Update google.golang.org/genproto/googleapis/api digest to b703f56

[red-hat-konflux-kflux-prd-rh02]

This PR contains the following updates:

Package	Type	Update	Change
google.golang.org/genproto/googleapis/api	indirect	digest	9d38bb4 → b703f56

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "on monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux-kflux-prd-rh02]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go get -t ./...
go: downloading cloud.google.com/go/pubsub/v2 v2.4.0
go: downloading google.golang.org/grpc v1.80.0
go: downloading golang.org/x/sys v0.42.0
go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20260622175928-b703f567277d
go: downloading golang.org/x/text v0.35.0
go: downloading google.golang.org/genproto v0.0.0-20260209200024-4cfbd4190f57
go: downloading github.com/googleapis/gax-go/v2 v2.17.0
go: downloading google.golang.org/api v0.266.0
go: downloading golang.org/x/net v0.52.0
go: downloading golang.org/x/oauth2 v0.35.0
go: downloading cloud.google.com/go/iam v1.5.3
go: downloading cloud.google.com/go/auth v0.18.1
go: downloading golang.org/x/time v0.14.0
go: downloading github.com/googleapis/enterprise-certificate-proxy v0.3.12
go: downloading golang.org/x/crypto v0.49.0
go: github.com/openshift-hyperfleet/hyperfleet-sentinel/internal/client imports
	github.com/openshift-hyperfleet/hyperfleet-sentinel/pkg/api/openapi: cannot find module providing package github.com/openshift-hyperfleet/hyperfleet-sentinel/pkg/api/openapi

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign jsell-rh for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @red-hat-konflux-kflux-prd-rh02[bot]. Thanks for your PR.

I'm waiting for a openshift-hyperfleet member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

📝 Walkthrough

Walkthrough

go.mod updates one indirect dependency: google.golang.org/genproto/googleapis/api moves from pseudo-version v0.0.0-20260401024825-9d38bb4040a9 to v0.0.0-20260622175928-b703f567277d. No exported or public API declarations are changed.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

---

Supply chain surface — verify before merging (CWE-1357, CWE-693):

• Confirm go.sum contains a matching entry for v0.0.0-20260622175928-b703f567277d with the expected hash. A go.mod bump without a corresponding go.sum update is a red flag.
• Validate the commit b703f567277d in the upstream googleapis/go-genproto repository maps to an expected, reviewed state. Pseudo-version timestamps can be spoofed in fork scenarios.
• google.golang.org/genproto/googleapis/api surfaces gRPC API descriptors consumed by the Sentinel and Adapter components. Any change in proto-generated types could silently alter wire compatibility with the Broker.
• Ensure CI runs go mod verify to detect tampered module content after this bump.

🚥 Pre-merge checks | ✅ 10 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
No Injection Vectors	⚠️ Warning	FAIL: internal/client/client.go:223-233 builds a TSL search query from YAML resource_selector.label via fmt.Sprintf; label keys are unvalidated and user-controlled (CWE-74/CWE-89 style).	Validate/whitelist label keys before composing the search string, or map them to approved fields and reject unsafe characters; keep value escaping for both fields.

✅ Passed checks (10 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title matches the go.mod digest bump for genproto/api.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output	✅ Passed	No CWE-532 secret-in-log pattern found; PR only updates go.mod, and repo scan found no non-test/example log statements with token/password/credential/secret fields or interpolations.
No Hardcoded Secrets	✅ Passed	PASS: go.mod only bumps an indirect dependency; no hardcoded credentials, embedded URLs, or long base64 literals found. CWE-798 not present.
No Weak Cryptography	✅ Passed	Only a go.mod bump; no weak crypto primitives, custom crypto, or secret compares found (CWE-327).
No Privileged Containers	✅ Passed	PR only updates go.mod; diff shows no Kubernetes/OpenShift manifests, Helm templates, or Dockerfiles changed, so no new CWE-250/CWE-266 privilege surface.
No Pii Or Sensitive Data In Logs	✅ Passed	Dependency-only go.mod digest bump; no log/slog/zap/fmt.Print* code changed, so no CWE-532 PII-in-logs risk introduced.
Description check	✅ Passed	The description matches the dependency digest update shown in the changeset.

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch konflux/mintmaker/main/google.golang.org-genproto-googleapis-api-digest

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch konflux/mintmaker/main/google.golang.org-genproto-googleapis-api-digest

---

_{Comment @coderabbitai help to get the list of available commands.}