excluded by !**/vendor/**
• openshift/default-catalog-consistency/vendor/modules.txt is excluded by !**/vendor/**
• openshift/tests-extension/go.sum is excluded by !**/*.sum
• openshift/tests-extension/vendor/cel.dev/expr/BUILD.bazel is excluded by !**/vendor/**
• openshift/tests-extension/vendor/cel.dev/expr/MODULE.bazel is excluded by !**/vendor/**
• openshift/tests-extension/vendor/cel.dev/expr/checked.pb.go is excluded by !**/*.pb.go, !**/vendor/**
• openshift/tests-extension/vendor/cel.dev/expr/eval.pb.go is excluded by !**/*.pb.go, !**/vendor/**
• openshift/tests-extension/vendor/cel.dev/expr/explain.pb.go is excluded by !**/*.pb.go, !**/vendor/**
• openshift/tests-extension/vendor/cel.dev/expr/syntax.pb.go is excluded by !**/*.pb.go, !**/vendor/**
• openshift/tests-extension/vendor/cel.dev/expr/value.pb.go is excluded by !**/*.pb.go, !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/id.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/number.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/span.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/status.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/traces.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/auto/sdk/internal/telemetry/value.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/auto/sdk/span.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/auto/sdk/tracer.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/.codespellignore is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/.golangci.yml is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/.lycheeignore is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/CHANGELOG.md is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/CODEOWNERS is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/CONTRIBUTING.md is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/LICENSE is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/Makefile is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/README.md is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/RELEASING.md is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/SECURITY-INSIGHTS.yml is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/VERSIONING.md is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/encoder.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/filter.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/hash.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/internal/attribute.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/internal/xxhash/xxhash.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/iterator.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/key.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/kv.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/set.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/type_string.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/attribute/value.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/baggage/baggage.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/codes/codes.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/dependencies.Dockerfile is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/internal/global/internal_logging.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/internal/global/meter.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/internal/global/trace.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/metric.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/metric/LICENSE is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/metric/config.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/propagation/baggage.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/propagation/propagation.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/propagation/trace_context.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/LICENSE is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/internal/x/features.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/internal/x/x.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/builtin.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/container.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/env.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/host_id.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_bsd.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_linux.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_unsupported.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/host_id_windows.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/os.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/os_release_unix.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/os_unix.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/os_unsupported.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/process.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/resource/resource.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/batch_span_processor.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/doc.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/id_generator.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/internal/env/env.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/batch_span_processor.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/doc.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/simple_span_processor.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/internal/observ/tracer.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/provider.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/sampling.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/simple_span_processor.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/snapshot.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/span.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/span_limits.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/tracer.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/trace/version.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/sdk/version.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.34.0/MIGRATION.md is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.34.0/README.md is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.34.0/attribute_group.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.34.0/doc.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.34.0/exception.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.34.0/schema.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/MIGRATION.md is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/README.md is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/attribute_group.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/doc.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/error_type.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/exception.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/otelconv/metric.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/semconv/v1.37.0/schema.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/LICENSE is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/auto.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/config.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/hex.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/attr.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/id.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/internal/telemetry/value.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/noop.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/noop/noop.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/span.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/trace.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/trace/tracestate.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/version.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/go.opentelemetry.io/otel/versions.yaml is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/chacha20/chacha_arm64.s is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/curve25519/curve25519.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/cipher.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/client_auth.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/common.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/doc.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/handshake.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/kex.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/keys.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/mac.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/messages.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/server.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/ssh_gss.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/streamlocal.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/tcpip.go is excluded by !**/vendor/**
• openshift/tests-extension/vendor/golang.org/x/crypto/ssh/transport.go is excluded by !**/vendor/**

📒 Files selected for processing (3)

• go.mod
• openshift/default-catalog-consistency/go.mod
• openshift/tests-extension/go.mod

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

# Find the go.mod file mentioned
find . -name "go.mod" -path "*/openshift/tests-extension/*"

Repository: openshift/operator-framework-operator-controller

Length of output: 127

---

🏁 Script executed:

# Check the specific lines mentioned (80-85) in the go.mod file
if [ -f "openshift/tests-extension/go.mod" ]; then
  sed -n '75,90p' "openshift/tests-extension/go.mod"
fi

Repository: openshift/operator-framework-operator-controller

Length of output: 955

---

🌐 Web query:

OpenTelemetry v1.39.0 vulnerabilities CVE

💡 Result:

For OpenTelemetry v1.39.0, the OpenTelemetry Go SDK has at least two CVEs that explicitly cover versions up through 1.39.0: 1) CVE-2026-24051 (GHSA-9h8m-3fm2-qjrq) — OpenTelemetry-Go SDK path hijacking on macOS/Darwin - What it is: The OpenTelemetry Go SDK versions v1.20.0 through v1.39.0 are vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin; the resource detection code executes the ioreg system command using a search path, so a locally attacker-influenced PATH can lead to arbitrary code execution in the context of the application.[1][2] - Fixed in: v1.40.0 (patched in commit d45961b).[1][2] - Affected range (as stated in the advisory): >= 1.21.0, <= 1.39.0.[1] 2) CVE-2026-39882 (GHSA-w8rr-5gcm-pp58) — OTLP HTTP exporters unbounded response body read (memory exhaustion) - What it is: Prior to v1.43.0, the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a size cap, enabling memory exhaustion if the configured collector endpoint is attacker-controlled or traffic can be MITM’d.[3] - CVE ID and root cause details are given in the GHSA advisory: CVE-2026-39882, CWE-789; root cause is io.Copy(resp.Body) into an unbounded bytes.Buffer.[3] - Fixed in: v1.43.0 (the advisory states the vulnerability is fixed in 1.43.0).[4] Notes / scope clarification - CVE-2026-24051 is specifically about the OpenTelemetry Go SDK component and requires local PATH influence on macOS/Darwin.[1][2] - CVE-2026-39882 is about OTLP HTTP exporter behavior and depends on the collector endpoint being attacker-controlled or otherwise able to send oversized responses to the exporter.[3] If you tell me which language(s)/distributions you use with “v1.39.0” (Go vs.NET vs Java vs Collector vs specific modules like otlptracehttp/otlpmetrichttp), I can narrow this to exactly the affected artifacts and the precise upgrade targets for your stack.

Citations:

• 1: GHSA-9h8m-3fm2-qjrq
• 2: https://nvd.nist.gov/vuln/detail/CVE-2026-24051
• 3: GHSA-w8rr-5gcm-pp58
• 4: https://app.opencve.io/cve/CVE-2026-39882

---

Upgrade OpenTelemetry dependencies to patch known vulnerabilities in tests-extension.

The modules at lines 80–85 of openshift/tests-extension/go.mod use v1.39.0, which is vulnerable to:

• CVE-2026-24051 (path hijacking on macOS/Darwin, fixed in v1.40.0)
• CVE-2026-39882 (unbounded response body read in OTLP HTTP exporters, fixed in v1.43.0)

Upgrade go.opentelemetry.io/otel, otel/metric, otel/sdk, and otel/trace to v1.43.0 or later to address both vulnerabilities. Also upgrade the exporter modules (otel/exporters/otlp/otlptrace* at v1.36.0) to v1.43.0+ to patch CVE-2026-39882.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@openshift/tests-extension/go.mod` around lines 80 - 85, The listed
OpenTelemetry modules (go.opentelemetry.io/otel,
go.opentelemetry.io/otel/metric, go.opentelemetry.io/otel/sdk,
go.opentelemetry.io/otel/trace and the exporter modules
go.opentelemetry.io/otel/exporters/otlp/otlptrace and
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc) are pinned to
vulnerable versions; update these module versions in the go.mod to v1.43.0 or
later (ensure otlptrace modules are also bumped to v1.43.0+) so CVE-2026-24051
and CVE-2026-39882 are addressed, then run go get or tidy to refresh go.sum and
verify tests build.

[MrSanketkumar]

/retest-required

[MrSanketkumar]

/retest-required

[MrSanketkumar]

/retest-required

[MrSanketkumar]

/retest

[openshift-ci]

@MrSanketkumar: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/default-catalog-consistency	4a3d67e	link	true	/test default-catalog-consistency
ci/prow/verify	4a3d67e	link	true	/test verify

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-ci-robot]

@MrSanketkumar: This pull request references Jira Issue OCPBUGS-80840. The bug has been updated to no longer refer to the pull request using the external bug tracker.

This pull request references Jira Issue OCPBUGS-80839. The bug has been updated to no longer refer to the pull request using the external bug tracker.

Details

In response to this:

Summary by CodeRabbit

• Chores
• Updated project dependencies across the repository, including OpenTelemetry, gRPC/protobuf, CEL expression library, and various golang.org/x modules.
• Impact: aligns with newer platform libraries for improved compatibility, stability, and security; refreshes indirect dependency versions with no API changes.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.