Update golang.org/x/exp digest to c48552f

[red-hat-konflux-kflux-prd-rh02]

This PR contains the following updates:

Package	Type	Update	Change
golang.org/x/exp	indirect	digest	c761662 → c48552f

---

Configuration

📅 Schedule: Branch creation - "on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux-kflux-prd-rh02]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated

Details:

Package	Change
golang.org/x/sync	v0.20.0 -> v0.21.0

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 2fde7dae-e5d0-4aed-9cb5-56c05abfb0d4

📥 Commits

Reviewing files that changed from the base of the PR and between 7f49e34 and 27dad1e.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum, !**/go.sum

📒 Files selected for processing (1)

• go.mod

🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

• openshift-hyperfleet/architecture (manual)
• openshift-hyperfleet/hyperfleet-api (manual)
• openshift-hyperfleet/hyperfleet-sentinel (manual)
• openshift-hyperfleet/hyperfleet-adapter (manual)
• openshift-hyperfleet/hyperfleet-broker (manual)

---

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Updated indirect Go module dependencies to newer versions.

Walkthrough

go.mod indirect dependency versions are updated: golang.org/x/exp and golang.org/x/sync are each bumped to newer pseudo-versions. No direct dependencies, exported entities, or application logic are modified.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

---

Supply chain flags for this change:

• Verify both pseudo-versions resolve to commits on the canonical golang.org/x repository — pseudo-version commits are not release-tagged and can reference arbitrary commits (CWE-829: Inclusion of Functionality from Untrusted Control Sphere).
• Confirm go.sum entries for both updated modules are present and match expected hashes. A missing or altered go.sum entry is a known supply chain vector.
• golang.org/x/sync is used in concurrency primitives across the adapter and broker. Confirm no behavioral changes in errgroup, semaphore, or singleflight in the delta between the old and new commit SHAs.
• golang.org/x/exp exposes experimental APIs. Audit whether any new symbols introduced in the bumped commit are transitively callable from the adapter's control plane paths.
• No CVE IDs are currently assigned to these specific pseudo-versions; validate against the Go vulnerability database (govulncheck) before merging.

🚥 Pre-merge checks | ✅ 11

✅ Passed checks (11 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title accurately reflects the main change: updating golang.org/x/exp dependency to a specific digest.
Description check	✅ Passed	Description directly relates to the changeset, documenting the golang.org/x/exp digest update and providing relevant configuration context.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output	✅ Passed	No log statements (slog, log, logr, zap, fmt.Print*) found containing tokens, passwords, credentials, or secrets. PR modifies only dependency files (go.mod, go.sum) with no code logic changes.
No Hardcoded Secrets	✅ Passed	PR updates golang.org/x/exp dependency with legitimate Go pseudo-version hashes. No hardcoded API keys, tokens, passwords, private keys, credentials, or suspicious base64 strings detected in go.mod.
No Weak Cryptography	✅ Passed	golang.org/x/exp (experimental packages) and golang.org/x/sync (concurrency primitives) are non-cryptographic indirect dependencies. Neither introduces banned crypto primitives, weak hashing, or cu...
No Injection Vectors	✅ Passed	No injection vectors (CWE-89, CWE-78, CWE-79, CWE-502) detected. yaml.Unmarshal calls parse only trusted admin-managed configuration; no SQL queries, exec.Command, or template.HTML patterns found.
No Privileged Containers	✅ Passed	No privileged container configurations found. Dockerfiles run as non-root (65532/1001) in final stages with documented temporary root access for build setup. Helm values enforce allowPrivilegeEscal...
No Pii Or Sensitive Data In Logs	✅ Passed	Debug-level logging of API request payloads in executor/utils.go is disabled by default (log level="info"). Users must explicitly set LOG_LEVEL=debug to expose payloads. Per check instructions, deb...

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch konflux/mintmaker/main/golang.org-x-exp-digest

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch konflux/mintmaker/main/golang.org-x-exp-digest

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

Hi @red-hat-konflux-kflux-prd-rh02[bot]. Thanks for your PR.

I'm waiting for a openshift-hyperfleet member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[ciaranRoche]

/ok-to-test

[ciaranRoche]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ciaranRoche

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [ciaranRoche]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[hyperfleet-ci-bot]

Risk Score: 0 — risk/low

Signal	Detail	Points
PR size	20 lines	+0
Sensitive paths	none	+0

_{Computed by hyperfleet-risk-scorer}