crypto: clarify TLS cipher mapping and rename internal maps

[sanchezl]

Depends on #2320.

Summary

Improves clarity in pkg/crypto/crypto.go while the area is under review for the API bump:

• Add section header explaining the OpenSSL-to-IANA cipher bridge design
• Fix the openSSLToIANACiphersMap contract comment (it only covers ciphers Go can negotiate, not all API ciphers)
• Remove the large commented-out cipher block, replace with pointer to ciphersUnsupportedByGo
• Move ciphersUnsupportedByGo from test-only to production code so both sides share a single source of truth
• Rename ciphers → goCipherSuites, openSSLToIANACiphersMap → openSSLToIANACiphers
• Rename versions → goTLSVersions, supportedVersions → enabledTLSVersions (kept separate for future version phase-out)
• Deprecate GolangTLSVersions() in favor of ValidTLSVersions()
• Log silently dropped ciphers at klog.V(4)

Each change is a separate commit for easy cherry-picking.

Test plan

• go test ./pkg/crypto/ -count=1 — all tests pass
• go vet ./pkg/crypto/ — clean
• Dependent packages compile (configobserver/apiserver, config/validation, config/configdefaults)
• make verify — passes

Summary by CodeRabbit

• Chores

  • Updated multiple dependency versions, including OpenShift, Kubernetes, and Go tooling libraries.

• Refactor

  • Reorganized internal TLS version and cipher suite mapping tables for improved maintainability.
  • Enhanced logging when unsupported ciphers are encountered during OpenSSL translation.

• Tests

  • Improved validation of cryptographic configuration mappings and test coverage for cipher suite consistency.

[coderabbitai]

Walkthrough

pkg/crypto/crypto.go renames internal TLS version and cipher suite mapping tables (versions→goTLSVersions, supportedVersions→enabledTLSVersions, ciphers→goCipherSuites, openSSLToIANACiphersMap→openSSLToIANACiphers) and adds a ciphersUnsupportedByGo list for API ciphers Go cannot negotiate. OpenSSLToIANACipherSuites gains klog V(4) logging when dropping such ciphers. Tests are updated and a new TestCiphersUnsupportedByGoAreActuallyUnsupported is added. go.mod bumps multiple direct and indirect dependencies.

Changes

TLS/Cipher Map Renames and Unsupported-Cipher Tracking

Layer / File(s)	Summary
New map definitions pkg/crypto/crypto.go	Introduces goTLSVersions, enabledTLSVersions, goCipherSuites, openSSLToIANACiphers, and new ciphersUnsupportedByGo replacing old map names.
Consumer functions and OpenSSLToIANACipherSuites logging pkg/crypto/crypto.go	Updates TLSVersionToNameOrDie, TLSVersion, GolangTLSVersions, ValidTLSVersions, CipherSuiteToNameOrDie, CipherSuite, ValidCipherSuites, and OpenSSLToIANACipherSuites to use new map names; adds V(4) klog drop message.
Test updates pkg/crypto/crypto_test.go	Updates TestConstantMaps to assert against new map names; rewrites TestTLSProfileCipherSuitesHaveMappings to skip ciphersUnsupportedByGo; adds TestCiphersUnsupportedByGoAreActuallyUnsupported.

go.mod Dependency Bumps

Layer / File(s)	Summary
Direct and indirect version bumps go.mod	Upgrades openshift/*, golang.org/x/*, k8s.io/*, emicklei/go-restful/v3; expands go-openapi/swag to submodule entries at v0.25.4; removes josharian/intern and mailru/easyjson; bumps sigs.k8s.io/structured-merge-diff/v6.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

🚥 Pre-merge checks | ✅ 14 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 53.33% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (14 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main changes: refactoring TLS cipher and version mappings to use clearer internal map names.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR contains only standard Go tests (not Ginkgo). Test names are static and deterministic: TestTLSProfileCipherSuitesHaveMappings and TestCiphersUnsupportedByGoAreActuallyUnsupported contain no...
Test Structure And Quality	✅ Passed	The PR contains no Ginkgo tests. The modified tests in pkg/crypto/crypto_test.go are standard Go testing.T tests, not Ginkgo-style tests. The custom check is not applicable to this PR.
Microshift Test Compatibility	✅ Passed	No Ginkgo e2e tests are added in this PR. All changes are to go.mod and unit tests in pkg/crypto/; tests use standard Go testing.T, not Ginkgo.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No new Ginkgo e2e tests added; PR only modifies go.mod and crypto package unit tests. SNO check only applies to e2e tests.
Topology-Aware Scheduling Compatibility	✅ Passed	PR modifies only cryptography library code (crypto.go/crypto_test.go) and dependencies (go.mod), not deployment manifests, operator code, or controllers. No scheduling constraints are introduced.
Ote Binary Stdout Contract	✅ Passed	PR adds klog.V(4) logging in a regular production function (not process-level code) that writes to stderr by default, maintaining the OTE stdout JSON contract.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR contains no Ginkgo e2e tests. Only standard Go unit tests (testing.T) in crypto_test.go and implementation/dependency changes. IPv6/disconnected-network check not applicable.
No-Weak-Crypto	✅ Passed	The PR does not introduce weak cryptography. SHA1 usage is pre-existing and used for non-security-critical key fingerprinting. References to RC4, 3DES are mappings to Go's standard library ciphers,...
Container-Privileges	✅ Passed	Check not applicable: PR modifies only Go source code and go.mod, contains no container/K8s manifests or privilege escalation configurations.
No-Sensitive-Data-In-Logs	✅ Passed	No sensitive data exposed in logs. Only OpenSSL cipher suite names (public technical specs like "ECDHE-ECDSA-AES256-SHA384") logged at V(4) verbosity, not passwords, tokens, PII, or customer data.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sanchezl
Once this PR has been reviewed and has the lgtm label, please assign bertinatto for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

go.mod (1)

21-151: ⚠️ Potential issue | 🔴 Critical

Address known security vulnerabilities in core dependencies before proceeding.

The dependency health check reveals critical issues:

1. ✓ No pre-release or yanked versions – confirmed
2. ✓ Exact version pinning – all dependencies use pinned versions
3. ✗ Known CVEs in transitive closure – 22 vulnerabilities found:
   • golang.org/x/crypto@v0.48.0: 13 CVEs including SSH auth bypass (GO-2026-5021), memory leaks (GO-2026-5016), DoS conditions
   • golang.org/x/net@v0.50.0: 8 CVEs including HTTP/2 server panic (GO-2026-4559), infinite loops, XSS in HTML parsing (GO-2026-5030)
   • golang.org/x/sys@v0.41.0: 1 CVE for integer overflow in Windows code (GO-2026-5024)

Remediation: Upgrade golang.org/x, golang.org/x/crypto, and golang.org/x/net to patched versions. Run govulncheck ./... to determine which vulnerabilities are reachable from your codebase. License compatibility for all bumps should also be verified before merge.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` around lines 21 - 151, Upgrade the vulnerable dependencies to patched
versions: update golang.org/x/crypto from v0.48.0 to a patched version that
addresses the 13 CVEs (including GO-2026-5021, GO-2026-5016), update
golang.org/x/net from v0.50.0 to a patched version addressing the 8 CVEs
(including GO-2026-4559, GO-2026-5030), and update golang.org/x/sys from v0.41.0
to a patched version addressing the integer overflow CVE (GO-2026-5024). After
updating these direct dependencies in go.mod, run go mod tidy to resolve
transitive dependencies, then execute govulncheck ./... to verify which
vulnerabilities are actually reachable from your codebase. Finally, verify that
the license compatibility remains acceptable for all upgraded packages before
merging.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Around line 21-36: Update the vulnerable versions of three security-sensitive
dependencies in go.mod to patched releases that address the reported CVEs.
Specifically, upgrade golang.org/x/net from v0.50.0 to a newer patch version
that resolves CVE-2026-27141, upgrade golang.org/x/sys from v0.41.0 to address
CVE-2026-39824, and upgrade golang.org/x/crypto from v0.48.0 to a version that
resolves all listed Go security advisories (GO-2026-5005 through GO-2026-5033).
Check the Go security advisories database and the respective package
repositories to determine the minimum safe versions, then run go get to update
these dependencies and ensure go.mod and go.sum are properly updated with the
new versions.

---

Outside diff comments:
In `@go.mod`:
- Around line 21-151: Upgrade the vulnerable dependencies to patched versions:
update golang.org/x/crypto from v0.48.0 to a patched version that addresses the
13 CVEs (including GO-2026-5021, GO-2026-5016), update golang.org/x/net from
v0.50.0 to a patched version addressing the 8 CVEs (including GO-2026-4559,
GO-2026-5030), and update golang.org/x/sys from v0.41.0 to a patched version
addressing the integer overflow CVE (GO-2026-5024). After updating these direct
dependencies in go.mod, run go mod tidy to resolve transitive dependencies, then
execute govulncheck ./... to verify which vulnerabilities are actually reachable
from your codebase. Finally, verify that the license compatibility remains
acceptable for all upgraded packages before merging.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 75d5ef45-aa36-4648-b57a-e2a4f12a3b11

📥 Commits

Reviewing files that changed from the base of the PR and between b95bf57 and b4c85f9.

⛔ Files ignored due to path filters (297)

• go.sum is excluded by !**/*.sum
• vendor/github.com/emicklei/go-restful/v3/.travis.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/CHANGES.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/curly.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/custom_verb.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/emicklei/go-restful/v3/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/.codecov.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/.golangci.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/.mockery.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/SECURITY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/cmdutils/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/cmdutils/cmd_utils.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/cmdutils/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/cmdutils_iface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/conv/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/conv/convert.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/conv/convert_types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/conv/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/conv/format.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/conv/sizeof.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/conv/type_constraints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/conv_iface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/convert.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/convert_types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/file.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/fileutils/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/fileutils/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/fileutils/file.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/fileutils/path.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/fileutils_iface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/go.work is excluded by !**/*.work, !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/go.work.sum is excluded by !**/*.sum, !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/initialism_index.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/json.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/name_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname_iface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/adapters/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/ifaces.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/adapters/ifaces/registry_iface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/adapters/registry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/adapter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/lexer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/ordered_map.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/pool.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/adapters/stdlib/json/writer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/concat.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/json.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/ordered_map.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils_iface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/loading/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/loading/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/loading/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/loading/json.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/loading/loading.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/loading/options.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/loading/yaml.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/loading_iface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/BENCHMARK.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/initialism_index.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/name_lexem.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/name_mangler.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/options.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/pools.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/split.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/string_bytes.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/util.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling_iface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/name_lexem.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/net.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/netutils/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/netutils/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/netutils/net.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/netutils_iface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/split.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/stringutils/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/stringutils/collection_formats.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/stringutils/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/stringutils/strings.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/stringutils_iface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/typeutils/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/typeutils/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/typeutils/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/typeutils_iface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/util.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/yaml.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/yamlutils/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/yamlutils/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/yamlutils/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/yamlutils/ordered_map.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/yamlutils/yaml.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/yamlutils_iface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/josharian/intern/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/josharian/intern/intern.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/josharian/intern/license.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mailru/easyjson/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mailru/easyjson/buffer/pool.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mailru/easyjson/jlexer/bytestostr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mailru/easyjson/jlexer/bytestostr_nounsafe.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mailru/easyjson/jlexer/error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mailru/easyjson/jlexer/lexer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mailru/easyjson/jwriter/writer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/.ci-operator.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/Dockerfile.ocp is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apiextensions/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/apiserver/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apiserver/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/apps/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apps/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/authorization/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/authorization/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/build/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/build/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/cloudnetwork/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/cloudnetwork/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha2/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha2/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/console/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/console/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/etcd/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/etcd/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/features.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/features/features.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/features/legacyfeaturegates.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/helm/v1beta1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/helm/v1beta1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/image/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/image/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/imageregistry/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/imageregistry/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/kubecontrolplane/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/kubecontrolplane/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/legacyconfig/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/legacyconfig/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/machine/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machine/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/machine/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machine/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/machine/v1beta1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machine/v1beta1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/monitoring/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/monitoring/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/network/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/network/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/network/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/network/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/networkoperator/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/networkoperator/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/oauth/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/oauth/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/openshiftcontrolplane/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/openshiftcontrolplane/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/types_etcd.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/types_ingresscontroller.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/types_kmsencryption.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/types_kubeapiserver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/osin/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/osin/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/project/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/project/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/quota/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/quota/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/route/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/route/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/route/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/route/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/route/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/samples/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/samples/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/security/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/security/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/security/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/servicecertsigner/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/servicecertsigner/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/sharedresource/v1alpha1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/sharedresource/v1alpha1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/template/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/template/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/user/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/user/v1/zz_generated.model_name.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clientcredentialconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clientsecretsecretreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/customtlsprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalclaimssource.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalsourceauthentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalsourcecertificateauthorityconfigmapreference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalsourcepredicate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/externalsourcetls.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkobservabilityspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/networkspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/oidcprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/sourcedclaimmapping.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/sourceurl.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlsprofilespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultapproleauthentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaultkmspluginconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/vaulttlsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/alertmanagercustomconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/clustermonitoringspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/kubestatemetricsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/kubestatemetricsresourcelabels.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/nodeexporterconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/prometheusconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/retention.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/thanosquerierconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1alpha1/thanosquerierrequestloggingconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/internal/internal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/utils.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/operator/applyconfigurations/internal/internal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/etcdspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/kmsencryptionstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/kmspluginhealthreport.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/kubeapiserverstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/oauthapiserverstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/operator/applyconfigurations/operator/v1/openshiftapiserverstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/operator/applyconfigurations/utils.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/spf13/pflag/flag.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/html/node.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/html/nodetype_string.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/http2/client_priority_go126.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/http2/client_priority_go127.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/http2/frame.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/http2/http2.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/http2/server.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/http2/transport.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/http2/writesched_priority_rfc7540.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/http2/writesched_priority_rfc9218.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/internal/httpsfv/httpsfv.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/trace/events.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/net/websocket/hybi.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu_arm64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu_arm64.s is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu_other_arm64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu_windows_arm64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/cpu/cpu_x86.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/ioctl_signed.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/ioctl_unsigned.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/mkerrors.sh is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/syscall_solaris.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/syscall_unix.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_386.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_arm.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mips.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go is excluded by !**/vendor/**, !vendor/**
• vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (3)

• go.mod
• pkg/crypto/crypto.go
• pkg/crypto/crypto_test.go

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

Are there any known CVEs in golang.org/x/crypto v0.48.0, golang.org/x/net v0.50.0, and golang.org/x/sys v0.41.0?

💡 Result:

Yes. 1) golang.org/x/crypto v0.48.0 There are multiple Go security advisories listed for this exact version (as OSV entries): GO-2026-5005, GO-2026-5006, GO-2026-5013, GO-2026-5014, GO-2026-5015, GO-2026-5016, GO-2026-5017, GO-2026-5018, GO-2026-5019, GO-2026-5020, GO-2026-5021, GO-2026-5023, and GO-2026-5033.[1] 2) golang.org/x/net v0.50.0 There is at least one known CVE: CVE-2026-27141 (OSV: GO-2026-4559), which affects golang.org/x/net/http2 in the range 0.50.0 (and before 0.51.0). It is described as a server panic issue triggered by sending certain HTTP/2 frames due to a missing nil check.[2][3] 3) golang.org/x/sys v0.41.0 There is at least one known CVE: OSV entry GO-2026-5024 is listed for golang.org/x/sys v0.41.0, and the OSV record is aliased to CVE-2026-39824.[4][5] If you want, I can enumerate the specific CVEs behind each GO-xxxx advisory for golang.org/x/crypto v0.48.0 as well (the pkg.go.dev page lists the GO-ids, and you’d typically map those to CVEs via each OSV record).

Citations:

• 1: https://pkg.go.dev/golang.org/x/crypto@v0.48.0
• 2: https://pkg.go.dev/vuln/GO-2026-4559
• 3: https://osv.dev/vulnerability/CVE-2026-27141
• 4: https://pkg.go.dev/golang.org/x/sys@v0.41.0
• 5: https://osv.dev/vulnerability/GO-2026-5024

---

🏁 Script executed:

#!/bin/bash
# Check osv.dev database for known vulnerabilities in cryptographic and networking libraries

for pkg in "golang.org/x/crypto" "golang.org/x/net" "golang.org/x/sys"; do
  echo "=== Checking $pkg ==="
  curl -s "https://api.osv.dev/v1/query" \
    -X POST \
    -H "Content-Type: application/json" \
    -d "{\"package\": {\"ecosystem\": \"Go\", \"name\": \"$pkg\"}, \"version\": \"\"}" | jq '.vulns[]'
done

Repository: openshift/library-go

Length of output: 50377

---

Do not merge: critical CVEs in security-sensitive dependencies.

golang.org/x/net v0.50.0 contains CVE-2026-27141 (HTTP/2 server panic due to missing nil check), golang.org/x/sys v0.41.0 contains CVE-2026-39824, and golang.org/x/crypto v0.48.0 is affected by multiple known Go security advisories (GO-2026-5005, GO-2026-5006, GO-2026-5013, GO-2026-5014, GO-2026-5015, GO-2026-5016, GO-2026-5017, GO-2026-5018, GO-2026-5019, GO-2026-5020, GO-2026-5021, GO-2026-5023, GO-2026-5033). These versions must be updated to release patches or explicitly justified if usage context mitigates the risk.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` around lines 21 - 36, Update the vulnerable versions of three
security-sensitive dependencies in go.mod to patched releases that address the
reported CVEs. Specifically, upgrade golang.org/x/net from v0.50.0 to a newer
patch version that resolves CVE-2026-27141, upgrade golang.org/x/sys from
v0.41.0 to address CVE-2026-39824, and upgrade golang.org/x/crypto from v0.48.0
to a version that resolves all listed Go security advisories (GO-2026-5005
through GO-2026-5033). Check the Go security advisories database and the
respective package repositories to determine the minimum safe versions, then run
go get to update these dependencies and ensure go.mod and go.sum are properly
updated with the new versions.

[openshift-ci]

@sanchezl: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.