chore(deps): Bump the gomod group with 6 updates

[dependabot]

Bumps the gomod group with 6 updates:

Package	From	To
cloud.google.com/go/storage	1.62.1	1.62.2
github.com/aws/aws-sdk-go-v2/config	1.32.17	1.32.18
github.com/google/go-containerregistry	0.21.5	0.21.6
golang.org/x/crypto	0.50.0	0.51.0
golang.org/x/net	0.53.0	0.54.0
golang.org/x/term	0.42.0	0.43.0

Updates cloud.google.com/go/storage from 1.62.1 to 1.62.2

Release notes

Sourced from cloud.google.com/go/storage's releases.

storage: v1.62.2

v1.62.2 (2026-05-18)

Features

• enable open telemetry attrs (#14426) (74eab64d)

Bug Fixes

• restore metadata operations timeout in gRPC (#14575) (275ff562)

• Set default chunkRetryDeadline to 32s in NewWriterFromAppendableObject (#14458) (ec7c7d66)

• refactor userProject metadata propagation in ListObjects (#14533) (fbb543e3)

Commits

• 50a5755 chore: librarian release pull request: 20260518T161338Z (#14610)
• 585840f spanner: skip flaky TestIntegration_DbRemovalRecovery (#14607)
• f8bf88f test(spanner): retry query after database recreation in integration test (#14...
• 9168ab8 chore(librariangen): tweak release preview test (#14599)
• f8b9a93 fix(spanner/spannertest): Support UUID as a base data type (#14117)
• a42fd83 fix(internal/librariange): release preview support (#14588)
• d944830 fix(datastore): add retries to emulator (#14591)
• c5aaedc chore: migrate Go configuration in librarian.yaml (#14587)
• 8a0e849 doc(agentplatform): Add notes and quick examples to the README
• 033f4fe chore: librarian release pull request: 20260514T191310Z (#14589)
• Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/config from 1.32.17 to 1.32.18

Commits

• db9f4e5 Release 2026-05-22
• 34e7ddc Regenerated Clients
• f9db036 Update endpoints model
• ae5eae1 Update API model
• 429dbdd Feat discover endpoint partition validation (#3410)
• ab4f5b6 Release 2026-05-21
• 757a099 Regenerated Clients
• 02c8323 Update API model
• f4ac954 Bump smithy-go version and update imports for evenstream protocoltests (#3420)
• 6d93700 Add replace for credentials dependency added on go.mod (#3419)
• Additional commits viewable in compare view

Updates github.com/google/go-containerregistry from 0.21.5 to 0.21.6

Release notes

Sourced from github.com/google/go-containerregistry's releases.

v0.21.6

What's Changed

• fix: update dependencies to use new azure sdk components by @​gaganhr94 in google/go-containerregistry#2262
• transport: restore resp.Body in retryError so CheckError can parse it by @​alliasgher in google/go-containerregistry#2264
• pkg/registry: return 202 Accepted for PATCH chunk uploads by @​alliasgher in google/go-containerregistry#2265
• Follow OCI distribution spec for artifactType and annotations by @​malt3 in google/go-containerregistry#2269
• actions: attach Codecov token to coverage tests on main by @​Subserial in google/go-containerregistry#2270
• remote: use DeleteScope (with "delete" action) for manifest deletion by @​alliasgher in google/go-containerregistry#2266
• remote: limit concurrent layer pulls by @​gnix0 in google/go-containerregistry#2271
• pkg/registry: reject corrupt disk blobs by @​gnix0 in google/go-containerregistry#2272
• mutate: close layer readers during export by @​gnix0 in google/go-containerregistry#2277
• crane/flatten: preserve image media type when flattening by @​alliasgher in google/go-containerregistry#2267
• build(deps): bump goreleaser/goreleaser-action from 7.0.0 to 7.2.1 in the actions group across 1 directory by @​dependabot[bot] in google/go-containerregistry#2273
• build(deps): bump go.opentelemetry.io/otel from 1.36.0 to 1.41.0 by @​dependabot[bot] in google/go-containerregistry#2278
• build(deps): bump the go-deps group across 3 directories with 6 updates by @​dependabot[bot] in google/go-containerregistry#2280
• Replace go-homedir with os.UserHomeDir by @​jammie-jelly in google/go-containerregistry#2282
• pkg/name: only treat .localhost as non-HTTPS, not .local by @​blackwell-systems in google/go-containerregistry#2281
• transport: block unspecified IPs (0.0.0.0, ::) in validateRealmURL by @​marwan9696 in google/go-containerregistry#2285
• test(mutate): add Extract round-trip test for filesystem object preservation by @​blackwell-systems in google/go-containerregistry#2283
• experiments: remove deprecated support for estargz by @​thaJeztah in google/go-containerregistry#2288
• build(deps): bump aws-actions/configure-aws-credentials from 6.1.0 to 6.1.1 in the actions group by @​dependabot[bot] in google/go-containerregistry#2289
• fix: limit HTTP response body reads to prevent OOM by @​evilgensec in google/go-containerregistry#2296
• build(deps): bump the go-deps group across 3 directories with 6 updates by @​dependabot[bot] in google/go-containerregistry#2297
• transport: block redirects from token server to private/link-local addresses (SSRF fix) by @​evilgensec in google/go-containerregistry#2292
• pkg/v1/mutate: preserve relative symlinks that stay within rootfs in Extract by @​anishesg in google/go-containerregistry#2279
• validate: skip non-layer layers by @​imjasonh in google/go-containerregistry#2298
• remote: validate foreign layer URLs to prevent SSRF (fixes #2259) by @​evilgensec in google/go-containerregistry#2293
• remote: block SSRF via private-IP Location headers in blob uploads by @​adilburaksen in google/go-containerregistry#2295
• fix(mutate): preserve config blob and layers for non-Docker OCI artifacts by @​blackwell-systems in google/go-containerregistry#2286
• fix: preserve per-occurrence layer identity in mutate.Image.Layers() by @​iahsanGill in google/go-containerregistry#2299
• transport: retry HTTP 429 (Too Many Requests) by @​iahsanGill in google/go-containerregistry#2301
• transport: allow bearer realm at same host:port as registry by @​iahsanGill in google/go-containerregistry#2302
• Update go version to 1.26.3 by @​Subserial in google/go-containerregistry#2300

New Contributors

• @​gaganhr94 made their first contribution in google/go-containerregistry#2262
• @​alliasgher made their first contribution in google/go-containerregistry#2264
• @​malt3 made their first contribution in google/go-containerregistry#2269
• @​gnix0 made their first contribution in google/go-containerregistry#2271
• @​blackwell-systems made their first contribution in google/go-containerregistry#2281
• @​marwan9696 made their first contribution in google/go-containerregistry#2285
• @​anishesg made their first contribution in google/go-containerregistry#2279
• @​adilburaksen made their first contribution in google/go-containerregistry#2295
• @​iahsanGill made their first contribution in google/go-containerregistry#2299

Full Changelog: google/go-containerregistry@v0.21.5...v0.21.6

Commits

• 53f7e39 Update go version to 1.26.3 (#2300)
• bf87c3b transport: allow bearer realm at same host:port as registry (#2302)
• c55facd transport: retry HTTP 429 (Too Many Requests) (#2301)
• 68a569e fix: preserve per-occurrence layer identity in Layers() (#2299)
• 35b354b fix(mutate): preserve config blob and layers for non-Docker OCI artifacts (#2...
• e5983f2 remote: block SSRF via private-IP Location headers in blob uploads (#2295)
• 6dad820 remote: validate foreign layer URLs to prevent SSRF (fixes #2259) (#2293)
• 78bdf1b validate: skip non-layer layers (#2298)
• c29d91c pkg/v1/mutate: preserve relative symlinks that stay within rootfs in Extract ...
• a70d75a transport: block redirects from token server to private/link-local addresses ...
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.50.0 to 0.51.0

Commits

• b8a14a8 go.mod: update golang.org/x dependencies
• 9d9d507 x509roots/fallback/bundle: fix bundle test with Go 1.27+
• fd0b90d acme: include Problem in OrderError.Error
• b9e5359 pbkdf2: turn into a wrapper for crypto/pbkdf2
• cc0e4fc hkdf: forward Extract to the standard library
• a8e9237 x509roots/fallback: update bundle
• See full diff in compare view

Updates golang.org/x/net from 0.53.0 to 0.54.0

Commits

• b138e06 go.mod: update golang.org/x dependencies
• 689f70a quic: fix wrong final size being used for RESET_STREAM frame
• 208f306 http3: increase handshake timeout
• 49810da http2: enable net/http wrapping when go >= 1.27
• 5e11a5a quic: fix data race in streamForFrame
• 8c63081 http2: use empty Transport rather than DefaultTransport in http2wrap
• fc7b466 http2: add http2wrap test
• 15c2cb1 http2: avoid overflowing 32-bit int when http2wrap enabled
• 6465188 http2: add wrapped Server
• 72f419a http2: add wrapped ClientConn
• Additional commits viewable in compare view

Updates golang.org/x/term from 0.42.0 to 0.43.0

Commits

• 3c3e485 go.mod: update golang.org/x dependencies
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[poiana]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign cpanato for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment