[SANDBOX-1700] chore: upgrade to OCP 4.21 dependencies

[metlos]

Update openshift/api to release-4.21, k8s.io deps to v0.34.1, controller-runtime to v0.22.0, and controller-tools to v0.19.0.

https://redhat.atlassian.net/browse/SANDBOX-1700

Checks

1. Did you run make generate target? no
   This would only change controller-gen.kubebuilder.io/version annotation to from 0.18.0 to 0.19.0. No actual changes to the CRDs.

2. Did make generate change anything in other projects (host-operator, member-operator)? no
   See above

Summary by CodeRabbit

• Chores
  • Updated core dependencies to the latest versions, including Kubernetes, OpenShift, and related libraries to enhance compatibility and security.

[coderabbitai]

Walkthrough

Updated Go module dependencies in go.mod, including core packages like Kubernetes API/machinery to v0.34.1, OpenShift API, code-generator, kube-openapi, controller-runtime, and various x/ modules, along with indirect dependencies like protobuf, YAML, and structured-merge-diff. No functional code changes.

Changes

Cohort / File(s)	Summary
Dependency Version Updates go.mod	Bumped Kubernetes API/machinery to v0.34.1, OpenShift API to newer pseudo-version, code-generator, kube-openapi, controller-runtime tools, RESTful, CBOR, logr, and x/ modules (mod, net, sync, sys, text, tools). Replaced structured-merge-diff/v4 with v6 and yaml v1.4.0 with v1.6.0. Updated protobuf and ancillary indirect dependencies to newer revisions.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The PR description addresses the key updates but is incomplete against the template. It describes the dependency updates and provides answers to checks 1 and 3, but omits check 2 and check 4 (other project PR links), and lacks a formal 'Description' section with overall goals.	Add a formal description section summarizing the overall goals. Explicitly answer check 2 about make generate changes in host/member-operator. If applicable, provide PR links for any affected projects in check 4.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title accurately describes the main change: upgrading to OCP 4.21 dependencies. It is concise, clear, and directly related to the changeset in go.mod.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

You can disable sequence diagrams in the walkthrough.

Disable the reviews.sequence_diagrams setting to disable sequence diagrams in the walkthrough.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

go.mod (1)

3-5: ⚠️ Potential issue | 🟡 Minor

Document the toolchain version intent if it diverges from CI expectations.

The go 1.24.4 declaration will be used by CI workflows (actions/setup-go reads the go directive), while the toolchain go1.24.13 suggestion only applies locally if toolchain auto-selection is enabled. This creates a potential build environment inconsistency: developers may build and test with Go 1.24.13 while CI validates with Go 1.24.4. If this is intentional for reproducibility/standardization, document it; if unintentional, align the versions.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` around lines 3 - 5, The go.mod declares "go 1.24.4" while the
toolchain line is "toolchain go1.24.13", causing CI vs local toolchain mismatch;
either make them identical (update "go 1.24.4" to "go 1.24.13" or change
"toolchain go1.24.13" to match 1.24.4) or add a short comment in the repo README
or a new TOOLCHAIN.md explaining the intentional divergence and which version CI
(go directive) and local toolchain (toolchain directive) should use; update the
go.mod and documentation consistently and mention the authoritative source (CI
uses the go directive).

🧹 Nitpick comments (1)

go.mod (1)

9-10: Update the OpenShift branch comment to match the actual upgrade target.

The inline comment says release-4.20 while this PR upgrades to OCP 4.21 and bumps github.com/openshift/api accordingly. Keeping this stale comment will mislead future dependency updates.

As per coding guidelines, "Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go.mod` around lines 9 - 10, Update the inline comment above the
github.com/openshift/api dependency in go.mod so it reflects the actual target
branch release-4.21 (instead of stale release-4.20) to match the bumped
dependency version; locate the comment near the github.com/openshift/api
v0.0.0-20260304172252-b0658d22beea entry and change the branch name text to
release-4.21.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@go.mod`:
- Around line 3-5: The go.mod declares "go 1.24.4" while the toolchain line is
"toolchain go1.24.13", causing CI vs local toolchain mismatch; either make them
identical (update "go 1.24.4" to "go 1.24.13" or change "toolchain go1.24.13" to
match 1.24.4) or add a short comment in the repo README or a new TOOLCHAIN.md
explaining the intentional divergence and which version CI (go directive) and
local toolchain (toolchain directive) should use; update the go.mod and
documentation consistently and mention the authoritative source (CI uses the go
directive).

---

Nitpick comments:
In `@go.mod`:
- Around line 9-10: Update the inline comment above the github.com/openshift/api
dependency in go.mod so it reflects the actual target branch release-4.21
(instead of stale release-4.20) to match the bumped dependency version; locate
the comment near the github.com/openshift/api v0.0.0-20260304172252-b0658d22beea
entry and change the branch name text to release-4.21.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d0eebf58-f13f-4c9d-95ae-d5753bc60056

📥 Commits

Reviewing files that changed from the base of the PR and between 4ff0e6b and f94bc6f.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod