Skip to content

Bump google.golang.org/api from 0.257.0 to 0.265.0 #1006

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump google.golang.org/api from 0.257.0 to 0.265.0 #1006

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 9, 2026

Bumps google.golang.org/api from 0.257.0 to 0.265.0.

Release notes

Sourced from google.golang.org/api's releases.

v0.265.0

0.265.0 (2026-02-04)

Features

v0.264.0

0.264.0 (2026-01-29)

Features

v0.263.0

0.263.0 (2026-01-27)

Features

v0.262.0

0.262.0 (2026-01-22)

Features

Bug Fixes

  • internaloption: Add WithTelemetryAttributes (#3442) (2a5c807)

v0.261.0

... (truncated)

Changelog

Sourced from google.golang.org/api's changelog.

0.265.0 (2026-02-04)

Features

0.264.0 (2026-01-29)

Features

0.263.0 (2026-01-27)

Features

0.262.0 (2026-01-22)

Features

Bug Fixes

  • internaloption: Add WithTelemetryAttributes (#3442) (2a5c807)

0.261.0 (2026-01-20)

Features

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump google.golang.org/api from 0.257.0 to 0.265.0
1756def 
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.257.0 to 0.265.0.
- [Release notes](https://github.com/googleapis/google-api-go-client/releases)
- [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md)
- [Commits](googleapis/google-api-go-client@v0.257.0...v0.265.0)

---
updated-dependencies:
- dependency-name: google.golang.org/api
  dependency-version: 0.265.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Feb 9, 2026
@dependabot dependabot bot mentioned this pull request Feb 9, 2026
Closed
@openshift-ci openshift-ci bot requested a review from rcampos2029 February 9, 2026 09:10
@coderabbitai
Copy link

coderabbitai bot commented Feb 9, 2026
edited
Loading

Walkthrough

This pull request updates multiple Google Cloud Go library dependencies to newer versions in the go.mod file. The updates include minor and patch version bumps for google.golang.org/api, google.golang.org/grpc, cloud.google.com/go/auth, and related indirect dependencies, with no new modules introduced or removed.

Changes

Cohort / File(s) Summary
Go Module Dependencies
go.mod		 Updated versions for google.golang.org/api (v0.257.0 → v0.265.0), google.golang.org/grpc (v1.77.0 → v1.78.0), cloud.google.com/go/auth (v0.18.0 → v0.18.1), and indirect dependencies (enterprise-certificate-proxy v0.3.7 → v0.3.11, genproto/googleapis/rpc).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately describes the main change: bumping google.golang.org/api from version 0.257.0 to 0.265.0, which aligns with the changeset.
Description check ✅ Passed The description is directly related to the changeset, providing release notes, changelog details, and commit history for the google.golang.org/api version bump.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch dependabot/go_modules/google.golang.org/api-0.265.0

Comment @coderabbitai help to get the list of available commands and usage tips.

@openshift-ci
Copy link

openshift-ci bot commented Feb 9, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign rcampos2029 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Feb 9, 2026
@openshift-ci
Copy link

openshift-ci bot commented Feb 9, 2026

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift-online member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

coderabbitai[bot]
coderabbitai bot reviewed Feb 9, 2026
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Fix all issues with AI agents 
In `@go.mod`:
- Around line 30-31: The grpc dependency bump to google.golang.org/grpc v1.78.0
introduces breaking changes—review and update any code that constructs gRPC
targets, xDS usage, and status/header handling: search for grpc.Dial,
grpc.DialContext, grpc.WithAuthority, grpc.WithTarget, grpcurl/target strings
and ensure hosts with colons are bracketed or use proper authority/target
options; inspect any xDS/resolver/XDS or package "google.golang.org/grpc/xds"
usages and virtual host/resource retention logic and update matching/config
handling accordingly; and audit places that read grpc-status/grpc-message from
metadata or implement custom transport/status parsing to handle malformed
headers (treat as Unknown) or rely on grpc/status APIs. Make targeted fixes in
those functions/modules to conform to v1.78.0 behavior before committing the
go.mod change.
- Line 40: Ensure the root genproto module is updated to at least
google.golang.org/genproto v0.0.0-20230526161137-0005af68ea54 to avoid ambiguous
imports caused by the googleapis/rpc submodule split; update the go.mod
requirement for google.golang.org/genproto accordingly, then run go mod tidy to
reconcile indirect deps (including cloud.google.com/go/auth and
github.com/googleapis/enterprise-certificate-proxy), and run the full test suite
to verify there are no import or compatibility errors.

go.mod
Comment on lines +30 to +31
google.golang.org/api v0.265.0
google.golang.org/grpc v1.78.0
Copy link

@coderabbitai coderabbitai bot Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

google.golang.org/api v0.265.0 release notes changelog breaking changes

💡 Result:

google.golang.org/api v0.265.0 (released 2026-02-04) changelog items are: (1) “Add checksums for single chunk json uploads” and (2) several “Auto-regenerate discovery clients” entries. (chromium.googlesource.com)

Breaking changes: The v0.265.0 section of the project changelog does not include a “⚠ BREAKING CHANGES” heading or any breaking-change entries (i.e., none are called out for this release). (chromium.googlesource.com)

Citations:

🌐 Web query:

google.golang.org/grpc v1.78.0 release notes changelog breaking changes

💡 Result:

google.golang.org/grpc (grpc-go) v1.78.0 — release notes / changelog (Dec 23, 2025)

Breaking / behavior changes

  • Client target URL validation tightened (Go 1.26+): gRPC-Go now rejects target URLs with unbracketed colons in the hostname, aligning with Go’s newer URL validation behavior. This can break clients that previously “worked” with such targets. [1]
  • xds/resolver routing/config handling changed: [1]
    • Drops previous route resources and reports an error when no matching virtual host is found.
    • Only logs LDS/RDS config errors after a successful update, and retains the last valid resource to avoid transient failures.
  • Malformed grpc-status handling: client transport now returns status code Unknown when grpc-status is malformed. [1]

New features

  • OpenTelemetry stats: add grpc.lb.backend_service label to weighted round-robin metrics (gRFC A89). [1]
  • OpenTelemetry stats: add subchannel metrics (intended to eventually replace pick_first metrics). [1]
  • Client: wait for pending goroutines when closing a graceful switch balancer. [1]
  • Client: add experimental.AcceptCompressors to restrict what’s advertised via grpc-accept-encoding. [1]

Bug fixes / performance

  • xDS: fix StringMatcher regex behavior with ignore_case=true. [1]
  • Client connectivity-state and OnFinish invocation fixes for certain stream-creation failures. [1]
  • xdsclient race fix that could lead to resource-not-found errors. [1]
  • mem: pool allocations >1MiB rounded up to nearest 4KiB. [1]

Source: grpc-go “Release 1.78.0” notes on GitHub. [1]

References:
[1] (github.com)

Citations:

Review google.golang.org/grpc v1.78.0 breaking changes before upgrading.

google.golang.org/api v0.265.0 has no breaking changes and the auto-regenerated discovery clients are compatible. However, google.golang.org/grpc v1.78.0 introduces breaking changes that require code review:

  • Target URL validation (Go 1.26+): gRPC now rejects target URLs with unbracketed colons in hostnames. Update any custom client targets if affected.
  • xDS routing/config changes: Virtual host matching and resource retention behavior differs. Update any xDS-based service discovery logic.
  • Malformed grpc-status handling: Client transport now returns Unknown status for malformed headers instead of previous behavior.

Review your codebase for usage of these features and update accordingly.

🤖 Prompt for AI Agents 
In `@go.mod` around lines 30 - 31, The grpc dependency bump to
google.golang.org/grpc v1.78.0 introduces breaking changes—review and update any
code that constructs gRPC targets, xDS usage, and status/header handling: search
for grpc.Dial, grpc.DialContext, grpc.WithAuthority, grpc.WithTarget,
grpcurl/target strings and ensure hosts with colons are bracketed or use proper
authority/target options; inspect any xDS/resolver/XDS or package
"google.golang.org/grpc/xds" usages and virtual host/resource retention logic
and update matching/config handling accordingly; and audit places that read
grpc-status/grpc-message from metadata or implement custom transport/status
parsing to handle malformed headers (treat as Unknown) or rely on grpc/status
APIs. Make targeted fixes in those functions/modules to conform to v1.78.0
behavior before committing the go.mod change.

go.mod
cel.dev/expr v0.25.1 // indirect
cloud.google.com/go v0.123.0 // indirect
cloud.google.com/go/auth v0.18.0 // indirect
cloud.google.com/go/auth v0.18.1 // indirect
Copy link

@coderabbitai coderabbitai bot Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

cat -n go.mod | head -50

Repository: openshift-online/ocm-cli

Length of output: 2393

🏁 Script executed:

cat -n go.mod | sed -n '95,105p'

