From 858ce5cb12d091b2d10f553453675b484ededa3e Mon Sep 17 00:00:00 2001
From: Dmitry Lopatin <dmitry.lopatin@flant.com>
Date: Wed, 15 Apr 2026 12:08:06 +0300
Subject: [PATCH 1/4] chore(core): cve mitigation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- **CRITICAL** `CVE-2026-33186` — google.golang.org/grpc/grpc-go: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation.
- **HIGH** `CVE-2026-39883` — opentelemetry-go: BSD `kenv` command not using absolute path enables PATH hijacking.
- **HIGH** `CVE-2026-34986` — Go JOSE: Denial of Service via crafted JSON Web Encryption.
- **HIGH** `CVE-2026-34040` — Moby: Authorization bypass vulnerability.
- **HIGH** `CVE-2026-25679` — net/url: Incorrect parsing of IPv6 host literals in `net/url`.
- **HIGH** `CVE-2026-32280` — During chain building, the amount of work that is done is not properly limited.
- **HIGH** `CVE-2026-32282` — golang `internal/syscall/unix`: `Root.Chmod` can follow symlinks out of the root.
- **MEDIUM** `CVE-2026-33726` — Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic.
- **MEDIUM** `CVE-2026-33997` — Moby: Privilege validation bypass during plugin installation.
- **MEDIUM** `CVE-2026-27142` — `html/template`: URLs in meta content attribute actions are not escaped.
- **MEDIUM** `CVE-2026-32281` — Go `crypto/x509`: Denial of Service via inefficient certificate chain validation.
- **MEDIUM** `CVE-2026-32288` — Go `archive/tar` package: Denial of Service via maliciously-crafted archive.
- **MEDIUM** `CVE-2026-32289` — `html/template`: Cross-Site Scripting (XSS) via improper context and brace depth handling.
- **LOW** `CVE-2026-27139` — `os`: `FileInfo` can escape from a Root in golang `os` module.
- **UNKNOWN** `CVE-2026-32283` — If one side of the TLS connection sends multiple key update messages, connection handling may be unsafe.

Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
---
 .dmtlint.yaml                                 |   1 +
 .../dev_module_build-and-registration.yml     |   2 +-
 .github/workflows/dev_module_build.yml        |   4 +-
 .github/workflows/dev_validation.yaml         |   8 +-
 .github/workflows/e2e-matrix.yml              |   4 +-
 .github/workflows/nightly_e2e_tests_ceph.yaml |   2 +-
 .../nightly_e2e_tests_replicated.yaml         |   2 +-
 .../release_module_release-channels.yml       |   2 +-
 api/client/examples/cancel-evacuation/go.mod  |   2 +-
 api/client/examples/list-resources/go.mod     |   2 +-
 api/client/examples/resourceclaim/go.mod      |   4 +-
 api/go.mod                                    |   2 +-
 build/base-images/deckhouse_images.yml        | 632 +++++++++---------
 build/components/versions.yml                 |   4 +-
 images/bounder/werf.inc.yaml                  |   2 +-
 images/cdi-artifact/werf.inc.yaml             |   4 +-
 images/cdi-cloner/werf.inc.yaml               |   2 +-
 images/dvcr-artifact/go.mod                   |  40 +-
 images/dvcr-artifact/go.sum                   | 168 +++--
 .../docker/api/types/versions/compare.go      |  79 +++
 .../src/github.com/docker/docker/go.mod       |   3 +
 .../docker/docker/registry/registry.go        |  15 +
 images/dvcr-artifact/werf.inc.yaml            |   2 +-
 images/dvcr/werf.inc.yaml                     |   2 +-
 images/hooks/go.mod                           |  26 +-
 images/hooks/go.sum                           |  30 +-
 images/hooks/werf.inc.yaml                    |   2 +-
 images/kube-api-rewriter/go.mod               |   2 +-
 images/kube-api-rewriter/werf.inc.yaml        |   2 +-
 images/packages/libvirt/werf.inc.yaml         |   2 +-
 images/packages/rdma-core/werf.inc.yaml       |   6 +
 images/packages/swtpm/werf.inc.yaml           |   2 +-
 images/pre-delete-hook/go.mod                 |   2 +-
 images/pre-delete-hook/werf.inc.yaml          |   2 +-
 images/qemu/werf.inc.yaml                     |   2 +-
 images/virt-artifact/werf.inc.yaml            |   2 +-
 images/virt-launcher/node-labeller/go.mod     |   2 +-
 images/virt-launcher/vlctl/go.mod             |  21 +-
 images/virt-launcher/vlctl/go.sum             | 123 +++-
 images/virt-launcher/werf.inc.yaml            |   4 +-
 .../Taskfile.init.yaml                        |   4 +-
 images/virtualization-artifact/go.mod         |  39 +-
 images/virtualization-artifact/go.sum         | 156 ++++-
 images/virtualization-artifact/werf.inc.yaml  |   2 +-
 images/virtualization-dra/go.mod              |  20 +-
 images/virtualization-dra/go.sum              |  42 +-
 images/vm-route-forge/go.mod                  |  44 +-
 images/vm-route-forge/go.sum                  |  83 +--
 images/vm-route-forge/werf.inc.yaml           |   2 +-
 src/cli/go.mod                                |   2 +-
 test/e2e/go.mod                               |  18 +-
 test/e2e/go.sum                               |  32 +-
 test/performance/tools/shatal/go.mod          |   2 +-
 53 files changed, 1041 insertions(+), 623 deletions(-)
 create mode 100644 images/dvcr-artifact/staging/src/github.com/docker/docker/api/types/versions/compare.go
 create mode 100644 images/dvcr-artifact/staging/src/github.com/docker/docker/go.mod
 create mode 100644 images/dvcr-artifact/staging/src/github.com/docker/docker/registry/registry.go

