Cve Bumps for RHTAS

[tommyd450]

Essentially the same as #3221 Just cleaned up.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 89f998a6-e57a-428a-9cd1-4535984aa663

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[qodo-code-review]

ⓘ You are approaching your monthly quota for Qodo. Upgrade your plan

Review Summary by Qodo

Update dependencies and fix cosign API compatibility for RHTAS

✨ Enhancement 🐞 Bug fix

Walkthroughs

Description

• Update Go dependencies to latest versions for security and compatibility
  - jose/v3 and v4 upgraded to latest patch versions
  - sigstore packages (cosign, rekor, sigstore) updated to v2.6.2, v1.5.0, v1.10.4
  - tektoncd/pipeline upgraded from v0.70.0 to v1.9.1
  - buildkit updated to v0.28.1
  - docker/docker updated to v28.5.2
• Fix cosign.LoadPrivateKey API call with additional nil parameter
• Add moby/go-archive v0.1.0 replace directive for docker/docker compatibility
• Update OPA documentation to reflect latest CLI flag descriptions and examples

Diagram

flowchart LR
  A["Dependency Updates"] --> B["Go Modules"]
  A --> C["Security Patches"]
  D["API Changes"] --> E["cosign.LoadPrivateKey"]
  F["Compatibility Fixes"] --> G["moby/go-archive Replace"]
  H["Documentation Updates"] --> I["OPA CLI Docs"]
  B --> J["Final Build"]
  C --> J
  E --> J
  G --> J
  I --> J

Loading

File Changes

1. acceptance/crypto/keys.go 🐞 Bug fix +1/-1

Fix cosign LoadPrivateKey API call signature

acceptance/crypto/keys.go

---

2. go.mod Dependencies +158/-120

Update all Go dependencies to latest versions

go.mod

---

3. acceptance/go.mod Dependencies +99/-91

Update acceptance test dependencies

acceptance/go.mod

---

View more (11)

4. tools/go.mod Dependencies +2/-2

Update go-jose versions in tools

tools/go.mod

---

5. tools/go.sum Dependencies +4/-0

Update checksums for go-jose packages

tools/go.sum

---

6. go.sum Dependencies +390/-1330

Update checksums for all dependencies

go.sum

---

7. acceptance/go.sum Dependencies +337/-418

Update acceptance test checksums

acceptance/go.sum

---

8. docs/modules/ROOT/pages/ec_opa_run.adoc 📝 Documentation +3/-3

Update OPA run command documentation

docs/modules/ROOT/pages/ec_opa_run.adoc

---

9. docs/modules/ROOT/pages/ec_opa_test.adoc 📝 Documentation +3/-1

Add new OPA test command flags documentation

docs/modules/ROOT/pages/ec_opa_test.adoc

---

10. docs/modules/ROOT/pages/ec_opa_inspect.adoc 📝 Documentation +8/-8

Update OPA inspect command documentation

docs/modules/ROOT/pages/ec_opa_inspect.adoc

---

11. docs/modules/ROOT/pages/ec_opa_build.adoc 📝 Documentation +6/-6

Fix formatting in OPA build documentation

docs/modules/ROOT/pages/ec_opa_build.adoc

---

12. docs/modules/ROOT/pages/ec_opa_exec.adoc 📝 Documentation +4/-3

Update OPA exec command documentation

docs/modules/ROOT/pages/ec_opa_exec.adoc

---

13. docs/modules/ROOT/pages/ec_opa_sign.adoc 📝 Documentation +1/-1

Fix grammar in OPA sign documentation

docs/modules/ROOT/pages/ec_opa_sign.adoc

---

14. docs/modules/ROOT/pages/ec_opa_bench.adoc 📝 Documentation +1/-0

Add benchmarking flags documentation

docs/modules/ROOT/pages/ec_opa_bench.adoc

---

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (1)   📘 Rule violations (0)   📎 Requirement gaps (0)

🐞\ ⚙ Maintainability (1)

1. Non-gofmt code formatting ☑ 🐞 ⚙

Description

acceptance/crypto/keys.go adds a cosign.LoadPrivateKey call that is not gofmt/goimports formatted
(missing space after comma), which will be reported by the enabled goimports linter and can block
CI.

Code

acceptance/crypto/keys.go[104]

+	return cosign.LoadPrivateKey(key.PrivateBytes, key.Password(),nil)

Evidence

The modified line is not gofmt formatted (,nil instead of , nil). This repo enables the
goimports linter via golangci-lint, which enforces goimports/gofmt formatting and will flag the file
as not properly formatted.

acceptance/crypto/keys.go[97-105]
.golangci.yaml[16-27]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`acceptance/crypto/keys.go` is not gofmt/goimports formatted after updating the `cosign.LoadPrivateKey` call (`...,nil)`), which can cause golangci-lint's `goimports` linter to fail.
### Issue Context
The repository's golangci-lint configuration enables `goimports`, which checks formatting.
### Fix Focus Areas
- acceptance/crypto/keys.go[101-105]
### Suggested change
Update the line to be gofmt-compliant, e.g.:

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

2. Docs command spacing error 🐞 ⚙

Description

docs/modules/ROOT/pages/ec_opa_test.adoc introduces an extra space in the benchmark command example
($  opa ...), making the example inconsistent and harder to copy/paste reliably.

Code

docs/modules/ROOT/pages/ec_opa_test.adoc[68]

+	$  opa test --bench ./example/

Evidence

The benchmark example line now contains two spaces after $, which is inconsistent with typical
shell examples and with surrounding examples in the same document.

docs/modules/ROOT/pages/ec_opa_test.adoc[60-70]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
A docs example has an extra space after the shell prompt (`$  opa ...`), reducing consistency and copy/paste quality.
### Issue Context
This is in the `Example benchmark run:` section.
### Fix Focus Areas
- docs/modules/ROOT/pages/ec_opa_test.adoc[66-69]
### Suggested change
Change:

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

ⓘ The new review experience is currently in Beta. Learn more

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

Flag	Coverage Δ
generative	69.55% <ø> (ø)
integration	69.55% <ø> (ø)
unit	69.55% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[simonbaird]

I think the tekton update is causing some problems with the way we start up the cluster:

Error: accumulating resources: accumulation err='accumulating resources from '../tekton': '/tmp/tmp.L88956Ry4P/hack/tekton' must resolve to a file': recursed accumulation of path '/tmp/tmp.L88956Ry4P/hack/tekton': missing kind in object {{ } {{ } map[] map[config.kubernetes.io/path:_.yaml internal.config.kubernetes.io/path:_.yaml]}}

I'll see if I can figure it out. There is another snapshot change related to the opa update, but that should be easier to fix.

[simonbaird]

/ok-to-test

[simonbaird]

/ok-to-test

[simonbaird]

/ok-to-test

[simonbaird]

Let's merge!