Skip to content

Bump cloud.google.com/go/storage from 1.36.0 to 1.63.0#98

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/go_modules/cloud.google.com/go/storage-1.63.0
Jul 2, 2026
Merged

Bump cloud.google.com/go/storage from 1.36.0 to 1.63.0#98
github-actions[bot] merged 1 commit into
mainfrom
dependabot/go_modules/cloud.google.com/go/storage-1.63.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps cloud.google.com/go/storage from 1.36.0 to 1.63.0.

Release notes

Sourced from cloud.google.com/go/storage's releases.

compute: v1.63.0

v1.63.0 (2026-05-14)

Features

storage: v1.63.0

1.63.0 (2026-06-25)

Features

  • go: Add full object checksum for negative offsets > size (#20026) (a04d980)
  • storage: Add client feature tracking in HTTP client (#14691) (319cc4c)
  • storage: App Centric Observability (#14685) (c3273bb)
  • storage: Read checksums in gRPC partial reads (#14586) (d29f68a)
  • storage: Support deleteSourceObjects option in object compose (#14704) (0d2d680)
  • Update API sources and regenerate (#14701) (a9b7921)

Bug Fixes

  • storage: Add server closed idle connection to retriable errors (#14594) (a6bd392)
  • storage: Fix race condition during retries in gRPC writer (#14649) (c781a75)

storage: v1.62.3

v1.62.3 (2026-06-03)

Bug Fixes

  • fix race condition during retries in gRPC writer (#14649) (04b6c635)

  • add server closed idle connection to retriable errors (#14594) (20b37d65)

storage: v1.62.2

v1.62.2 (2026-05-18)

Features

Bug Fixes

  • restore metadata operations timeout in gRPC (#14575) (275ff562)

  • Set default chunkRetryDeadline to 32s in NewWriterFromAppendableObject (#14458) (ec7c7d66)

  • refactor userProject metadata propagation in ListObjects (#14533) (fbb543e3)

... (truncated)

Changelog

Sourced from cloud.google.com/go/storage's changelog.

Changes

1.48.0 (2026-05-07)

Features

1.47.0 (2026-04-30)

1.46.0 (2026-04-13)

1.45.0 (2026-04-09)

1.44.0 (2026-04-02)

1.43.0 (2026-03-23)

Features

  • Add a field for upgrading previous processor version when fine tuning (790bab5)

1.42.0 (2026-03-05)

Features

  • Added a field for enabling image and table annotation for layout parser processor (9c80b8b)

1.41.0 (2026-02-12)

Features

  • A new field document_prompt is added to message .google.cloud.documentai.v1beta3.DocumentSchema (6f31019)
  • A new field document_type is added to message .google.cloud.documentai.v1beta3.ImportDocumentsRequest (6f31019)
  • A new field enable_table_split is added to message .google.cloud.documentai.v1beta3.OcrConfig.LayoutParsingParams (6f31019)
  • A new field revisions is added to message .google.cloud.documentai.v1beta3.Evaluation (6f31019)
  • Added new messages Documents and RawDocuments for inline document input (6f31019)
  • The field skip_human_review in messages .google.cloud.documentai.v1beta3.ProcessRequest and .google.cloud.documentai.v1beta3.BatchProcessRequest is deprecated (6f31019)
  • The method ReviewDocument in .google.cloud.documentai.v1beta3.DocumentProcessorService is deprecated (6f31019)

Bug Fixes

  • Removed the SpannerIndexingConfig message and the spanner_indexing_config field from .google.cloud.documentai.v1beta3.Dataset BREAKING CHANGE: The SpannerIndexingConfig message and the spanner_indexing_config field within the Dataset message have been removed. Client code referencing these will need to stop referencing these in case of an error (6f31019)

Documentation

  • Updated comments for various fields and messages (6f31019)

1.40.0 (2026-01-29)

... (truncated)

Commits
  • 033f4fe chore: librarian release pull request: 20260514T191310Z (#14589)
  • bf1c57a chore(agentplatform): Organize the replay tests.
  • d600fbb chore(agentplatform): Mock backend for unit testing
  • ec55a12 test(spanner): retry query after database recreation in integration test (#14...
  • 66574db fix(agentplatform): Set the agentplatform's dedicated user-agent in header.
  • 9072072 fix(pubsub/v2/pstest): make ackIDs unique per delivery (#14554)
  • 9873268 refactor(pubsub/v2): flatten implementation control logic for Ack and ModAck ...
  • b1db39e chore(storage): Fix corner cases in MRD (#14522)
  • df96b2e feat: update API sources and regenerate (#14581)
  • 658faa8 fix(bigquery): handle reset case for table clustering (#14579)
  • Additional commits viewable in compare view

Summary by CodeRabbit

  • Chores
    • Updated the app to a newer Go release.
    • Refreshed several core libraries and cloud-related dependencies to newer versions.
    • Removed older dependency versions and replaced them with current equivalents, which may improve stability, compatibility, and security.

@dependabot dependabot Bot added area/dependency Issues or PRs related to dependency changes ok-to-test Indicates a non-member PR verified by an org member that is safe to test. labels Jul 2, 2026
@github-actions github-actions Bot enabled auto-merge (squash) July 2, 2026 06:10
@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: bfa268a9-7a4a-4643-9c88-ebb3398c2d20

📥 Commits

Reviewing files that changed from the base of the PR and between dbd92a1 and 64bc0b0.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum
📒 Files selected for processing (1)
  • go.mod
🚧 Files skipped from review as they are similar to previous changes (1)
  • go.mod

Walkthrough

This PR updates go.mod, bumping the Go toolchain to 1.25.8 and refreshing direct and indirect dependencies across Google Cloud, gRPC, OpenTelemetry, protobuf, and golang.org/x/* modules.

Changes

Go module dependency refresh

Layer / File(s) Summary
Toolchain and direct requirements
go.mod
Go is updated to 1.25.8, and the main direct dependencies cloud.google.com/go/storage and google.golang.org/api are bumped.
Indirect dependency refresh
go.mod
Large indirect require blocks are updated across Google Cloud, gRPC/XDS/envoy, OpenTelemetry, protobuf, and golang.org/x/*, with older indirect entries removed.

Estimated code review effort: 2 (Simple) | ~10 minutes


Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error)

Check name Status Explanation Resolution
No-Weak-Crypto ❌ Error Commit adds pkg/utils/checksum.go importing crypto/md5, and pkg/tools/omc/omc.go calls utils.Md5sum, violating the no-weak-crypto rule. Replace MD5 checksum verification with SHA-256 or stronger and remove the Md5sum helper/import from the codebase.
✅ Passed checks (14 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately states the main dependency upgrade in the changeset and is clear and specific.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed PASS: The PR only updates Go module deps; no *_test.go files or Ginkgo-style titles are present in the changed files.
Test Structure And Quality ✅ Passed No Ginkgo test files or test-related changes were touched in this PR; it only updates dependency and non-test code.
Microshift Test Compatibility ✅ Passed No new Ginkgo/e2e test files were added, and searches found no It()/Describe()/Context()/When() or MicroShift-specific guards in changed files.
Single Node Openshift (Sno) Test Compatibility ✅ Passed PR only updates go.mod and go.sum; no Go/Ginkgo test files or new It/Describe/Context additions to review for SNO assumptions.
Topology-Aware Scheduling Compatibility ✅ Passed PR only bumps dependencies and CLI/storage source files; no manifests/controllers with scheduling constraints or topology-sensitive selectors were introduced.
Ote Binary Stdout Contract ✅ Passed PR only updates go.mod/go.sum; no source changes in main/init/TestMain/suite setup that could add stdout writes.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed The PR only updates go.mod/go.sum; no added/changed *_test.go or Ginkgo specs, so no IPv4 or external-connectivity test risk to review.
Container-Privileges ✅ Passed No privileged flags found; PR only updates go.mod/go.sum and the repo YAMLs inspected (.ci-operator, workflows) lack privileged securityContext settings.
No-Sensitive-Data-In-Logs ✅ Passed No log statements expose secrets/PII; prints only tool names, versions, paths, and generic errors.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/go_modules/cloud.google.com/go/storage-1.63.0

Comment @coderabbitai help to get the list of available commands.

@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign boranx for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Around line 3-68: The repo’s documented Go toolchain is outdated: update the
contributor guidance in CLAUDE.md from toolchain 1.22.1 to 1.25.8 so it matches
the current Go version declared in go.mod and the CI image already used. Locate
the toolchain reference in CLAUDE.md and change only that documented version to
keep the repo instructions consistent.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 5da8fc46-b912-4709-9acb-ade63fedd75e

📥 Commits

Reviewing files that changed from the base of the PR and between 146ff7d and dbd92a1.

⛔ Files ignored due to path filters (1)
  • go.sum is excluded by !**/*.sum
📒 Files selected for processing (1)
  • go.mod

Comment thread go.mod
Comment on lines +3 to +68
go 1.25.8

require (
cloud.google.com/go/storage v1.36.0
cloud.google.com/go/storage v1.63.0
github.com/google/go-github/v51 v51.0.0
github.com/spf13/cobra v1.7.0
google.golang.org/api v0.150.0
google.golang.org/api v0.285.0
)

require (
cloud.google.com/go v0.110.8 // indirect
cloud.google.com/go/compute v1.23.1 // indirect
cloud.google.com/go/compute/metadata v0.2.3 // indirect
cloud.google.com/go/iam v1.1.3 // indirect
cel.dev/expr v0.25.1 // indirect
cloud.google.com/go v0.123.0 // indirect
cloud.google.com/go/auth v0.20.0 // indirect
cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
cloud.google.com/go/compute/metadata v0.9.0 // indirect
cloud.google.com/go/iam v1.11.0 // indirect
cloud.google.com/go/monitoring v1.29.0 // indirect
github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.31.0 // indirect
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.57.0 // indirect
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.57.0 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/cli/safeexec v1.0.0 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/google/s2a-go v0.1.7 // indirect
github.com/google/uuid v1.4.0 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
github.com/googleapis/gax-go/v2 v2.12.0 // indirect
github.com/kr/text v0.2.0 // indirect
go.opencensus.io v0.24.0 // indirect
golang.org/x/sync v0.5.0 // indirect
golang.org/x/text v0.13.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20231016165738-49dd2c1f3d0b // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20231030173426-d783a09b4405 // indirect
google.golang.org/grpc v1.59.0 // indirect
github.com/cncf/xds/go v0.0.0-20260202195803-dba9d589def2 // indirect
github.com/envoyproxy/go-control-plane/envoy v1.37.0 // indirect
github.com/envoyproxy/protoc-gen-validate v1.3.3 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/go-jose/go-jose/v4 v4.1.4 // indirect
github.com/go-logr/logr v1.4.3 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/google/s2a-go v0.1.9 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.3.16 // indirect
github.com/googleapis/gax-go/v2 v2.22.0 // indirect
github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
github.com/spiffe/go-spiffe/v2 v2.6.0 // indirect
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
go.opentelemetry.io/contrib/detectors/gcp v1.42.0 // indirect
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.68.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 // indirect
go.opentelemetry.io/otel v1.44.0 // indirect
go.opentelemetry.io/otel/metric v1.44.0 // indirect
go.opentelemetry.io/otel/sdk v1.44.0 // indirect
go.opentelemetry.io/otel/sdk/metric v1.44.0 // indirect
go.opentelemetry.io/otel/trace v1.44.0 // indirect
golang.org/x/sync v0.21.0 // indirect
golang.org/x/text v0.38.0 // indirect
golang.org/x/time v0.15.0 // indirect
google.golang.org/genproto v0.0.0-20260519071638-aa98bba5eb94 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20260615183401-62b3387ff324 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20260615183401-62b3387ff324 // indirect
google.golang.org/grpc v1.81.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)

require (
github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8
github.com/cli/go-gh/v2 v2.4.0
github.com/cloudflare/circl v1.1.0 // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
golang.org/x/crypto v0.14.0 // indirect
golang.org/x/net v0.17.0 // indirect
golang.org/x/oauth2 v0.13.0
golang.org/x/sys v0.13.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/protobuf v1.31.0 // indirect
golang.org/x/crypto v0.53.0 // indirect
golang.org/x/net v0.56.0 // indirect
golang.org/x/oauth2 v0.36.0
golang.org/x/sys v0.46.0 // indirect
google.golang.org/protobuf v1.36.11 // indirect

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🩺 Stability & Availability | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
rg -n --hidden --glob '!**/vendor/**' 'go 1\.25\.8|toolchain|1\.22\.1|golang:1\.22|golang:1\.25' .

Repository: openshift/backplane-tools

Length of output: 238


🏁 Script executed:

#!/bin/bash
set -euo pipefail

rg -n --hidden --glob '!**/vendor/**' 'go 1\.25\.8|toolchain|1\.22\.1|golang:1\.22|golang:1\.25|Go 1\.21\+|1\.22\.1|1\.25\.8' .

Repository: openshift/backplane-tools

Length of output: 238


🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Locate CI / release / build files that may pin a Go image or toolchain.
git ls-files | rg '(^|/)(\.ci-operator\.yaml|Dockerfile|dockerfile|Makefile|go\.mod|go\.work|CLAUDE\.md|README\.md|hack/|\.github/|\.prow/|\.tekton/|release|build|pipeline|workflow)'

# Search for explicit Go version pins in those files.
rg -n --hidden --glob '!**/vendor/**' 'go 1\.25\.8|toolchain|1\.22\.1|1\.25\.8|golang:1\.22|golang:1\.25|go-version|GOVERSION|GO_VERSION' \
  .ci-operator.yaml .github .prow .tekton hack . 2>/dev/null

Repository: openshift/backplane-tools

Length of output: 375


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n## .ci-operator.yaml\n'
sed -n '1,220p' .ci-operator.yaml

printf '\n## CLAUDE.md (relevant lines)\n'
sed -n '60,72p' CLAUDE.md

printf '\n## README.md (Go/toolchain references)\n'
rg -n 'Go 1\.|toolchain|go1\.' README.md Makefile hack/codecov.sh

Repository: openshift/backplane-tools

Length of output: 619


Sync the documented Go toolchain

CLAUDE.md still says toolchain 1.22.1; update it to 1.25.8 so contributor guidance matches the repo’s current Go requirement. .ci-operator.yaml already points at rhel-9-release-golang-1.25-openshift-4.22.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` around lines 3 - 68, The repo’s documented Go toolchain is outdated:
update the contributor guidance in CLAUDE.md from toolchain 1.22.1 to 1.25.8 so
it matches the current Go version declared in go.mod and the CI image already
used. Locate the toolchain reference in CLAUDE.md and change only that
documented version to keep the repo instructions consistent.

Bumps [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) from 1.36.0 to 1.63.0.
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/documentai/CHANGES.md)
- [Commits](googleapis/google-cloud-go@dlp/v1.36.0...compute/v1.63.0)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-version: 1.63.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/cloud.google.com/go/storage-1.63.0 branch from dbd92a1 to 64bc0b0 Compare July 2, 2026 06:24
@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

@dependabot[bot]: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@github-actions github-actions Bot merged commit 7e2419a into main Jul 2, 2026
5 of 6 checks passed
@codecov-commenter

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 0.00%. Comparing base (9195c15) to head (64bc0b0).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files
@@          Coverage Diff          @@
##            main     #98   +/-   ##
=====================================
  Coverage   0.00%   0.00%           
=====================================
  Files         34      34           
  Lines       1594    1594           
=====================================
  Misses      1594    1594           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@dependabot dependabot Bot deleted the dependabot/go_modules/cloud.google.com/go/storage-1.63.0 branch July 2, 2026 06:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/dependency Issues or PRs related to dependency changes ok-to-test Indicates a non-member PR verified by an org member that is safe to test.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant