Skip to content

NO-JIRA: Bump gitignore dependency#2303

Merged
openshift-merge-bot[bot] merged 1 commit into
openshift:mainfrom
rh-roman:bump-gitignore
Jul 8, 2026
Merged

NO-JIRA: Bump gitignore dependency#2303
openshift-merge-bot[bot] merged 1 commit into
openshift:mainfrom
rh-roman:bump-gitignore

Conversation

@rh-roman

@rh-roman rh-roman commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

joelanford/ignore pulls in a vulnerable version of go-git. Vulnerable
code isn't in the execution path, but gets flagged in security scans.
See https://redhat.atlassian.net/browse/OCPBUGS-97660

Updating ignore dependency to latest, which pulls in a non-vulnerable
go-git and doesn't trip security scans.

Summary by CodeRabbit

  • Chores
    • Updated several third-party dependencies to newer versions for improved stability and compatibility.
    • Included newer versions of networking and Git-related libraries, along with a refreshed experimental package.

joelanford/ignore pulls in a vulnerable version of go-git. Vulnerable
code isn't in the execution path, but gets flagged in security scans.
See https://redhat.atlassian.net/browse/OCPBUGS-97660

Updating ignore dependency to latest, which pulls in a non-vulnerable
go-git and doesn't trip security scans.
@openshift-ci openshift-ci Bot requested review from atiratree and tchap July 8, 2026 08:19
@rh-roman rh-roman changed the title Bump gitignore dependency NO-JIRA: Bump gitignore dependency Jul 8, 2026
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jul 8, 2026
@openshift-ci-robot

Copy link
Copy Markdown

@rh-roman: This pull request explicitly references no jira issue.

Details

In response to this:

joelanford/ignore pulls in a vulnerable version of go-git. Vulnerable
code isn't in the execution path, but gets flagged in security scans.
See https://redhat.atlassian.net/browse/OCPBUGS-97660

Updating ignore dependency to latest, which pulls in a non-vulnerable
go-git and doesn't trip security scans.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown

Caution

Review failed

An error occurred during the review process. Please try again later.

Walkthrough

This change updates four indirect Go module dependency versions in go.mod: joelanford/ignore, golang.org/x/net, go-git/go-billy and go-git/v5, and golang.org/x/exp, without altering any exported or public entities.

Changes

Dependency updates

Layer / File(s) Summary
Indirect dependency version bumps
go.mod
Updates versions for github.com/joelanford/ignore (v0.1.1→v0.1.2), golang.org/x/net (v0.55.0→v0.56.0), github.com/go-git/go-billy/v5 (v5.6.1→v5.9.0), github.com/go-git/go-git/v5 (v5.13.1→v5.19.1), and golang.org/x/exp (newer pseudo-version).

Estimated code review effort: 1 (Trivial) | ~3 minutes

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Warning

Tools execution failed with the following error:

Failed to run tools: 13 INTERNAL: Received RST_STREAM with code 2 (Internal server error)


Comment @coderabbitai help to get the list of available commands.

@atiratree

Copy link
Copy Markdown
Member

/lgtm
/approve
/verified by ci

@openshift-ci-robot openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label Jul 8, 2026
@openshift-ci-robot

Copy link
Copy Markdown

@atiratree: This PR has been marked as verified by ci.

Details

In response to this:

/lgtm
/approve
/verified by ci

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci

openshift-ci Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: atiratree, rh-roman

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. labels Jul 8, 2026
@openshift-ci

openshift-ci Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

@rh-roman: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-merge-bot openshift-merge-bot Bot merged commit 0ec4cb0 into openshift:main Jul 8, 2026
18 checks passed
@rh-roman rh-roman deleted the bump-gitignore branch July 8, 2026 13:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. verified Signifies that the PR passed pre-merge verification criteria

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants