Update k8s.io/kube-openapi digest to bc653b6

[red-hat-konflux-kflux-prd-rh02]

This PR contains the following updates:

Package	Type	Update	Change
k8s.io/kube-openapi	indirect	digest	aa012df → bc653b6

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Configuration

📅 Schedule: Branch creation - "on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign crizzo71 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @red-hat-konflux-kflux-prd-rh02[bot]. Thanks for your PR.

I'm waiting for a openshift-hyperfleet member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 328cfe1a-0c78-4168-b052-56f4a2f65271

📥 Commits

Reviewing files that changed from the base of the PR and between 5fa8cd7 and 9f5843d.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum, !**/go.sum

📒 Files selected for processing (1)

• go.mod

🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

• openshift-hyperfleet/architecture (manual)
• openshift-hyperfleet/hyperfleet-api (manual)
• openshift-hyperfleet/hyperfleet-sentinel (manual)
• openshift-hyperfleet/hyperfleet-adapter (manual)
• openshift-hyperfleet/hyperfleet-broker (manual)

🚧 Files skipped from review as they are similar to previous changes (1)

• go.mod

---

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Updated an indirect Go module dependency to a newer version.

Walkthrough

go.mod advances the indirect dependency k8s.io/kube-openapi from pseudo-version v0.0.0-20260520065146-aa012df4f4af to v0.0.0-20260618221249-bc653b64f974. No other dependencies, direct or indirect, are modified. No exported or public Go entities are affected.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

---

Supply chain surface (CWE-1357 — Reliance on Insufficiently Trustworthy Component): Pseudo-version bumps reference an exact commit hash rather than a signed release tag. Verify commit bc653b64f974 in kubernetes/kube-openapi against the expected upstream history before merging. Confirm go.sum was updated atomically with this go.mod change — a mismatched or missing go.sum entry is an integrity gap (CWE-345).

🚥 Pre-merge checks | ✅ 11

✅ Passed checks (11 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Update k8s.io/kube-openapi digest to bc653b6' accurately describes the primary change—updating a specific dependency digest.
Description check	✅ Passed	The description directly relates to the changeset, documenting the k8s.io/kube-openapi version update with configuration details.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output	✅ Passed	No log statements (slog, log, logr, zap, fmt.Print*) interpolate or expose tokens, passwords, credentials, or secrets. Review of ~1060 logging statements found only non-sensitive metadata logged.
No Hardcoded Secrets	✅ Passed	PR contains only a go.mod dependency update (k8s.io/kube-openapi digest change). No hardcoded credentials, API keys, tokens, passwords, private keys, or suspicious base64 strings found in productio...
No Weak Cryptography	✅ Passed	PR updates k8s.io/kube-openapi dependency (go.mod only). Zero source code changes. No weak cryptography detected: no crypto/md5, crypto/des, crypto/rc4, SHA1 abuse, ECB, or non-constant-time secret...
No Injection Vectors	✅ Passed	PR contains only go.mod/go.sum dependency version update. No source code changes. No injection patterns detected (CWE-89, CWE-78, CWE-79, CWE-502) in codebase.
No Privileged Containers	✅ Passed	Production-deployed containers enforce non-root (UID 65532), disallow privilege escalation, drop all capabilities, and use read-only root filesystem. Documentation example in test/integration/READM...
No Pii Or Sensitive Data In Logs	✅ Passed	PR contains only a k8s.io/kube-openapi dependency version update in go.mod (+1/-1 lines). No new logging statements or code introduced, so PII/sensitive data logging check is not applicable.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch konflux/mintmaker/main/k8s.io-kube-openapi-digest

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch konflux/mintmaker/main/k8s.io-kube-openapi-digest

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}