Skip to content

Bump golang.org/x/oauth2 from 0.13.0 to 0.36.0#94

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/golang.org/x/oauth2-0.36.0
Closed

Bump golang.org/x/oauth2 from 0.13.0 to 0.36.0#94
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/golang.org/x/oauth2-0.36.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps golang.org/x/oauth2 from 0.13.0 to 0.36.0.

Commits
  • 4d954e6 all: upgrade go directive to at least 1.25.0 [generated]
  • 89ff2e1 google: add safer credentials JSON loading options.
  • acc3815 endpoints: fix %q verb use with wrong type
  • f28b0b5 all: fix some comments
  • fd15e0f x/oauth2: populate RetrieveError from DeviceAuth
  • 792c877 oauth2: use strings.Builder instead of bytes.Buffer
  • 014cf77 all: upgrade go directive to at least 1.24.0 [generated]
  • 3c76ce5 endpoints: correct Naver OAuth2 endpoint URLs
  • cf14319 oauth2: fix expiration time window check
  • 32d34ef internal: include clientID in auth style cache key
  • Additional commits viewable in compare view

Summary by CodeRabbit

  • Chores
    • Updated the project’s Go version declaration to a patch release.
    • Refreshed several indirect cloud and authentication-related dependencies.
    • Removed a couple of unused indirect packages and aligned one metadata library to a newer version.

@dependabot dependabot Bot added area/dependency Issues or PRs related to dependency changes ok-to-test Indicates a non-member PR verified by an org member that is safe to test. labels Jul 2, 2026
@github-actions github-actions Bot enabled auto-merge (squash) July 2, 2026 06:10
@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Walkthrough

This PR updates go.mod to use go 1.25.0 and refreshes indirect dependency entries, including Google Cloud compute metadata, golang.org/x/oauth2, and removal of google.golang.org/appengine.

Changes

Go module dependency refresh

Layer / File(s) Summary
Go directive update
go.mod
The go directive changes from 1.25 to 1.25.0.
Indirect dependency updates
go.mod
cloud.google.com/go/compute is removed, cloud.google.com/go/compute/metadata is bumped to v0.3.0, golang.org/x/oauth2 is upgraded to v0.36.0, and google.golang.org/appengine is removed.

Estimated code review effort: 1 (Trivial) | ~5 minutes

Possibly related PRs

🚥 Pre-merge checks | ✅ 15
✅ Passed checks (15 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately describes the main dependency update in the pull request.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed PR only updates go.mod/go.sum for oauth2; no test files or Ginkgo titles changed, so there are no unstable test names to flag.
Test Structure And Quality ✅ Passed No Ginkgo test code was changed, and the repo has no *_test.go or Ginkgo references, so this checklist doesn’t apply.
Microshift Test Compatibility ✅ Passed No new Ginkgo e2e tests were added or modified; the PR is a dependency bump/go.mod update, so MicroShift test compatibility isn’t impacted.
Single Node Openshift (Sno) Test Compatibility ✅ Passed Only go.mod and go.sum changed; no Ginkgo e2e tests or SNO-sensitive test code was added, so the check is not applicable.
Topology-Aware Scheduling Compatibility ✅ Passed Only go.mod and go.sum changed for an oauth2 dependency bump; no deployment manifests, operators, or controllers were modified.
Ote Binary Stdout Contract ✅ Passed Only go.mod changed; no main/init/TestMain/suite stdout writes were added, so the OTE stdout contract is unaffected.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed PR only updates go.mod/go.sum for oauth2; no new Ginkgo e2e tests or network-dependent test code were added.
No-Weak-Crypto ✅ Passed Diff only updates go.mod/go.sum; no MD5/SHA1/DES/RC4/3DES/Blowfish, custom crypto, or secret comparisons in changed files.
Container-Privileges ✅ Passed No container privilege settings were found in repo manifests, and the PR changes only dependency metadata in go.mod.
No-Sensitive-Data-In-Logs ✅ Passed The PR only updates go.mod dependency versions; no new log statements or code paths handling secrets/PII are introduced.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/go_modules/golang.org/x/oauth2-0.36.0

Comment @coderabbitai help to get the list of available commands.

@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign samanthajayasinghe for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.13.0 to 0.36.0.
- [Commits](golang/oauth2@v0.13.0...v0.36.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/golang.org/x/oauth2-0.36.0 branch from c09a703 to 38d90bb Compare July 2, 2026 06:24
@openshift-ci

openshift-ci Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

@dependabot[bot]: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@codecov-commenter

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 0.00%. Comparing base (9195c15) to head (38d90bb).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files
@@          Coverage Diff          @@
##            main     #94   +/-   ##
=====================================
  Coverage   0.00%   0.00%           
=====================================
  Files         34      34           
  Lines       1594    1594           
=====================================
  Misses      1594    1594           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@dependabot @github

dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

Looks like golang.org/x/oauth2 is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 2, 2026
auto-merge was automatically disabled July 2, 2026 06:36

Pull request was closed

@dependabot dependabot Bot deleted the dependabot/go_modules/golang.org/x/oauth2-0.36.0 branch July 2, 2026 06:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/dependency Issues or PRs related to dependency changes ok-to-test Indicates a non-member PR verified by an org member that is safe to test.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant