Bump github.com/openshift/backplane-cli from 0.8.0 to 0.8.1

[dependabot]

Bumps github.com/openshift/backplane-cli from 0.8.0 to 0.8.1.

Release notes

Sourced from github.com/openshift/backplane-cli's releases.

v0.8.1

Fix

• 0c1ae6e fix(build): use go tool mockgen and migrate goreleaser to v2 (#925)

Chore

• 6f898d2 build(deps): bump the aws-sdk group with 5 updates (#926)

Commits

• 6f898d2 build(deps): bump the aws-sdk group with 5 updates (#926)
• 42726e4 Merge pull request #925 from cblecker/fix/goreleaser-v2-mockgen-go-tool
• 0c1ae6e fix(build): use go tool mockgen and migrate goreleaser to v2
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

• Chores
  • Updated AWS SDK for Go v2 modules and related dependencies to latest versions for improved compatibility
  • Upgraded Smithy core library
  • Updated OpenShift backplane-cli dependency

[coderabbitai]

Walkthrough

Dependencies in go.mod were updated across AWS SDK for Go v2 modules, Smithy core library, and OpenShift backplane-cli. AWS SDK modules were incremented to newer patch and minor versions, Smithy-go from v1.24.2 to v1.25.0, and backplane-cli from v0.8.0 to v0.8.1. Multiple indirect AWS SDK dependencies were similarly updated.

Changes

Cohort / File(s)	Summary
Dependency Version Updates go.mod	AWS SDK for Go v2 core modules and service packages bumped to newer versions; Smithy core library updated from v1.24.2 to v1.25.0; OpenShift backplane-cli updated from v0.8.0 to v0.8.1; indirect dependencies aligned with primary module updates.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 12

✅ Passed checks (12 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title accurately describes the main change: bumping the openshift/backplane-cli dependency from 0.8.0 to 0.8.1, which is the primary focus of this changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	Pull request only modifies go.mod dependency versions without changing any Ginkgo test files, test code, or test names.
Test Structure And Quality	✅ Passed	The custom check for Ginkgo test structure is not applicable; this PR only modifies go.mod with no test file changes.
Microshift Test Compatibility	✅ Passed	The PR only updates Go module dependencies in go.mod without adding any new Ginkgo e2e tests, making this check inapplicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR only contains dependency version updates in go.mod and does not add any new Ginkgo e2e tests.
Topology-Aware Scheduling Compatibility	✅ Passed	This PR only updates Go module dependencies in go.mod and does not modify deployment manifests, operator code, or controllers where topology-aware scheduling checks would apply.
Ote Binary Stdout Contract	✅ Passed	This PR contains only dependency version updates in go.mod and go.sum without modifying any Go source code files. Since no source code is modified, no new stdout writes can be introduced.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR only updates Go module dependencies in go.mod and does not add any Ginkgo e2e tests.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/go_modules/github.com/openshift/backplane-cli-0.8.1

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign clcollins for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

@dependabot[bot]: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Line 46: The go.mod dependency line for github.com/openshift/backplane-cli
references a non-existent tag v0.8.1; update that module version in go.mod to a
valid release (either github.com/openshift/backplane-cli v0.8.0 or v0.7.0) so
the module can be resolved and builds succeed, then run `go get`/`go mod tidy`
to refresh the go.sum and verify the chosen version resolves correctly.
- Around line 11-13: The go.mod entry for github.com/aws/aws-sdk-go-v2/config is
using a non-existent version v1.32.16; update the
github.com/aws/aws-sdk-go-v2/config dependency in go.mod to a valid released
version (e.g., v1.32.14) or the intended released tag, then re-resolve
dependencies to ensure the module graph is valid; if you intended to use an
unreleased commit/tag, either add that specific pseudo-version or publish/tag
the release instead.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 35e3e060-8eb8-405e-9165-11942beb4724

📥 Commits

Reviewing files that changed from the base of the PR and between e8332d0 and 3386c30.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify AWS SDK v2 versions and check for security vulnerabilities

echo "=== Checking AWS SDK v2 core module versions on GitHub ==="
# Check aws-sdk-go-v2 v1.41.6
gh api repos/aws/aws-sdk-go-v2/git/refs/tags/v1.41.6 --jq '.ref' 2>/dev/null || echo "⚠️  aws-sdk-go-v2 v1.41.6 not found"

# Check config v1.32.16
gh api repos/aws/aws-sdk-go-v2/git/refs/tags/config/v1.32.16 --jq '.ref' 2>/dev/null || echo "⚠️  config v1.32.16 not found"

# Check credentials v1.19.15
gh api repos/aws/aws-sdk-go-v2/git/refs/tags/credentials/v1.19.15 --jq '.ref' 2>/dev/null || echo "⚠️  credentials v1.19.15 not found"

echo -e "\n=== Checking for security advisories ==="
gh api graphql -f query='
{
  securityVulnerabilities(first: 10, ecosystem: GO, package: "github.com/aws/aws-sdk-go-v2") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

Repository: openshift/osdctl

Length of output: 146

---

🌐 Web query:

aws-sdk-go-v2 v1.41.6 release

💡 Result:

aws-sdk-go-v2 v1.41.6 was released on 2026-04-17. It is the latest version as of 2026-04-22, listed as the default on pkg.go.dev and indexed by Sonatype with no known vulnerabilities. Specific release notes or changelog entries for this exact version are not explicitly detailed in the GitHub releases page, which uses date-based tags like release-2026-04-02. The release likely includes dependency updates to the latest AWS service module versions and minor fixes, consistent with the pattern of recent releases such as v1.41.5 (bug fix for clock skew persistence) and earlier ones (API model updates, bug fixes). For full details, check the CHANGELOG.md in the repository after tagging or service-specific changelogs.

Citations:

• 1: https://guide.sonatype.com/component/golang/github.com%2Faws%2Faws-sdk-go-v2/v1.41.6
• 2: https://github.com/aws/aws-sdk-go-v2/releases
• 3: aws/aws-sdk-go-v2@v1.41.4...v1.41.5
• 4: https://pkg.go.dev/github.com/aws/aws-sdk-go-v2
• 5: https://raw.githubusercontent.com/aws/aws-sdk-go-v2/refs/heads/main/CHANGELOG.md

---

🌐 Web query:

aws-sdk-go-v2 config v1.32.16 release

💡 Result:

No evidence found of a v1.32.16 release for the aws-sdk-go-v2/config package. The latest version listed on pkg.go.dev is v1.32.14 (published 2026-04-02). Version history up to v1.32.14 shows no v1.32.16. GitHub releases and CHANGELOG.md for config show dependency updates for versions like v1.32.14, v1.32.13, etc., but no mention of v1.32.16. A v1.32.16 exists for some service modules (e.g., ec2instanceconnect), but not for config. The query may refer to a service client version or contain a version error; config releases follow a similar but not identical numbering to service v1.32.x.

Citations:

• 1: https://github.com/aws/aws-sdk-go-v2/releases
• 2: https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/config
• 3: https://github.com/aws/aws-sdk-go-v2/blob/main/config/CHANGELOG.md
• 4: https://deps.dev/go/github.com%2Faws%2Faws-sdk-go-v2%2Fservice%2Fec2instanceconnect/v1.32.16
• 5: https://github.com/aws/aws-sdk-go-v2/tree/config/v1.32.7/config
• 6: https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/config@v1.32.11
• 7: https://pkg.go.dev/github.com/aws/aws-sdk-go-v2/config@v1.32.12

---

🌐 Web query:

aws-sdk-go-v2 security advisories 2025 2026

💡 Result:

There are two official security advisories published by AWS for aws-sdk-go-v2 in 2025-2026: 1. GHSA-3jcv-796g-cpjg: Defense in depth enhancement for region parameter value (Low severity, published Jan 9, 2026). This is an informational advisory about a defense-in-depth improvement released on November 11, 2025, to validate region parameters and prevent invalid endpoint routing. Affected: All versions prior to Nov 11, 2025 release. No vulnerability exploitation, emphasizes shared responsibility and best practices like input validation. 2. GHSA-xmrv-pmrh-hhx2: Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder (Moderate severity, CVSS 5.9, published Apr 7, 2026). A malformed EventStream response can cause a process panic. Affected packages and versions include: - aws/protocol/eventstream < v1.7.8 (patched v1.7.8) - service/bedrockagentcore < v1.15.2 - service/bedrockagentruntime < v1.51.8 - service/bedrockruntime < v1.50.4 - service/cloudwatchlogs < v1.65.0 - service/iotsitewise < v1.52.19 - service/kinesis < v1.43.5 - service/lambda < v1.88.5 - service/lexruntimev2 < v1.35.15 - service/s3 < v1.97.3 - service/sagemakerruntime < v1.39.6 - service/transcribestreaming < v1.34.5 Impacted versions predate 2026-03-23. No workarounds; upgrade to latest versions. No CVEs assigned to these GHSA advisories. These are the only advisories listed on the official GitHub security page as of 2026-04-22. Regularly check https://github.com/aws/aws-sdk-go-v2/security for updates and upgrade to the latest releases.

Citations:

• 1: GHSA-xmrv-pmrh-hhx2
• 2: GHSA-3jcv-796g-cpjg
• 3: https://github.com/aws/aws-sdk-go-v2/security

---

Invalid version specification: config v1.32.16 does not exist.

The github.com/aws/aws-sdk-go-v2/config module version v1.32.16 does not exist. The latest released version is v1.32.14 (published 2026-04-02). The go.mod file must be corrected before it can resolve dependencies.

The core module aws-sdk-go-v2 v1.41.6 is confirmed valid with no known vulnerabilities. A moderate severity DoS advisory (GHSA-xmrv-pmrh-hhx2) was published for the SDK on 2026-04-07, but it does not affect the core, config, or credentials modules specified in this change.

Verify that the config version should be v1.32.14 or identify if this is an unreleased version that needs to be tagged.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` around lines 11 - 13, The go.mod entry for
github.com/aws/aws-sdk-go-v2/config is using a non-existent version v1.32.16;
update the github.com/aws/aws-sdk-go-v2/config dependency in go.mod to a valid
released version (e.g., v1.32.14) or the intended released tag, then re-resolve
dependencies to ensure the module graph is valid; if you intended to use an
unreleased commit/tag, either add that specific pseudo-version or publish/tag
the release instead.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify backplane-cli v0.8.1 exists on GitHub

echo "=== Checking backplane-cli v0.8.1 on GitHub ==="
gh api repos/openshift/backplane-cli/releases/tags/v0.8.1 --jq '{tag_name: .tag_name, published_at: .published_at, name: .name}' 2>/dev/null || echo "⚠️  backplane-cli v0.8.1 not found"

echo -e "\n=== Fetching release notes ==="
gh api repos/openshift/backplane-cli/releases/tags/v0.8.1 --jq '.body' 2>/dev/null || echo "⚠️  Unable to fetch release notes"

Repository: openshift/osdctl

Length of output: 208

---

🏁 Script executed:

#!/bin/bash
# Check available backplane-cli versions
echo "=== Latest backplane-cli releases ===" 
gh api repos/openshift/backplane-cli/releases --jq '.[0:10] | map({tag_name: .tag_name, published_at: .published_at})' 2>/dev/null || echo "Unable to fetch releases via API"

echo -e "\n=== Latest tags (alternative check) ===" 
gh api repos/openshift/backplane-cli/tags --jq '.[0:10] | map({name: .name})' 2>/dev/null || echo "Unable to fetch tags"

Repository: openshift/osdctl

Length of output: 192

---

🌐 Web query:

backplane-cli GitHub releases openshift v0.8

💡 Result:

The backplane-cli is an official OpenShift CLI tool for interacting with the Backplane API, used to manage OpenShift clusters (login, console access, cloud credentials, managed jobs, etc.). The GitHub repository is https://github.com/openshift/backplane-cli. It has 55 releases. The latest GitHub release is v0.7.0 (2026-02-09). However, v0.8.0 of the Go module was published on 2026-04-13 (requires Go 1.25.3), but no specific GitHub release page for v0.8.0 was found in search results, suggesting it may be a module-only release without pre-built binaries or a tagged GitHub release. To install: - Download binaries from https://github.com/openshift/backplane-cli/releases (latest available, e.g., v0.7.0). - Example for Linux: wget https://github.com/openshift/backplane-cli/releases/download/[TAG]/ocm-backplane_[TAG]_Linux_x86_64.tar.gz, extract, chmod +x, move to PATH. - Or build from source: go install github.com/openshift/backplane-cli@v0.8.0 (for v0.8.0). - Binary named 'ocm-backplane'. Use as 'ocm backplane [command]'. Release cycle: Every 2 weeks by default. Note: There is a separate unrelated 'bp' Backplane CLI at backplane.dev.

Citations:

• 1: https://github.com/openshift/backplane-cli
• 2: https://github.com/openshift/backplane-cli/releases
• 3: https://pkg.go.dev/github.com/openshift/backplane-cli
• 4: https://github.com/openshift/backplane-cli/blob/main/README.md

---

backplane-cli v0.8.1 does not exist and must be corrected.

The version specified (v0.8.1) is not available. The web search confirms the latest GitHub release is v0.7.0 (2026-02-09), and v0.8.0 exists only as a Go module (no GitHub release page). This dependency will fail to build. Use either v0.8.0 (module-only release on 2026-04-13) or revert to v0.7.0 (latest stable release).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 46, The go.mod dependency line for
github.com/openshift/backplane-cli references a non-existent tag v0.8.1; update
that module version in go.mod to a valid release (either
github.com/openshift/backplane-cli v0.8.0 or v0.7.0) so the module can be
resolved and builds succeed, then run `go get`/`go mod tidy` to refresh the
go.sum and verify the chosen version resolves correctly.