OCPBUGS-85641, OCPBUGS-85642: UPSTREAM: <drop>: bump google.golang.org/grpc to v1.79.3 by theobarberbany · Pull Request #184 · openshift/cloud-provider-azure

theobarberbany · 2026-05-07T17:12:15Z

Summary

Bumps google.golang.org/grpc from v1.75.0 to v1.79.3
Fixes CVE-2026-33186 (GO-2026-4762): gRPC-Go authorization bypass due to improper HTTP/2 path validation
Marked UPSTREAM: <drop>: as upstream already has this fix — rebasebot will drop this commit on next rebase

Test plan

CI should pass with the bumped dependency

Summary by CodeRabbit

Chores
- Updated several indirect dependencies (expression evaluation, OAuth, Google API client utilities, and gRPC) to newer releases.
- These dependency updates improve library compatibility, reliability, and security while preserving existing public behavior and interfaces.

openshift-ci-robot · 2026-05-07T17:12:25Z

@theobarberbany: This pull request references Jira Issue OCPBUGS-83904, which is invalid:

expected the vulnerability to target either version "5.0." or "openshift-5.0.", but it targets "4.22.0" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

This pull request references Jira Issue OCPBUGS-83905, which is invalid:

expected the vulnerability to target either version "5.0." or "openshift-5.0.", but it targets "4.22.0" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

coderabbitai · 2026-05-07T17:17:36Z

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 4973403f-6f3d-4a4d-87cc-064e482031da

📥 Commits

Reviewing files that changed from the base of the PR and between db61bfc and 6e3e182.

⛔ Files ignored due to path filters (75)

go.sum is excluded by !**/*.sum
tests/go.sum is excluded by !**/*.sum
tests/vendor/golang.org/x/oauth2/deviceauth.go is excluded by !**/vendor/**
tests/vendor/golang.org/x/oauth2/oauth2.go is excluded by !**/vendor/**
tests/vendor/golang.org/x/oauth2/pkce.go is excluded by !**/vendor/**
tests/vendor/golang.org/x/oauth2/token.go is excluded by !**/vendor/**
tests/vendor/golang.org/x/oauth2/transport.go is excluded by !**/vendor/**
tests/vendor/modules.txt is excluded by !**/vendor/**
vendor/cel.dev/expr/BUILD.bazel is excluded by !**/vendor/**, !vendor/**
vendor/cel.dev/expr/MODULE.bazel is excluded by !**/vendor/**, !vendor/**
vendor/cel.dev/expr/checked.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/cel.dev/expr/eval.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/cel.dev/expr/explain.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/cel.dev/expr/syntax.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/cel.dev/expr/value.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/golang.org/x/oauth2/deviceauth.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/oauth2/oauth2.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/oauth2/pkce.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/oauth2/token.go is excluded by !**/vendor/**, !vendor/**
vendor/golang.org/x/oauth2/transport.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/balancer/balancer.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/balancer/pickfirst/internal/internal.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/balancer/pickfirst/pickfirst.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/balancer/pickfirst/pickfirstleaf/pickfirstleaf.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/balancer/roundrobin/roundrobin.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/balancer/subconn.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/balancer_wrapper.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/clientconn.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/credentials/credentials.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/credentials/tls.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/encoding/encoding.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/encoding/gzip/gzip.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/encoding/internal/internal.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/encoding/proto/proto.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/experimental/stats/metricregistry.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/experimental/stats/metrics.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/health/grpc_health_v1/health.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/health/grpc_health_v1/health_grpc.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/interceptor.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/internal/balancer/weight/weight.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/internal/buffer/unbounded.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/internal/channelz/trace.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/internal/envconfig/envconfig.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/internal/envconfig/xds.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/internal/experimental.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/internal/idle/idle.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/internal/internal.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/internal/resolver/delegatingresolver/delegatingresolver.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/internal/stats/metrics_recorder_list.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/internal/stats/stats.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/internal/transport/client_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/internal/transport/controlbuf.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/internal/transport/flowcontrol.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/internal/transport/handler_server.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/internal/transport/http2_client.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/internal/transport/http2_server.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/internal/transport/http_util.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/internal/transport/server_stream.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/internal/transport/transport.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/mem/buffer_pool.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/mem/buffer_slice.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/mem/buffers.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/preloader.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/resolver/resolver.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/resolver_wrapper.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/rpc_util.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/server.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/stream.go is excluded by !**/vendor/**, !vendor/**
vendor/google.golang.org/grpc/version.go is excluded by !**/vendor/**, !vendor/**
vendor/modules.txt is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (2)

go.mod
tests/go.mod

✅ Files skipped from review due to trivial changes (1)

go.mod

Walkthrough

Indirect Go module versions were updated in go.mod and tests/go.mod: cel.dev/expr → v0.25.1, golang.org/x/oauth2 → v0.34.0, google.golang.org/genproto/googleapis/api and /rpc → commit ff82c1b0f217, and google.golang.org/grpc → v1.79.3. No other source changes.

Changes

Dependency Version Updates

Layer / File(s)	Summary
Indirect dependency bumps `go.mod`, `tests/go.mod`	Bumped indirect module versions: `cel.dev/expr` v0.24.0 → v0.25.1; `golang.org/x/oauth2` v0.32.0 → v0.34.0 (also in `tests/go.mod`); `google.golang.org/genproto/googleapis/api` and `/rpc` advanced from commit `ef028d996bc1` → `ff82c1b0f217`; `google.golang.org/grpc` v1.75.0 → v1.79.3.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 11 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Single Node Openshift (Sno) Test Compatibility	⚠️ Warning	E2e tests with multi-node assumptions added without SNO guards. Autoscaling tests test node scaling and pod rescheduling without protection.	Add [Skipped:SingleReplicaTopology] labels to scaling tests, or add runtime checks using exutil.IsSingleNode() to skip on single-node topologies.

✅ Passed checks (11 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically identifies the main change: bumping google.golang.org/grpc to v1.79.3, which directly matches the primary dependency update in the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	This PR only modifies go.mod and tests/go.mod dependency versions. No test files (*_test.go) are changed, so the check about Ginkgo test name stability is not applicable.
Test Structure And Quality	✅ Passed	PR is a dependency update only (go.mod/tests/go.mod). No test code files were modified or added. Custom check for Ginkgo test code quality is not applicable to this PR.
Microshift Test Compatibility	✅ Passed	This PR contains no new Ginkgo e2e tests. The changes are dependency updates (go.mod/go.sum) and vendored code only. The check for MicroShift compatibility of Ginkgo tests is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	PR only updates Go module dependencies. No deployment manifests, operator code, controllers, or scheduling configs are modified. Topology-aware scheduling check is not applicable.
Ote Binary Stdout Contract	✅ Passed	PR only updates Go module dependencies with no source code changes. OTE Binary Stdout Contract violations can only occur in source code modifications, not dependency updates.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No new Ginkgo e2e tests were added in this PR. The PR only updates Go module dependencies (grpc, oauth2, cel.dev/expr). The custom check applies only to new test code, so it does not apply here.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

Generate code and open pull requests
Plan features and break down work
Investigate incidents and troubleshoot customer tickets together
Automate recurring tasks and respond to alerts with triggers
Summarize progress and report instantly

Built for teams:

Shared memory across your entire org—no repeating context
Per-thread sandboxes to safely plan and execute work
Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

openshift-ci-robot · 2026-05-07T17:19:33Z

@theobarberbany: This pull request references Jira Issue OCPBUGS-83904, which is invalid:

expected the vulnerability to target either version "5.0." or "openshift-5.0.", but it targets "4.22.0" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

This pull request references Jira Issue OCPBUGS-83905, which is invalid:

expected the vulnerability to target either version "5.0." or "openshift-5.0.", but it targets "4.22.0" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

rissh · 2026-05-10T18:09:26Z

/retest

damdo

/approve
/lgtm

/verified by ci

damdo · 2026-05-11T17:35:50Z

/verified by ci

openshift-ci-robot · 2026-05-11T17:36:05Z

@damdo: This PR has been marked as verified by ci.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci-robot · 2026-05-13T13:54:14Z

@theobarberbany: This pull request references Jira Issue OCPBUGS-83904, which is invalid:

release note text must be set and not match the template OR release note type must be set to "Release Note Not Required". For more information you can reference the OpenShift Bug Process.
expected dependent Jira Issue OCPBUGS-83520 to be in one of the following states: MODIFIED, ON_QA, VERIFIED, but it is POST instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

This pull request references Jira Issue OCPBUGS-83905, which is invalid:

release note text must be set and not match the template OR release note type must be set to "Release Note Not Required". For more information you can reference the OpenShift Bug Process.
expected Jira Issue OCPBUGS-83905 to depend on a bug targeting a version in 5.0.0 and in one of the following states: MODIFIED, ON_QA, VERIFIED, but no dependents were found

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci-robot · 2026-05-13T13:54:40Z

@theobarberbany: This pull request references Jira Issue OCPBUGS-83904, which is invalid:

expected the vulnerability to target either version "5.0." or "openshift-5.0.", but it targets "4.22.0" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

This pull request references Jira Issue OCPBUGS-83905, which is invalid:

expected the vulnerability to target either version "5.0." or "openshift-5.0.", but it targets "4.22.0" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

theobarberbany · 2026-05-13T13:55:27Z

/jira refresh

openshift-ci-robot · 2026-05-13T13:55:36Z

@theobarberbany: This pull request references Jira Issue OCPBUGS-83904, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (5.0.0) matches configured target version for branch (5.0.0)
bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

This pull request references Jira Issue OCPBUGS-83905, which is invalid:

expected the vulnerability to target either version "5.0." or "openshift-5.0.", but it targets "4.22.0" instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

theobarberbany · 2026-05-13T13:59:28Z

/jira refresh

openshift-ci-robot · 2026-05-13T13:59:37Z

@theobarberbany: This pull request references Jira Issue OCPBUGS-83904, which is valid.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (5.0.0) matches configured target version for branch (5.0.0)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

This pull request references Jira Issue OCPBUGS-83905, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (5.0.0) matches configured target version for branch (5.0.0)
bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

theobarberbany · 2026-05-13T13:59:56Z

/cherry-pick release-4.22

openshift-cherrypick-robot · 2026-05-13T14:00:00Z

@theobarberbany: once the present PR merges, I will cherry-pick it on top of release-4.22 in a new PR and assign it to you.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

damdo · 2026-05-13T14:46:05Z

@theobarberbany if we want to follow all the other fixes we made on the other PRs we'd want 2 commits:

UPSTREAM: 10132: bump google.golang.org/grpc to v1.79.3 this references the upstream PR that fixes it
UPSTREAM: <drop>: vendor with all the vendor stuff

openshift-ci-robot · 2026-05-14T10:51:40Z

@theobarberbany: This pull request references Jira Issue OCPBUGS-83904, which is valid.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (5.0.0) matches configured target version for branch (5.0.0)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

This pull request references Jira Issue OCPBUGS-83905, which is valid.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (5.0.0) matches configured target version for branch (5.0.0)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

theobarberbany · 2026-05-14T12:09:23Z

/retitle OCPBUGS-85641, OCPBUGS-85642: UPSTREAM: : bump google.golang.org/grpc to v1.79.3

openshift-ci-robot · 2026-05-14T12:09:41Z

@theobarberbany: This pull request references Jira Issue OCPBUGS-85641, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (5.0.0) matches configured target version for branch (5.0.0)
bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

The bug has been updated to refer to the pull request using the external bug tracker.

This pull request references Jira Issue OCPBUGS-85642, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (5.0.0) matches configured target version for branch (5.0.0)
bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

Fixes CVE-2026-33186 (GO-2026-4762): gRPC-Go authorization bypass due to improper HTTP/2 path validation.

openshift-ci-robot · 2026-05-14T12:35:55Z

@theobarberbany: This pull request references Jira Issue OCPBUGS-85641, which is valid.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (5.0.0) matches configured target version for branch (5.0.0)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

This pull request references Jira Issue OCPBUGS-85642, which is valid.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (5.0.0) matches configured target version for branch (5.0.0)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

damdo

/approve
/lgtm

openshift-ci · 2026-05-14T13:15:24Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: damdo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [damdo]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

damdo · 2026-05-14T16:28:25Z

/test e2e-azure-ovn-upgrade

damdo · 2026-05-14T16:28:35Z

/unhold

damdo · 2026-05-14T19:53:19Z

/test e2e-azure-ovn

damdo · 2026-05-15T09:41:01Z

/override ci/prow/e2e-azurestack-ipi

Permafailing at the moment

openshift-ci · 2026-05-15T09:41:32Z

@damdo: Overrode contexts on behalf of damdo: ci/prow/e2e-azurestack-ipi

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

openshift-ci · 2026-05-15T09:41:33Z

@theobarberbany: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

damdo · 2026-05-15T09:48:32Z

/verified by ci

openshift-ci-robot · 2026-05-15T09:48:45Z

@damdo: This PR has been marked as verified by ci.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci-robot · 2026-05-15T09:52:40Z

@theobarberbany: Jira Issue Verification Checks: Jira Issue OCPBUGS-85641
✔️ This pull request was pre-merge verified.
✔️ All associated pull requests have merged.
✔️ All associated, merged pull requests were pre-merge verified.

Jira Issue OCPBUGS-85641 has been moved to the MODIFIED state and will move to the VERIFIED state when the change is available in an accepted nightly payload. 🕓

Jira Issue Verification Checks: Jira Issue OCPBUGS-85642
✔️ This pull request was pre-merge verified.
✔️ All associated pull requests have merged.
✔️ All associated, merged pull requests were pre-merge verified.

Jira Issue OCPBUGS-85642 has been moved to the MODIFIED state and will move to the VERIFIED state when the change is available in an accepted nightly payload. 🕓

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-cherrypick-robot · 2026-05-15T09:53:34Z

@theobarberbany: new pull request created: #185

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

openshift-merge-robot · 2026-05-16T08:42:35Z

Fix included in release 5.0.0-0.nightly-2026-05-16-021935

openshift-ci Bot requested review from mdbooth and racheljpg May 7, 2026 17:12

damdo reviewed May 11, 2026

View reviewed changes

openshift-ci Bot assigned damdo May 11, 2026

openshift-ci Bot added lgtm Indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels May 11, 2026

damdo mentioned this pull request May 11, 2026

OCPBUGS-83520: Merge https://github.com/kubernetes-sigs/cloud-provider-azure:master (6e026a5) into main #164

Open

openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label May 11, 2026

theobarberbany changed the base branch from main to release-4.22 May 13, 2026 13:54

theobarberbany changed the base branch from release-4.22 to main May 13, 2026 13:54

openshift-ci-robot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. and removed jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels May 13, 2026

openshift-ci Bot removed the lgtm Indicates that a PR is ready to be merged. label May 14, 2026

openshift-ci-robot removed the verified Signifies that the PR passed pre-merge verification criteria label May 14, 2026

openshift-ci Bot changed the title ~~OCPBUGS-83904, OCPBUGS-83905: UPSTREAM: <drop>: bump google.golang.org/grpc to v1.79.3~~ OCPBUGS-85641, OCPBUGS-85642: UPSTREAM: <drop>: bump google.golang.org/grpc to v1.79.3 May 14, 2026

openshift-ci-robot removed the jira/severity-important Referenced Jira bug's severity is important for the branch this PR is targeting. label May 14, 2026

theobarberbany added 2 commits May 14, 2026 13:34

UPSTREAM: 10132: bump google.golang.org/grpc to v1.79.3

6a4a162

Fixes CVE-2026-33186 (GO-2026-4762): gRPC-Go authorization bypass due to improper HTTP/2 path validation.

UPSTREAM: <drop>: revendor

6e3e182

theobarberbany force-pushed the CVE-2026-33186-grpc-bump branch from db61bfc to 6e3e182 Compare May 14, 2026 12:34

damdo reviewed May 14, 2026

View reviewed changes

openshift-ci Bot added the lgtm Indicates that a PR is ready to be merged. label May 14, 2026

openshift-ci Bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 14, 2026

openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label May 15, 2026

openshift-merge-bot Bot merged commit f10dd9c into openshift:main May 15, 2026
13 checks passed

openshift-cherrypick-robot mentioned this pull request May 15, 2026

[release-4.22] OCPBUGS-85706, OCPBUGS-85707: UPSTREAM: <drop>: bump google.golang.org/grpc to v1.79.3 #185

Merged

theobarberbany deleted the CVE-2026-33186-grpc-bump branch May 26, 2026 09:18

Conversation

theobarberbany commented May 7, 2026 • edited by coderabbitai Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary

Test plan

Summary by CodeRabbit

Uh oh!

openshift-ci-robot commented May 7, 2026

Summary

Test plan

Uh oh!

coderabbitai Bot commented May 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Estimated code review effort

❌ Failed checks (1 warning)

Uh oh!

openshift-ci-robot commented May 7, 2026

Summary

Test plan

Summary by CodeRabbit

Uh oh!

rissh commented May 10, 2026

Uh oh!

damdo left a comment

Choose a reason for hiding this comment

Uh oh!

damdo commented May 11, 2026

Uh oh!

openshift-ci-robot commented May 11, 2026

Uh oh!

openshift-ci-robot commented May 13, 2026

Summary

Test plan

Summary by CodeRabbit

Uh oh!

openshift-ci-robot commented May 13, 2026

Summary

Test plan

Summary by CodeRabbit

Uh oh!

theobarberbany commented May 13, 2026

Uh oh!

openshift-ci-robot commented May 13, 2026

Uh oh!

theobarberbany commented May 13, 2026

Uh oh!

openshift-ci-robot commented May 13, 2026

Uh oh!

theobarberbany commented May 13, 2026

Uh oh!

openshift-cherrypick-robot commented May 13, 2026

Uh oh!

damdo commented May 13, 2026

Uh oh!

openshift-ci-robot commented May 14, 2026

Summary

Test plan

Summary by CodeRabbit

Uh oh!

theobarberbany commented May 14, 2026

Uh oh!

openshift-ci-robot commented May 14, 2026

Summary

Test plan

Summary by CodeRabbit

Uh oh!

openshift-ci-robot commented May 14, 2026

Summary

Test plan

Summary by CodeRabbit

Uh oh!

damdo left a comment

Choose a reason for hiding this comment

Uh oh!

openshift-ci Bot commented May 14, 2026

Uh oh!

damdo commented May 14, 2026

Uh oh!

theobarberbany commented May 7, 2026 •

edited by coderabbitai Bot

Loading

coderabbitai Bot commented May 7, 2026 •

edited

Loading