updating keda package to v2.17.0 and updating go version to 1.23.8

[brettmthompson]

Description

In the latest sync from opendatahub-io to red-hat-data-services, the snyk scan failed: https://app.snyk.io/org/red-hat-openshift-data-science-rhods/pr-checks/46eb5b05-92b3-4f68-a859-21a3505d55eb

The failure was due to vulnerabilities identified in the github.com/expr-lang/expr v1.16.9 package which is a dependency of github.com/kedacore/keda/v2v2.16.1. Per snyk these issues are resolved in github.com/expr-lang/expr v1.17.0 . This will require an update of the github.com/kedacore/keda/v2 package to a version >= v2.17.0.

This PR updates the github.com/kedacore/keda/v2 package to version v2.17.0. This updated package requires golang version 1.23.8 so the golang version is also bumped in this PR.

How Has This Been Tested?

Merge criteria:

• JIRA(s) are linked in the PR description
• The commits are squashed in a cohesive manner and have meaningful messages.
• Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
• The developer has manually tested the changes and verified that the changes work

Summary by CodeRabbit

• Chores
  • Updated the Go toolset and base image to newer patch versions.
  • Upgraded several dependencies to their latest versions and removed unused dependencies.

[coderabbitai]

Walkthrough

The changes update the Go toolset version in the container build process and refresh multiple Go module dependencies to newer versions. No functional code changes, public API modifications, or alterations to the module structure are present.

Changes

File(s)	Change Summary
Containerfile	Updated Go toolset base image from version 1.23.6 to 1.23.9 in the build stage.
go.mod, go.sum	Updated Go module version to 1.23.8 and upgraded several dependencies to newer versions; removed some indirect dependencies.

Poem

A hop and a skip, new versions in tow,
The build hops forward, dependencies grow.
With fresher Go tools and libraries anew,
The code stays crisp, the bugs are few.
🐇✨—A rabbit’s update, swift and true!

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e1cf407 and 4bfbc56.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (2)

• Containerfile (1 hunks)
• go.mod (5 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Run on Ubuntu
• GitHub Check: Run on Ubuntu

🔇 Additional comments (8)

go.mod (7)

3-3: Bump Go language version to 1.23.8
Ensures the minimum Go version meets the requirements of the updated dependencies.

---

11-11: Upgrade KEDA dependency to v2.17.0
This addresses the Snyk-reported vulnerability by pulling in expr-lang/expr v1.17.x transitively.

---

16-17: Upgrade test frameworks: Ginkgo v2.23.4 and Gomega v1.37.0
These are major/minor bumps—please run the full test suite to confirm no specs break under Ginkgo v2.

---

32-32: Update Knative pkg dependency
Bumped to a newer commit; verify any API deprecations or behavioral changes in downstream code.

---

35-35: Upgrade controller-runtime to v0.19.7
Patch bump—ensure that reconciliation and caching APIs remain backward-compatible.

---

65-65: Indirect bump of expr-lang/expr to v1.17.2
Confirms the fix for the CVE present in v1.16.9.

---

39-158: Skip: Bulk indirect dependency upgrades
All other indirect modules were refreshed by go mod tidy with no direct code changes.

Containerfile (1)

2-2: Bump Go toolset base image to 1.23.9
Aligns the builder image with the updated Go module version. Please verify that using toolset 1.23.9 against go.mod's go 1.23.8 is intentional.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[openshift-ci]

@brettmthompson: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/unit	4bfbc56	link	true	/test unit

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[brettmthompson]

Need to re-run CI job failure once openshift/release#66265 is merged

[brettmthompson]

/cc @israel-hdez
/cc @Jooho
/cc @bartoszmajsak
/cc @pierDipi

[spolti]

/aprove

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: brettmthompson, spolti

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [brettmthompson,spolti]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[brettmthompson]

keda version bump no longer required. CVEs resolved in #464. Closing this PR

[openshift-merge-robot]

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.