Update k8s.io/kube-openapi digest to 865597e

[red-hat-konflux-kflux-prd-rh02]

This PR contains the following updates:

Package	Type	Update	Change
k8s.io/kube-openapi	indirect	digest	aa012df → 865597e

---

Configuration

📅 Schedule: Branch creation - "on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign crizzo71 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @red-hat-konflux-kflux-prd-rh02[bot]. Thanks for your PR.

I'm waiting for a openshift-hyperfleet member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 7b87b9a7-3e15-46b1-b3b7-01b2a4fbd00b

📥 Commits

Reviewing files that changed from the base of the PR and between defc3af and 5fa8cd7.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum, !**/go.sum

📒 Files selected for processing (1)

• go.mod

🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

• openshift-hyperfleet/architecture (manual)
• openshift-hyperfleet/hyperfleet-api (manual)
• openshift-hyperfleet/hyperfleet-sentinel (manual)
• openshift-hyperfleet/hyperfleet-adapter (manual)
• openshift-hyperfleet/hyperfleet-broker (manual)

---

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Updated indirect dependencies to latest versions.

Walkthrough

go.mod advances the indirect dependency k8s.io/kube-openapi from pseudo-version v0.0.0-20260520065146-aa012df4f4af to v0.0.0-20260603220949-865597e52e25. No other dependencies, direct or indirect, are modified. No exported or public Go entities are affected.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

---

Supply chain surface (CWE-1357 — Reliance on Insufficiently Trustworthy Component): Pseudo-version bumps reference an exact commit hash rather than a signed release tag. Verify commit 865597e52e25 in kubernetes/kube-openapi against the expected upstream history before merging. Confirm go.sum was updated atomically with this go.mod change — a mismatched or missing go.sum entry is a integrity gap (CWE-345).

🚥 Pre-merge checks | ✅ 11

✅ Passed checks (11 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: updating the k8s.io/kube-openapi dependency digest to a specific commit hash.
Description check	✅ Passed	The description is related to the changeset, providing dependency update details in a structured format with package name, type, and version change information.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output	✅ Passed	PR only updates go.mod dependency version; no source code changes or log statements present. No secrets exposed in log output.
No Hardcoded Secrets	✅ Passed	PR updates k8s.io/kube-openapi dependency digest in go.mod/go.sum only. No hardcoded secrets, API keys, tokens, passwords, private keys, embedded credentials, or suspicious base64 strings found. Pr...
No Weak Cryptography	✅ Passed	PR updates k8s.io/kube-openapi dependency version only. No weak cryptographic primitives (MD5, DES, RC4, SHA1 for security), ECB mode, or insecure comparisons detected in codebase.
No Injection Vectors	✅ Passed	No injection vectors introduced or detected. PR only updates k8s.io/kube-openapi dependency digest in go.mod; no source code changes. No SQL concatenation, exec.Command, template.HTML, or unsafe ya...
No Privileged Containers	✅ Passed	PR updates only go.mod dependency; no Kubernetes/Helm/Dockerfile changes. No privileged container configurations (privileged: true, hostPID, hostNetwork, hostIPC, SYS_ADMIN, allowPrivilegeEscalatio...
No Pii Or Sensitive Data In Logs	✅ Passed	Scanned 128 Go files with 292 total logging calls. No logging statements expose PII (emails, SSNs, credit cards), session IDs, raw request/response bodies, or credentials.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch konflux/mintmaker/main/k8s.io-kube-openapi-digest

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch konflux/mintmaker/main/k8s.io-kube-openapi-digest

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}