diff --git a/.dmtlint.yaml b/.dmtlint.yaml
index e3fea14ef1..09f478299f 100644
--- a/.dmtlint.yaml
+++ b/.dmtlint.yaml
@@ -53,3 +53,4 @@ linters-settings:
           - tools/addlicense/testdata
           - test/performance/ssh
           - test/e2e/legacy/testdata/sshkeys
+          - images/dvcr-artifact/staging
diff --git a/.github/workflows/dev_module_build-and-registration.yml b/.github/workflows/dev_module_build-and-registration.yml
index 7cfae4eb31..c4963bc4da 100644
--- a/.github/workflows/dev_module_build-and-registration.yml
+++ b/.github/workflows/dev_module_build-and-registration.yml
@@ -25,7 +25,7 @@ env:
   MODULES_MODULE_TAG: ${{ github.event.inputs.tag }}
   SOURCE_REPO: "${{secrets.SOURCE_REPO}}"
   SOURCE_REPO_GIT: "${{secrets.SOURCE_REPO_GIT}}"
-  GO_VERSION: "1.24.13"
+  GO_VERSION: "1.25.9"
   MODULE_EDITION: "EE"
 
 on:
diff --git a/.github/workflows/dev_module_build.yml b/.github/workflows/dev_module_build.yml
index 3671c91f26..605594cc0f 100644
--- a/.github/workflows/dev_module_build.yml
+++ b/.github/workflows/dev_module_build.yml
@@ -21,8 +21,8 @@ env:
   MODULES_MODULE_SOURCE: ${{ vars.DEV_MODULE_SOURCE }}
   MODULES_REGISTRY_LOGIN: ${{ vars.DEV_MODULES_REGISTRY_LOGIN }}
   MODULES_REGISTRY_PASSWORD: ${{ secrets.DEV_MODULES_REGISTRY_PASSWORD }}
-  GO_VERSION: "1.24.13"
-  GOLANGCI_LINT_VERSION: "1.64.8"
+  GO_VERSION: "1.25.9"
+  GOLANGCI_LINT_VERSION: "2.11.1"
   SOURCE_REPO: "${{secrets.SOURCE_REPO}}"
   SOURCE_REPO_GIT: "${{secrets.SOURCE_REPO_GIT}}"
   TRIVY_DISABLE_VEX_NOTICE: "true"
diff --git a/.github/workflows/dev_validation.yaml b/.github/workflows/dev_validation.yaml
index 7c942ddebc..b57a5523c0 100644
--- a/.github/workflows/dev_validation.yaml
+++ b/.github/workflows/dev_validation.yaml
@@ -15,7 +15,7 @@
 name: Validations
 
 env:
-  GO_VERSION: "1.24.13"
+  GO_VERSION: "1.25.9"
 on:
   pull_request:
     types: [opened, synchronize, labeled, unlabeled]
@@ -137,9 +137,9 @@ jobs:
       matrix:
         # Define two groups of components with their respective Go versions
         components:
-          - { component: virtualization-artifact, go-version: "1.24.13" }
-          - { component: vm-route-forge, go-version: "1.24.13" }
-          - { component: api, go-version: "1.24.13" }
+          - { component: virtualization-artifact, go-version: "1.25.9" }
+          - { component: vm-route-forge, go-version: "1.25.9" }
+          - { component: api, go-version: "1.25.9" }
 
     steps:
       - name: Set skip flag
diff --git a/.github/workflows/e2e-matrix.yml b/.github/workflows/e2e-matrix.yml
index 1b818ec62e..4a0d0436ca 100644
--- a/.github/workflows/e2e-matrix.yml
+++ b/.github/workflows/e2e-matrix.yml
@@ -339,7 +339,7 @@ jobs:
       virtualization_tag: main
       deckhouse_channel: alpha
       default_user: cloud
-      go_version: "1.24.13"
+      go_version: "1.25.9"
       e2e_timeout: "3.5h"
       date_start: ${{ needs.set-vars.outputs.date_start }}
       randuuid4c: ${{ needs.set-vars.outputs.randuuid4c }}
@@ -362,7 +362,7 @@ jobs:
       virtualization_tag: main
       deckhouse_channel: alpha
       default_user: cloud
-      go_version: "1.24.13"
+      go_version: "1.25.9"
       e2e_timeout: "3.5h"
       date_start: ${{ needs.set-vars.outputs.date_start }}
       randuuid4c: ${{ needs.set-vars.outputs.randuuid4c }}
diff --git a/.github/workflows/nightly_e2e_tests_ceph.yaml b/.github/workflows/nightly_e2e_tests_ceph.yaml
index 8728fd899c..acc892b6a0 100644
--- a/.github/workflows/nightly_e2e_tests_ceph.yaml
+++ b/.github/workflows/nightly_e2e_tests_ceph.yaml
@@ -18,7 +18,7 @@ env:
   CSI: rbd.csi.ceph.com
   STORAGE_CLASS_NAME: ceph-pool-r2-csi-rbd-immediate
   CI_COMMIT_REF_NAME: ${{ github.ref_name }}
-  GO_VERSION: "1.24.13"
+  GO_VERSION: "1.25.9"
   TIMEOUT: "3h"
 
 on:
diff --git a/.github/workflows/nightly_e2e_tests_replicated.yaml b/.github/workflows/nightly_e2e_tests_replicated.yaml
index 73c89360ab..1fdb24edde 100644
--- a/.github/workflows/nightly_e2e_tests_replicated.yaml
+++ b/.github/workflows/nightly_e2e_tests_replicated.yaml
@@ -18,7 +18,7 @@ env:
   CSI: replicated.csi.storage.deckhouse.io
   STORAGE_CLASS_NAME: linstor-thin-r1
   CI_COMMIT_REF_NAME: ${{ github.ref_name }}
-  GO_VERSION: "1.24.13"
+  GO_VERSION: "1.25.9"
   TIMEOUT: "3h"
 
 on:
diff --git a/.github/workflows/release_module_release-channels.yml b/.github/workflows/release_module_release-channels.yml
index c86a0ef58e..e8a49abf36 100644
--- a/.github/workflows/release_module_release-channels.yml
+++ b/.github/workflows/release_module_release-channels.yml
@@ -358,7 +358,7 @@ jobs:
     name: Check version on release channel
     runs-on: ubuntu-latest
     env:
-      GO_VERSION: "1.24.13"
+      GO_VERSION: "1.25.9"
       input_channel: ${{ github.event.inputs.channel }}
       input_version: ${{ github.event.inputs.tag }}
     needs:
diff --git a/api/client/examples/cancel-evacuation/go.mod b/api/client/examples/cancel-evacuation/go.mod
index addc999818..b57b8b393f 100644
--- a/api/client/examples/cancel-evacuation/go.mod
+++ b/api/client/examples/cancel-evacuation/go.mod
@@ -2,7 +2,7 @@ module github.com/deckhouse/virtualization/api/client/examples/cancel-evacuation
 
 replace github.com/deckhouse/virtualization/api => ./../../../../api
 
-go 1.24.13
+go 1.25.9
 
 require (
 	github.com/deckhouse/virtualization/api v0.0.0-00010101000000-000000000000
diff --git a/api/client/examples/list-resources/go.mod b/api/client/examples/list-resources/go.mod
index 29a6e9aeac..6f612ec618 100644
--- a/api/client/examples/list-resources/go.mod
+++ b/api/client/examples/list-resources/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/virtualization/api/client/examples/list-resources
 
-go 1.24.13
+go 1.25.9
 
 require (
 	github.com/deckhouse/virtualization/api v0.0.0-20240322104947-2d492906a8b2
diff --git a/api/client/examples/resourceclaim/go.mod b/api/client/examples/resourceclaim/go.mod
index 87195af56a..1d8e870a89 100644
--- a/api/client/examples/resourceclaim/go.mod
+++ b/api/client/examples/resourceclaim/go.mod
@@ -1,11 +1,12 @@
 module github.com/deckhouse/virtualization/api/client/examples/resourceclaim
 
-go 1.24.13
+go 1.25.9
 
 require (
 	github.com/deckhouse/virtualization/api v1.0.0
 	github.com/spf13/cobra v1.10.1
 	github.com/spf13/pflag v1.0.10
+	k8s.io/apimachinery v0.33.3
 )
 
 require (
@@ -45,7 +46,6 @@ require (
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/api v0.33.3 // indirect
 	k8s.io/apiextensions-apiserver v0.33.3 // indirect
-	k8s.io/apimachinery v0.33.3 // indirect
 	k8s.io/client-go v0.33.3 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20250701173324-9bd5c66d9911 // indirect
diff --git a/api/go.mod b/api/go.mod
index be9a6f62cb..620d28ea8f 100644
--- a/api/go.mod
+++ b/api/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/virtualization/api
 
