chore(deps): bump the go group across 1 directory with 8 updates (#884)

Bumps the go group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
|
[github.com/distribution/distribution/v3](https://github.com/distribution/distribution)
| `3.0.0` | `3.1.0` |
|
[github.com/fluxcd/helm-controller/api](https://github.com/fluxcd/helm-controller)
| `1.5.2` | `1.5.3` |
|
[github.com/google/go-containerregistry](https://github.com/google/go-containerregistry)
| `0.21.2` | `0.21.4` |
| [k8s.io/api](https://github.com/kubernetes/api) | `0.35.2` | `0.35.3`
|
|
[k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver)
| `0.35.2` | `0.35.3` |
| [ocm.software/ocm](https://github.com/open-component-model/ocm) |
`0.37.0` | `0.38.0` |


Updates `github.com/distribution/distribution/v3` from 3.0.0 to 3.1.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/distribution/distribution/releases">github.com/distribution/distribution/v3's
releases</a>.</em></p>
<blockquote>
<h2>v3.1.0</h2>
<p>Welcome to the <code>v3.1.0</code> release of registry!</p>
<p><strong>This is a stable release</strong></p>
<p>Please try out the release binaries and report any issues at
<a
href="https://github.com/distribution/distribution/issues">https://github.com/distribution/distribution/issues</a>.</p>
<h3>Notable Changes</h3>
<ul>
<li>Fixes <a
href="https://www.cve.org/CVERecord?id=CVE-2026-35172">CVE-2026-35172</a></li>
<li>Fixes <a
href="https://www.cve.org/CVERecord?id=CVE-2026-33540">CVE-2026-33540</a></li>
<li>Adds support for tag pagination (<a
href="https://redirect.github.com/distribution/distribution/issues/4360">#4360</a>,
<a
href="https://redirect.github.com/distribution/distribution/issues/4353">#4353</a>)</li>
<li>Fixes default credentials in Azure storage provider (<a
href="https://redirect.github.com/distribution/distribution/issues/4619">#4619</a>)</li>
<li>Drops support for go1.23 and go1.24 and updates to go1.25</li>
</ul>
<p>See the full changelog below for the full list of changes.</p>
<h2>What's Changed</h2>
<ul>
<li>docs: Update to refer to new image tag v3 by <a
href="https://github.com/schanzel"><code>@​schanzel</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/4373">distribution/distribution#4373</a></li>
<li>Fix default_credentials in azure storage provider by <a
href="https://github.com/switchboardOp"><code>@​switchboardOp</code></a>
in <a
href="https://redirect.github.com/distribution/distribution/pull/4619">distribution/distribution#4619</a></li>
<li>chore: make function comment match function name by <a
href="https://github.com/closeobserve"><code>@​closeobserve</code></a>
in <a
href="https://redirect.github.com/distribution/distribution/pull/4622">distribution/distribution#4622</a></li>
<li>build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 in the
go_modules group across 1 directory by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/distribution/distribution/pull/4625">distribution/distribution#4625</a></li>
<li>fix: implement JWK thumbprint for Ed25519 public keys by <a
href="https://github.com/zhangyoufu"><code>@​zhangyoufu</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/4626">distribution/distribution#4626</a></li>
<li>fix: Annotate code block from validation.indexes configuration docs
by <a href="https://github.com/anzoman"><code>@​anzoman</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/4629">distribution/distribution#4629</a></li>
<li>feat: extract redis config to separate struct by <a
href="https://github.com/shanduur"><code>@​shanduur</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/4620">distribution/distribution#4620</a></li>
<li>Fix: resolve issue <a
href="https://redirect.github.com/distribution/distribution/issues/4478">#4478</a>
by using a temporary file for non-append writes by <a
href="https://github.com/onporat"><code>@​onporat</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/4624">distribution/distribution#4624</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/distribution/distribution/pull/4645">distribution/distribution#4645</a></li>
<li>docs: Add note about <code>OTEL_TRACES_EXPORTER</code> by <a
href="https://github.com/jcpunk"><code>@​jcpunk</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/4669">distribution/distribution#4669</a></li>
<li>fix: set OTEL traces to disabled by default by <a
href="https://github.com/jcpunk"><code>@​jcpunk</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/4671">distribution/distribution#4671</a></li>
<li>Fix markdown syntax for OTEL traces link in docs by <a
href="https://github.com/shantanoo-desai"><code>@​shantanoo-desai</code></a>
in <a
href="https://redirect.github.com/distribution/distribution/pull/4676">distribution/distribution#4676</a></li>
<li>Switch UUIDs to UUIDv7 by <a
href="https://github.com/binaryfire"><code>@​binaryfire</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/4666">distribution/distribution#4666</a></li>
<li>refactor: replace map iteration with maps.Copy/Clone by <a
href="https://github.com/whosehang"><code>@​whosehang</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/4632">distribution/distribution#4632</a></li>
<li>s3-aws: fix build for 386 by <a
href="https://github.com/ChenQi1989"><code>@​ChenQi1989</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/4642">distribution/distribution#4642</a></li>
<li>docs: Add OpenTelemetry links to quickstart docs (<a
href="https://redirect.github.com/distribution/distribution/issues/4270">#4270</a>)
by <a href="https://github.com/dpw13"><code>@​dpw13</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/4640">distribution/distribution#4640</a></li>
<li>Fix S3 driver loglevel param by <a
href="https://github.com/milosgajdos"><code>@​milosgajdos</code></a> in
<a
href="https://redirect.github.com/distribution/distribution/pull/4617">distribution/distribution#4617</a></li>
<li>Fixed data race in TestSchedule test by <a
href="https://github.com/horoshev"><code>@​horoshev</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/4647">distribution/distribution#4647</a></li>
<li>Fixes <a
href="https://redirect.github.com/distribution/distribution/issues/4683">#4683</a>
- uses X/Y instead of Gx/Gy for thumbprint of ecdsa keys by <a
href="https://github.com/gpgenaiz"><code>@​gpgenaiz</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/4684">distribution/distribution#4684</a></li>
<li>build(deps): bump actions/checkout from 4 to 5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/distribution/distribution/pull/4687">distribution/distribution#4687</a></li>
<li>Fix broken link to Docker Hub fair use policy by <a
href="https://github.com/Klikini"><code>@​Klikini</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/4688">distribution/distribution#4688</a></li>
<li>fix(registry/handlers/app): redis CAs by <a
href="https://github.com/ChandonPierre"><code>@​ChandonPierre</code></a>
in <a
href="https://redirect.github.com/distribution/distribution/pull/4668">distribution/distribution#4668</a></li>
<li>build(deps): bump actions/labeler from 5 to 6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/distribution/distribution/pull/4694">distribution/distribution#4694</a></li>
<li>build(deps): bump actions/setup-go from 5 to 6 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/distribution/distribution/pull/4693">distribution/distribution#4693</a></li>
<li>build(deps): bump actions/upload-pages-artifact from 3 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/distribution/distribution/pull/4691">distribution/distribution#4691</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/distribution/distribution/pull/4706">distribution/distribution#4706</a></li>
<li>build(deps): bump github/codeql-action from 3.26.5 to 4.30.7 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/distribution/distribution/pull/4710">distribution/distribution#4710</a></li>
<li>build(deps): bump github/codeql-action from 4.30.7 to 4.30.8 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/distribution/distribution/pull/4714">distribution/distribution#4714</a></li>
<li>chore: labeler: add area/client mapping for internal/client/** by <a
href="https://github.com/artem-tkachuk"><code>@​artem-tkachuk</code></a>
in <a
href="https://redirect.github.com/distribution/distribution/pull/4716">distribution/distribution#4716</a></li>
<li>client: add Accept headers to Exists() HEAD by <a
href="https://github.com/artem-tkachuk"><code>@​artem-tkachuk</code></a>
in <a
href="https://redirect.github.com/distribution/distribution/pull/4715">distribution/distribution#4715</a></li>
<li>feat(registry): Make graceful shutdown test robust by <a
href="https://github.com/Sumedhvats"><code>@​Sumedhvats</code></a> in <a
href="https://redirect.github.com/distribution/distribution/pull/4720">distribution/distribution#4720</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/distribution/distribution/commit/708f8d6b060248fe7192294dd5440320ffc86da0"><code>708f8d6</code></a>
chore(ci): Prep for v3.1 release (<a
href="https://redirect.github.com/distribution/distribution/issues/4841">#4841</a>)</li>
<li><a
href="https://github.com/distribution/distribution/commit/b1d5dbcf1bebb81a0bd597dc5ab56954fa7ef359"><code>b1d5dbc</code></a>
chore(ci): Prep for v3.1 release</li>
<li><a
href="https://github.com/distribution/distribution/commit/078b0783f239b4115d1a979e66f08832084e9d1d"><code>078b078</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/distribution/distribution/commit/cccd0d4fb75066dbec314a78e13535bdf2bc857c"><code>cccd0d4</code></a>
fix(vendor): fix broke vendor validation (<a
href="https://redirect.github.com/distribution/distribution/issues/4839">#4839</a>)</li>
<li><a
href="https://github.com/distribution/distribution/commit/49447e8e12de62ffc6f25565f8de158ed344e454"><code>49447e8</code></a>
fix(vendor): fix broke vendpor validation</li>
<li><a
href="https://github.com/distribution/distribution/commit/cc5d5fa4ba02157501e6afa2cc6a903ad0338e7b"><code>cc5d5fa</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/distribution/distribution/commit/4cfa178962a087ca4312e0173b58ca945e69d8f9"><code>4cfa178</code></a>
build(deps): bump actions/configure-pages from 5.0.0 to 6.0.0 (<a
href="https://redirect.github.com/distribution/distribution/issues/4834">#4834</a>)</li>
<li><a
href="https://github.com/distribution/distribution/commit/c4bac3bcd67ed844ad14d278447277bda4d009cc"><code>c4bac3b</code></a>
build(deps): bump codecov/codecov-action from 5.5.4 to 6.0.0 (<a
href="https://redirect.github.com/distribution/distribution/issues/4836">#4836</a>)</li>
<li><a
href="https://github.com/distribution/distribution/commit/2f2ce9fb6c5f67236ca960c889e9a2fb0719a6f7"><code>2f2ce9f</code></a>
Opt: refactor tag list pagination support (<a
href="https://redirect.github.com/distribution/distribution/issues/4353">#4353</a>)</li>
<li><a
href="https://github.com/distribution/distribution/commit/6a02a0e81d1b4d8cc9f6dce28a314f007f1d6c0b"><code>6a02a0e</code></a>
Opt: refactor tag list pagination support</li>
<li>Additional commits viewable in <a
href="https://github.com/distribution/distribution/compare/v3.0.0...v3.1.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `github.com/fluxcd/helm-controller/api` from 1.5.2 to 1.5.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/fluxcd/helm-controller/releases">github.com/fluxcd/helm-controller/api's
releases</a>.</em></p>
<blockquote>
<h2>v1.5.3</h2>
<h2>Changelog</h2>
<p><a
href="https://github.com/fluxcd/helm-controller/blob/v1.5.3/CHANGELOG.md">v1.5.3
changelog</a></p>
<h2>Container images</h2>
<ul>
<li><code>docker.io/fluxcd/helm-controller:v1.5.3</code></li>
<li><code>ghcr.io/fluxcd/helm-controller:v1.5.3</code></li>
</ul>
<p>Supported architectures: <code>linux/amd64</code>,
<code>linux/arm64</code> and <code>linux/arm/v7</code>.</p>
<p>The container images are built on GitHub hosted runners and are
signed with cosign and GitHub OIDC.
