Skip to content

Update module github.com/cenkalti/backoff/v4 to v7#216

Open
red-hat-konflux-kflux-prd-rh02[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/github.com-cenkalti-backoff-v4-7.x
Open

Update module github.com/cenkalti/backoff/v4 to v7#216
red-hat-konflux-kflux-prd-rh02[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/github.com-cenkalti-backoff-v4-7.x

Conversation

@red-hat-konflux-kflux-prd-rh02

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
github.com/cenkalti/backoff/v4 v4.3.0v7.0.0 age confidence

Release Notes

cenkalti/backoff (github.com/cenkalti/backoff/v4)

v7.0.0

Compare Source

v6.0.1

Compare Source

v6.0.0

Compare Source

v5.0.3

Compare Source

v5.0.2

Compare Source

v5.0.1

Compare Source

v5.0.0

Compare Source


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "on monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

Signed-off-by: red-hat-konflux-kflux-prd-rh02 <190377777+red-hat-konflux-kflux-prd-rh02[bot]@users.noreply.github.com>
@red-hat-konflux-kflux-prd-rh02

Copy link
Copy Markdown
Contributor Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum
Command failed: go get -t ./...
go: downloading github.com/openshift-hyperfleet/hyperfleet-broker v1.1.1
go: downloading github.com/prometheus/client_golang v1.23.2
go: downloading github.com/spf13/cobra v1.10.2
go: downloading github.com/spf13/pflag v1.0.10
go: downloading go.opentelemetry.io/otel/sdk v1.43.0
go: downloading gopkg.in/yaml.v3 v3.0.1
go: downloading go.opentelemetry.io/otel v1.43.0
go: downloading github.com/spf13/viper v1.21.0
go: downloading github.com/google/cel-go v0.27.0
go: downloading github.com/cenkalti/backoff/v5 v5.0.3
go: downloading go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0
go: downloading github.com/cloudevents/sdk-go/v2 v2.16.2
go: downloading go.opentelemetry.io/contrib/propagators/autoprop v0.68.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0
go: downloading go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.43.0
go: downloading go.opentelemetry.io/otel/trace v1.43.0
go: downloading github.com/google/uuid v1.6.0
go: downloading cloud.google.com/go/pubsub/v2 v2.4.0
go: downloading cloud.google.com/go v0.123.0
go: downloading github.com/ThreeDotsLabs/watermill v1.5.1
go: downloading github.com/ThreeDotsLabs/watermill-amqp/v3 v3.0.2
go: downloading github.com/ThreeDotsLabs/watermill-googlecloud/v2 v2.0.0
go: downloading google.golang.org/grpc v1.80.0
go: downloading google.golang.org/protobuf v1.36.11
go: downloading github.com/beorn7/perks v1.0.1
go: downloading github.com/cespare/xxhash/v2 v2.3.0
go: downloading github.com/prometheus/client_model v0.6.2
go: downloading github.com/prometheus/common v0.66.1
go: downloading github.com/prometheus/procfs v0.17.0
go: downloading golang.org/x/sys v0.42.0
go: downloading github.com/inconshreveable/mousetrap v1.1.0
go: downloading github.com/fsnotify/fsnotify v1.9.0
go: downloading github.com/go-viper/mapstructure/v2 v2.5.0
go: downloading github.com/sagikazarmark/locafero v0.12.0
go: downloading github.com/spf13/afero v1.15.0
go: downloading github.com/spf13/cast v1.10.0
go: downloading cel.dev/expr v0.25.1
go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9
go: downloading golang.org/x/text v0.35.0
go: downloading google.golang.org/genproto v0.0.0-20260209200024-4cfbd4190f57
go: downloading github.com/felixge/httpsnoop v1.0.4
go: downloading go.opentelemetry.io/otel/metric v1.43.0
go: downloading github.com/kylelemons/godebug v1.1.0
go: downloading github.com/go-logr/logr v1.4.3
go: downloading go.opentelemetry.io/contrib/propagators/aws v1.43.0
go: downloading go.opentelemetry.io/contrib/propagators/b3 v1.43.0
go: downloading go.opentelemetry.io/contrib/propagators/jaeger v1.43.0
go: downloading go.opentelemetry.io/contrib/propagators/ot v1.43.0
go: downloading go.opentelemetry.io/proto/otlp v1.10.0
go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9
go: downloading github.com/googleapis/gax-go/v2 v2.17.0
go: downloading go.opencensus.io v0.24.0
go: downloading golang.org/x/sync v0.20.0
go: downloading google.golang.org/api v0.266.0
go: downloading github.com/cenkalti/backoff/v3 v3.2.2
go: downloading github.com/hashicorp/go-multierror v1.1.1
go: downloading github.com/pkg/errors v0.9.1
go: downloading github.com/rabbitmq/amqp091-go v1.10.0
go: downloading github.com/lithammer/shortuuid/v3 v3.0.7
go: downloading github.com/oklog/ulid v1.3.1
go: downloading github.com/sony/gobreaker v1.0.0
go: downloading github.com/json-iterator/go v1.1.12
go: downloading github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
go: downloading go.yaml.in/yaml/v2 v2.4.2
go: downloading github.com/subosito/gotenv v1.6.0
go: downloading github.com/pelletier/go-toml/v2 v2.2.4
go: downloading go.yaml.in/yaml/v3 v3.0.4
go: downloading github.com/antlr4-go/antlr/v4 v4.13.1
go: downloading github.com/go-logr/stdr v1.2.2
go: downloading go.opentelemetry.io/auto/sdk v1.2.1
go: downloading go.uber.org/multierr v1.11.0
go: downloading go.uber.org/zap v1.27.1
go: downloading github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0
go: downloading golang.org/x/net v0.52.0
go: downloading golang.org/x/oauth2 v0.35.0
go: downloading cloud.google.com/go/iam v1.5.3
go: downloading cloud.google.com/go/auth v0.18.1
go: downloading github.com/hashicorp/errwrap v1.1.0
go: downloading github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
go: downloading github.com/modern-go/reflect2 v1.0.2
go: downloading golang.org/x/exp v0.0.0-20240823005443-9b4947da3948
go: downloading cloud.google.com/go/compute/metadata v0.9.0
go: downloading cloud.google.com/go/auth/oauth2adapt v0.2.8
go: downloading go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.65.0
go: downloading golang.org/x/time v0.14.0
go: downloading github.com/google/s2a-go v0.1.9
go: downloading github.com/googleapis/enterprise-certificate-proxy v0.3.12
go: downloading golang.org/x/crypto v0.49.0
go: github.com/openshift-hyperfleet/hyperfleet-sentinel/internal/client imports
	github.com/openshift-hyperfleet/hyperfleet-sentinel/pkg/api/openapi: cannot find module providing package github.com/openshift-hyperfleet/hyperfleet-sentinel/pkg/api/openapi

@openshift-ci openshift-ci Bot requested review from pnguyen44 and tirthct July 6, 2026 12:04
@openshift-ci

openshift-ci Bot commented Jul 6, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign ruclo for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci

openshift-ci Bot commented Jul 6, 2026

Copy link
Copy Markdown

Hi @red-hat-konflux-kflux-prd-rh02[bot]. Thanks for your PR.

I'm waiting for a openshift-hyperfleet member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@coderabbitai

coderabbitai Bot commented Jul 6, 2026

Copy link
Copy Markdown
📝 Walkthrough

Walkthrough

Supply-chain surface change: go.mod bumps indirect dependency github.com/cenkalti/backoff from major version v4 (v4.3.0) to major version v7 (v7.0.0). No other files touched.

Estimated code review effort: 2 (Simple) | ~10 minutes

Changes

File Change
go.mod Indirect dependency github.com/cenkalti/backoff/v4 v4.3.0github.com/cenkalti/backoff/v7 v7.0.0

Security notes: Major version jump (v4→v7) is a supply-chain risk vector — verify module provenance and checksum in go.sum, confirm no known CVEs against backoff v7.0.0, and check for breaking API changes since this is an indirect dependency pulled transitively (unclear which direct dependency requires it — audit the dependency graph). No CVE currently on record for either version at time of writing; confirm against current advisory databases before merge.

Suggested labels: dependencies, go.mod, supply-chain

Suggested reviewers: platform-security-reviewer, go-maintainer

🚥 Pre-merge checks | ✅ 11
✅ Passed checks (11 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output ✅ Passed PASS: PR only changes go.mod dependency version; no Go log statements were added or modified, so CWE-532 secret-in-log risk is absent.
No Hardcoded Secrets ✅ Passed Only go.mod version bump changed; no API keys, tokens, passwords, embedded creds, or long base64 strings in the diff (CWE-798/CWE-321).
No Weak Cryptography ✅ Passed PASS: Only go.mod changed to backoff v7; no crypto/md5/des/rc4, ECB, custom crypto, or secret compares found (CWE-327/CWE-208).
No Injection Vectors ✅ Passed Only go.mod dependency pins changed; no SQL/exec/template.HTML/yaml.Unmarshal sinks appear in the touched files.
No Privileged Containers ✅ Passed Only go.mod changed; no K8s/OpenShift manifests, Helm templates, or Dockerfiles were touched, so no privileged flags (CWE-250/CWE-284) were introduced.
No Pii Or Sensitive Data In Logs ✅ Passed No CWE-532 logging issue: the PR only changes go.mod; no slog/logr/zap/fmt.Print* code or data-bearing logs were modified.
Title check ✅ Passed The title clearly states the dependency version update reflected in go.mod.
Description check ✅ Passed The description matches the dependency bump and release-note context in the changeset.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch konflux/mintmaker/main/github.com-cenkalti-backoff-v4-7.x
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch konflux/mintmaker/main/github.com-cenkalti-backoff-v4-7.x

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants