Update k8s.io/kube-openapi digest to 8f3fa49

[red-hat-konflux-kflux-prd-rh02]

This PR contains the following updates:

Package	Type	Update	Change
k8s.io/kube-openapi	indirect	digest	aa012df → 8f3fa49

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "on monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign sherine-k for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @red-hat-konflux-kflux-prd-rh02[bot]. Thanks for your PR.

I'm waiting for a openshift-hyperfleet member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

📝 Walkthrough

Walkthrough

go.mod updates the indirect dependency k8s.io/kube-openapi from pseudo-version v0.0.0-20260520065146-aa012df4f4af to v0.0.0-20260624041617-8f3fa4921821. No other files are changed; go.sum is not shown in this diff.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

---

Supply chain flag: Pseudo-version commits are not tagged releases — verify the commit 8f3fa4921821 in kubernetes/kube-openapi maps to an expected, reviewed commit and is not a malicious injection (CWE-829: Inclusion of Functionality from Untrusted Control Sphere). Confirm go.sum was updated and matches; a missing or stale go.sum entry is a bypass of Go's module authentication (CWE-494). No CVEs currently tracked against this specific commit range, but the gap should be audited against the upstream changelog.

🚥 Pre-merge checks | ✅ 11

✅ Passed checks (11 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately names the k8s.io/kube-openapi digest update in the diff.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output	✅ Passed	Only go.mod and go.sum changed; no non-test/example log statements with token/password/credential/secret fields or interpolations were introduced.
No Hardcoded Secrets	✅ Passed	No CWE-798/CWE-321 issue: go.mod only bumps k8s.io/kube-openapi, with no apiKey/secret/token/password literals or embedded credentials.
No Weak Cryptography	✅ Passed	PASS: Only go.mod changed; repo scan found no CWE-327/CWE-208 patterns (md5/des/rc4/SHA1-for-security/ECB/secret compares).
No Injection Vectors	✅ Passed	Dependency-only go.mod/go.sum bump; no application code changed, so no new CWE-89/CWE-78/CWE-79/CWE-502 injection sink was introduced.
No Privileged Containers	✅ Passed	PASS: PR only changes go.mod/go.sum; no Kubernetes/OpenShift manifests, Helm templates, or Dockerfiles were touched, so no privileged settings were introduced (CWE-250).
No Pii Or Sensitive Data In Logs	✅ Passed	PASS: dependency-only go.mod update; no code/log statements changed, so no CWE-532 exposure added.
Description check	✅ Passed	The description matches the dependency digest update shown in the changeset.

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch konflux/mintmaker/main/k8s.io-kube-openapi-digest

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch konflux/mintmaker/main/k8s.io-kube-openapi-digest

---

_{Comment @coderabbitai help to get the list of available commands.}