Bump k8s.io/apimachinery from 0.34.3 to 0.35.1

[dependabot]

Bumps k8s.io/apimachinery from 0.34.3 to 0.35.1.

Commits

• 72d71ea Merge remote-tracking branch 'origin/master' into release-1.35
• e2a2dbc Bump golang.org/x/crypto to v0.45.0
• 2e9c228 Merge pull request #135131 from Dev1622/sig-storage/mock-expand-flake-fix
• f274aac vendor: update vendor and license metadata after replacing BeTrue usage in cs...
• 9445443 Resolve lint restriction on BeTrue by introducing Succeed() with contextual e...
• 52154f7 Update vendored dependencies
• 5a348c5 KEP-5471: Extend tolerations operators (#134665)
• 6f89492 Merge pull request #133648 from richabanker/merged-discovery
• c77dde2 util/sort: Add MergePreservingRelativeOrder for topological sorting
• 729c13d Merge pull request #134624 from yt2985/podcertificates-beta
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign rcampos2029 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Walkthrough

Updates Go toolchain from 1.24.6 to 1.25.0 and upgrades k8s.io/apimachinery from v0.34.3 to v0.35.1. Removes the indirect dependency on github.com/gogo/protobuf v1.3.2. Total change: 2 lines added, 3 lines removed.

Changes

Cohort / File(s)	Summary
Dependency Updates go.mod	Bumps Go toolchain to 1.25.0, upgrades k8s.io/apimachinery to v0.35.1, and removes indirect dependency on github.com/gogo/protobuf v1.3.2.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: bumping k8s.io/apimachinery dependency from 0.34.3 to 0.35.1, which matches the primary alteration in go.mod.
Description check	✅ Passed	The description is directly related to the changeset, providing commit details and upstream changes for the k8s.io/apimachinery dependency upgrade.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Merge Conflict Detection	✅ Passed	✅ No merge conflicts detected when merging into main

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dependabot/go_modules/k8s.io/apimachinery-0.35.1

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift-online member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@go.mod`:
- Line 3: go.mod declares "go 1.25.0" which conflicts with CI workflows
(check-pull-request.yaml and publish-release.yaml) that use older Go versions;
fix by either updating the CI workflow go-version to 1.25.0 to match the go.mod
or downgrading the go directive in go.mod (the "go 1.25.0" line) to the version
used by CI (e.g., 1.23 or 1.22) so both are consistent; ensure the chosen
version is supported by your CI images and run a quick CI check after the
change.
- Line 33: Confirm that the bumped module entry k8s.io/apimachinery v0.35.1 is
compatible with the single import site (the import of
"k8s.io/apimachinery/pkg/util/sets") by running the test suite and exercising
the code path in pkg/arguments/interactive.go that uses sets; then run go mod
tidy and ensure it makes no changes (or commit any intentional tidy changes) so
the go.mod/go.sum are clean. If tests or tidy surface dependency issues, revert
or resolve them (adjust import usage or pin versions) and re-run tests and go
mod tidy until clean.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

# Check for CI configuration files
find . -type f \( -name "*.yml" -o -name "*.yaml" \) -path "*/.github/*" -o -name ".gitlab-ci.yml" -o -name ".circleci/config.yml" | head -20

Repository: openshift-online/ocm-cli

Length of output: 177

---

🏁 Script executed:

# Search for Go version references in the repo
rg -n 'go\s*1\.' --type yaml --type yml --type json | head -30

Repository: openshift-online/ocm-cli

Length of output: 95

---

🏁 Script executed:

# Check the current go.mod file to understand the context
head -20 go.mod

Repository: openshift-online/ocm-cli

Length of output: 713

---

🏁 Script executed:

# Search for any toolchain directives or Go version constraints
rg -n 'toolchain|go\s+1\.' go.mod go.sum 2>/dev/null | head -20

Repository: openshift-online/ocm-cli

Length of output: 86

---

🏁 Script executed:

cat -n .github/workflows/check-pull-request.yaml

Repository: openshift-online/ocm-cli

Length of output: 3199

---

🏁 Script executed:

cat -n .github/workflows/publish-release.yaml

Repository: openshift-online/ocm-cli

Length of output: 6007

---

🏁 Script executed:

# Check dependabot config for any Go version specifications
cat -n .github/dependabot.yml

Repository: openshift-online/ocm-cli

Length of output: 245

---

Update CI workflows to use Go 1.25.0 or downgrade go.mod

CI workflows (check-pull-request.yaml and publish-release.yaml) specify Go versions 1.22 and 1.23, but go.mod declares go 1.25.0. This mismatch will cause build failures. Either update all CI workflows to use go-version: 1.25.0, or downgrade go.mod to a version available in CI (1.22 or 1.23).

🤖 Prompt for AI Agents

In `@go.mod` at line 3, go.mod declares "go 1.25.0" which conflicts with CI
workflows (check-pull-request.yaml and publish-release.yaml) that use older Go
versions; fix by either updating the CI workflow go-version to 1.25.0 to match
the go.mod or downgrading the go directive in go.mod (the "go 1.25.0" line) to
the version used by CI (e.g., 1.23 or 1.22) so both are consistent; ensure the
chosen version is supported by your CI images and run a quick CI check after the
change.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Find usage sites of apimachinery imports to assess potential breakage.
rg -n --glob '!**/vendor/**' 'k8s\.io/apimachinery' 

echo "---"

# Verify module graph shows expected version.
if [ -f go.mod ]; then
  echo "go.mod content around apimachinery:"
  grep -n 'apimachinery' go.mod
fi

Repository: openshift-online/ocm-cli

Length of output: 684

---

🏁 Script executed:

#!/bin/bash
# Check if go.mod tidy is clean
if [ -f go.mod ]; then
  echo "Checking go.mod state:"
  head -40 go.mod
  echo "---"
  echo "Looking for apimachinery and related k8s.io dependencies:"
  grep -E 'k8s\.io/(api|apimachinery|client-go)' go.mod
fi

Repository: openshift-online/ocm-cli

Length of output: 1463

---

🏁 Script executed:

#!/bin/bash
# Search for actual imports of apimachinery packages to understand usage
rg --glob '*.go' 'from "k8s\.io/apimachinery' -A 1 | head -50
rg --glob '*.go' 'import.*k8s\.io/apimachinery' -B 1 -A 1 | head -50

Repository: openshift-online/ocm-cli

Length of output: 50

---

Verify v0.35.1 compatibility with the single usage site and ensure go mod tidy is clean.

The apimachinery upgrade is already applied with minimal scope—only pkg/arguments/interactive.go imports k8s.io/apimachinery/pkg/util/sets. Run tests locally and confirm go mod tidy leaves no changes to ensure the upgrade integrates cleanly.

🤖 Prompt for AI Agents

In `@go.mod` at line 33, Confirm that the bumped module entry k8s.io/apimachinery
v0.35.1 is compatible with the single import site (the import of
"k8s.io/apimachinery/pkg/util/sets") by running the test suite and exercising
the code path in pkg/arguments/interactive.go that uses sets; then run go mod
tidy and ensure it makes no changes (or commit any intentional tidy changes) so
the go.mod/go.sum are clean. If tests or tidy surface dependency issues, revert
or resolve them (adjust import usage or pin versions) and re-run tests and go
mod tidy until clean.

[dependabot]

Superseded by #1025.