Build(deps): Bump cloud.google.com/go/storage from 1.58.0 to 1.62.1

[dependabot]

Bumps cloud.google.com/go/storage from 1.58.0 to 1.62.1.

Release notes

Sourced from cloud.google.com/go/storage's releases.

storage: v1.62.1

v1.62.1 (2026-04-13)

Commits

• f4b10ee chore: librarian release pull request: 20260413T041034Z (#14421)
• dc245af feat(storage): add client feature tracking support (#14320)
• cfdd7ba chore(.github/CODEOWNERS): Add AION SDK as code owners for the auth library (...
• e2d578c test(datastore): skip flaky tests due to datastore contention (#14416)
• 56e1a62 chore: librarian release pull request: 20260409T222456Z (#14413)
• 5ca653a chore: regenerate libraries using protobuf 31, and update generation check wo...
• b4c40aa chore(all): update module go.opentelemetry.io/otel/sdk to v1.43.0 [SECURITY] ...
• eb896d0 chore(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 in /comp...
• 26c0341 chore(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 in /cont...
• 8a7febc feat(firestore): Implement Search pipeline stage and related expressions (#14...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coderabbitai]

Summary by CodeRabbit

• Chores
  • Updated Go toolchain to version 1.25.0 for improved performance and compatibility
  • Upgraded multiple dependencies including Google Cloud libraries, authentication and authorization frameworks, and telemetry utilities to newer versions for enhanced stability and security

Walkthrough

Updated Go toolchain from version 1.24.13 to 1.25.0. Upgraded multiple direct dependencies including Google Cloud and GRPC packages, and bumped numerous indirect dependencies related to authentication, telemetry, and runtime libraries.

Changes

Cohort / File(s)

Summary

Dependency Updates go.mod

Incremented Go toolchain to 1.25.0. Updated direct dependencies: cloud.google.com/go/iam, cloud.google.com/go/storage, github.com/googleapis/gax-go/v2, google.golang.org/api, google.golang.org/grpc, golang.org/x/term, golang.org/x/text. Bumped indirect dependencies: OpenTelemetry packages (v1.39.0 → v1.43.0), authentication/crypto modules (golang.org/x/crypto, golang.org/x/oauth2, golang.org/x/net, golang.org/x/sys), and google.golang.org/genproto/* revisions.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly specifies the main dependency bump from cloud.google.com/go/storage 1.58.0 to 1.62.1, which aligns with the primary change in the changeset.
Description check	✅ Passed	The description provides relevant context about the dependency update including release notes, commit history, and Dependabot instructions, all directly related to the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/go_modules/cloud.google.com/go/storage-1.62.1

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign miguelhbrito for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift-online member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

go.mod (1)

12-12: Refactor error assertions to use errors.As() for compatibility with error wrapping in updated GCP dependencies.

These upgrades can alter error wrapping behavior. The concrete assertions (err.(*apierror.APIError), err.(*googleapi.Error)) are fragile and may fail if GCP libraries wrap errors—a pattern that can occur with version updates. The safer approach using errors.As() already exists in the codebase (see isNotFound() function in error_handlers.go) and handles wrapped errors correctly.

Affected locations:

• pkg/gcp/error_handlers.go: lines 13, 24, 32, 50
• cmd/ocm/gcp/gcp-client-shim.go: lines 195, 262, 363, 413, 1161

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 12, Replace fragile concrete type assertions
(err.(*apierror.APIError), err.(*googleapi.Error)) with errors.As-based checks
so wrapped errors are detected; update the checks in pkg/gcp/error_handlers.go
(the functions around isNotFound()) and all similar assertions in
cmd/ocm/gcp/gcp-client-shim.go to use errors.As(&target) and then inspect target
for status/code/message, preserving existing logic branches and logging/return
behavior. Ensure you import "errors" where missing and keep the same downstream
handling once the target type is extracted via errors.As.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Line 3: CI uses older Go versions than go.mod's declared minimum (go 1.25.0);
update the workflow steps that set up Go to match or exceed 1.25.0. In the
GitHub Actions workflows referenced (check-pull-request.yaml and
publish-release.yaml) change the actions/setup-go inputs named go-version to
"1.25" (or "1.25.x"/">=1.25" where supported) for the occurrences currently set
to 1.22 and 1.23 (the two go-version entries in check-pull-request.yaml and the
go-version entry in publish-release.yaml) so the runner Go version is consistent
with go.mod.

---

Nitpick comments:
In `@go.mod`:
- Line 12: Replace fragile concrete type assertions (err.(*apierror.APIError),
err.(*googleapi.Error)) with errors.As-based checks so wrapped errors are
detected; update the checks in pkg/gcp/error_handlers.go (the functions around
isNotFound()) and all similar assertions in cmd/ocm/gcp/gcp-client-shim.go to
use errors.As(&target) and then inspect target for status/code/message,
preserving existing logic branches and logging/return behavior. Ensure you
import "errors" where missing and keep the same downstream handling once the
target type is extracted via errors.As.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: af75307f-e445-40d6-84b1-1f71720ebeea

📥 Commits

Reviewing files that changed from the base of the PR and between f80645d and 72bd5fe.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify all toolchain pins align with go 1.25.x after the go.mod bump.

set -euo pipefail

echo "== go.mod / go.work directives =="
rg -nP '^\s*go\s+1\.' go.mod go.work 2>/dev/null || true

echo
echo "== GitHub Actions go-version pins =="
rg -nP 'go-version\s*:\s*["'\'']?1\.[0-9]+' .github/workflows 2>/dev/null || true

echo
echo "== Docker/base image Go pins =="
rg -nP 'golang:1\.[0-9]+' -g '*Dockerfile*' -g '!**/vendor/**' 2>/dev/null || true

echo
echo "== Other Go version env pins =="
rg -nP '\b(GO_VERSION|GOLANG_VERSION)\b.*1\.[0-9]+' -g '!**/vendor/**' 2>/dev/null || true

Repository: openshift-online/ocm-cli

Length of output: 431

---

Update GitHub Actions workflows to use Go 1.25.0; go.mod now declares this minimum version.

CI pipelines are pinned to older versions:

• check-pull-request.yaml: lines 51 and 77 use go-version: 1.22 and 1.23
• publish-release.yaml: line 45 uses go-version: 1.23

These must match or exceed the go 1.25.0 directive in go.mod (line 3), otherwise builds will fail post-merge.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` at line 3, CI uses older Go versions than go.mod's declared minimum
(go 1.25.0); update the workflow steps that set up Go to match or exceed 1.25.0.
In the GitHub Actions workflows referenced (check-pull-request.yaml and
publish-release.yaml) change the actions/setup-go inputs named go-version to
"1.25" (or "1.25.x"/">=1.25" where supported) for the occurrences currently set
to 1.22 and 1.23 (the two go-version entries in check-pull-request.yaml and the
go-version entry in publish-release.yaml) so the runner Go version is consistent
with go.mod.