Bump github.com/onsi/ginkgo/v2 from 2.27.5 to 2.28.1

[dependabot]

Bumps github.com/onsi/ginkgo/v2 from 2.27.5 to 2.28.1.

Release notes

Sourced from github.com/onsi/ginkgo/v2's releases.

v2.28.1

2.28.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

v2.28.0

2.28.0

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

can be filtered in or out with an invocation like:

ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"

Huge thanks to @​Icarus9913 for working on this!

Changelog

Sourced from github.com/onsi/ginkgo/v2's changelog.

2.28.1

Update all dependencies. This auto-updated the required version of Go to 1.24, consistent with the fact that Go 1.23 has been out of support for almost six months.

2.28.0

Ginkgo's SemVer filter now supports filtering multiple components by SemVer version:

It("should work in a specific version range (1.0.0, 2.0.0) and third-party dependency redis in [8.0.0, ~)", SemVerConstraint(">= 3.2.0"), ComponentSemVerConstraint("redis", ">= 8.0.0") func() {
    // This test will only run when version is between 1.0.0 (exclusive) and 2.0.0 (exclusive) and redis version is >= 8.0.0
})

can be filtered in or out with an invocation like:

ginkgo --sem-ver-filter="2.1.1, redis=8.2.0"

Huge thanks to @​Icarus9913 for working on this!

Commits

• 5d1d628 v2.28.1
• 676f985 update test mu language
• 8032100 appease go vet
• 41ca807 bump dependencies
• 2b2305b v2.28.0
• 71d2d89 feat: support component semantic version filtering
• 8cbbcb4 Fix doclink for ginkgo run
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to Reviews -> Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between 8f8d4a3 and c2a4bd3.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod

🚧 Files skipped from review as they are similar to previous changes (1)

• go.mod

---

Walkthrough

Updated dependency versions in go.mod: ginkgo/v2 from v2.27.5 to v2.28.1, gomega from v1.38.3 to v1.39.0, and pprof indirect dependency from v0.0.0-20251206212654-f1b79c6b8239 to v0.0.0-20260115054156-294ebfa9ad83. No new direct dependencies or public API changes.

Changes

Cohort / File(s)	Summary
Dependency Updates go.mod	Bump ginkgo/v2 to v2.28.1, gomega to v1.39.0, and pprof indirect dependency to v0.0.0-20260115054156-294ebfa9ad83. No breaking changes or new dependencies added.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly and specifically references the main change: bumping ginkgo/v2 from 2.27.5 to 2.28.1, which matches the primary modification in the changeset.
Description check	✅ Passed	The description is directly related to the changeset, providing detailed release notes, changelog entries, and commit information for the ginkgo/v2 dependency update.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dependabot/go_modules/github.com/onsi/ginkgo/v2-2.28.1

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign rcampos2029 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift-online member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@go.mod`:
- Line 97: The pprof module was bumped to v0.0.0-20260115054156-294ebfa9ad83
which requires Go 1.24.9+; update the project's minimum Go version to at least
1.24.9 by changing the go directive in go.mod (the "go" version) and ensure
CI/workflow configurations that set the Go toolchain (e.g., GitHub Actions,
Makefile, or Dockerfiles) are adjusted to use Go 1.24.9 or newer so tests and
builds won't fail due to the Go 1.24.8 bug.
- Around line 17-18: The go.mod Go version (go 1.24.6) is inconsistent with the
CI test runner (Go 1.22); either update CI to run Go 1.24.x or lower the go
directive in go.mod to match CI (e.g., change to go 1.22) so versions align.
Confirm gomega v1.39.0 and ginkgo v2.28.1 work with the chosen Go version, and
then update the go.mod "go" line and/or the CI workflow Go version accordingly,
rerun tests, and commit the change to keep go.mod (go 1.24.6), ginkgo v2.28.1,
and gomega v1.39.0 consistent with CI.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

Ginkgo v2.28.1 release notes Go version requirement

💡 Result:

Web search failed: Server error: no LLM provider could handle the message

---

🌐 Web query:

Gomega v1.39.0 release notes Go version requirement

💡 Result:

Gomega v1.39.0 did not change the Go version requirement; it remained at Go 1.23 (the prior release v1.38.2 explicitly “roll[ed] back to go 1.23.0”, and the Go requirement bump to Go 1.24 only appears in v1.39.1 release notes). [1]

Source: onsi/gomega GitHub Releases page. [1]

---

🌐 Web query:

Ginkgo v2.28.1 minimum Go version compatibility requirements

💡 Result:

Web search failed: Server error: no LLM provider could handle the message

---

🏁 Script executed:

# Check for CI/toolchain configuration files
git ls-files | grep -E '(\.github/|\.gitlab|\.circleci|go\.mod|go\.sum|Makefile|\.tool-versions)' | head -20

Repository: openshift-online/ocm-cli

Length of output: 229

---

🏁 Script executed:

# Check GitHub workflow for Go version used in CI
cat .github/workflows/check-pull-request.yaml | head -80

Repository: openshift-online/ocm-cli

Length of output: 2188

---

🏁 Script executed:

# Check go.mod for any comments or full dependency details
cat -n go.mod

Repository: openshift-online/ocm-cli

Length of output: 9810

---

Reconcile CI/toolchain Go version mismatch with go.mod declaration.

The test job in CI runs on Go 1.22 (.github/workflows/check-pull-request.yaml, line 47), while go.mod declares Go 1.24.6. Gomega v1.39.0 requires only Go 1.23 minimum, so verify that ginkgo v2.28.1 is compatible with the declared minimum Go version and that CI is updated to test against it.

🤖 Prompt for AI Agents

In `@go.mod` around lines 17 - 18, The go.mod Go version (go 1.24.6) is
inconsistent with the CI test runner (Go 1.22); either update CI to run Go
1.24.x or lower the go directive in go.mod to match CI (e.g., change to go 1.22)
so versions align. Confirm gomega v1.39.0 and ginkgo v2.28.1 work with the
chosen Go version, and then update the go.mod "go" line and/or the CI workflow
Go version accordingly, rerun tests, and commit the change to keep go.mod (go
1.24.6), ginkgo v2.28.1, and gomega v1.39.0 consistent with CI.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

github.com/google/pprof v0.0.0-20260115054156 security advisories CVE

💡 Result:

For github.com/google/pprof at v0.0.0-20260115054156-294ebfa9ad83 (your pseudo-version; commit shown in Go’s vendored modules.txt) there are no published GitHub Security Advisories, and therefore no CVEs are currently associated via the upstream google/pprof repo’s advisory feed. [2][1]

---

🌐 Web query:

github.com/google/pprof January 2026 release notes compatibility Go version

💡 Result:

• GitHub “release notes” (Jan 2026): The google/pprof repo does not publish GitHub Releases (“No releases published”), so there aren’t official January 2026 “release notes” in the Releases UI. [1]
• What changed around January 2026 (based on commits):
  • Jan 11, 2026: “allow compatibility with go 1.24.0”. [2]
  • Dec 7, 2025 → carried into Jan 2026 mainline: “Require at least 1.24.9” (because Go 1.24.8 had a bug causing test failures). [3]
  • Jan 15, 2026 (main): repo state includes maintenance updates like golangci-lint update (commit shown as Jan 15, 2026 in the mirror). [4]
• Go version compatibility (as of that Jan 2026 mainline state):
  • The module’s go.mod declares go 1.24.9, and the project explicitly raised the minimum to Go 1.24.9+ due to the Go 1.24.8 bug. [5] [3]
• Which pprof version Go itself picked up in Jan 2026: The Go repo updated its vendored github.com/google/pprof to v0.0.0-20260115054156-294ebfa9ad83. [6]

Sources: [1] [2] [3] [4] [5] [6]

---

Ensure Go 1.24.9+ compatibility for pprof update.

This pprof version requires Go 1.24.9 or later (due to a bug in Go 1.24.8 that causes test failures). No security advisories are associated with this update, but verify the project's minimum Go version supports 1.24.9+.

🤖 Prompt for AI Agents

In `@go.mod` at line 97, The pprof module was bumped to
v0.0.0-20260115054156-294ebfa9ad83 which requires Go 1.24.9+; update the
project's minimum Go version to at least 1.24.9 by changing the go directive in
go.mod (the "go" version) and ensure CI/workflow configurations that set the Go
toolchain (e.g., GitHub Actions, Makefile, or Dockerfiles) are adjusted to use
Go 1.24.9 or newer so tests and builds won't fail due to the Go 1.24.8 bug.

[openshift-merge-robot]

rebase

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-merge-robot]

rebase

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.