codeready-toolchain · rsoaresd · Jan 8, 2026 · Dec 17, 2025 · Dec 17, 2025 · Dec 17, 2025
diff --git a/.govulncheck.yaml b/.govulncheck.yaml
@@ -1,61 +1 @@
-ignored-vulnerabilities:
-  # Panic when validating certificates with DSA public keys in crypto/x509
-  # Found in: crypto/x509@go1.23.12
-  # Fixed in: crypto/x509@go1.24.8
-  - id: GO-2025-4013
-    info: https://pkg.go.dev/vuln/GO-2025-4013
-    silence-until: 2026-01-09
-  # Lack of limit when parsing cookies can cause memory exhaustion in net/http
-  # Found in: net/http@go1.23.12
-  # Fixed in: net/http@go1.24.8
-  - id: GO-2025-4012
-    info: https://pkg.go.dev/vuln/GO-2025-4012
-    silence-until: 2026-01-09
-  # Parsing DER payload can cause memory exhaustion in encoding/asn1
-  # Found in: encoding/asn1@go1.23.12
-  # Fixed in: encoding/asn1@go1.24.8
-  - id: GO-2025-4011
-    info: https://pkg.go.dev/vuln/GO-2025-4011
-    silence-until: 2026-01-09
-  # Insufficient validation of bracketed IPv6 hostnames in net/url
-  # Found in: net/url@go1.23.12
-  # Fixed in: net/url@go1.24.8
-  - id: GO-2025-4010
-    info: https://pkg.go.dev/vuln/GO-2025-4010
-    silence-until: 2026-01-09
-  # Quadratic complexity when parsing some invalid inputs in encoding/pem
-  # Found in: encoding/pem@go1.23.12
-  # Fixed in: encoding/pem@go1.24.8
-  - id: GO-2025-4009
-    info: https://pkg.go.dev/vuln/GO-2025-4009
-    silence-until: 2026-01-09
-  # ALPN negotiation error contains attacker controlled information in crypto/tls
-  # Found in: crypto/tls@go1.23.12
-  # Fixed in: crypto/tls@go1.24.8
-  - id: GO-2025-4008
-    info: https://pkg.go.dev/vuln/GO-2025-4008
-    silence-until: 2026-01-09
-  # Quadratic complexity when checking name constraints in crypto/x509
-  # Found in: crypto/x509@go1.23.12
-  # Fixed in: crypto/x509@go1.24.9
-  - id: GO-2025-4007
-    info: https://pkg.go.dev/vuln/GO-2025-4007
-    silence-until: 2026-01-09
-  # Excessive CPU consumption in ParseAddress in net/mail
-  # Found in: net/mail@go1.23.12
-  # Fixed in: net/mail@go1.24.8
-  - id: GO-2025-4006
-    info: https://pkg.go.dev/vuln/GO-2025-4006
-    silence-until: 2026-01-09
-  # Excessive resource consumption when printing error string for host certificate validation in crypto/x509
-  # Found in: crypto/x509@go1.23.12
-  # Fixed in: crypto/x509@go1.24.11
-  - id: GO-2025-4155
-    info: https://pkg.go.dev/vuln/GO-2025-4155
-    silence-until: 2026-01-09
-  # Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
-  # Found in: crypto/x509@go1.23.12
-  # Fixed in: crypto/x509@go1.24.11
-  - id: GO-2025-4175
-    info: https://pkg.go.dev/vuln/GO-2025-4175
-    silence-until: 2026-01-09
+ignored-vulnerabilities: []
diff --git a/README.adoc b/README.adoc
@@ -8,7 +8,7 @@ This repo is for controllers, libs, scripts, make files, etc to be shared betwee
 
 == Build
 
-Requires Go version 1.23.x (1.23.12 or higher) - download for your development environment https://golang.org/dl/[here].
+Requires Go version 1.24.x (1.24.11 or higher) - download for your development environment https://golang.org/dl/[here].
 
 This repository uses https://github.com/golang/go/wiki/Modules[Go modules].
 

diff --git a/go.mod b/go.mod
@@ -1,28 +1,28 @@
 module github.com/codeready-toolchain/toolchain-common
 
-go 1.23.0
+go 1.24.0
 
-toolchain go1.23.12
+toolchain go1.24.11
 
 require (
 	github.com/go-logr/logr v1.4.2
 	github.com/golang-jwt/jwt/v5 v5.2.2
 	github.com/lestrrat-go/jwx v1.2.29
 	github.com/magiconair/properties v1.8.5
-	// using latest commit from 'github.com/openshift/api branch release-4.19'
-	github.com/openshift/api v0.0.0-20250903165707-ce7baf0afbc4
-	// using latest commit from 'github.com/openshift/library-go branch release-4.19'
-	github.com/openshift/library-go v0.0.0-20250826065405-6d18d1191f49
+	// using latest commit from 'github.com/openshift/api branch release-4.20'
+	github.com/openshift/api v0.0.0-20251202204302-1cb53e34ca33
+	// using latest commit from 'github.com/openshift/library-go branch release-4.20'
+	github.com/openshift/library-go v0.0.0-20251110200504-2685cf1242fc
 	github.com/pkg/errors v0.9.1
 	github.com/redhat-cop/operator-utils v1.3.8
 	github.com/stretchr/testify v1.10.0
 	gopkg.in/go-jose/go-jose.v2 v2.6.3
 	gopkg.in/h2non/gock.v1 v1.0.14
 	gotest.tools v2.2.0+incompatible
-	k8s.io/api v0.32.2
-	k8s.io/apimachinery v0.32.2
-	k8s.io/client-go v0.32.2
-	sigs.k8s.io/controller-runtime v0.20.4
+	k8s.io/api v0.33.2
+	k8s.io/apimachinery v0.33.2
+	k8s.io/client-go v0.33.2
+	sigs.k8s.io/controller-runtime v0.21.0
 )
 
 require (
@@ -32,12 +32,12 @@ require (
 	github.com/google/go-github/v52 v52.0.0
 	github.com/google/uuid v1.6.0
 	github.com/migueleliasweb/go-github-mock v0.0.18
-	github.com/prometheus/client_golang v1.19.1
+	github.com/prometheus/client_golang v1.22.0
 	github.com/prometheus/client_model v0.6.1
 	golang.org/x/oauth2 v0.27.0
 	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/kubectl v0.32.2
-	k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738
+	k8s.io/utils v0.0.0-20241210054802-24370beab758
 )
 
 require (
@@ -64,18 +64,17 @@ require (
 	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/goccy/go-json v0.10.2 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/btree v1.1.3 // indirect
-	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/gnostic-models v0.6.9 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
-	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 // indirect
 	github.com/huandu/xstrings v1.3.3 // indirect
 	github.com/imdario/mergo v0.3.12 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/lestrrat-go/backoff/v2 v2.0.8 // indirect
 	github.com/lestrrat-go/blackmagic v1.0.2 // indirect
 	github.com/lestrrat-go/httpcc v1.0.1 // indirect
@@ -91,7 +90,7 @@ require (
 	github.com/onsi/ginkgo/v2 v2.22.1 // indirect
 	github.com/onsi/gomega v1.36.2 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/prometheus/common v0.55.0 // indirect
+	github.com/prometheus/common v0.62.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/shopspring/decimal v1.2.0 // indirect
 	github.com/spf13/cast v1.3.1 // indirect
@@ -100,25 +99,28 @@ require (
 	github.com/xlab/treeprint v1.2.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
-	golang.org/x/crypto v0.36.0 // indirect
-	golang.org/x/net v0.38.0 // indirect
-	golang.org/x/sync v0.12.0 // indirect
-	golang.org/x/sys v0.31.0 // indirect
-	golang.org/x/term v0.30.0 // indirect
-	golang.org/x/text v0.23.0 // indirect
-	golang.org/x/time v0.7.0 // indirect
+	golang.org/x/crypto v0.37.0 // indirect
+	golang.org/x/net v0.39.0 // indirect
+	golang.org/x/sync v0.13.0 // indirect
+	golang.org/x/sys v0.32.0 // indirect
+	golang.org/x/term v0.31.0 // indirect
+	golang.org/x/text v0.24.0 // indirect
+	golang.org/x/time v0.9.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/protobuf v1.36.1 // indirect
+	google.golang.org/protobuf v1.36.5 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	k8s.io/apiextensions-apiserver v0.32.2 // indirect
+	k8s.io/apiextensions-apiserver v0.33.2 // indirect
 	k8s.io/cli-runtime v0.32.2 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
-	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
+	k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
+	sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect
 	sigs.k8s.io/kustomize/api v0.18.0 // indirect
 	sigs.k8s.io/kustomize/kyaml v0.18.1 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect
+	sigs.k8s.io/randfill v1.0.0 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )
+
+replace github.com/codeready-toolchain/api => github.com/rsoaresd/api v0.0.0-20251217161230-6834c424aeb8