Repository: openshift-online/ocm-cli

Length of output: 743

🏁 Script executed:

cat -n go.mod | sed -n '155,165p'

Repository: openshift-online/ocm-cli

Length of output: 763

🌐 Web query:

cloud.google.com/go/auth v0.18.1 release notes changelog

💡 Result:

cloud.google.com/go/auth v0.18.1 was published 2026-01-21. (pkg.go.dev)

Changelog / release notes (v0.18.1)

Bug fixes

  • Add InternalOptions.TelemetryAttributes (for internal client use). (newreleases.io)
  • Remove singleton and restore normal usage of otelgrpc.clientHandler. (newreleases.io)

Citations:

🌐 Web query:

googleapis/enterprise-certificate-proxy v0.3.11 release notes

💡 Result:

googleapis/enterprise-certificate-proxy v0.3.11 release notes (“What’s Changed”):

  • chore: Update version.txt to v0.3.11 (#176) [1]
  • chore: Update http_proxy logging so it’s enabled via ENABLE_ENTERPRSE_CERTIFICATE_LOGS (#175) [1]
  • feat: Update CODEOWNERS to add Radhika and Nolan (#166) [1]
  • deps: Bump golang.org/x/crypto 0.35.0 → 0.45.0 (#161) [1]
  • deps: Update Go toolchain dependency to Go 1.25 (#144) [1]
  • deps: Update golang.org/x/sys to v0.40.0 (#145) [1]
  • deps: Update golang.org/x/crypto to v0.47.0 (#177) [1]

Sources: [1], [2] (tag/commit metadata for v0.3.11). [1][2]

🌐 Web query:

google.golang.org/genproto rpc 0.0.0-20260128011058 breaking changes

💡 Result:

That pseudo-version (google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409, published Jan 28, 2026) is part of the multi-module split of google.golang.org/genproto, where googleapis/rpc is its own submodule (not just a directory in the root module anymore). [1]

What breaks (most common)

“Ambiguous import” / duplicate packages during go mod tidy / builds when your build list contains:

  • an older google.golang.org/genproto root module version that still overlaps with packages that are now provided by submodules, and
  • the new submodule(s) like google.golang.org/genproto/googleapis/rpc.

The go-genproto maintainers warned that after 2024-03-01 the temporary “back-ref” compatibility would be removed, and projects pinned to older root versions would then start hitting ambiguous import errors unless upgraded. [2]

What to do

  • Upgrade the root module to a post-split version (maintainers recommend v0.0.0-20230526161137-0005af68ea54), then tidy:
    • go get google.golang.org/genproto@latest
    • go mod tidy [2]
  • If you directly import RPC protos, depend on the submodule explicitly:
    • go get google.golang.org/genproto/googleapis/rpc@v0.0.0-20260128011058-8636f8732409 [1]
  • Ensure you’re not indirectly pulling an older google.golang.org/genproto root version via other deps; if you are, add/keep an explicit require google.golang.org/genproto ... at a new enough version and re-tidy. [2]

Sources:
[1] pkg.go.dev module page for google.golang.org/genproto/googleapis/rpc at v0.0.0-20260128011058-8636f8732409 (published Jan 28, 2026)
[2] googleapis/go-genproto issue #1015 (“New submodules… avoid ambiguous import errors”, deadline 2024-03-01, recommended minimum version)

Verify genproto module split compatibility and run full test suite.

The cloud.google.com/go/auth v0.18.1 and github.com/googleapis/enterprise-certificate-proxy v0.3.11 upgrades contain only bug fixes and maintenance updates with no breaking changes. However, the google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 dependency is part of a module split where googleapis/rpc is now a separate submodule. This can cause ambiguous import errors if the root google.golang.org/genproto module is outdated. Ensure the root module version is at least v0.0.0-20230526161137-0005af68ea54, then run go mod tidy and verify all tests pass.

🤖 Prompt for AI Agents 
In `@go.mod` at line 40, Ensure the root genproto module is updated to at least
google.golang.org/genproto v0.0.0-20230526161137-0005af68ea54 to avoid ambiguous
imports caused by the googleapis/rpc submodule split; update the go.mod
requirement for google.golang.org/genproto accordingly, then run go mod tidy to
reconcile indirect deps (including cloud.google.com/go/auth and
github.com/googleapis/enterprise-certificate-proxy), and run the full test suite
to verify there are no import or compatibility errors.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@rcampos2029 rcampos2029 Awaiting requested review from rcampos2029

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants