Update module gopkg.in/evanphx/json-patch.v4 to v5

[red-hat-konflux]

This PR contains the following updates:

Package	Change	Age	Confidence
gopkg.in/evanphx/json-patch.v4	v4.13.0 → v5.9.11

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

evanphx/json-patch (gopkg.in/evanphx/json-patch.v4)

v5.9.11

Compare Source

What's Changed

• Export errBadJSONDoc and errBadJSONPatch errors by @​skitt in #​209

Full Changelog: evanphx/json-patch@v5.9.10...v5.9.11

v5.9.10

Compare Source

What's Changed

• Drop the reference to gopkg.in for v5 by @​skitt in #​203
• remove unmaintained errors pkg(github.com/pkg/errors) by @​koba1t in #​206

New Contributors

• @​skitt made their first contribution in #​203
• @​koba1t made their first contribution in #​206

Full Changelog: evanphx/json-patch@v5.9.0...v5.9.10

v5.9.0

Compare Source

What's Changed

• Validate that the partialDoc is decoded correctly by @​evanphx in #​201
• Add option to control if the output is HTMLEscaped by @​evanphx in #​202

Full Changelog: evanphx/json-patch@v5.8.1...v5.9.0

v5.8.1: Fix API breakage

Compare Source

This PR fixes Operation containing a reference to internal/json and breaking the ability to manually compose one. This restores that ability using a type alias.

Full Changelog: evanphx/json-patch@v5.8.0...v5.8.1

v5.8.0: Blargh Phixs and Empathyprovements

Compare Source

This release fixes a few stray panics, addresses large number accuracy, and improves performance!

What's Changed

• Compare strings after decoding them to handle unicode correctly. Fixes #​172 by @​evanphx in #​195
• Always use UseNumber() to avoid float64 lossyness by @​evanphx in #​194
• Handle null correctly when introduced by replace. Fixes #​171 by @​evanphx in #​196
• Handle from="" more properly. Fixes #​192 by @​evanphx in #​193
• Improve performance by @​evanphx in #​197

Full Changelog: evanphx/json-patch@v5.7.0...v5.8.0

v5.7.0: The 2023 Release

Compare Source

What's Changed

• Fix invalid sprintf by @​howardjohn in #​152
• Add CIFuzz GitHub action by @​DavidKorczynski in #​167
• README: Remove Travis by @​ohkinozomu in #​164
• Updated min supported version to go 1.18 by @​Neo2308 in #​181
• Added dependabot by @​Neo2308 in #​182
• Pre-flight DecodePatch validation: Issue #​177 by @​radwaretaltr in #​180
• Check if raw is a null pointer for findObject by @​JosieLi-Google in #​173
• Bump actions/checkout from 2 to 4 by @​dependabot in #​187
• Fix panic on test op by @​erickertz in #​158

New Contributors

• @​howardjohn made their first contribution in #​152
• @​DavidKorczynski made their first contribution in #​167
• @​ohkinozomu made their first contribution in #​164
• @​Neo2308 made their first contribution in #​181
• @​radwaretaltr made their first contribution in #​180
• @​JosieLi-Google made their first contribution in #​173
• @​dependabot made their first contribution in #​187
• @​erickertz made their first contribution in #​158

Full Changelog: evanphx/json-patch@v5.6.0...v5.7.0

v5.6.0: Bug fixes

Compare Source

What's Changed

• Function ensurePathExists should handle appending correctly by @​MarcelMue in #​148
• Fix partial negative indice support in v4 by @​zqzten in #​146

New Contributors

• @​MarcelMue made their first contribution in #​148
• @​zqzten made their first contribution in #​146

Full Changelog: evanphx/json-patch@v5.5.0...v5.6.0

v5.5.0: Better null handling

Compare Source

This incorporates a few fixes related to how nulls are handles in array's and objects.

v5.3.0: Fix zero sized document crash

Compare Source

This fixes a crash bug where submitted an empty slice as the document would panic.

v5.2.0

Compare Source

v5.1.0

Compare Source

v5.0.0: Proper Go modules release

Compare Source

This release has a proper /v5 directory, unlike the previous releases that did not have a /v4 dir. Thanks to @​BenTheElder for getting this sorted out!

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD e95793d and 2 for PR HEAD a2087f2 in total

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD 16a2044 and 1 for PR HEAD a2087f2 in total

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD 0ad58ba and 0 for PR HEAD a2087f2 in total

[openshift-merge-bot]

/hold

Revision a2087f2 was retested 3 times: holding

[openshift-ci]

New changes are detected. LGTM label has been removed.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR updates a single indirect dependency in go.mod: gopkg.in/evanphx/json-patch is bumped from v4.13.0 to v5.9.11. The change involves replacing the v4 requirement with v5 in the module dependency list.

Changes

JSON Patch Dependency Upgrade

Layer / File(s)	Summary
Update json-patch to v5 go.mod	The indirect dependency gopkg.in/evanphx/json-patch is upgraded from v4.13.0 to v5.9.11.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested reviewers

• joshuawilson
• blublinsky

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and accurately describes the main change: upgrading the json-patch module from v4 to v5, which matches the primary objective of the PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch konflux/mintmaker/main/gopkg.in-evanphx-json-patch.v4-5.x

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Line 117: Remove the redundant gopkg.in module requirement and keep only the
canonical github module: delete the gopkg.in/evanphx/json-patch.v5 v5.9.11 entry
from go.mod, ensure github.com/evanphx/json-patch/v5 v5.9.11 remains, then run
go mod tidy (or otherwise update module files) so the go.sum/go.mod are
consistent and no gopkg.in reference remains.
- Line 117: The go.mod shows an indirect upgrade to
gopkg.in/evanphx/json-patch.v5 (gopkg.in/evanphx/json-patch.v5 v5.9.11 and
github.com/evanphx/json-patch/v5 v5.9.11) but there are no direct imports in the
repo; run a full dependency scan (go list -m all / search for
evanphx/json-patch) to confirm no direct usage, then run the complete test
matrix (unit and integration tests) to detect transitive breakages; if tests
fail, identify the dependent module pulling in json-patch.v5 and either update
that dependency to a compatible version or pin json-patch back to v4 via a
replace directive or vendor the compatible module until the transitive
dependency is fixed.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 2ee61b7f-f1e0-4c85-b348-7ceda1584809

📥 Commits

Reviewing files that changed from the base of the PR and between 15eaec5 and 328d922.

📒 Files selected for processing (1)

• go.mod

[coderabbitai]

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Identify why both gopkg.in and github.com paths exist for json-patch

# Check which dependencies require each path
echo "=== Dependencies requiring gopkg.in/evanphx/json-patch.v5 ==="
go mod graph | grep 'gopkg.in/evanphx/json-patch.v5'

echo -e "\n=== Dependencies requiring github.com/evanphx/json-patch/v5 ==="
go mod graph | grep 'github.com/evanphx/json-patch/v5'

echo -e "\n=== All references to json-patch in go.mod graph ==="
go mod graph | grep -i 'json-patch'

Repository: openshift/lightspeed-operator

Length of output: 1487

---

🌐 Web query:

What is the correct import path for evanphx/json-patch v5? Is it gopkg.in/evanphx/json-patch.v5 or github.com/evanphx/json-patch/v5?

💡 Result:

The correct import path for evanphx/json-patch v5 is github.com/evanphx/json-patch/v5 [1][2]. According to the official project repository and documentation, you should use the following command to retrieve the library [1][3]: go get -u github.com/evanphx/json-patch/v5 The project previously used gopkg.in paths for versioning (e.g., gopkg.in/evanphx/json-patch.v4), but moved to the standard Go module structure using the /v5 suffix in the GitHub path [2][4]. Using the github.com/evanphx/json-patch/v5 path is the modern, recommended approach for all current versions [1][2][3].

Citations:

• 1: https://pkg.go.dev/github.com/evanphx/json-patch/v5@v5.9.11
• 2: https://github.com/evanphx/json-patch/blob/master/README.md
• 3: https://github.com/evanphx/json-patch
• 4: 'go get' fails evanphx/json-patch#102

---

Remove the redundant gopkg.in/evanphx/json-patch.v5 requirement and keep only github.com/evanphx/json-patch/v5
go.mod currently includes both gopkg.in/evanphx/json-patch.v5 v5.9.11 (line 117) and github.com/evanphx/json-patch/v5 v5.9.11 (existing entry). go mod graph shows only the root module pulls in the gopkg.in path; other deps require the github.com/.../v5 path. The project/docs for v5 recommend github.com/evanphx/json-patch/v5, so adding gopkg.in/.../v5 contradicts the stated “removed gopkg.in references” note.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` at line 117, Remove the redundant gopkg.in module requirement and
keep only the canonical github module: delete the gopkg.in/evanphx/json-patch.v5
v5.9.11 entry from go.mod, ensure github.com/evanphx/json-patch/v5 v5.9.11
remains, then run go mod tidy (or otherwise update module files) so the
go.sum/go.mod are consistent and no gopkg.in reference remains.

---

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Search for direct imports or usage of json-patch in the codebase

echo "=== Searching for json-patch imports ==="
rg -n --type=go 'import.*json-patch' -C2

echo -e "\n=== Searching for json-patch package usage ==="
rg -n --type=go 'jsonpatch\.' -C2

echo -e "\n=== Searching for gopkg.in/evanphx/json-patch imports ==="
rg -n --type=go 'gopkg\.in/evanphx/json-patch' -C2

echo -e "\n=== Searching for github.com/evanphx/json-patch imports ==="
rg -n --type=go 'github\.com/evanphx/json-patch' -C2

Repository: openshift/lightspeed-operator

Length of output: 282

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== go.mod lines 100-140 ==="
nl -ba go.mod | sed -n '100,140p'

echo
echo "=== Search for json-patch references in entire repo ==="
rg -n 'json-patch|evanphx/json-patch|gopkg\.in/evanphx/json-patch|jsonpatch\.' -S

echo
echo "=== Search for module name in go.mod/go.sum specifically ==="
rg -n 'evanphx/json-patch|gopkg\.in/evanphx/json-patch' go.mod go.sum || true

echo
echo "=== Check if `go` tool is available (for `go mod why`) ==="
if command -v go >/dev/null 2>&1; then
  go version
  echo "=== go mod why gopkg.in/evanphx/json-patch ==="
  go mod why -m gopkg.in/evanphx/json-patch || true
else
  echo "go not available in this sandbox"
fi

Repository: openshift/lightspeed-operator

Length of output: 163

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== go.mod lines 100-140 (no nl available) ==="
awk 'NR>=100 && NR<=140 {printf "%d\t%s\n", NR, $0}' go.mod

echo
echo "=== Search for json-patch references in entire repo ==="
rg -n 'json-patch|evanphx/json-patch|gopkg\.in/evanphx/json-patch|jsonpatch\.' -S || true

echo
echo "=== Search for module name in go.mod/go.sum specifically ==="
rg -n 'evanphx/json-patch|gopkg\.in/evanphx/json-patch' go.mod go.sum || true

echo
echo "=== Check if `go` tool is available (for `go mod why`) ==="
if command -v go >/dev/null 2>&1; then
  go version
  echo "=== go mod why gopkg.in/evanphx/json-patch ==="
  go mod why -m gopkg.in/evanphx/json-patch || true
else
  echo "go not available in this sandbox"
fi

Repository: openshift/lightspeed-operator

Length of output: 16808

---

json-patch v4→v5 upgrade: no direct usage in this repo; only transitive risk remains.

• Searches show no Go source imports/usages of json-patch/evanphx/json-patch (only go.mod/go.sum references).
• go.mod includes gopkg.in/evanphx/json-patch.v5 v5.9.11 // indirect (and github.com/evanphx/json-patch/v5 v5.9.11 // indirect), so impact is via transitive dependencies only.
• Run the usual unit/integration tests to catch any transitive incompatibilities from the major bump.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` at line 117, The go.mod shows an indirect upgrade to
gopkg.in/evanphx/json-patch.v5 (gopkg.in/evanphx/json-patch.v5 v5.9.11 and
github.com/evanphx/json-patch/v5 v5.9.11) but there are no direct imports in the
repo; run a full dependency scan (go list -m all / search for
evanphx/json-patch) to confirm no direct usage, then run the complete test
matrix (unit and integration tests) to detect transitive breakages; if tests
fail, identify the dependent module pulling in json-patch.v5 and either update
that dependency to a compatible version or pin json-patch back to v4 via a
replace directive or vendor the compatible module until the transitive
dependency is fixed.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[raptorsun]

/retest

[raptorsun]

/retest

[raptorsun]

/retest

[raptorsun]

/retest

[raptorsun]

/retest

[raptorsun]

/retest

[raptorsun]

/retest

[raptorsun]

/retest

[openshift-ci]

@red-hat-konflux[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/bundle-e2e-4-21	328d922	link	true	/test bundle-e2e-4-21
ci/prow/unit	328d922	link	true	/test unit
ci/prow/ci-index-lightspeed-bundle-test	328d922	link	true	/test ci-index-lightspeed-bundle-test
ci/prow/images	328d922	link	true	/test images
ci/prow/generate	328d922	link	true	/test generate
ci/prow/fips-image-scan-operator	328d922	link	true	/test fips-image-scan-operator

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.