To verify the images and their provenance (SLSA level 3), please see the
<a href="https://fluxcd.io/flux/security/">security
documentation</a>.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/fluxcd/helm-controller/blob/main/CHANGELOG.md">github.com/fluxcd/helm-controller/api's
changelog</a>.</em></p>
<blockquote>
<h2>1.5.3</h2>
<p><strong>Release date:</strong> 2026-03-16</p>
<p>This patch release fixes templating errors for charts that include
<code>---</code> in the content, e.g. YAML separators, embedded scripts,
CAs
inside ConfigMaps, etc. Some of the errors that could be encountered
due to this issue are:</p>
<ul>
<li><code>invalid document separator: ---apiVersion: v1</code></li>
<li><code>wrong node kind</code></li>
</ul>
<p>Fixes:</p>
<ul>
<li>Fix multi-doc parser of <code>---</code> for post renderers
<a
href="https://redirect.github.com/fluxcd/helm-controller/pull/1442">#1442</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/fluxcd/helm-controller/commit/61606cd29a11dc860766a4f7ed32e99d90272707"><code>61606cd</code></a>
Merge pull request <a
href="https://redirect.github.com/fluxcd/helm-controller/issues/1444">#1444</a>
from fluxcd/release-v1.5.3</li>
<li><a
href="https://github.com/fluxcd/helm-controller/commit/203743e6b8b8cc15fb01ff484c262e43df414609"><code>203743e</code></a>
Release v1.5.3</li>
<li><a
href="https://github.com/fluxcd/helm-controller/commit/fab7bdb3bdfc2b2e84e637dfb53530370557a86e"><code>fab7bdb</code></a>
Add changelog entry for v1.5.3</li>
<li><a
href="https://github.com/fluxcd/helm-controller/commit/5423812dd476cef10622852566e43f08a0d7924f"><code>5423812</code></a>
Merge pull request <a
href="https://redirect.github.com/fluxcd/helm-controller/issues/1443">#1443</a>
from fluxcd/backport-1442-to-release/v1.5.x</li>
<li><a
href="https://github.com/fluxcd/helm-controller/commit/4f66b369f533567d8c0c853f8ebc0bf435c6a802"><code>4f66b36</code></a>
Fix multi-doc parser of <code>---</code> for post renderers</li>
<li>See full diff in <a
href="https://github.com/fluxcd/helm-controller/compare/v1.5.2...v1.5.3">compare
view</a></li>
</ul>
</details>
<br />

Updates `github.com/google/go-containerregistry` from 0.21.2 to 0.21.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/google/go-containerregistry/releases">github.com/google/go-containerregistry's
releases</a>.</em></p>
<blockquote>
<h2>v0.21.4</h2>
<h2>What's Changed</h2>
<ul>
<li>go.mod: do not make a viral minimum go version by <a
href="https://github.com/howardjohn"><code>@​howardjohn</code></a> in <a
href="https://redirect.github.com/google/go-containerregistry/pull/2237">google/go-containerregistry#2237</a></li>
<li>Avoid pruning absolute links from extracted and flattened images by
<a href="https://github.com/Subserial"><code>@​Subserial</code></a> in
<a
href="https://redirect.github.com/google/go-containerregistry/pull/2241">google/go-containerregistry#2241</a></li>
<li>Bump the go-deps group across 3 directories with 5 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/google/go-containerregistry/pull/2245">google/go-containerregistry#2245</a></li>
<li>fix: update to go1.25.8, and use separate .go-version file by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/google/go-containerregistry/pull/2246">google/go-containerregistry#2246</a></li>
<li>Bump CI go version to 1.26.1 by <a
href="https://github.com/Subserial"><code>@​Subserial</code></a> in <a
href="https://redirect.github.com/google/go-containerregistry/pull/2242">google/go-containerregistry#2242</a></li>
<li>Bump codecov/codecov-action from 5.5.2 to 5.5.3 in the actions group
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/google/go-containerregistry/pull/2240">google/go-containerregistry#2240</a></li>
<li>fork distribution client v3 auth-challenge as an internal package
(squashed) by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/google/go-containerregistry/pull/2248">google/go-containerregistry#2248</a></li>
<li>transport: validate Bearer realm URL to prevent SSRF by <a
href="https://github.com/evilgensec"><code>@​evilgensec</code></a> in <a
href="https://redirect.github.com/google/go-containerregistry/pull/2243">google/go-containerregistry#2243</a></li>
<li>revert path traversal and symlink escape from <a
href="https://redirect.github.com/google/go-containerregistry/issues/2227">#2227</a>
by <a href="https://github.com/Subserial"><code>@​Subserial</code></a>
in <a
href="https://redirect.github.com/google/go-containerregistry/pull/2250">google/go-containerregistry#2250</a></li>
<li>Fix pkg/v1/google/auth tests for arm64 by <a
href="https://github.com/Subserial"><code>@​Subserial</code></a> in <a
href="https://redirect.github.com/google/go-containerregistry/pull/2085">google/go-containerregistry#2085</a></li>
<li>goreleaser: Update goreleaser config and GH action by <a
href="https://github.com/Subserial"><code>@​Subserial</code></a> in <a
href="https://redirect.github.com/google/go-containerregistry/pull/2253">google/go-containerregistry#2253</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/evilgensec"><code>@​evilgensec</code></a> made
their first contribution in <a
href="https://redirect.github.com/google/go-containerregistry/pull/2243">google/go-containerregistry#2243</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google/go-containerregistry/compare/v0.21.3...v0.21.4">https://github.com/google/go-containerregistry/compare/v0.21.3...v0.21.4</a></p>
<h2>v0.21.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Adds local file support to the <code>crane index</code> subcommand
by <a
href="https://github.com/edwardthiele"><code>@​edwardthiele</code></a>
in <a
href="https://redirect.github.com/google/go-containerregistry/pull/2223">google/go-containerregistry#2223</a></li>
<li>migrate to github.com/moby/moby modules by <a
href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a> in <a
href="https://redirect.github.com/google/go-containerregistry/pull/2228">google/go-containerregistry#2228</a></li>
<li>Bump the go-deps group across 4 directories with 7 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/google/go-containerregistry/pull/2233">google/go-containerregistry#2233</a></li>
<li>Bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 in the actions
group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/google/go-containerregistry/pull/2220">google/go-containerregistry#2220</a></li>
<li>mutate: reject path traversal and symlink escape in Extract by <a
href="https://github.com/KevinZhao"><code>@​KevinZhao</code></a> in <a
href="https://redirect.github.com/google/go-containerregistry/pull/2227">google/go-containerregistry#2227</a></li>
<li>tarball: detect symlink cycles in extractFileFromTar by <a
href="https://github.com/vnykmshr"><code>@​vnykmshr</code></a> in <a
href="https://redirect.github.com/google/go-containerregistry/pull/2232">google/go-containerregistry#2232</a></li>
<li>bump golang to 1.25.7 by <a
href="https://github.com/Subserial"><code>@​Subserial</code></a> in <a
href="https://redirect.github.com/google/go-containerregistry/pull/2236">google/go-containerregistry#2236</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/edwardthiele"><code>@​edwardthiele</code></a>
made their first contribution in <a
href="https://redirect.github.com/google/go-containerregistry/pull/2223">google/go-containerregistry#2223</a></li>
<li><a href="https://github.com/thaJeztah"><code>@​thaJeztah</code></a>
made their first contribution in <a
href="https://redirect.github.com/google/go-containerregistry/pull/2228">google/go-containerregistry#2228</a></li>
<li><a href="https://github.com/KevinZhao"><code>@​KevinZhao</code></a>
made their first contribution in <a
href="https://redirect.github.com/google/go-containerregistry/pull/2227">google/go-containerregistry#2227</a></li>
<li><a href="https://github.com/vnykmshr"><code>@​vnykmshr</code></a>
made their first contribution in <a
href="https://redirect.github.com/google/go-containerregistry/pull/2232">google/go-containerregistry#2232</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/google/go-containerregistry/compare/v0.21.2...v0.21.3">https://github.com/google/go-containerregistry/compare/v0.21.2...v0.21.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/google/go-containerregistry/commit/e8813dd0a00e799459cae01d8a4659b9be2fd871"><code>e8813dd</code></a>
goreleaser: Update goreleaser config and GH action for releases (<a
href="https://redirect.github.com/google/go-containerregistry/issues/2253">#2253</a>)</li>
<li><a
href="https://github.com/google/go-containerregistry/commit/e90447d319233b94dcdc75a24246ccbee6d1e72a"><code>e90447d</code></a>
replace gcloud in binary calls in pkg/v1/google tests (<a
href="https://redirect.github.com/google/go-containerregistry/issues/2085">#2085</a>)</li>
<li><a
href="https://github.com/google/go-containerregistry/commit/0d0368c2a5fa524c4765a6c0b7df4ff6d6951471"><code>0d0368c</code></a>
revert path traversal and symlink escape changes (<a
href="https://redirect.github.com/google/go-containerregistry/issues/2250">#2250</a>)</li>
<li><a
href="https://github.com/google/go-containerregistry/commit/a2f47d4202de443f68e8bafa95ddd41407327168"><code>a2f47d4</code></a>
transport: validate Bearer realm URL to prevent SSRF (<a
href="https://redirect.github.com/google/go-containerregistry/issues/2243">#2243</a>)</li>
<li><a
href="https://github.com/google/go-containerregistry/commit/19a36cd8c44dd465a84f9d6ffea3009023f73660"><code>19a36cd</code></a>
fork distribution client v3 auth-challenge as an internal package
(squashed) ...</li>
<li><a
href="https://github.com/google/go-containerregistry/commit/c612a9b20a4c533454b7fa8b39a8c8139065f0b1"><code>c612a9b</code></a>
Bump codecov/codecov-action from 5.5.2 to 5.5.3 in the actions group (<a
href="https://redirect.github.com/google/go-containerregistry/issues/2240">#2240</a>)</li>
<li><a
href="https://github.com/google/go-containerregistry/commit/8f92f59fd620d476c074d18f84af038d5ba5279e"><code>8f92f59</code></a>
Bump CI go version to 1.26.1 (<a
href="https://redirect.github.com/google/go-containerregistry/issues/2242">#2242</a>)</li>
<li><a
href="https://github.com/google/go-containerregistry/commit/c99e7cf68b979ec8d87bdf47e4ac0e8eab650099"><code>c99e7cf</code></a>
fix: update to go1.25.8, and use separate .go-version file (<a
href="https://redirect.github.com/google/go-containerregistry/issues/2246">#2246</a>)</li>
<li><a
href="https://github.com/google/go-containerregistry/commit/0794660d72037159e7c8fcb8364726fcb8068b45"><code>0794660</code></a>
Bump the go-deps group across 3 directories with 5 updates (<a
href="https://redirect.github.com/google/go-containerregistry/issues/2245">#2245</a>)</li>
<li><a
href="https://github.com/google/go-containerregistry/commit/4cb93aef099ef41b6ade5eae9d463383acc5087b"><code>4cb93ae</code></a>
Undo pruning absolute links from extracted and flattened images (<a
href="https://redirect.github.com/google/go-containerregistry/issues/2241">#2241</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/google/go-containerregistry/compare/v0.21.2...v0.21.4">compare
view</a></li>
</ul>
</details>
<br />

Updates `k8s.io/api` from 0.35.2 to 0.35.3
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/kubernetes/api/commit/3897036a444c440b15bde423702caab885c2b8bd"><code>3897036</code></a>
Update dependencies to v0.35.3 tag</li>
<li>See full diff in <a
href="https://github.com/kubernetes/api/compare/v0.35.2...v0.35.3">compare
view</a></li>
</ul>
</details>
<br />

Updates `k8s.io/apiextensions-apiserver` from 0.35.2 to 0.35.3
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/kubernetes/apiextensions-apiserver/commit/073f5274a1e8404fd1c4a750271a823931cdff2f"><code>073f527</code></a>
Update dependencies to v0.35.3 tag</li>
<li><a
href="https://github.com/kubernetes/apiextensions-apiserver/commit/791831a2c26d21cc3885df9b1f22555424b02577"><code>791831a</code></a>
Merge pull request <a
href="https://redirect.github.com/kubernetes/apiextensions-apiserver/issues/136903">#136903</a><code>pohly/automated-cherry-pick-of-#136455</code></li>
<li><a
href="https://github.com/kubernetes/apiextensions-apiserver/commit/85fbdc0683d3693c72116487c97bb912f657fe02"><code>85fbdc0</code></a>
Merge pull request <a
href="https://redirect.github.com/kubernetes/apiextensions-apiserver/issues/136387">#136387</a><code>vikasbolla/automated-cherry-pick-of-#135567</code></li>
<li><a
href="https://github.com/kubernetes/apiextensions-apiserver/commit/0e52304a8342502ecf8979eec88fae1ff5367a15"><code>0e52304</code></a>
fake client-go: un-deprecate NewSimpleClientset</li>
<li><a
href="https://github.com/kubernetes/apiextensions-apiserver/commit/f4ff589b10e5f1bbf3012d1bdad274376d3a54b5"><code>f4ff589</code></a>
Fix flaky TestApplyCRDuringCRDFinalization test</li>
<li>See full diff in <a
href="https://github.com/kubernetes/apiextensions-apiserver/compare/v0.35.2...v0.35.3">compare
view</a></li>
</ul>
</details>
<br />

Updates `k8s.io/apimachinery` from 0.35.2 to 0.35.3
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/kubernetes/apimachinery/compare/v0.35.2...v0.35.3">compare
view</a></li>
</ul>
</details>
<br />

Updates `k8s.io/client-go` from 0.35.2 to 0.35.3
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/kubernetes/client-go/commit/4f1f0a2dce40946d7376d2d490fb09f8f45d702a"><code>4f1f0a2</code></a>
Update dependencies to v0.35.3 tag</li>
<li><a
href="https://github.com/kubernetes/client-go/commit/f80003c2408715e177434c87d885675360c5c2e9"><code>f80003c</code></a>
Merge pull request <a
href="https://redirect.github.com/kubernetes/client-go/issues/136903">#136903</a><code>pohly/automated-cherry-pick-of-#136455</code></li>
<li><a
href="https://github.com/kubernetes/client-go/commit/8b415569d9852422809fb9039c480eee210bbb60"><code>8b41556</code></a>
fake client-go: un-deprecate NewSimpleClientset</li>
<li>See full diff in <a
href="https://github.com/kubernetes/client-go/compare/v0.35.2...v0.35.3">compare
view</a></li>
</ul>
</details>
<br />

Updates `ocm.software/ocm` from 0.37.0 to 0.38.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/open-component-model/ocm/releases">ocm.software/ocm's
releases</a>.</em></p>
<blockquote>
<h2>v0.38.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<h3>🐛 Bug Fixes</h3>
<ul>
<li>fix(deps): Fix dependency bump by updating another deprecated
dependency by <a
href="https://github.com/frewilhelm"><code>@​frewilhelm</code></a> in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1856">open-component-model/ocm#1856</a></li>
</ul>
<h3>⬆️ Dependencies</h3>
<ul>
<li>chore(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1839">open-component-model/ocm#1839</a></li>
<li>chore(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1844">open-component-model/ocm#1844</a></li>
<li>chore(deps): bump the go group with 15 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1843">open-component-model/ocm#1843</a></li>
<li>chore(deps): bump golang from 1.25.7-alpine3.22 to 1.26.1-alpine3.22
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1854">open-component-model/ocm#1854</a></li>
<li>chore(deps): update to go 1.26.1 by <a
href="https://github.com/matthiasbruns"><code>@​matthiasbruns</code></a>
in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1859">open-component-model/ocm#1859</a></li>
</ul>
<h3>🧰 Maintenance</h3>
<ul>
<li>chore: bump VERSION to 0.38.0-dev by <a
href="https://github.com/ocmbot"><code>@​ocmbot</code></a>[bot] in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1837">open-component-model/ocm#1837</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/open-component-model/ocm/compare/v0.37...v0.38.0">https://github.com/open-component-model/ocm/compare/v0.37...v0.38.0</a></p>
<h2>v0.38.0-rc.1</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<h3>🐛 Bug Fixes</h3>
<ul>
<li>fix(deps): Fix dependency bump by updating another deprecated
dependency by <a
href="https://github.com/frewilhelm"><code>@​frewilhelm</code></a> in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1856">open-component-model/ocm#1856</a></li>
</ul>
<h3>⬆️ Dependencies</h3>
<ul>
<li>chore(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1839">open-component-model/ocm#1839</a></li>
<li>chore(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1844">open-component-model/ocm#1844</a></li>
<li>chore(deps): bump the go group with 15 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1843">open-component-model/ocm#1843</a></li>
<li>chore(deps): bump golang from 1.25.7-alpine3.22 to 1.26.1-alpine3.22
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1854">open-component-model/ocm#1854</a></li>
<li>chore(deps): update to go 1.26.1 by <a
href="https://github.com/matthiasbruns"><code>@​matthiasbruns</code></a>
in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1859">open-component-model/ocm#1859</a></li>
</ul>
<h3>🧰 Maintenance</h3>
<ul>
<li>chore: bump VERSION to 0.38.0-dev by <a
href="https://github.com/ocmbot"><code>@​ocmbot</code></a>[bot] in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1837">open-component-model/ocm#1837</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/open-component-model/ocm/compare/v0.37...v0.38.0">https://github.com/open-component-model/ocm/compare/v0.37...v0.38.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/open-component-model/ocm/commit/3eb9acad77013edf7ab8e6b236c75025390c7d0e"><code>3eb9aca</code></a>
chore(deps): bump the ci group with 2 updates (<a
href="https://redirect.github.com/open-component-model/ocm/issues/1862">#1862</a>)</li>
<li><a
href="https://github.com/open-component-model/ocm/commit/b6505ee3606fc456be79a44615fa4a38e8eeba87"><code>b6505ee</code></a>
chore(deps): update to go 1.26.1 (<a
href="https://redirect.github.com/open-component-model/ocm/issues/1859">#1859</a>)</li>
<li><a
href="https://github.com/open-component-model/ocm/commit/452293d00996c34221242b1310149dabc3b555fa"><code>452293d</code></a>
chore(deps): bump golang from 1.25.7-alpine3.22 to 1.26.1-alpine3.22 (<a
href="https://redirect.github.com/open-component-model/ocm/issues/1854">#1854</a>)</li>
<li><a
href="https://github.com/open-component-model/ocm/commit/d81c4466a86fab1b032f41f3cf7c89b1573fe729"><code>d81c446</code></a>
chore: update 'flake.nix' (<a
href="https://redirect.github.com/open-component-model/ocm/issues/1857">#1857</a>)</li>
<li><a
href="https://github.com/open-component-model/ocm/commit/f17c4a21aa8bd4ed10cf36bab7ebacd84810e689"><code>f17c4a2</code></a>
fix(deps): Fix dependency bump by updating another deprecated dependency
(<a
href="https://redirect.github.com/open-component-model/ocm/issues/1856">#1856</a>)</li>
<li><a
href="https://github.com/open-component-model/ocm/commit/7a238136965d3fbafb957eaaee1616822b312135"><code>7a23813</code></a>
chore(deps): bump the ci group with 3 updates (<a
href="https://redirect.github.com/open-component-model/ocm/issues/1852">#1852</a>)</li>
<li><a
href="https://github.com/open-component-model/ocm/commit/58d60e7ecbc5b48198e756e2633ce2eb6284ee85"><code>58d60e7</code></a>
chore(deps): bump the ci group with 2 updates (<a
href="https://redirect.github.com/open-component-model/ocm/issues/1851">#1851</a>)</li>
<li><a
href="https://github.com/open-component-model/ocm/commit/42a2371a60bdca219db1fa00a5d59ab1ba4b8811"><code>42a2371</code></a>
chore(deps): bump docker/setup-qemu-action from 3.7.0 to 4.0.0 in the ci
grou...</li>
<li><a
href="https://github.com/open-component-model/ocm/commit/9719ab8fd046ca13008a67afc86852e1cc0e3674"><code>9719ab8</code></a>
chore(deps): bump github/codeql-action from 4.32.4 to 4.32.5 in the ci
group ...</li>
<li><a
href="https://github.com/open-component-model/ocm/commit/f4caccf326e8e3803103c5d219e0246c40272a16"><code>f4caccf</code></a>
chore(deps): bump the ci group with 2 updates (<a
href="https://redirect.github.com/open-component-model/ocm/issues/1847">#1847</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-component-model/ocm/compare/v0.37...v0.38">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: dependabot[bot]

go.mod

@@ -12,8 +12,8 @@ require (
 	github.com/Masterminds/semver/v3 v3.4.0
 	github.com/containers/image/v5 v5.36.2
 	github.com/cyphar/filepath-securejoin v0.6.1
-	github.com/distribution/distribution/v3 v3.0.0
-	github.com/fluxcd/helm-controller/api v1.5.2
+	github.com/distribution/distribution/v3 v3.1.0
+	github.com/fluxcd/helm-controller/api v1.5.3
 	github.com/fluxcd/kustomize-controller/api v1.8.2
 	github.com/fluxcd/pkg/apis/event v0.25.0
 	github.com/fluxcd/pkg/apis/meta v1.26.0
@@ -23,7 +23,7 @@ require (
 	github.com/fluxcd/pkg/tar v0.17.0
 	github.com/fluxcd/source-controller/api v1.8.1
 	github.com/go-logr/logr v1.4.3
-	github.com/google/go-containerregistry v0.21.2
+	github.com/google/go-containerregistry v0.21.4
 	github.com/mandelsoft/logging v0.0.0-20240618075559-fdca28a87b0a
 	github.com/mandelsoft/spiff v1.7.0-beta-7
 	github.com/mandelsoft/vfs v0.4.4
@@ -42,11 +42,11 @@ require (
 	gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.20.1
-	k8s.io/api v0.35.2
-	k8s.io/apiextensions-apiserver v0.35.2
-	k8s.io/apimachinery v0.35.2
-	k8s.io/client-go v0.35.2
-	ocm.software/ocm v0.37.0
+	k8s.io/api v0.35.3
+	k8s.io/apiextensions-apiserver v0.35.3
+	k8s.io/apimachinery v0.35.3
+	k8s.io/client-go v0.35.3
+	ocm.software/ocm v0.38.0
 	sigs.k8s.io/controller-runtime v0.23.3
 	sigs.k8s.io/e2e-framework v0.6.0
 	sigs.k8s.io/kustomize/api v0.21.1
@@ -92,28 +92,28 @@ require (
 	github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
 	github.com/aliyun/credentials-go v1.4.8 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.41.1 // indirect
-	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.32.9 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.19.9 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.17 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager v0.1.4 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.17 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.17 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.17 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.55.2 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.41.3 // indirect
