build(deps): bump the misc-dependencies group across 1 directory with 3 updates

[dependabot]

Bumps the misc-dependencies group with 3 updates in the / directory: google.golang.org/api, google.golang.org/grpc and gopkg.in/ini.v1.

Updates google.golang.org/api from 0.277.0 to 0.278.0

Release notes

Sourced from google.golang.org/api's releases.

v0.278.0

0.278.0 (2026-05-05)

Features

• all: Auto-regenerate discovery clients (#3582) (76b1187)
• all: Auto-regenerate discovery clients (#3584) (e36c883)

Changelog

Sourced from google.golang.org/api's changelog.

0.278.0 (2026-05-05)

Features

• all: Auto-regenerate discovery clients (#3582) (76b1187)
• all: Auto-regenerate discovery clients (#3584) (e36c883)

Commits

• 07c758d chore(main): release 0.278.0 (#3583)
• e36c883 feat(all): auto-regenerate discovery clients (#3584)
• 76b1187 feat(all): auto-regenerate discovery clients (#3582)
• See full diff in compare view

Updates google.golang.org/grpc from 1.80.0 to 1.81.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.0

Behavior Changes

• balancer/rls: Switch gauge metrics to asynchronous emission (once per collection cycle) to reduce telemetry noise and align with other gRPC language implementations. (#8808)

Dependencies

• Minimum supported Go version is now 1.25. (#8969)

Bug Fixes

• xds: Use the leaf cluster's security config for the TLS handshake instead of the aggregate cluster's config. (#8956)
• transport: Send a RST_STREAM when receiving an END_STREAM when the stream is not already half-closed. (#8832)
• xds: Fix ADS resource name validation to prevent a panic. (#8970)

New Features

• grpc/stats: Add support for custom labels in per-call metrics (gRFC A108). (#9008)
• xds: Add support for Server Name Indication (SNI) and SAN validation (gRFC A101). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_SNI=true environment variable. (#9016)
• xds: Add support to control which fields get propagated from ORCA backend metric reports to LRS load reports (gRFC A85). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION=true. (#9005)
• xds: Add metrics to track xDS client connectivity and cached resource state (gRFC A78). (#8807)
• stats/otel: Enhance grpc.subchannel.disconnections metric by adding disconnection reason to the grpc.disconnect_error label (gRFC A94). This provides granular insights into why subchannels are closing. (#8973)
• mem: Add mem.Buffer.Slice() API to slice the buffer like a slice. (#8977)
  • Special Thanks: @​ash2k

Performance Improvements

• alts: Pool read buffers to lower memory utilization when sockets are unreadable. (#8964)
• transport: Pool HTTP/2 framer read buffers to reduce idle memory consumption. Currently limited to Linux for ALTS and non-encrypted transports (TCP, Unix). To disable, set GRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING=false and report any issues. (#9032)

Commits

• cb18228 Change version to 1.81.0 (#9062)
• 96748f9 Cherry-pick #9105 to 1.81.x (#9106)
• 9183222 Cherry pick #9055, #9032 to v1.81.x (#9095)
• 5cba6da Revert "deps: update dependencies for all modules (#9065)" (#9067)
• af8a936 deps: update dependencies for all modules (#9065)
• cdc60df transport: optimize heap allocations in ready reader and update syscall conne...
• 208d053 xds/resolver: pass complete XDSConfig in RPC context for HTTP filters (gRFC A...
• 50fe1cc test: Fix flaky test TestServerStreaming_ClientCallRecvMsgTwice in `end2end...
• d574bad build(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 (#9050)
• b8bf4d0 build(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 in /inte...
• Additional commits viewable in compare view

Updates gopkg.in/ini.v1 from 1.67.1 to 1.67.2

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Summary by CodeRabbit

• Chores
  • Updated Go module dependencies for improved compatibility and stability.

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: d5a1eba9-3950-4e29-8f0c-f47e40a9b677

📥 Commits

Reviewing files that changed from the base of the PR and between 37f46b9 and 241fdec.

⛔ Files ignored due to path filters (30)

• go.sum is excluded by !**/*.sum
• vendor/google.golang.org/api/compute/v1/compute-api.json is excluded by !vendor/**, !**/vendor/**
• vendor/google.golang.org/api/compute/v1/compute-gen.go is excluded by !vendor/**, !**/vendor/**
• vendor/google.golang.org/api/compute/v1/compute2-gen.go is excluded by !vendor/**, !**/vendor/**
• vendor/google.golang.org/api/compute/v1/compute3-gen.go is excluded by !vendor/**, !**/vendor/**
• vendor/google.golang.org/api/dns/v1/dns-api.json is excluded by !vendor/**, !**/vendor/**
• vendor/google.golang.org/api/dns/v1/dns-gen.go is excluded by !vendor/**, !**/vendor/**
• vendor/google.golang.org/api/internal/version.go is excluded by !vendor/**, !**/vendor/**
• vendor/google.golang.org/grpc/clientconn.go is excluded by !vendor/**, !**/vendor/**
• vendor/google.golang.org/grpc/experimental/stats/metrics.go is excluded by !vendor/**, !**/vendor/**
• vendor/google.golang.org/grpc/internal/envconfig/envconfig.go is excluded by !vendor/**, !**/vendor/**
• vendor/google.golang.org/grpc/internal/envconfig/xds.go is excluded by !vendor/**, !**/vendor/**
• vendor/google.golang.org/grpc/internal/mem/buffer_pool.go is excluded by !vendor/**, !**/vendor/**
• vendor/google.golang.org/grpc/internal/resolver/config_selector.go is excluded by !vendor/**, !**/vendor/**
• vendor/google.golang.org/grpc/internal/transport/http2_client.go is excluded by !vendor/**, !**/vendor/**
• vendor/google.golang.org/grpc/internal/transport/http_util.go is excluded by !vendor/**, !**/vendor/**
• vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_linux.go is excluded by !vendor/**, !**/vendor/**
• vendor/google.golang.org/grpc/internal/transport/readyreader/raw_conn_nonlinux.go is excluded by !vendor/**, !**/vendor/**
• vendor/google.golang.org/grpc/internal/transport/readyreader/ready_reader.go is excluded by !vendor/**, !**/vendor/**
• vendor/google.golang.org/grpc/internal/transport/transport.go is excluded by !vendor/**, !**/vendor/**
• vendor/google.golang.org/grpc/mem/buffer_slice.go is excluded by !vendor/**, !**/vendor/**
• vendor/google.golang.org/grpc/mem/buffers.go is excluded by !vendor/**, !**/vendor/**
• vendor/google.golang.org/grpc/stream.go is excluded by !vendor/**, !**/vendor/**
• vendor/google.golang.org/grpc/version.go is excluded by !vendor/**, !**/vendor/**
• vendor/gopkg.in/ini.v1/.golangci.yml is excluded by !vendor/**, !**/vendor/**
• vendor/gopkg.in/ini.v1/data_source.go is excluded by !vendor/**, !**/vendor/**
• vendor/gopkg.in/ini.v1/file.go is excluded by !vendor/**, !**/vendor/**
• vendor/gopkg.in/ini.v1/key.go is excluded by !vendor/**, !**/vendor/**
• vendor/gopkg.in/ini.v1/struct.go is excluded by !vendor/**, !**/vendor/**
• vendor/modules.txt is excluded by !vendor/**, !**/vendor/**

📒 Files selected for processing (1)

• go.mod

---

📝 Walkthrough

Walkthrough

This change updates three Go module dependencies in go.mod. The google.golang.org/api package is updated from version v0.277.0 to v0.278.0, google.golang.org/grpc is updated from v1.80.0 to v1.81.0, and gopkg.in/ini.v1 is updated from v1.67.1 to v1.67.2. No local code or exported APIs are modified by these version increments.

🚥 Pre-merge checks | ✅ 12

✅ Passed checks (12 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change—a dependency version bump of three packages in a Go module.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR is a dependency version update only (go.mod/go.sum changes), with no test files created or modified. Check is not applicable.
Test Structure And Quality	✅ Passed	This PR only modifies go.mod, go.sum, and vendored dependencies. No test files (*_test.go) or test code were changed, so the Ginkgo test quality check is not applicable.
Microshift Test Compatibility	✅ Passed	PR only updates Go dependency versions in go.mod/go.sum. No new Ginkgo e2e tests are added, so the MicroShift Test Compatibility check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR only updates Go module dependencies in go.mod. No new Ginkgo e2e tests are added, so the check is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	Dependency version bump only. No deployment manifests, operator code, or controllers modified.
Ote Binary Stdout Contract	✅ Passed	OTE Stdout Contract check is not applicable. HyperShift is a CLI/operator, not an OTE test binary. The check applies only to binaries communicating with openshift-tests via JSON.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR only updates go.mod and go.sum dependencies. No new Ginkgo e2e tests are added. The check only applies when new tests are added.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/go_modules/misc-dependencies-4da0db8fe1

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign sjenning for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

@dependabot[bot]: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/images	241fdec	link	true	/test images

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[hypershift-jira-solve-ci]

Both analyses are complete. Let me compile the final report.

Test Failure Analysis Complete

Job Information

• Prow Job: pull-ci-openshift-hypershift-main-images
• Build ID: 2052555470220038144
• PR: build(deps): bump the misc-dependencies group across 1 directory with 3 updates #8461 — build(deps): bump the misc-dependencies group across 1 directory with 3 updates
• Second Job: GitHub Actions — gitlint / Gitlint (run 25530748734, job 74936325924)

Test Failure Analysis

Error

Job 1 (ci/prow/images):
  failed to wait for importing imagestreamtags on ci-op-lr5vqzx6/stable:
    failed to reimport the tag ci-op-lr5vqzx6/stable:vcf-migration-operator:
      unable to import tag ci-op-lr5vqzx6/stable:vcf-migration-operator with message
      Internal error occurred: [
        dockerimage.image.openshift.io "quay.io/openshift/ci:ocp_5.0_vcf-migration-operator" not found,
        dockerimage.image.openshift.io "quay-proxy.ci.openshift.org/openshift/ci:ocp_5.0_vcf-migration-operator" not found
      ] on the image stream even after (6) imports: timed out waiting for the condition

Job 2 (gitlint):
  3: B1 Line exceeds max length (224>140): "Bumps the misc-dependencies group with 3 updates
  in the / directory: [google.golang.org/api](https://github.com/googleapis/google-api-go-client),
  [google.golang.org/grpc](https://github.com/grpc/grpc-go) and gopkg.in/ini.v1."

Summary

Neither failure is caused by the code changes in PR #8461. Job 1 (ci/prow/images) failed because the CI infrastructure could not import the vcf-migration-operator image from the OCP 5.0 release stream — the image ocp_5.0_vcf-migration-operator does not exist at quay.io/openshift/ci or quay-proxy.ci.openshift.org/openshift/ci. All four PR images (hypershift, hypershift-operator, hypershift-cli, hypershift-tests) built successfully. Job 2 (gitlint) failed because Dependabot's auto-generated commit message body contains a 224-character line, exceeding the repository's 140-character limit configured in .gitlint rule B1.

Root Cause

Job 1 — ci/prow/images (CI infrastructure issue):

The images job builds PR images and then snapshots the OCP 5.0 release stream (ocp/5.0) to construct a latest release for testing. During the "creating release images" step, ci-operator tried to import the vcf-migration-operator tag into the CI namespace's stable imagestream. The image ocp_5.0_vcf-migration-operator was not found at either mirror (quay.io/openshift/ci or quay-proxy.ci.openshift.org/openshift/ci). After 6 retry attempts, the import timed out. This indicates vcf-migration-operator was recently added to the OCP 5.0 image stream definition but its image has not yet been published to the CI mirrors. This failure affects all PRs targeting main that trigger the images job — it is not specific to this PR.

Job 2 — gitlint (commit message formatting):

The .gitlint configuration enforces a maximum body line length of 140 characters (rule B1). Dependabot auto-generates a commit message body that lists all three bumped dependencies with full GitHub URLs in a single 224-character line. Dependabot does not wrap its commit message bodies to comply with project-specific line-length limits.

Recommendations

For Job 1 (ci/prow/images):

1. Retest — /retest the job; it may pass if the vcf-migration-operator image has since been published to the CI mirrors
2. If retesting still fails, file a bug against the OCP release tooling / ART team noting that ocp_5.0_vcf-migration-operator is missing from the CI image mirrors at quay.io/openshift/ci
3. This is a fleet-wide issue — confirm by checking whether other PRs' images jobs are also failing

For Job 2 (gitlint):

1. Squash-merge the PR with a manually written commit message that keeps body lines under 140 characters — this is the simplest fix
2. Alternatively, add a .gitlint ignore rule for Dependabot commits (e.g., ignore-by-author-name=dependabot in the [general] section) to prevent recurring failures on dependency update PRs

Evidence

Evidence	Detail
Failed step (Job 1)	creating_release_images — ci-operator graph step
Error reason (Job 1)	executing_graph:step_failed:creating_release_images
Missing image	quay.io/openshift/ci:ocp_5.0_vcf-migration-operator
Import retries	6 attempts, all failed with "not found"
PR image builds	All 4 succeeded (hypershift, hypershift-operator, hypershift-cli, hypershift-tests)
Failed rule (Job 2)	.gitlint rule B1 — body-max-line-length
Max allowed length	140 characters
Actual line length	224 characters
Offending line	Dependabot-generated dependency list with full GitHub URLs
PR code changes	go.mod/go.sum dependency bumps — no compilation errors

---