chore(deps): update module github.com/prometheus/procfs to v0.20.1

[red-hat-konflux]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/prometheus/procfs	v0.19.2 → v0.20.1

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Release Notes

prometheus/procfs (github.com/prometheus/procfs)

v0.20.1

Compare Source

What's Changed

• nvme: Parse NVMe namespace details by @​ShashwatHiregoudar in #​765
• Fix bcachefs parsing by @​ananthb in #​789
• Synchronize common files from prometheus/prometheus by @​prombot in #​788
• Update sysfs/class_thermal: continue on EINVAL in parseClassThermalZone to ignore only invalid thermal zones which raise "invalid argument" by @​ccastiglione-reply in #​763

New Contributors

• @​ccastiglione-reply made their first contribution in #​763

Full Changelog: prometheus/procfs@v0.20.0...v0.20.1

v0.20.0

Compare Source

What's Changed

• Synchronize common files from prometheus/prometheus by @​prombot in #​747
• Synchronize common files from prometheus/prometheus by @​prombot in #​766
• build(deps): bump golang.org/x/sync from 0.17.0 to 0.19.0 by @​dependabot[bot] in #​773
• build(deps): bump golang.org/x/sys from 0.37.0 to 0.39.0 by @​dependabot[bot] in #​772
• Synchronize common files from prometheus/prometheus by @​prombot in #​774
• Fix /proc/interrupts by @​ffyuanda in #​775
• Synchronize common files from prometheus/prometheus by @​prombot in #​778
• Synchronize common files from prometheus/prometheus by @​prombot in #​779
• Migrate to GitHub actions by @​SuperQ in #​780
• build(deps): bump golang.org/x/sys from 0.40.0 to 0.41.0 by @​dependabot[bot] in #​782
• Synchronize common files from prometheus/prometheus by @​prombot in #​785
• bcachefs support by @​ananthb in #​750
• build(deps): bump actions/checkout from 6.0.1 to 6.0.2 by @​dependabot[bot] in #​781
• feat: parse capabilities in /proc/pid/status by @​biscout42 in #​784
• class_cooling_device: ignore EINVAL (etc) when reading files. by @​malcolmr in #​783
• Add type and name to the DRM parser class by @​Deezzir in #​672

New Contributors

• @​ffyuanda made their first contribution in #​775
• @​ananthb made their first contribution in #​750
• @​biscout42 made their first contribution in #​784
• @​malcolmr made their first contribution in #​783
• @​Deezzir made their first contribution in #​672

Full Changelog: prometheus/procfs@v0.19.2...v0.20.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated

Details:

Package	Change
golang.org/x/sys	v0.40.0 -> v0.41.0

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated two indirect dependencies in go.mod: github.com/prometheus/procfs from v0.19.2 to v0.20.1 and golang.org/x/sys from v0.40.0 to v0.41.0.

Changes

Dependency Version Updates

Layer / File(s)	Summary
Indirect dependency version bumps go.mod	Two indirect dependencies are updated to patch versions: github.com/prometheus/procfs to v0.20.1 and golang.org/x/sys to v0.41.0.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title mentions updating github.com/prometheus/procfs to v0.20.1, but the changeset also updates golang.org/x/sys, making the title incomplete and not fully representative of all changes.	Update the title to reflect both dependency updates, such as: 'chore(deps): update prometheus/procfs and golang.org/x/sys dependencies'

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch konflux/mintmaker/main/github.com-prometheus-procfs-0.x

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign blublinsky for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Line 69: Update the indirect module entry for golang.org/x/sys in go.mod from
v0.41.0 to at least v0.44.0 to pick up the GO-2026-5024 fix: replace the line
containing "golang.org/x/sys v0.41.0 // indirect" with "golang.org/x/sys v0.44.0
// indirect" (or a newer patch/minor), then run "go get
golang.org/x/sys@v0.44.0" (or "go get golang.org/x/sys@latest") and "go mod
tidy" to update go.sum and ensure the dependency graph is consistent; finally
run your tests/build to verify no regressions.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 8cbf7f62-aed8-4e07-84fa-4a5cd0fcb600

📥 Commits

Reviewing files that changed from the base of the PR and between 8ac45f7 and 502949f.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum, !go.sum

📒 Files selected for processing (1)

• go.mod

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify golang.org/x/sys v0.41.0 exists and check for vulnerabilities

echo "=== Checking if v0.41.0 tag exists ==="
gh api repos/golang/sys/git/refs/tags/v0.41.0 --jq '.ref' || echo "Tag not found"

echo -e "\n=== Checking for security advisories ==="
gh api graphql -f query='
{
  securityVulnerabilities(first: 10, ecosystem: GO, package: "golang.org/x/sys") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

Repository: openshift/lightspeed-agentic-operator

Length of output: 517

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

PKG="golang.org/x/sys"
VER="v0.41.0"

echo "=== OSV check for ${PKG}@${VER} ==="
cat <<JSON > /tmp/osv_query.json
{
  "package": { "name": "${PKG}" },
  "version": "${VER}"
}
JSON

curl -sS -H "Content-Type: application/json" \
  -d `@/tmp/osv_query.json` \
  https://api.osv.dev/v1/query | jq .

Repository: openshift/lightspeed-agentic-operator

Length of output: 2102

---

Update golang.org/x/sys to pick up a fix (v0.41.0 is affected by GO-2026-5024)

• golang.org/x/sys v0.41.0 tag exists.
• Security issue: OSV reports GO-2026-5024 (alias CVE-2026-39824) affecting golang.org/x/sys/windows (NewNTUnicodeString length overflow/truncation); first fixed in v0.44.0 (so v0.41.0 is impacted).
  Update the indirect dependency to golang.org/x/sys v0.44.0+.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@go.mod` at line 69, Update the indirect module entry for golang.org/x/sys in
go.mod from v0.41.0 to at least v0.44.0 to pick up the GO-2026-5024 fix: replace
the line containing "golang.org/x/sys v0.41.0 // indirect" with
"golang.org/x/sys v0.44.0 // indirect" (or a newer patch/minor), then run "go
get golang.org/x/sys@v0.44.0" (or "go get golang.org/x/sys@latest") and "go mod
tidy" to update go.sum and ensure the dependency graph is consistent; finally
run your tests/build to verify no regressions.

[openshift-ci]

@red-hat-konflux[bot]: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.