+	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.6 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.32.11 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.19.11 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.19 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/s3/transfermanager v0.1.8 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.19 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.19 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.5 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.20 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.55.4 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.38.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.8 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.17 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.17 // indirect
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.96.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/signin v1.0.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.30.10 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.14 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.41.6 // indirect
-	github.com/aws/smithy-go v1.24.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.11 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.19 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.19 // indirect
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.96.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/signin v1.0.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.30.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.16 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.41.8 // indirect
+	github.com/aws/smithy-go v1.24.2 // indirect
 	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.11.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
@@ -152,12 +152,11 @@ require (
 	github.com/digitorus/timestamp v0.0.0-20250524132541-c45532741eea // indirect
 	github.com/dimchansky/utfbom v1.1.1 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
-	github.com/docker/cli v29.2.1+incompatible // indirect
-	github.com/docker/distribution v2.8.3+incompatible // indirect
+	github.com/docker/cli v29.3.1+incompatible // indirect
 	github.com/docker/docker v28.5.2+incompatible // indirect
-	github.com/docker/docker-credential-helpers v0.9.4 // indirect
+	github.com/docker/docker-credential-helpers v0.9.5 // indirect
 	github.com/docker/go-connections v0.6.0 // indirect
-	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
+	github.com/docker/go-events v0.0.0-20250808211157-605354379745 // indirect
 	github.com/docker/go-metrics v0.0.1 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/dprotaso/go-yit v0.0.0-20191028211022-135eb7262960 // indirect
@@ -194,29 +193,29 @@ require (
 	github.com/go-git/go-billy/v5 v5.8.0 // indirect
 	github.com/go-git/go-git/v5 v5.17.1 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
-	github.com/go-jose/go-jose/v4 v4.1.3 // indirect
+	github.com/go-jose/go-jose/v4 v4.1.4 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-logr/zapr v1.3.0 // indirect
 	github.com/go-openapi/analysis v0.24.1 // indirect
-	github.com/go-openapi/errors v0.22.6 // indirect
+	github.com/go-openapi/errors v0.22.7 // indirect
 	github.com/go-openapi/jsonpointer v0.22.4 // indirect
 	github.com/go-openapi/jsonreference v0.21.4 // indirect
 	github.com/go-openapi/loads v0.23.2 // indirect
 	github.com/go-openapi/runtime v0.29.2 // indirect
 	github.com/go-openapi/spec v0.22.3 // indirect
-	github.com/go-openapi/strfmt v0.25.0 // indirect
-	github.com/go-openapi/swag v0.25.4 // indirect
-	github.com/go-openapi/swag/cmdutils v0.25.4 // indirect
-	github.com/go-openapi/swag/conv v0.25.4 // indirect
-	github.com/go-openapi/swag/fileutils v0.25.4 // indirect
-	github.com/go-openapi/swag/jsonname v0.25.4 // indirect
-	github.com/go-openapi/swag/jsonutils v0.25.4 // indirect
-	github.com/go-openapi/swag/loading v0.25.4 // indirect
-	github.com/go-openapi/swag/mangling v0.25.4 // indirect
-	github.com/go-openapi/swag/netutils v0.25.4 // indirect
-	github.com/go-openapi/swag/stringutils v0.25.4 // indirect
-	github.com/go-openapi/swag/typeutils v0.25.4 // indirect
-	github.com/go-openapi/swag/yamlutils v0.25.4 // indirect
+	github.com/go-openapi/strfmt v0.26.0 // indirect
+	github.com/go-openapi/swag v0.25.5 // indirect
+	github.com/go-openapi/swag/cmdutils v0.25.5 // indirect
+	github.com/go-openapi/swag/conv v0.25.5 // indirect
+	github.com/go-openapi/swag/fileutils v0.25.5 // indirect
+	github.com/go-openapi/swag/jsonname v0.25.5 // indirect
+	github.com/go-openapi/swag/jsonutils v0.25.5 // indirect
+	github.com/go-openapi/swag/loading v0.25.5 // indirect
+	github.com/go-openapi/swag/mangling v0.25.5 // indirect
+	github.com/go-openapi/swag/netutils v0.25.5 // indirect
+	github.com/go-openapi/swag/stringutils v0.25.5 // indirect
+	github.com/go-openapi/swag/typeutils v0.25.5 // indirect
+	github.com/go-openapi/swag/yamlutils v0.25.5 // indirect
 	github.com/go-openapi/validate v0.25.1 // indirect
 	github.com/go-test/deep v1.1.1 // indirect
 	github.com/go-viper/mapstructure/v2 v2.5.0 // indirect
@@ -242,7 +241,7 @@ require (
 	github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
 	github.com/gowebpki/jcs v1.0.1 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.5 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
@@ -260,7 +259,7 @@ require (
 	github.com/jinzhu/copier v0.4.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/kevinburke/ssh_config v1.4.0 // indirect
-	github.com/klauspost/compress v1.18.4 // indirect
+	github.com/klauspost/compress v1.18.5 // indirect
 	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
 	github.com/klauspost/pgzip v1.2.6 // indirect
 	github.com/letsencrypt/boulder v0.20251110.0 // indirect
@@ -277,8 +276,8 @@ require (
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/moby/docker-image-spec v1.3.1 // indirect
 	github.com/moby/locker v1.0.1 // indirect
-	github.com/moby/moby/api v1.53.0 // indirect
-	github.com/moby/moby/client v0.2.2 // indirect
+	github.com/moby/moby/api v1.54.0 // indirect
+	github.com/moby/moby/client v0.3.0 // indirect
 	github.com/moby/spdystream v0.5.0 // indirect
 	github.com/moby/sys/atomicwriter v0.1.0 // indirect
 	github.com/moby/sys/capability v0.4.0 // indirect
@@ -294,7 +293,7 @@ require (
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect
-	github.com/oklog/ulid v1.3.1 // indirect
+	github.com/oklog/ulid/v2 v2.1.1 // indirect
 	github.com/oleiade/reflections v1.1.0 // indirect
 	github.com/opencontainers/go-digest/blake3 v0.0.0-20250116041648-1e56c6daea3b // indirect
 	github.com/opencontainers/runtime-spec v1.3.0 // indirect
@@ -309,7 +308,7 @@ require (
 	github.com/prometheus/client_model v0.6.2 // indirect
 	github.com/prometheus/common v0.67.5 // indirect
 	github.com/prometheus/otlptranslator v1.0.0 // indirect
-	github.com/prometheus/procfs v0.19.2 // indirect
+	github.com/prometheus/procfs v0.20.1 // indirect
 	github.com/protocolbuffers/txtpbfmt v0.0.0-20260217160748-a481f6a22f94 // indirect
 	github.com/redis/go-redis/extra/rediscmd/v9 v9.5.3 // indirect
 	github.com/redis/go-redis/extra/redisotel/v9 v9.5.3 // indirect
@@ -365,48 +364,47 @@ require (
 	github.com/zeebo/assert v1.3.0 // indirect
 	github.com/zeebo/blake3 v0.2.4 // indirect
 	gitlab.com/gitlab-org/api/client-go v1.25.0 // indirect
-	go.mongodb.org/mongo-driver v1.17.9 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
-	go.opentelemetry.io/contrib/bridges/prometheus v0.63.0 // indirect
-	go.opentelemetry.io/contrib/exporters/autoexport v0.63.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 // indirect
-	go.opentelemetry.io/otel v1.40.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.14.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.14.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.38.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.38.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.39.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.39.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.39.0 // indirect
-	go.opentelemetry.io/otel/exporters/prometheus v0.61.0 // indirect
-	go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.14.0 // indirect
-	go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.38.0 // indirect
-	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.38.0 // indirect
-	go.opentelemetry.io/otel/log v0.14.0 // indirect
-	go.opentelemetry.io/otel/metric v1.40.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.40.0 // indirect
-	go.opentelemetry.io/otel/sdk/log v0.14.0 // indirect
-	go.opentelemetry.io/otel/sdk/metric v1.40.0 // indirect
-	go.opentelemetry.io/otel/trace v1.40.0 // indirect
+	go.opentelemetry.io/contrib/bridges/prometheus v0.67.0 // indirect
+	go.opentelemetry.io/contrib/exporters/autoexport v0.67.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0 // indirect
+	go.opentelemetry.io/otel v1.42.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.18.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.18.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.42.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.42.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.42.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.42.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.42.0 // indirect
+	go.opentelemetry.io/otel/exporters/prometheus v0.64.0 // indirect
+	go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.18.0 // indirect
+	go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.42.0 // indirect
+	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.42.0 // indirect
+	go.opentelemetry.io/otel/log v0.18.0 // indirect
+	go.opentelemetry.io/otel/metric v1.42.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.42.0 // indirect
+	go.opentelemetry.io/otel/sdk/log v0.18.0 // indirect
+	go.opentelemetry.io/otel/sdk/metric v1.42.0 // indirect
+	go.opentelemetry.io/otel/trace v1.42.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.9.0 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.1 // indirect
 	go.yaml.in/yaml/v2 v2.4.3 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	golang.org/x/crypto v0.48.0 // indirect
-	golang.org/x/mod v0.33.0 // indirect
-	golang.org/x/net v0.50.0 // indirect
-	golang.org/x/oauth2 v0.35.0 // indirect
-	golang.org/x/sync v0.19.0 // indirect
-	golang.org/x/sys v0.41.0 // indirect
+	golang.org/x/mod v0.34.0 // indirect
+	golang.org/x/net v0.51.0 // indirect
+	golang.org/x/oauth2 v0.36.0 // indirect
+	golang.org/x/sync v0.20.0 // indirect
+	golang.org/x/sys v0.42.0 // indirect
 	golang.org/x/term v0.40.0 // indirect
 	golang.org/x/text v0.34.0 // indirect
 	golang.org/x/time v0.14.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
 	google.golang.org/api v0.267.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20260203192932-546029d2fa20 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20260226221140-a57be14db171 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20260226221140-a57be14db171 // indirect
 	google.golang.org/grpc v1.79.3 // indirect
 	google.golang.org/protobuf v1.36.11 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
@@ -416,7 +414,7 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	helm.sh/helm/v4 v4.1.1 // indirect
 	k8s.io/cli-runtime v0.35.2 // indirect
-	k8s.io/component-base v0.35.2 // indirect
+	k8s.io/component-base v0.35.3 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect
 	k8s.io/kubectl v0.35.2 // indirect