Build(deps): Bump cloud.google.com/go/iam from 1.5.3 to 1.8.0

[dependabot]

Bumps cloud.google.com/go/iam from 1.5.3 to 1.8.0.

Release notes

Sourced from cloud.google.com/go/iam's releases.

gkemulticloud: v1.8.0

v1.8.0 (2026-04-09)

iam: v1.8.0

v1.8.0 (2026-04-09)

shopping: v1.8.0

v1.8.0 (2026-04-09)

ids: v1.7.0

v1.7.0 (2026-04-09)

support: v1.7.0

v1.7.0 (2026-04-09)

securesourcemanager: v1.6.0

v1.6.0 (2026-04-09)

Changelog

Sourced from cloud.google.com/go/iam's changelog.

1.8.0 (2023-02-14)

Features

• documentai: Add REST client (06a54a1)
• documentai: Added advanced_ocr_options field in OcrConfig (45c70e3)
• documentai: Added EvaluationReference to evaluation.proto (#7290) (4623db8)
• documentai: Added field_mask field in DocumentOutputConfig.GcsOutputConfig in document_io.proto (2a0b1ae)
• documentai: Added font_family to document.proto feat: added ImageQualityScores message to document.proto feat: added PropertyMetadata and EntityTypeMetadata to document_schema.proto (9c5d6c8)
• documentai: Added TrainProcessorVersion, EvaluateProcessorVersion, GetEvaluation, and ListEvaluations v1beta3 APIs feat: added evaluation.proto feat: added document_schema field in ProcessorVersion processor.proto feat: added image_quality_scores field in Document.Page in document.proto feat: added font_family field in Document.Style in document.proto (ac0c5c2)
• documentai: Exposed GetProcessorType to v1 (447afdd)
• documentai: Exposed GetProcessorType to v1beta3 (447afdd)
• documentai: Rewrite signatures in terms of new location (3c4b2b3)
• documentai: Rewrite signatures in terms of new types for betas (9f303f9)
• documentai: Start generating stubs dir (de2d180)

Miscellaneous Chores

• documentai: Release 1.8.0 (#7423) (a10f592)

1.7.0 (2023-01-31)

Features

• documentai: Add REST client (06a54a1)
• documentai: Added advanced_ocr_options field in OcrConfig (45c70e3)
• documentai: Added field_mask field in DocumentOutputConfig.GcsOutputConfig in document_io.proto (2a0b1ae)
• documentai: Added font_family to document.proto feat: added ImageQualityScores message to document.proto feat: added PropertyMetadata and EntityTypeMetadata to document_schema.proto (9c5d6c8)
• documentai: Added TrainProcessorVersion, EvaluateProcessorVersion, GetEvaluation, and ListEvaluations v1beta3 APIs feat: added evaluation.proto feat: added document_schema field in ProcessorVersion processor.proto feat: added image_quality_scores field in Document.Page in document.proto feat: added font_family field in Document.Style in document.proto (ac0c5c2)
• documentai: Exposed GetProcessorType to v1 (447afdd)
• documentai: Exposed GetProcessorType to v1beta3 (447afdd)
• documentai: Rewrite signatures in terms of new location (3c4b2b3)
• documentai: Rewrite signatures in terms of new types for betas (9f303f9)
• documentai: Start generating proto message types (563f546)
• documentai: Start generating stubs dir (de2d180)

1.6.0 (2023-01-26)

Features

• documentai/apiv1beta3: Add REST transport (f7b0822)
• documentai: Add REST client (06a54a1)
• documentai: Added field_mask field in DocumentOutputConfig.GcsOutputConfig in document_io.proto (2a0b1ae)
• documentai: Added font_family to document.proto feat: added ImageQualityScores message to document.proto feat: added PropertyMetadata and EntityTypeMetadata to document_schema.proto (9c5d6c8)
• documentai: Added TrainProcessorVersion, EvaluateProcessorVersion, GetEvaluation, and ListEvaluations v1beta3 APIs feat: added evaluation.proto feat: added document_schema field in ProcessorVersion processor.proto feat: added image_quality_scores field in Document.Page in document.proto feat: added font_family field in Document.Style in document.proto (ac0c5c2)
• documentai: Exposed GetProcessorType to v1 (447afdd)

... (truncated)

Commits

• 7a0f6d1 chore: release main (#7972)
• c5a2ab9 chore(internal/actions): have changefinder respect v2 mods (#8014)
• 23cf597 chore(internal/postprocessor): ensure new modules are added to workspace (#8013)
• 71b1326 chore: update missed dep bumps (#8012)
• b340d03 chore: update all direct dependencies (#8007)
• ebae64d feat(datacatalog): add support for entries associated with Spanner and ClougB...
• 100d7cf chore: bump post-processor rev (#8006)
• 848765c chore: fix new module bug (#8005)
• 171c1e6 chore(all): update dependency requests to v2.31.0 [SECURITY] (#8001)
• e50c53c chore(main): Added kokoro release job (#7788)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coderabbitai]

Walkthrough

go.mod updated: Go directive set to 1.25.0 (from 1.24.13) and multiple direct and indirect dependency version constraints refreshed across Google Cloud, OpenTelemetry, and related golang.org/google.golang.org modules. No exported APIs or control flow changes.

Changes

Cohort / File(s)	Summary
Go Toolchain & Dependencies go.mod	Updates go directive to 1.25.0 and bumps versions for direct dependencies (e.g., cloud.google.com/go/iam v1.5.3→v1.9.0, github.com/googleapis/gax-go/v2 v2.16.0→v2.21.0) and many indirects (OpenTelemetry suite, golang.org/x/*, google.golang.org/*, google.golang.org/genproto/*). Total changes: +26/−26 version lines.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title accurately describes the main change: bumping cloud.google.com/go/iam dependency. However, the summary shows the actual version bumped to is 1.9.0, not 1.8.0 as stated in the title, creating a discrepancy.	Update the title to reflect the correct version bump to 1.9.0: 'Build(deps): Bump cloud.google.com/go/iam from 1.5.3 to 1.9.0'

✅ Passed checks (2 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The pull request description is directly related to the changeset, providing detailed information about the cloud.google.com/go/iam dependency upgrade from 1.5.3 to 1.8.0, including release notes, changelog, and commit details.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/go_modules/cloud.google.com/go/iam-1.8.0

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign miguelhbrito for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift-online member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Line 137: Update the indirect dependency declaration for
go.opentelemetry.io/otel/sdk (currently "go.opentelemetry.io/otel/sdk v1.42.0 //
indirect") to v1.43.0 to address the PATH hijacking vulnerability; modify the
go.mod entry accordingly and then run the Go module update (e.g., upgrade via go
get or replace the version and run go mod tidy) to ensure go.sum is updated and
the new version is vendor-resolved across the build.
- Line 6: The go.mod currently references a non-existent version for the IAM
package; replace the invalid module version for cloud.google.com/go/iam with a
valid released version (e.g., v1.1.8) in go.mod so dependency resolution
succeeds; update the import line for cloud.google.com/go/iam to use v1.1.8 (or
another official tag) and run go mod tidy to verify the change.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e91bef03-ffa6-4d4b-bbca-1b01ab138464

📥 Commits

Reviewing files that changed from the base of the PR and between 557f489 and c0c4aba.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod

[dependabot]

Superseded by #1095.