🌱 Bump api/sdk-go to v1.1.0

[qiujian16]

Summary

Related issue(s)

Fixes #

Summary by CodeRabbit

• Chores
  • Updated versions for multiple third-party dependencies including testing frameworks, cluster management APIs, cloud event processing systems, and Go standard library modules for improved system stability, enhanced compatibility, and access to latest performance improvements.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: qiujian16

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [qiujian16]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Walkthrough

This PR updates Go module dependencies in go.mod, bumping versions for testify, open-cluster-management APIs, cloudevents, paho.golang, and several golang.org/x packages. Only version numbers are modified; no new dependencies are added or removed.

Changes

Cohort / File(s)	Summary
Dependency version updates go.mod	Bumped versions: testify (v1.10.0→v1.11.1), open-cluster-management.io/api and sdk-go (→v1.1.0), cloudevents mqtt_paho protocol v2, sdk-go/v2 (→v2.16.2), eclipse/paho.golang (v0.21.0→v0.23.0), and multiple golang.org/x modules (crypto, net, sys, term, text, time, etc.).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Straightforward dependency version bumps with no code logic changes or behavioral modifications.

Possibly related PRs

• #320 — Updates open-cluster-management SDK dependencies in go.mod
• #336 — Updates open-cluster-management.io/api dependency version in go.mod

Suggested labels

ok-to-test

Suggested reviewers

• zhujian7
• elgnay

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Title Check	⚠️ Warning	The PR title states "🌱 Bump api/sdk-go to v1.1.0", which focuses specifically on bumping two dependencies. However, according to the raw_summary, the main change is a comprehensive version bump across multiple external dependencies including testify, cloudevents, eclipse/paho.golang, various golang.org/x modules, and more—not just api/sdk-go. The title highlights only one specific aspect of a much broader changeset while the primary objective is to update multiple dependencies comprehensively. This means the title refers to a real part of the change but does not clearly capture or summarize the main point of the changeset.
Description Check	⚠️ Warning	The PR description consists only of the repository's PR template with no actual content filled in. The Summary section is completely empty, and the Related issue(s) section shows only "Fixes #" with no issue number specified. No description of the changes, their purpose, or impact is provided beyond what the template structure suggests. The description fails to provide meaningful context about what is being changed and why.	Fill in the Summary section with a clear explanation of the dependency version bumps being made and the rationale for these updates. Additionally, if this PR addresses a specific issue, reference it in the Related issue(s) section by including the issue number (e.g., "Fixes #123"). At minimum, provide context about which key dependencies are being updated and any compatibility or security improvements these bumps bring.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c18f49f and b2d40ee.

⛔ Files ignored due to path filters (109)

• go.sum is excluded by !**/*.sum
• vendor/github.com/cloudevents/sdk-go/protocol/mqtt_paho/v2/option.go is excluded by !vendor/**
• vendor/github.com/cloudevents/sdk-go/v2/event/content_type.go is excluded by !vendor/**
• vendor/github.com/cloudevents/sdk-go/v2/event/event_marshal.go is excluded by !vendor/**
• vendor/github.com/cloudevents/sdk-go/v2/event/event_unmarshal.go is excluded by !vendor/**
• vendor/github.com/cloudevents/sdk-go/v2/event/eventcontext_v03.go is excluded by !vendor/**
• vendor/github.com/cloudevents/sdk-go/v2/event/eventcontext_v1.go is excluded by !vendor/**
• vendor/github.com/cloudevents/sdk-go/v2/event/extensions.go is excluded by !vendor/**
• vendor/github.com/cloudevents/sdk-go/v2/protocol/doc.go is excluded by !vendor/**
• vendor/github.com/cloudevents/sdk-go/v2/protocol/http/protocol.go is excluded by !vendor/**
• vendor/github.com/eclipse/paho.golang/packets/disconnect.go is excluded by !vendor/**
• vendor/github.com/eclipse/paho.golang/packets/packets.go is excluded by !vendor/**
• vendor/github.com/eclipse/paho.golang/packets/subscribe.go is excluded by !vendor/**
• vendor/github.com/eclipse/paho.golang/paho/client.go is excluded by !vendor/**
• vendor/github.com/eclipse/paho.golang/paho/cp_auth.go is excluded by !vendor/**
• vendor/github.com/eclipse/paho.golang/paho/pinger.go is excluded by !vendor/**
• vendor/github.com/stretchr/testify/assert/assertion_compare.go is excluded by !vendor/**
• vendor/github.com/stretchr/testify/assert/assertion_format.go is excluded by !vendor/**
• vendor/github.com/stretchr/testify/assert/assertion_forward.go is excluded by !vendor/**
• vendor/github.com/stretchr/testify/assert/assertion_order.go is excluded by !vendor/**
• vendor/github.com/stretchr/testify/assert/assertions.go is excluded by !vendor/**
• vendor/github.com/stretchr/testify/assert/doc.go is excluded by !vendor/**
• vendor/github.com/stretchr/testify/assert/http_assertions.go is excluded by !vendor/**
• vendor/github.com/stretchr/testify/assert/yaml/yaml_custom.go is excluded by !vendor/**
• vendor/github.com/stretchr/testify/assert/yaml/yaml_default.go is excluded by !vendor/**
• vendor/github.com/stretchr/testify/assert/yaml/yaml_fail.go is excluded by !vendor/**
• vendor/golang.org/x/net/http2/http2.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/mkerrors.sh is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/syscall_darwin.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_386.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_arm.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mips.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_386.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_386.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_arm.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_mips.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go is excluded by !vendor/**
• vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go is excluded by !vendor/**
• vendor/golang.org/x/term/term_windows.go is excluded by !vendor/**
• vendor/golang.org/x/term/terminal.go is excluded by !vendor/**
• vendor/golang.org/x/time/rate/rate.go is excluded by !vendor/**
• vendor/golang.org/x/time/rate/sometimes.go is excluded by !vendor/**
• vendor/modules.txt is excluded by !vendor/**
• vendor/open-cluster-management.io/api/addon/v1alpha1/0000_02_addon.open-cluster-management.io_addondeploymentconfigs.crd.yaml is excluded by !vendor/**
• vendor/open-cluster-management.io/api/addon/v1alpha1/types_addondeploymentconfig.go is excluded by !vendor/**
• vendor/open-cluster-management.io/api/work/v1/types.go is excluded by !vendor/**
• vendor/open-cluster-management.io/api/work/v1alpha1/0000_00_work.open-cluster-management.io_manifestworkreplicasets.crd.yaml is excluded by !vendor/**
• vendor/open-cluster-management.io/api/work/v1alpha1/types_manifestworkreplicaset.go is excluded by !vendor/**
• vendor/open-cluster-management.io/sdk-go/pkg/cloudevents/clients/common/common.go is excluded by !vendor/**
• vendor/open-cluster-management.io/sdk-go/pkg/cloudevents/clients/utils/utils.go is excluded by !vendor/**
• vendor/open-cluster-management.io/sdk-go/pkg/cloudevents/clients/utils/work.go is excluded by !vendor/**
• vendor/open-cluster-management.io/sdk-go/pkg/cloudevents/clients/work/agent/codec/manifestbundle.go is excluded by !vendor/**
• vendor/open-cluster-management.io/sdk-go/pkg/cloudevents/clients/work/payload/manifestbundle.go is excluded by !vendor/**
• vendor/open-cluster-management.io/sdk-go/pkg/cloudevents/clients/work/source/codec/manifestbundle.go is excluded by !vendor/**
• vendor/open-cluster-management.io/sdk-go/pkg/cloudevents/clients/work/store/base.go is excluded by !vendor/**
• vendor/open-cluster-management.io/sdk-go/pkg/cloudevents/generic/agentclient.go is excluded by !vendor/**
• vendor/open-cluster-management.io/sdk-go/pkg/cloudevents/generic/baseclient.go is excluded by !vendor/**
• vendor/open-cluster-management.io/sdk-go/pkg/cloudevents/generic/metrics_collector.go is excluded by !vendor/**
• vendor/open-cluster-management.io/sdk-go/pkg/cloudevents/generic/options/grpc/agentoptions.go is excluded by !vendor/**
• vendor/open-cluster-management.io/sdk-go/pkg/cloudevents/generic/options/grpc/options.go is excluded by !vendor/**
• vendor/open-cluster-management.io/sdk-go/pkg/cloudevents/generic/options/grpc/protocol/message.go is excluded by !vendor/**
• vendor/open-cluster-management.io/sdk-go/pkg/cloudevents/generic/options/grpc/protocol/option.go is excluded by !vendor/**
• vendor/open-cluster-management.io/sdk-go/pkg/cloudevents/generic/options/grpc/protocol/protocol.go is excluded by !vendor/**
• vendor/open-cluster-management.io/sdk-go/pkg/cloudevents/generic/options/grpc/protocol/write_message.go is excluded by !vendor/**
• vendor/open-cluster-management.io/sdk-go/pkg/cloudevents/generic/options/grpc/sourceoptions.go is excluded by !vendor/**
• vendor/open-cluster-management.io/sdk-go/pkg/cloudevents/generic/options/mqtt/logger.go is excluded by !vendor/**
• vendor/open-cluster-management.io/sdk-go/pkg/cloudevents/generic/options/mqtt/options.go is excluded by !vendor/**
• vendor/open-cluster-management.io/sdk-go/pkg/cloudevents/generic/sourceclient.go is excluded by !vendor/**
• vendor/open-cluster-management.io/sdk-go/pkg/cloudevents/generic/types/types.go is excluded by !vendor/**
• vendor/open-cluster-management.io/sdk-go/pkg/cloudevents/server/grpc/heartbeat/healthcheck.go is excluded by !vendor/**
• vendor/open-cluster-management.io/sdk-go/pkg/cloudevents/server/grpc/heartbeat/heartbeat.go is excluded by !vendor/**

📒 Files selected for processing (1)

• go.mod (4 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: e2e-hosted
• GitHub Check: unit
• GitHub Check: e2e-cloudevents
• GitHub Check: e2e
• GitHub Check: integration
• GitHub Check: build
• GitHub Check: verify

🔇 Additional comments (4)

go.mod (4)

14-14: All checked dependencies pass security advisory verification—confirm breaking change compatibility.

Security advisory check cleared all key bumped dependencies (testify, open-cluster-management.io packages, cloudevents, and paho.golang)—no known CVEs. However, this does not rule out breaking changes:

1. PR scope: Confirm that all 12+ dependency updates are intentional and not collateral from running go get -u. The PR title emphasizes api/sdk-go v1.1.0, but the scope is broader.
2. Breaking changes: Verify that the codebase remains compatible with testify v1.11.1, cloudevents sdk-go/v2 v2.16.2, and paho.golang v0.23.0 by reviewing their changelogs or confirming test results with these versions.
3. Manual validation: Ensure go mod tidy and test suite execution confirm no regressions.

---

117-117: I need to gather version and security information to verify the review comment. Let me search for this data.

Update golang.org/x package versions to latest releases.

The latest version of golang.org/x/net is v0.45.0, but the PR specifies v0.43.0. Verify and update all golang.org/x dependencies to their current latest versions—this is particularly important for security-sensitive packages. golang.org/x/crypto should be at least v0.35.0 for DoS vulnerability CVE-2025-22869 and golang.org/x/net at least v0.38.0 for XSS vulnerability CVE-2025-22872. The specified versions (crypto v0.41.0, net v0.43.0) do include these fixes, but they are not the latest available, suggesting you may benefit from updating to the most current releases for any additional patches released since.

---

53-53: No breaking changes—dependency bump is safe.

paho.golang v0.23.0 explicitly states "I don't believe there are any breaking changes" from v0.21.0. The project's Go version is already set to 1.24.0, which meets the v0.23.0 minimum requirement of Go 1.24. The update also includes a security fix for a potential data-leak/corruption issue, making it a beneficial upgrade with no compatibility concerns.

---

46-47: Reconcile cloudevents dependency versions — mqtt_paho should match main SDK v2.16.2.

Line 46 uses a pseudo-version (v2.0.0-20250922144431-372892d7c84d) while Line 47 uses stable v2.16.2. The latest stable version for both cloudevents/sdk-go and cloudevents/sdk-go/protocol/mqtt_paho is v2.16.2. The mqtt_paho binding should be updated from the development snapshot to v2.16.2 to align with the main SDK release, unless the pseudo-version is intentionally pinned for a specific reason (e.g., unreleased bugfix testing). If intentional, add a comment explaining the reasoning.

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.5.0)

Error: can't load config: unsupported version of the configuration: "" See https://golangci-lint.run/docs/product/migration-guide for migration instructions
The command is terminated due to an error: can't load config: unsupported version of the configuration: "" See https://golangci-lint.run/docs/product/migration-guide for migration instructions

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[zhujian7]

/lgtm