Update ocs-operator direct dependencies

[malayparida2000]

No description provided.

[iamniting]

Pls confirm if 1.22.9 is available DS with @b-ranto and remove the hold

/hold

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: iamniting, malayparida2000

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [iamniting]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[iamniting]

/test ocs-operator-bundle-e2e-aws

[iamniting]

/test ocs-operator-bundle-e2e-aws

[malayparida2000]

@iamniting The failure is genuine

hack/build-functest.sh
Installing GINKGO binary at /go/src/github.com/red-hat-storage/ocs-operator/bin/ginkgo
go: go.mod requires go >= 1.22.9 (running go 1.22.7; GOTOOLCHAIN=local)
make: *** [Makefile:105: build-functest] Error 1
{"component":"entrypoint","error":"wrapped process failed: exit status 2","file":"sigs.k8s.io/prow/pkg/entrypoint/run.go:84","func":"sigs.k8s.io/prow/pkg/entrypoint.Options.internalRun","level":"error","msg":"Error executing test process","severity":"error","time":"2024-11-13T18:37:58Z"}

[malayparida2000]

@iamniting The failure is genuine

hack/build-functest.sh
Installing GINKGO binary at /go/src/github.com/red-hat-storage/ocs-operator/bin/ginkgo
go: go.mod requires go >= 1.22.9 (running go 1.22.7; GOTOOLCHAIN=local)
make: *** [Makefile:105: build-functest] Error 1
{"component":"entrypoint","error":"wrapped process failed: exit status 2","file":"sigs.k8s.io/prow/pkg/entrypoint/run.go:84","func":"sigs.k8s.io/prow/pkg/entrypoint.Options.internalRun","level":"error","msg":"Error executing test process","severity":"error","time":"2024-11-13T18:37:58Z"}

seems openshift-ci env has locally go 1.22.7 installed.

[openshift-ci]

New changes are detected. LGTM label has been removed.

[umangachapagain]

Can we avoid locking this to a specific z-release? Can we just keep it 1.22.0 ? Toolchain version can be 1.22.7.

[malayparida2000]

@umangachapagain is there a reason for that?

[umangachapagain]

That'd allow me to use any 1.22.z instead of forcing me to a specific version ?

[malayparida2000]

Sticking to go 1.22.0 may open us up to potential CVEs, and I have confirmed with the Build team and Go 1.22.7 is the latest available version in their environment & it's the latest available in openshift CI env as well. So I see no harm in using that.

[malayparida2000]

That'd allow me to use any 1.22.z instead of forcing me to a specific version ?

I think by that you meant specifying only 1.22 not 1.22.0? If we specify just 1.22 it will pull 1.22.9 which is not available in Builder images so it will cause issue in openshift-ci as well as build environment.

[b-ranto]

This just defines the minimal version, it is fine to use it like that, especially if you also set the toolchain directive to a more current version which defines the recommended version. This should not really be blocking people from compiling the code on go versions that do have some CVEs in them.