chore(deps): update non-k8s-go-dependencies (major)

[red-hat-konflux]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/hashicorp/go-hclog	v0.14.1 → v1.6.3
github.com/openshift/velero	v0.10.2-0.20260323191807-216dd62a1caf → v1.2.0
go.yaml.in/yaml/v2	v2.4.3 → v3.0.4
gomodules.xyz/jsonpatch/v2	v2.5.0 → v3.0.1
gopkg.in/evanphx/json-patch.v4	v4.13.0 → v5.9.11

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

hashicorp/go-hclog (github.com/hashicorp/go-hclog)

v1.6.3: Optional JSON escaping

Compare Source

What's Changed

• hclogvet: updates for go1.22 by @​shoenig in #​138
• support configure json escape when log in json format by @​Ericwww in #​141

New Contributors

• @​Ericwww made their first contribution in #​141

Full Changelog: hashicorp/go-hclog@v1.6.2...v1.6.3

v1.6.2: Fix level syncing

Compare Source

What's Changed

• Conside if the level is to be used separately from if the levels should be calculated by @​evanphx in #​137

Full Changelog: hashicorp/go-hclog@v1.6.1...v1.6.2

v1.6.1: Fix forcing color

Compare Source

What's Changed

• Fix colors not being forced on correctly. by @​evanphx in #​136

Full Changelog: hashicorp/go-hclog@v1.6.0...v1.6.1

v1.6.0: New level inheritance mode

Compare Source

This release adds the ability to have sub-loggers arrange themselves into a tree and sync the level changes downward in the tree.

What's Changed

• SEC-090: Automated trusted workflow pinning (2023-04-03) by @​hashicorp-tsccr in #​128
• Docs: InferLevelsWithTimestamp relies on InferLevels being true by @​peteski22 in #​135
• Implement the ability to more logically share level hierarchies by @​evanphx in #​134

New Contributors

• @​hashicorp-tsccr made their first contribution in #​128
• @​peteski22 made their first contribution in #​135

Full Changelog: hashicorp/go-hclog@v1.5.0...v1.6.0

v1.5.0: Better color and sublogger mods

Compare Source

What's Changed

• Update LICENSE by @​CalebAlbers in #​121
• build: update to go1.20 and x/tools to 0.5.0 by @​shoenig in #​125
• Improve AutoColor functionality by @​evanphx in #​123
• Add ability to wrap new subloggers by @​evanphx in #​126
• [COMPLIANCE] Add Copyright and License Headers by @​hashicorp-copywrite in #​124

New Contributors

• @​CalebAlbers made their first contribution in #​121
• @​hashicorp-copywrite made their first contribution in #​124

Full Changelog: hashicorp/go-hclog@v1.4.0...v1.5.0

v1.4.0: Add GetLevel

Compare Source

What it says on the tin, add GetLevel to the Logger interface.

What's Changed

• Add GetLevel to Logger interface by @​evanphx in #​120

Full Changelog: hashicorp/go-hclog@v1.3.1...v1.4.0

v1.3.1: Improved multi line output rendering

Compare Source

What's Changed

• When rendering multiple line output, still quote the individual lines by @​evanphx in #​119

Full Changelog: hashicorp/go-hclog@v1.3.0...v1.3.1

v1.3.0: Field Colorization

Compare Source

This version adds the ability to colorize fields for improved readability.

What's Changed

• build: update go tools dependency by @​pkazmierczak in #​117
• Add ColorHeaderAndFields logger option by @​picatz in #​118

New Contributors

• @​pkazmierczak made their first contribution in #​117
• @​picatz made their first contribution in #​118

Full Changelog: hashicorp/go-hclog@v1.2.2...v1.3.0

v1.2.2: Minor formatting fix

Compare Source

What's Changed

• fix various typos in comments by @​marco-m in #​115
• Omit empty colon when message is empty. Fixes #​109 by @​evanphx in #​116

Full Changelog: hashicorp/go-hclog@v1.2.1...v1.2.2

v1.2.1: testify/go.yaml fix

Compare Source

This bumps the version of testify and go.yaml that are referenced by go-hclog to fix a security issue in go.yaml.

v1.2.0: More Restrained Color

Compare Source

What's Changed

• Add Windows, MacOS to GitHub Actions build matrix by @​dolmen in #​107
• Add ability to only colorize the header, not the whole log message by @​evanphx in #​108

New Contributors

• @​dolmen made their first contribution in #​107

Full Changelog: hashicorp/go-hclog@v1.1.0...v1.2.0

v1.1.0: Time and Infer improvements

Compare Source

What's Changed

• Set raw=true when special casing empty strings by @​angrycub in #​102
• Add InferLevelsWithTimestamp option by @​lgfa29 in #​101
• Add support for custom timestamp. Closes #​103 by @​binaek in #​104

New Contributors

• @​angrycub made their first contribution in #​102
• @​lgfa29 made their first contribution in #​101
• @​binaek made their first contribution in #​104

Full Changelog: hashicorp/go-hclog@v0.17...v1.1.0

v1.0.0: Stable Release

Compare Source

This release represents the stable API for go-hclog. It is being used across the fleet of HashiCorp projects and tools, as well as across the Go service landscape.

v0.16.2

Compare Source

IMPROVEMENTS

• add Quote type to enable safe concise output of untrusted strings #​96

BUG FIXES

• Fix slicing of WARN when detecting log levels #​94

v0.16.1: Add ability to remove wrappers from file:line

Compare Source

v0.16.0: Improve hclogvet and plaintext rendering

Compare Source

v0.15.0

Compare Source

• Add new level Off, which provides a level for filtering all output.
• Add LoggerOptions.IndependentLevels, allowing sub-loggers to set their level independently from the parent.

openshift/velero (github.com/openshift/velero)

v1.2.0

Compare Source

v1.1.0

Compare Source

yaml/go-yaml (go.yaml.in/yaml/v2)

v3.0.4

Compare Source

v3.0.3

Compare Source

v3.0.2

Compare Source

v3.0.1

Compare Source

v3.0.0

Compare Source

v2.4.4

Compare Source

gomodules/jsonpatch (gomodules.xyz/jsonpatch/v2)

v3.0.1

Compare Source

This release uses our forked gomodules/orderedmap library. Our forked version has 2 major changes:

• Uses *OrderedMap instead of OrderedMap inside nested orderedmaps.
• I ported unstructured helpers from Kubernetes to work with orderedmaps.

v3.0.0

Compare Source

This release uses iancoleman/orderedmap to generate predictable patch. This is very useful if the generated patch is checked into a VCS like git.

evanphx/json-patch (gopkg.in/evanphx/json-patch.v4)

v5.9.11

Compare Source

What's Changed

• Export errBadJSONDoc and errBadJSONPatch errors by @​skitt in #​209

Full Changelog: evanphx/json-patch@v5.9.10...v5.9.11

v5.9.10

Compare Source

What's Changed

• Drop the reference to gopkg.in for v5 by @​skitt in #​203
• remove unmaintained errors pkg(github.com/pkg/errors) by @​koba1t in #​206

New Contributors

• @​skitt made their first contribution in #​203
• @​koba1t made their first contribution in #​206

Full Changelog: evanphx/json-patch@v5.9.0...v5.9.10

v5.9.0

Compare Source

What's Changed

• Validate that the partialDoc is decoded correctly by @​evanphx in #​201
• Add option to control if the output is HTMLEscaped by @​evanphx in #​202

Full Changelog: evanphx/json-patch@v5.8.1...v5.9.0

v5.8.1: Fix API breakage

Compare Source

This PR fixes Operation containing a reference to internal/json and breaking the ability to manually compose one. This restores that ability using a type alias.

Full Changelog: evanphx/json-patch@v5.8.0...v5.8.1

v5.8.0: Blargh Phixs and Empathyprovements

Compare Source

This release fixes a few stray panics, addresses large number accuracy, and improves performance!

What's Changed

• Compare strings after decoding them to handle unicode correctly. Fixes #​172 by @​evanphx in #​195
• Always use UseNumber() to avoid float64 lossyness by @​evanphx in #​194
• Handle null correctly when introduced by replace. Fixes #​171 by @​evanphx in #​196
• Handle from="" more properly. Fixes #​192 by @​evanphx in #​193
• Improve performance by @​evanphx in #​197

Full Changelog: evanphx/json-patch@v5.7.0...v5.8.0

v5.7.0: The 2023 Release

Compare Source

What's Changed

• Fix invalid sprintf by @​howardjohn in #​152
• Add CIFuzz GitHub action by @​DavidKorczynski in #​167
• README: Remove Travis by @​ohkinozomu in #​164
• Updated min supported version to go 1.18 by @​Neo2308 in #​181
• Added dependabot by @​Neo2308 in #​182
• Pre-flight DecodePatch validation: Issue #​177 by @​radwaretaltr in #​180
• Check if raw is a null pointer for findObject by @​JosieLi-Google in #​173
• Bump actions/checkout from 2 to 4 by @​dependabot in #​187
• Fix panic on test op by @​erickertz in #​158

