chore(deps): Fix #2192 (update ocm monorepo go module dependencies) (no ctf)

[frewilhelm]

What this PR does / why we need it

#2192 wants to bump. bindings/go/ctf again. However, this bump breaks other modules until the respective PR (#2049) is merged. That is why this PR reverts the version bump for this module. We might need to do this until the other PR is merged.

Fixes #2192

[coderabbitai]

Warning

Rate limit exceeded

@frewilhelm has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 2 minutes and 59 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 2 minutes and 59 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7f084490-dc13-4f5a-a705-ec2406ac1df1

📥 Commits

Reviewing files that changed from the base of the PR and between f5d844f and 1c79532.

⛔ Files ignored due to path filters (2)

• bindings/go/helm/go.sum is excluded by !**/*.sum
• cli/integration/go.sum is excluded by !**/*.sum

📒 Files selected for processing (2)

• bindings/go/helm/go.mod
• cli/integration/go.mod

📝 Walkthrough

Walkthrough

Updates Open Component Model Go module bindings across 18 go.mod files, bumping pseudo-versions for dependencies like descriptor/normalisation, descriptor/runtime, helm, signing, and transform from commit 5b24debae3cf to 69b3fc617615.

Changes

Cohort / File(s)	Summary
Descriptor bindings bindings/go/descriptor/normalisation/go.mod, bindings/go/constructor/go.mod, bindings/go/helm/go.mod, bindings/go/signing/go.mod, bindings/go/oci/go.mod	Bumped descriptor/runtime pseudo-version; normalisation and constructor also updated descriptor/normalisation.
Input modules bindings/go/input/dir/go.mod, bindings/go/input/file/go.mod, bindings/go/input/utf8/go.mod	Updated indirect dependencies for descriptor/normalisation and descriptor/runtime to newer pseudo-version.
OCI and plugin modules bindings/go/oci/integration/go.mod, bindings/go/plugin/go.mod, bindings/go/repository/go.mod, bindings/go/rsa/go.mod	Bumped descriptor/runtime; plugin module also updated descriptor/normalisation and signing.
Transfer and transform bindings/go/transfer/go.mod, bindings/go/transfer/integration/go.mod, bindings/go/transform/go.mod	Updated multiple direct and indirect dependencies including descriptor/runtime, cel, helm, signing, and transform to newer pseudo-versions.
CLI modules cli/go.mod, cli/integration/go.mod, kubernetes/controller/go.mod	Broadly updated descriptor, helm, input, rsa, signing, transfer, and transform bindings to consistent newer pseudo-version across dependencies.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• PR #2174: Continues the same pattern of bumping OCM Go module bindings (descriptor/runtime, descriptor/normalisation) to newer commits in the same modules.

Suggested reviewers

• jakobmoellerdev
• fabianburth

Poem

🐰 Hop along the version trail,
Dependencies now scale!
From debae to fc617,
OCM bindings soar up to heaven,
Update complete, no need to wail!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: updating OCM monorepo Go module dependencies while explicitly excluding the ctf module, directly addressing issue #2192.
Description check	✅ Passed	The description explains the PR's purpose: reverting the bindings/go/ctf version bump that was introduced to fix #2192 because it breaks other modules until PR #2049 is merged.
Linked Issues check	✅ Passed	The PR successfully addresses the objective from #2192 by updating multiple Go module dependencies (cel, descriptor/normalisation, descriptor/runtime, helm, input/utf8, rsa, signing, transfer, transform) to newer versions while strategically excluding the ctf module bump.
Out of Scope Changes check	✅ Passed	All changes are in-scope: go.mod files across bindings/go modules and cli/kubernetes are updated to synchronize dependency versions. The intentional exclusion of bindings/go/ctf version bump is a deliberate scope decision, not an out-of-scope change.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}