Update module github.com/getkin/kin-openapi to v0.138.0

[red-hat-konflux-kflux-prd-rh02]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/getkin/kin-openapi	v0.133.0 → v0.138.0

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

getkin/kin-openapi (github.com/getkin/kin-openapi)

v0.138.0

Compare Source

What's Changed

• openapi3gen: clear nullable on exported component bodies by @​0-don in #​1164
• openapi3: add test for issue #​927 (nullable not respected on $ref schemas) by @​fenollp in #​1165
• test: move public-API tests to external _test packages by @​fenollp in #​1168
• feat(openapi3): add per-type validation errors with cluster wrappers by @​reuvenharrison in #​1166
• feat(openapi3conv): canonicalization pass for 3.0 -> 3.x by @​reuvenharrison in #​1162
• openapi3conv: test Upgrade on many documents by @​fenollp in #​1169

Full Changelog: getkin/kin-openapi@v0.137.0...v0.138.0

v0.137.0

Compare Source

What's Changed

• revert to go 1.25 and revert cc4f8d9 by @​fenollp in #​1161

Full Changelog: getkin/kin-openapi@v0.136.0...v0.137.0

v0.136.0

Compare Source

What's Changed

• openapi3: stop injecting contentless default in NewResponses() by @​0-don in #​1148
• openapi3: standardize Origin json tag to "-" across all types by @​reuvenharrison in #​1149
• Update usage message in cmd/validate by @​fenollp in #​1150
• openapi3: fix determinism when handling discriminator mappings by @​fenollp in #​1151
• feat: bump Go to 1.26 by @​fenollp in #​1152
• openapi3: use componentNames for deterministic visitings by @​fenollp in #​1153
• feat: add OpenAPI 3.1 support by @​reuvenharrison in #​1125
• openapi3: add JoinFunc for custom $ref path resolution by @​reuvenharrison in #​1154
• Add many many tests from ApisGuruOpenapiDirectory by @​fenollp in #​1155
• openapi3: remove map-iteration order leaks causing flaky tests by @​cloudnativeninja in #​1158
• openapi2conv: nil-guard components lookup in FromV3SchemaRef by @​SAY-5 in #​1156
• Address various lint errors by @​fenollp in #​1157

New Contributors

• @​0-don made their first contribution in #​1148
• @​cloudnativeninja made their first contribution in #​1158
• @​SAY-5 made their first contribution in #​1156

Full Changelog: getkin/kin-openapi@v0.135.0...v0.136.0

v0.135.0

Compare Source

What's Changed

• openapi3: strip origin from Encodings and ServerVariables maps by @​reuvenharrison in #​1132
• fix: update yaml3 to prevent panic on empty mapping node in sequence by @​reuvenharrison in #​1133
• openapi3: strip origin from extension values to prevent spurious diffs by @​reuvenharrison in #​1137
• openapi3: strip origin from slices in example values by @​reuvenharrison in #​1138
• fix: bump yaml and yaml3 to v0.0.4 by @​reuvenharrison in #​1136
• openapi3: OriginTree approach for origin tracking — separate pass, no inline stripping by @​reuvenharrison in #​1142
• README: drop go-openapi/spec3 by @​zonescape in #​1143
• fix: bump yaml3+yaml to v0.0.9 to fix -root schema origin by @​reuvenharrison in #​1144
• openapi3: call ReadFromURIFunc before checking IsExternalRefsAllowed by @​reuvenharrison in #​1146
• fix: use location.String() instead of location.Path for origin file tracking by @​reuvenharrison in #​1145
• refactor: Replace sort usage with slices package by @​jedevc in #​1147

New Contributors

• @​zonescape made their first contribution in #​1143
• @​jedevc made their first contribution in #​1147

Full Changelog: getkin/kin-openapi@v0.134.0...v0.135.0

v0.134.0

Compare Source

What's Changed

• openapi3filter: feat(multipart-ct-decoder): default body decoder on binary schema by @​mieltn in #​1097
• openapi3: ensure SchemaErrors get the correct path for allOf schemas by @​jamesfcarter in #​1098
• openapi3filter: Fix empty string handling in parameter validation by @​utah-KT in #​1096
• tidy(docs): Update references to oapi-codegen project URL (issue #​1094) by @​frenchi in #​1095
• openapi2conv: fix allOf inside additionalProperties by @​dani-maarouf in #​1103
• openapi3filter: Reject requests with body when non expected (issue 1100) by @​CynanX in #​1101
• openapi3: fix for RFC3339 validation: time-offset is a required component by @​mpreu in #​1104
• openapi3: add file path to origin location tracking by @​reuvenharrison in #​1128
• openapi3filter: fix bug where absent optional properties fail validation in form-urlencoded requests by @​thierry-f-78 in #​1110
• feat: add document-scoped format validators to prevent global state pollution by @​the-corp-mark in #​1126
• openapi3: process discriminator mapping values as refs by @​RaduPetreTarean in #​1108
• openapi3: serialize Extensions when using $ref by @​irees in #​1131

New Contributors

• @​mieltn made their first contribution in #​1097
• @​jamesfcarter made their first contribution in #​1098
• @​utah-KT made their first contribution in #​1096
• @​frenchi made their first contribution in #​1095
• @​dani-maarouf made their first contribution in #​1103
• @​CynanX made their first contribution in #​1101
• @​mpreu made their first contribution in #​1104
• @​thierry-f-78 made their first contribution in #​1110
• @​the-corp-mark made their first contribution in #​1126
• @​RaduPetreTarean made their first contribution in #​1108

Full Changelog: getkin/kin-openapi@v0.133.0...v0.134.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux-kflux-prd-rh02]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go get -t ./...
go: downloading github.com/getkin/kin-openapi v0.138.0
go: downloading github.com/docker/go-connections v0.6.0
go: downloading github.com/oasdiff/yaml v0.0.9
go: downloading github.com/santhosh-tekuri/jsonschema/v6 v6.0.2
go: downloading github.com/oasdiff/yaml3 v0.0.12
go: github.com/openshift-hyperfleet/hyperfleet-api/pkg/api imports
	github.com/openshift-hyperfleet/hyperfleet-api/pkg/api/openapi: cannot find module providing package github.com/openshift-hyperfleet/hyperfleet-api/pkg/api/openapi
go: module github.com/bxcodec/faker/v3 is deprecated: use github.com/go-faker/faker/v4 instead.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign vkareh for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @red-hat-konflux-kflux-prd-rh02[bot]. Thanks for your PR.

I'm waiting for a openshift-hyperfleet member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Updated dependency library version to the latest release.

Walkthrough

The go.mod file is updated to bump the github.com/getkin/kin-openapi dependency from version v0.133.0 to v0.138.0. This is a minor version increment of an OpenAPI-related module. No other dependencies or module directives are affected.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and specifically describes the main change: updating the github.com/getkin/kin-openapi module dependency to v0.138.0.
Description check	✅ Passed	The description is fully related to the changeset, providing detailed release notes and context for the dependency update from v0.133.0 to v0.138.0.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch konflux/mintmaker/main/github.com-getkin-kin-openapi-0.x

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Line 11: The go.mod update changes github.com/getkin/kin-openapi to v0.138.0
but the linked repository openshift-hyperfleet/hyperfleet-sentinel still pins
github.com/getkin/kin-openapi v0.133.0 (seen in its oapi-codegen checksum list),
causing a version mismatch; coordinate by updating the dependency in the other
repo to v0.138.0 (replace the v0.133.0 entry with v0.138.0 and regenerate any
oapi-codegen artifacts/checksums) so both repos use
github.com/getkin/kin-openapi v0.138.0 consistently.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 0263f447-45cf-45b4-8156-70a5a7a5e339

📥 Commits

Reviewing files that changed from the base of the PR and between 19fe72e and 35c924a.

📒 Files selected for processing (1)

• go.mod

[coderabbitai]

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Coordinate version update with linked repository.

The linked repository openshift-hyperfleet/hyperfleet-sentinel still references github.com/getkin/kin-openapi v0.133.0 in .bingo/oapi-codegen.sum. If these repositories interact or share OpenAPI schemas, the version mismatch could lead to inconsistent validation or processing behavior.

Consider updating the linked repository to v0.138.0 as well to maintain consistency across the HyperFleet ecosystem.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` at line 11, The go.mod update changes github.com/getkin/kin-openapi
to v0.138.0 but the linked repository openshift-hyperfleet/hyperfleet-sentinel
still pins github.com/getkin/kin-openapi v0.133.0 (seen in its oapi-codegen
checksum list), causing a version mismatch; coordinate by updating the
dependency in the other repo to v0.138.0 (replace the v0.133.0 entry with
v0.138.0 and regenerate any oapi-codegen artifacts/checksums) so both repos use
github.com/getkin/kin-openapi v0.138.0 consistently.

[ciaranRoche]

Closing: superseded by renovate.json config in #158 (HYPERFLEET-1095). MintMaker will re-create grouped updates on the next Monday cycle.

[red-hat-konflux-kflux-prd-rh02]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (v0.138.0). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.