New Contributors

• @​howardjohn made their first contribution in #​152
• @​DavidKorczynski made their first contribution in #​167
• @​ohkinozomu made their first contribution in #​164
• @​Neo2308 made their first contribution in #​181
• @​radwaretaltr made their first contribution in #​180
• @​JosieLi-Google made their first contribution in #​173
• @​dependabot made their first contribution in #​187
• @​erickertz made their first contribution in #​158

Full Changelog: evanphx/json-patch@v5.6.0...v5.7.0

v5.6.0: Bug fixes

Compare Source

What's Changed

• Function ensurePathExists should handle appending correctly by @​MarcelMue in #​148
• Fix partial negative indice support in v4 by @​zqzten in #​146

New Contributors

• @​MarcelMue made their first contribution in #​148
• @​zqzten made their first contribution in #​146

Full Changelog: evanphx/json-patch@v5.5.0...v5.6.0

v5.5.0: Better null handling

Compare Source

This incorporates a few fixes related to how nulls are handles in array's and objects.

v5.3.0: Fix zero sized document crash

Compare Source

This fixes a crash bug where submitted an empty slice as the document would panic.

v5.2.0

Compare Source

v5.1.0

Compare Source

v5.0.0: Proper Go modules release

Compare Source

This release has a proper /v5 directory, unlike the previous releases that did not have a /v4 dir. Thanks to @​BenTheElder for getting this sorted out!

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go get -t ./...
go: downloading github.com/openshift/velero v1.2.0
go: downloading github.com/openshift/hypershift/api v0.0.0-20260417092826-5431b93cee3c
go: downloading github.com/openshift/hive/apis v0.0.0-20241220022629-3f49f26197ff
go: downloading golang.org/x/sys v0.42.0
go: downloading golang.org/x/net v0.52.0
go: downloading github.com/openshift/custom-resource-status v1.1.3-0.20220503160415-f2fdb4999d87
go: downloading go.yaml.in/yaml/v2 v2.4.3
go: downloading github.com/fxamacker/cbor/v2 v2.9.0
go: downloading github.com/google/gnostic-models v0.7.0
go: downloading github.com/go-openapi/jsonreference v0.21.0
go: downloading github.com/go-openapi/swag v0.23.1
go: downloading github.com/prometheus/procfs v0.16.1
go: downloading github.com/go-openapi/jsonpointer v0.21.1
go: downloading github.com/mailru/easyjson v0.9.0
go: downloading golang.org/x/term v0.41.0
go: downloading golang.org/x/time v0.14.0
go: downloading golang.org/x/oauth2 v0.35.0
go: downloading github.com/emicklei/go-restful/v3 v3.12.2
go: downloading github.com/josharian/intern v1.0.0
go: downloading golang.org/x/text v0.35.0
go: downloading google.golang.org/grpc v1.77.0
go: downloading github.com/hashicorp/go-plugin v1.6.0
go: downloading github.com/kopia/kopia v0.10.7
go: downloading github.com/oklog/run v1.0.0
go: downloading github.com/hashicorp/yamux v0.1.1
go: downloading github.com/mattn/go-isatty v0.0.20
go: downloading github.com/fatih/color v1.18.0
go: downloading github.com/mitchellh/go-testing-interface v1.0.0
go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20251103181224-f26f9409b101
go: github.com/openshift/hypershift-oadp-plugin/pkg/common imports
	github.com/vmware-tanzu/velero/pkg/apis/velero/v2alpha1: cannot find module providing package github.com/vmware-tanzu/velero/pkg/apis/velero/v2alpha1

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Updated Go module dependency declarations in go.mod: migrated YAML v2 → v3, replaced json-patch modules with v3/v5 variants, upgraded indirect github.com/hashicorp/go-hclog, and changed a replace to github.com/openshift/velero v1.2.0. No public API changes.

Changes

Cohort / File(s)	Summary
Dependency updates go.mod	Switched YAML indirect from go.yaml.in/yaml/v2 → go.yaml.in/yaml/v3 v3.0.4; replaced gomodules.xyz/jsonpatch/v2 & gopkg.in/evanphx/json-patch.v4 with gomodules.xyz/jsonpatch/v3 v3.0.1 and gopkg.in/evanphx/json-patch.v5 v5.9.11; bumped indirect github.com/hashicorp/go-hclog to v1.6.3; updated replace mapping to github.com/openshift/velero v1.2.0.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 10

✅ Passed checks (10 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and specifically describes the main change: updating non-Kubernetes Go dependencies to major versions, which matches the changeset contents perfectly.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Stable And Deterministic Test Names	✅ Passed	PR modifies only dependencies and configuration files; codebase uses standard Go testing, not Ginkgo, so check is not applicable.
Test Structure And Quality	✅ Passed	This custom check is not applicable to the provided pull request. The PR exclusively modifies go.mod and go.sum files with no test code changes. The codebase uses standard Go testing with testing.T and Gomega assertions, not Ginkgo's BDD framework.
Microshift Test Compatibility	✅ Passed	PR is a dependency update with standard Go unit tests using testing.T pattern, not Ginkgo e2e tests with required constructs like It(), Describe(), Context(), or When().
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No new Ginkgo e2e tests added; only dependency version updates in go.mod file.
Topology-Aware Scheduling Compatibility	✅ Passed	PR only updates go.mod dependencies; no deployment manifests, operator code, or controllers are added or modified.
Ote Binary Stdout Contract	✅ Passed	PR only modifies go.mod dependencies without source code changes that could violate OTE Binary Stdout Contract.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR only updates Go dependencies in go.mod and does not add or modify any Ginkgo e2e tests.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch konflux/mintmaker/main/major-non-k8s-go-dependencies

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: red-hat-konflux[bot]
Once this PR has been reviewed and has the lgtm label, please assign kaovilai for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @red-hat-konflux[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

go.mod (3)

6-6: ⚠️ Potential issue | 🔴 Critical

Version mismatch for external-snapshotter client.

The package github.com/kubernetes-csi/external-snapshotter/client/v8 appears with two different versions:

• Line 6: v8.2.0 (direct dependency)
• Line 27: v8.4.0 (indirect dependency)

This inconsistency will cause confusion during dependency resolution. Run go mod tidy to reconcile the versions, or explicitly update the direct dependency to match the intended version.

🔧 Recommended fix

 require (
-	github.com/kubernetes-csi/external-snapshotter/client/v8 v8.2.0
+	github.com/kubernetes-csi/external-snapshotter/client/v8 v8.4.0
 	github.com/onsi/gomega v1.39.0

Then run go mod tidy to clean up the indirect entries.

Also applies to: 27-27

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 6, The go.mod has a version mismatch for
github.com/kubernetes-csi/external-snapshotter/client/v8 (v8.2.0 vs v8.4.0);
update the direct dependency line for
github.com/kubernetes-csi/external-snapshotter/client/v8 to the intended version
(e.g., v8.4.0) or remove the explicit entry, then run `go mod tidy` to reconcile
indirect entries and ensure the dependency graph is consistent.

---

20-20: ⚠️ Potential issue | 🟠 Major

Remove or update the unused gopkg.in/evanphx/json-patch.v5 dependency.

Two different import paths for the same json-patch package are listed in go.mod:

• Line 20: github.com/evanphx/json-patch/v5 v5.9.11
• Line 40: gopkg.in/evanphx/json-patch.v5 v5.9.11

The modern path (github.com/evanphx/json-patch/v5) is actively used in the codebase, but the legacy gopkg.in path is not imported or referenced anywhere. Since both are marked as indirect dependencies, the gopkg.in entry likely comes from older transitive dependencies. Remove this entry or update the transitive dependencies to eliminate the unused import path and reduce unnecessary binary bloat.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 20, Remove the legacy gopkg.in import entry from go.mod:
identify the indirect dependency line referencing gopkg.in/evanphx/json-patch.v5
v5.9.11 and delete it (or run `go mod tidy` to drop unused transitive entries),
ensuring only the modern github.com/evanphx/json-patch/v5 v5.9.11 remains;
verify builds and `go list -m all` to confirm the old gopkg.in path is no longer
present.

---

6-6: ⚠️ Potential issue | 🟡 Minor

Address the external-snapshotter version conflict between direct and vendored dependencies.

The codebase has a significant version mismatch: pkg/common/scheme.go directly imports github.com/kubernetes-csi/external-snapshotter/client/v8, while the vendored Velero (v1.2.0 fork) internally uses client/v7. Both versions are present in go.sum, creating a potential schema registration conflict when both call AddToScheme() on the same runtime scheme.

The other dependencies listed (go.yaml.in/yaml, gomodules.xyz/jsonpatch, go-hclog) are indirect dependencies with no direct usage in the codebase's core logic, making them lower priority.

Ensure that:

• The CustomScheme in pkg/common/scheme.go correctly handles both v7 and v8 volumesnapshot APIs if both are transitively required
• If only v8 is intended, verify that the Velero fork has been updated to use v8 or that the v7 import is not needed
• Run integration tests covering snapshot-related operations to confirm there are no schema conflicts

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 6, pkg/common/scheme.go currently registers only one snapshot
client version which causes conflicts when both v7 and v8 are present; update
CustomScheme to explicitly handle both versions by importing the Velero-fork's
client/v7 and the direct client/v8 under distinct aliases (e.g., snapshotv7,
snapshotv8) and invoke snapshotv7.AddToScheme(CustomScheme) and
snapshotv8.AddToScheme(CustomScheme) (or, if the project should only use v8,
update the Velero fork/dependency to v8 or remove the v7 import so only
snapshotv8.AddToScheme is called); after making the change run integration tests
covering snapshot operations to verify no schema registration conflicts remain.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Around line 36-37: The go.mod contains a duplicate indirect requirement for
the module go.yaml.in/yaml/v3 (v3.0.4) — remove one of the identical lines
declaring go.yaml.in/yaml/v3 v3.0.4 and then run `go mod tidy` to re-evaluate
and clean up dependency metadata; look for the duplicate module entry
"go.yaml.in/yaml/v3" in go.mod to locate and delete the redundant line.

---

Outside diff comments:
In `@go.mod`:
- Line 6: The go.mod has a version mismatch for
github.com/kubernetes-csi/external-snapshotter/client/v8 (v8.2.0 vs v8.4.0);
update the direct dependency line for
github.com/kubernetes-csi/external-snapshotter/client/v8 to the intended version
(e.g., v8.4.0) or remove the explicit entry, then run `go mod tidy` to reconcile
indirect entries and ensure the dependency graph is consistent.
- Line 20: Remove the legacy gopkg.in import entry from go.mod: identify the
indirect dependency line referencing gopkg.in/evanphx/json-patch.v5 v5.9.11 and
delete it (or run `go mod tidy` to drop unused transitive entries), ensuring
only the modern github.com/evanphx/json-patch/v5 v5.9.11 remains; verify builds
and `go list -m all` to confirm the old gopkg.in path is no longer present.
- Line 6: pkg/common/scheme.go currently registers only one snapshot client
version which causes conflicts when both v7 and v8 are present; update
CustomScheme to explicitly handle both versions by importing the Velero-fork's
client/v7 and the direct client/v8 under distinct aliases (e.g., snapshotv7,
snapshotv8) and invoke snapshotv7.AddToScheme(CustomScheme) and
snapshotv8.AddToScheme(CustomScheme) (or, if the project should only use v8,
update the Velero fork/dependency to v8 or remove the v7 import so only
snapshotv8.AddToScheme is called); after making the change run integration tests
covering snapshot operations to verify no schema registration conflicts remain.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: bf20e9c1-21c4-4327-9d80-14b2df77bcbb

📥 Commits

Reviewing files that changed from the base of the PR and between faa7cf8 and b31746b.

📒 Files selected for processing (1)

• go.mod

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Remove duplicate entry for go.yaml.in/yaml/v3.

Lines 36 and 37 are identical, both declaring go.yaml.in/yaml/v3 v3.0.4 as an indirect dependency. Remove one of the duplicate entries and run go mod tidy to clean up the file.

🔧 Recommended fix

 	github.com/x448/float16 v0.8.4 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
-	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	golang.org/x/sync v0.19.0 // indirect

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	go.yaml.in/yaml/v3 v3.0.4 // indirect
	go.yaml.in/yaml/v3 v3.0.4 // indirect
	github.com/x448/float16 v0.8.4 // indirect
	go.yaml.in/yaml/v3 v3.0.4 // indirect
	golang.org/x/sync v0.19.0 // indirect

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` around lines 36 - 37, The go.mod contains a duplicate indirect
requirement for the module go.yaml.in/yaml/v3 (v3.0.4) — remove one of the
identical lines declaring go.yaml.in/yaml/v3 v3.0.4 and then run `go mod tidy`
to re-evaluate and clean up dependency metadata; look for the duplicate module
entry "go.yaml.in/yaml/v3" in go.mod to locate and delete the redundant line.

[openshift-ci]

@red-hat-konflux[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/verify	faf1787	link	true	/test verify
ci/prow/build	faf1787	link	true	/test build
ci/prow/unit	faf1787	link	true	/test unit
ci/prow/images	faf1787	link	true	/test images

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.