Update google.golang.org/genproto digest to 925bb5d#211
Update google.golang.org/genproto digest to 925bb5d#211red-hat-konflux-kflux-prd-rh02[bot] wants to merge 1 commit into
Conversation
Signed-off-by: red-hat-konflux-kflux-prd-rh02 <190377777+red-hat-konflux-kflux-prd-rh02[bot]@users.noreply.github.com>
|
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Hi @red-hat-konflux-kflux-prd-rh02[bot]. Thanks for your PR. I'm waiting for a openshift-hyperfleet member to verify that this patch is reasonable to test. If it is, they should reply with Regular contributors should join the org to skip this step. Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
📝 WalkthroughWalkthroughgo.mod pins a newer pseudo-version of the indirect dependency google.golang.org/genproto, changing from v0.0.0-20260209200024-4cfbd4190f57 to v0.0.0-20260630182238-925bb5da69e7. No other files are modified. Estimated code review effort: 1 (Trivial) | ~5 minutes Security note: genproto pinned to an unpinned-by-hash pseudo-version bump spanning ~4 months of upstream commits (20260209→20260630). No CVE cited in the diff for this update — verify provenance via go.sum hash and module checksum database (sum.golang.org) before merge. Unreviewed transitive proto-generated code changes are a supply chain risk vector (CWE-1104: Use of Unmaintained Third Party Components applies if pinned version lags; here concern is opposite — unverified forward jump). Confirm go.sum hash entries updated alongside go.mod to prevent dependency confusion/tampering (CWE-829: Inclusion of Functionality from Untrusted Control Sphere). Suggested labels: dependencies, go Suggested reviewers: platform-security-team 🚥 Pre-merge checks | ✅ 11✅ Passed checks (11 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
✨ Simplify code
Comment |
This PR contains the following updates:
4cfbd41→925bb5dConfiguration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
To execute skipped test pipelines write comment
/ok-to-test.Documentation
Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.