-go 1.24.13
+go 1.25.9
 
 tool (
 	k8s.io/code-generator
diff --git a/build/base-images/deckhouse_images.yml b/build/base-images/deckhouse_images.yml
index c1552d1abd..c9fec607d5 100644
--- a/build/base-images/deckhouse_images.yml
+++ b/build/base-images/deckhouse_images.yml
@@ -1,306 +1,338 @@
-# version=v0.5.51
+# version=v0.5.68
 # REGISTRY_PATH is a special key which is concatenated with other base images
 REGISTRY_PATH: registry.deckhouse.io/base_images
-base/distroless: "sha256:d44b8fadcf21012913301335e3bd8e96dfd6e10bdc4317e295c3d770f1c0ac2a" # from: builder/scratch
-base/nginx-release-1.28.0: "sha256:678a8eefe5fe82bdc71766fe1dd3152aa4fbc54b426c2dbe31619576d72380a5" # from: tools/nginx-release-1.28.0
-base/nginx: "sha256:678a8eefe5fe82bdc71766fe1dd3152aa4fbc54b426c2dbe31619576d72380a5" # from: tools/nginx-release-1.28.0
-base/python: "sha256:48f3f53a7f26b17370a9cf835b95982e2b7fde1073b0241b9f5fc72c1faac6dc" # from: builder/scratch
-base/python-v3.12.12: "sha256:48f3f53a7f26b17370a9cf835b95982e2b7fde1073b0241b9f5fc72c1faac6dc" # from: builder/scratch
-base/redis-7.4.5: "sha256:3bd70725e8c0919cb925cd8b471c91493b34782ce8eaa8b6871da35bce3bdc1d" # from: builder/scratch
-base/redis: "sha256:3bd70725e8c0919cb925cd8b471c91493b34782ce8eaa8b6871da35bce3bdc1d" # from: builder/scratch
-base/ruby-bundler: "sha256:e6a80bd606afb83a258b939160b2c5fe1350003822384d8e3f5b80bde424dda3" # from: builder/alpine
-base/ruby-bundler-v3_4_7: "sha256:e6a80bd606afb83a258b939160b2c5fe1350003822384d8e3f5b80bde424dda3" # from: builder/alpine
-base/ruby: "sha256:11aa322ba4ef4eced1612684c53f5ee4a195afddcbc283bfa7be7173990dc985" # from: base/distroless
-base/ruby-v3_4_7: "sha256:11aa322ba4ef4eced1612684c53f5ee4a195afddcbc283bfa7be7173990dc985" # from: base/distroless
+base/distroless: "sha256:9b74f52a191b90ceeba64b8c11dfd1ae054a82dbd360d4df6530637f60707bf7" # from: builder/scratch
+base/nginx-release-1.28.0: "sha256:305a6086dbeba19f9a7d3bb65636680112bb3538dde961edc52c6af8ee8891cd" # from: tools/nginx-release-1.28.0
+base/nginx: "sha256:305a6086dbeba19f9a7d3bb65636680112bb3538dde961edc52c6af8ee8891cd" # from: tools/nginx-release-1.28.0
+base/python: "sha256:459f2773c568d992759c6c4a6b54cd692e15dcca716f3ca20879973efbef2bbb" # from: builder/scratch
+base/python-v3.12.12: "sha256:459f2773c568d992759c6c4a6b54cd692e15dcca716f3ca20879973efbef2bbb" # from: builder/scratch
+base/redis-7.4.5: "sha256:8a9ed1dfaa235e34887388b8d28ec62c243bbf01eb83f5f84370fc98bcdc1911" # from: builder/scratch
+base/redis-7.4.7: "sha256:27a2b389e378c466012e9a75008e80fa9de125f092dbd7e48d8a962ed377834b" # from: builder/scratch
+base/redis: "sha256:27a2b389e378c466012e9a75008e80fa9de125f092dbd7e48d8a962ed377834b" # from: builder/scratch
+base/ruby-bundler: "sha256:8e2b58fbc7767edfddc1b9f0f3f26931518934e68e20d84d4de4d238bb2f8a77" # from: builder/alpine
+base/ruby-bundler-v3_4_9: "sha256:8e2b58fbc7767edfddc1b9f0f3f26931518934e68e20d84d4de4d238bb2f8a77" # from: builder/alpine
+base/ruby: "sha256:4e931fab3a0dbcc8d9880461ef2199b80c81b989b0a581df8062d700c7458f58" # from: base/distroless
+base/ruby-v3_4_9: "sha256:4e931fab3a0dbcc8d9880461ef2199b80c81b989b0a581df8062d700c7458f58" # from: base/distroless
 base/scratch: "sha256:cfac1c6b53f9365ee59ffe94c90211253f2a85ece372a6a9dfad61f4e0ab0bea" # from: builder/scratch
-base/shell-operator: "sha256:f3556750cf8bcbf42b09d52b23fb7e1ae98ebabe273dfe90ce415b1d6b3fa4db" # from: builder/scratch
-base/shell-operator-v1.9.3: "sha256:f3556750cf8bcbf42b09d52b23fb7e1ae98ebabe273dfe90ce415b1d6b3fa4db" # from: builder/scratch
-builder/alpine-3.21: "sha256:e54195b7221b3977b2abe6daaf5fabc91add7aa0a3360cd5af590c5472bb3aa7" # from: alpine:3.21.5
+base/shell-operator: "sha256:2112f086205eeffd0d70731340e33c002fd8ebc85c4964f4cb7912d930da435d" # from: builder/scratch
+base/shell-operator-v1.14.3: "sha256:2112f086205eeffd0d70731340e33c002fd8ebc85c4964f4cb7912d930da435d" # from: builder/scratch
+builder/alpine-3.21: "sha256:924f440a8693883b9317f3fe5ab34431f711c08dcc9f61ac4ac4dd3cca4ff3f5" # from: alpine:3.21.5
 builder/alpine-3.22: "sha256:2ffd38fd342a64e79ed28cf52d71216bf119b28d96b9871184acfea672a7acc8" # from: alpine:3.22.2
 builder/alpine: "sha256:2ffd38fd342a64e79ed28cf52d71216bf119b28d96b9871184acfea672a7acc8" # from: alpine:3.22.2
-builder/alpine-svace-3.21: "sha256:f72e40e3ac586391367f0f276de72b054f29c8aa95147c09f5ee39f29cfbf4ab" # from: builder/alpine-3.21
-builder/alpine-svace-3.22: "sha256:592ad64f03152d8055700374c7726450de44a2394993419d83dd4fa4a7603e34" # from: builder/alpine-3.22
-builder/alpine-svace: "sha256:592ad64f03152d8055700374c7726450de44a2394993419d83dd4fa4a7603e34" # from: builder/alpine-3.22
-builder/alt-2025-11-02: "sha256:f1b131ab710bd9ea9654a4efb9873cfda1955400ed85fe0de7d7f99416beb0f7" # from: registry.altlinux.org/p11/alt:20250625
-builder/alt: "sha256:f1b131ab710bd9ea9654a4efb9873cfda1955400ed85fe0de7d7f99416beb0f7" # from: registry.altlinux.org/p11/alt:20250625
-builder/debian-12.11-slim: "sha256:194f18cb5cdc8c4cceb4f796003b956173d63acffb1d81470b83f713a8947882" # from: debian:12.11-slim
-builder/debian: "sha256:261d9b2d8d2f1b5a5d1565bd88d950e14722481b1ffc92553f1e8a2326ee7363" # from: debian:trixie-slim
-builder/debian-svace-12.11-slim: "sha256:20109cd79726d2e5e7418e8a75c6cf796467d860de2d9ab57ad1af1b5841e962" # from: builder/debian-12.11-slim
-builder/debian-svace: "sha256:3eaf3813bbfd39c44885f2f18c3d05cdd42aa5c67c6c88a64a3db01487ee8305" # from: builder/debian-trixie-slim
-builder/debian-svace-trixie-slim: "sha256:3eaf3813bbfd39c44885f2f18c3d05cdd42aa5c67c6c88a64a3db01487ee8305" # from: builder/debian-trixie-slim
-builder/debian-trixie-slim: "sha256:261d9b2d8d2f1b5a5d1565bd88d950e14722481b1ffc92553f1e8a2326ee7363" # from: debian:trixie-slim
-builder/golang-alpine-1.24: "sha256:5d7346ae5dfd1f5c6e78dd285d9656b49b7926272bb93942ba6470d9d1d279f8" # from: builder/alpine
-builder/golang-alpine-1.25: "sha256:425f33f84bc87800267bb5bdfb96e3a356dd9c0b6046f7fe787cdf339c7215be" # from: builder/alpine
-builder/golang-alpine: "sha256:425f33f84bc87800267bb5bdfb96e3a356dd9c0b6046f7fe787cdf339c7215be" # from: builder/alpine
-builder/golang-alpine-svace-1.24: "sha256:cd46caf412999b7f3ee4d1ed29a0ef4cead6423fe4056222e80393592155b6e2" # from: builder/golang-alpine-1.24
-builder/golang-alpine-svace-1.25: "sha256:7bce2f3691208bd5174a35918151ead0a85bd1a0f07fbf97842be6582586309a" # from: builder/golang-alpine-1.25
-builder/golang-alpine-svace: "sha256:7bce2f3691208bd5174a35918151ead0a85bd1a0f07fbf97842be6582586309a" # from: builder/golang-alpine-1.25
-builder/golang-alt-1.24: "sha256:c936cfce282d666be6392e78b0008cb10dcaf0d6e299f5261f0f6cd25badcd06" # from: builder/alt
-builder/golang-alt-1.25: "sha256:e1f79798b704ba104eb84a38d1aa1f584cba8805313285efd40ca34a0d754291" # from: builder/alt
-builder/golang-alt: "sha256:e1f79798b704ba104eb84a38d1aa1f584cba8805313285efd40ca34a0d754291" # from: builder/alt
-builder/golang-alt-svace-1.24: "sha256:05d378e91966137a676f6fcb78a6b8ae0db90ffd770695d4512b2aa6824318ae" # from: builder/golang-alt-1.24
-builder/golang-alt-svace-1.25: "sha256:d7bf46f38bfddedb41f60a9ff59d3659723396c665ffcb41648c6081021c073f" # from: builder/golang-alt-1.25
-builder/golang-alt-svace: "sha256:d7bf46f38bfddedb41f60a9ff59d3659723396c665ffcb41648c6081021c073f" # from: builder/golang-alt-1.25
-builder/golang-bookworm-1.24: "sha256:bd7cdf28c1923fa71ffd8828e684e62c8f716d2e95b962ba3219beb400a3a1d8" # from: golang:1.24.13-bookworm
-builder/golang-bookworm-1.25: "sha256:6ae07a7d16a540e1dd56d5a7afbdaaf450894c74c6f1b4a497b212d61c023838" # from: golang:1.25.7-bookworm
-builder/golang-bookworm: "sha256:6ae07a7d16a540e1dd56d5a7afbdaaf450894c74c6f1b4a497b212d61c023838" # from: golang:1.25.7-bookworm
-builder/golang-bookworm-svace-1.24: "sha256:64d5178bf902a50df988958b0cc9cf00bb43663e128ac0a9826fcbbbb99aa8f8" # from: builder/golang-bookworm-1.24
-builder/golang-bookworm-svace-1.25: "sha256:df13a2341fea0ce53b5244bb69b76862dba03472b5a71953b3e0bb51269e72b6" # from: builder/golang-bookworm-1.25
-builder/golang-bookworm-svace: "sha256:df13a2341fea0ce53b5244bb69b76862dba03472b5a71953b3e0bb51269e72b6" # from: builder/golang-bookworm-1.25
-builder/golang-bullseye-1.24: "sha256:e694827623f7a8bf932c3b9462546095ddb404c9d094ae6a3240596d7c395e53" # from: golang:1.24.6-bullseye
-builder/golang-bullseye: "sha256:e694827623f7a8bf932c3b9462546095ddb404c9d094ae6a3240596d7c395e53" # from: golang:1.24.6-bullseye
-builder/golang-gost-alpine-1.24: "sha256:9bd14d0fddc0f9950385228a1fc83ddfec7e0b1f8f69e84e944901573b2bbd7c" # from: golang:1.24.13-alpine3.22
-builder/golang-gost-alpine: "sha256:9bd14d0fddc0f9950385228a1fc83ddfec7e0b1f8f69e84e944901573b2bbd7c" # from: golang:1.24.13-alpine3.22
-builder/golang-gost-bookworm-1.24: "sha256:9a1a5a2c0e1bb6d24cca379b9a3014d27750870c8995864345f20b112e7ee384" # from: golang:1.24.13-bookworm
-builder/golang-gost-bookworm: "sha256:9a1a5a2c0e1bb6d24cca379b9a3014d27750870c8995864345f20b112e7ee384" # from: golang:1.24.13-bookworm
-builder/golang-gost-bullseye-1.24: "sha256:8bc21d5ce16de07e2655368b322e447936513257acce2b1b133a92c7813c4717" # from: golang:1.24.6-bullseye
-builder/golang-gost-bullseye: "sha256:8bc21d5ce16de07e2655368b322e447936513257acce2b1b133a92c7813c4717" # from: golang:1.24.6-bullseye
-builder/node-alpine-22.16: "sha256:6c2e7b770880f1731713010d101b238c988437c1c5e6e3f23ed27d27f39ea074" # from: node:22.16.0-alpine3.20
-builder/node-alpine-23.10: "sha256:640b4b61a9f491189d7a7fa99c59bfea81f5c529a3dedb2134860a3d61fbd6cb" # from: node:23.10.0-alpine3.20
-builder/node-alpine: "sha256:6c2e7b770880f1731713010d101b238c988437c1c5e6e3f23ed27d27f39ea074" # from: node:22.16.0-alpine3.20
+builder/alpine-svace-3.21: "sha256:7a4b4b5505dd78ac51cfaecdcec5c8e58d4ac0d19b8eac10200c28a6b1e7a7cb" # from: builder/alpine-3.21
+builder/alpine-svace-3.22: "sha256:1fd0e9095f36623862fdcd409aeb9150b691f0b7a8e1d45f008f4a160fde299e" # from: builder/alpine-3.22
+builder/alpine-svace: "sha256:1fd0e9095f36623862fdcd409aeb9150b691f0b7a8e1d45f008f4a160fde299e" # from: builder/alpine-3.22
+builder/alt-2026-02-07: "sha256:d314d8b4ba1c431d1d1566bc736ebcb04c2e8e1c7fec6c2923122bcbcf5bcc04" # from: registry.altlinux.org/p11/alt:20250625
+builder/alt: "sha256:d314d8b4ba1c431d1d1566bc736ebcb04c2e8e1c7fec6c2923122bcbcf5bcc04" # from: registry.altlinux.org/p11/alt:20250625
+builder/debian-12.11-slim: "sha256:32e33c3566a56b85fb708d0e7d5895e260fcb4a2dd0130a3d26305ea146d8ef3" # from: debian:12.11-slim
+builder/debian: "sha256:cb1a802f2b79d201ed2a530c99b9fa0188187783c7c396ec40b9f458ab44d426" # from: debian:trixie-slim
+builder/debian-svace-12.11-slim: "sha256:98e479ded43836286664ed40ac9ba1c6fff714e7af3b7f539e399bd140030994" # from: builder/debian-12.11-slim
+builder/debian-svace: "sha256:efc4539ef4b04be27ff722d3182fc6b108fe9dec9904c3d066f38eba88ce52c8" # from: builder/debian-trixie-slim
+builder/debian-svace-trixie-slim: "sha256:efc4539ef4b04be27ff722d3182fc6b108fe9dec9904c3d066f38eba88ce52c8" # from: builder/debian-trixie-slim
+builder/debian-trixie-slim: "sha256:cb1a802f2b79d201ed2a530c99b9fa0188187783c7c396ec40b9f458ab44d426" # from: debian:trixie-slim
+builder/golang-alpine-1.24: "sha256:fc2b5185de5be4b0a37a43579ff080e4d061a83f4028056603b7f87e94c6ca7d" # from: builder/alpine
+builder/golang-alpine-1.25: "sha256:379017641b538725a5c0a5ac3228e09f54ca823b84407f19908e04760c84a3a9" # from: builder/alpine
+builder/golang-alpine: "sha256:379017641b538725a5c0a5ac3228e09f54ca823b84407f19908e04760c84a3a9" # from: builder/alpine
+builder/golang-alpine-svace-1.24: "sha256:4f456e3016bb66c97c4573e43336ad68a0bb1aedea731790aea80cc1332ef543" # from: builder/golang-alpine-1.24
+builder/golang-alpine-svace-1.25: "sha256:cd91fd78ad02651674a2aca9ecc3c09f94b49a656270167389b17b5c743e3f4e" # from: builder/golang-alpine-1.25
+builder/golang-alpine-svace: "sha256:cd91fd78ad02651674a2aca9ecc3c09f94b49a656270167389b17b5c743e3f4e" # from: builder/golang-alpine-1.25
+builder/golang-alt-1.24: "sha256:d94eb1b152ce5352557824ea0cf5c0b4d9bb29365d200d7248bfab751f588d3c" # from: builder/alt
+builder/golang-alt-1.25: "sha256:c2102dc56e98f3812f6b7ed10807f38f73e10b1b3a6e5dd2cd80f87b6448a146" # from: builder/alt
+builder/golang-alt: "sha256:c2102dc56e98f3812f6b7ed10807f38f73e10b1b3a6e5dd2cd80f87b6448a146" # from: builder/alt
+builder/golang-alt-svace-1.24: "sha256:5f2f6b8b34e1b150663fcc88562abff9a7fffc49c1efa5f33680942bc34bcf0a" # from: builder/golang-alt-1.24
+builder/golang-alt-svace-1.25: "sha256:a233be58d0c3f6ca19a21b8d844838ab928a8fc3c4f5aa7d94cebb151a0b908f" # from: builder/golang-alt-1.25
+builder/golang-alt-svace: "sha256:a233be58d0c3f6ca19a21b8d844838ab928a8fc3c4f5aa7d94cebb151a0b908f" # from: builder/golang-alt-1.25
+builder/golang-bookworm-1.24: "sha256:b0a75cc285d3c6319980e96d0b65afb8d293f83f303faebcd8720d117d9b440d" # from: golang:1.24.13-bookworm
+builder/golang-bookworm-1.25: "sha256:2fa0da12f239d1696f2f790ac8332ae4790f1b9db9d1e785778c4a64e2481544" # from: golang:1.25.9-bookworm
+builder/golang-bookworm: "sha256:2fa0da12f239d1696f2f790ac8332ae4790f1b9db9d1e785778c4a64e2481544" # from: golang:1.25.9-bookworm
+builder/golang-bookworm-svace-1.24: "sha256:dbf38fca4eb7a3d3dbed2e4314d9786e1258cb922ebb8aa419397d072433299a" # from: builder/golang-bookworm-1.24
+builder/golang-bookworm-svace-1.25: "sha256:7a06edaecbca8d409a49a33079d43c619bb193f877abedd59963aa3041494375" # from: builder/golang-bookworm-1.25
+builder/golang-bookworm-svace: "sha256:7a06edaecbca8d409a49a33079d43c619bb193f877abedd59963aa3041494375" # from: builder/golang-bookworm-1.25
+builder/golang-bullseye-1.24: "sha256:edb0672cf82cddf04047b2f9f0cfdff268a318762bdac70f2cfe75bc9b1395d7" # from: golang:1.24.6-bullseye
+builder/golang-bullseye: "sha256:edb0672cf82cddf04047b2f9f0cfdff268a318762bdac70f2cfe75bc9b1395d7" # from: golang:1.24.6-bullseye
+builder/golang-gost-alpine-1.24: "sha256:16bcc9b40b7a6dc665cb0951a50dba066d116ce49d0a882bdb95228bcd85495f" # from: golang:1.24.13-alpine3.22
+builder/golang-gost-alpine-1.25: "sha256:8d975385e3f560e5bf2b01098861e167d27a4cb00e55e6d43b491fc2f32ab0fa" # from: golang:1.25.9-alpine3.22
+builder/golang-gost-alpine: "sha256:8d975385e3f560e5bf2b01098861e167d27a4cb00e55e6d43b491fc2f32ab0fa" # from: golang:1.25.9-alpine3.22
+builder/golang-gost-bookworm-1.24: "sha256:c5f5c7b6080218d0a1d50ac63dee2eca2b4846969f935dceb17b5dd0588e537c" # from: golang:1.24.13-bookworm
+builder/golang-gost-bookworm-1.25: "sha256:6ffbe56b05964b074b09a266d8495d9f26cfd7abc9c7a90d1dd0ea0ddedbab0a" # from: golang:1.25.9-bookworm
+builder/golang-gost-bookworm: "sha256:6ffbe56b05964b074b09a266d8495d9f26cfd7abc9c7a90d1dd0ea0ddedbab0a" # from: golang:1.25.9-bookworm
+builder/golang-gost-bullseye-1.24: "sha256:f2c49b83f2da84d9410bef8ee882f44e53ec95d7fc2673d265749c217ddfb869" # from: golang:1.24.6-bullseye
+builder/golang-gost-bullseye: "sha256:f2c49b83f2da84d9410bef8ee882f44e53ec95d7fc2673d265749c217ddfb869" # from: golang:1.24.6-bullseye
+builder/node-alpine-22.16: "sha256:961b4daaac24616952620706e81d266ed41d973b8c134ecaaa05d274e035cd70" # from: node:22.16.0-alpine
+builder/node-alpine-22.22: "sha256:3ab7e5e8ca689111c170fed11173faac77584d568b23b7d07811f477077d7c45" # from: node:22.22.1-alpine
+builder/node-alpine-23.10: "sha256:7e8cdbf7e2b0bcd8c99ca7b2cddc93a52914df21adecd432f6c86e7a1dffc38e" # from: node:23.10.0-alpine
+builder/node-alpine-24.14: "sha256:81a31f3f4b10d164395c944a2e71450d98fff0ed6d5aee79102fd73fa67681be" # from: node:24.14.0-alpine
+builder/node-alpine: "sha256:961b4daaac24616952620706e81d266ed41d973b8c134ecaaa05d274e035cd70" # from: node:22.16.0-alpine
 builder/scratch: "sha256:1b7d59d0fd717710beaebed73c82caac21babcd7c6d22899a92a1e4fd5eafdfd" # from: registry.werf.io/werf/scratch
-builder/src: "sha256:d088e5cb2f9396d9329c2513627295efeb14c58b4e053fba8c8325c66dbd165e" # from: builder/alt
-libs/abseil-cpp-20240722.1: "sha256:9432021ffd8e632b0b3e481004b98d21272c8873e5e3dec2773fbdd9a8367070" # from: builder/scratch
-libs/abseil-cpp: "sha256:9432021ffd8e632b0b3e481004b98d21272c8873e5e3dec2773fbdd9a8367070" # from: builder/scratch
-libs/argp-standalone-1.5.0: "sha256:97bdd49fd2f5186cf5c35e36bf23701926ed82f75d50f620bbe898220699b777" # from: builder/scratch
-libs/argp-standalone: "sha256:97bdd49fd2f5186cf5c35e36bf23701926ed82f75d50f620bbe898220699b777" # from: builder/scratch
-libs/brotli: "sha256:95150d3adda491d029407024b7b43df51d0d7195c4a2fc8b7b43b82df68a3d77" # from: builder/scratch
-libs/brotli-v1.1.0: "sha256:95150d3adda491d029407024b7b43df51d0d7195c4a2fc8b7b43b82df68a3d77" # from: builder/scratch
-libs/bzip2-bzip2-1.0.8: "sha256:f5a8978bdfba46dd862b52ae41e3eac693adac98ee215602eef8b71f092d8ab5" # from: builder/scratch
-libs/bzip2: "sha256:f5a8978bdfba46dd862b52ae41e3eac693adac98ee215602eef8b71f092d8ab5" # from: builder/scratch
-libs/c-ares: "sha256:09e5170580376687072ff34c714c082b1327be4443f33fecd8501266e8cec61f" # from: builder/scratch
-libs/c-ares-v1.34.5: "sha256:09e5170580376687072ff34c714c082b1327be4443f33fecd8501266e8cec61f" # from: builder/scratch
-libs/gdbm: "sha256:a3518b62d7c18ce6a48df372197417331406fde63e81f075b165eb46b4393e9a" # from: builder/scratch
-libs/gdbm-v1.24: "sha256:a3518b62d7c18ce6a48df372197417331406fde63e81f075b165eb46b4393e9a" # from: builder/scratch
-libs/glibc: "sha256:64ead0b0350b34d6101684e6ff8f307afa68c923bb659c08ae14834f7d80e933" # from: builder/scratch
-libs/glibc-v2.41: "sha256:64ead0b0350b34d6101684e6ff8f307afa68c923bb659c08ae14834f7d80e933" # from: builder/scratch
-libs/gmp-6.3.0: "sha256:8a12d78629edce43f316c05478195466cb91350ec0647972e69b136ae85972d7" # from: builder/scratch
-libs/gmp: "sha256:8a12d78629edce43f316c05478195466cb91350ec0647972e69b136ae85972d7" # from: builder/scratch
-libs/grpc: "sha256:458bf5ad35b0cc57e76303e4cb037e89adac9880b15cf92072079f2333e2176a" # from: builder/scratch
-libs/grpc-v1.62.1: "sha256:458bf5ad35b0cc57e76303e4cb037e89adac9880b15cf92072079f2333e2176a" # from: builder/scratch
-libs/icu-release-77-1: "sha256:b6c93deb9356206d560bf9da85d11f8796c4ec90ba4beeb991b1735ea0bce1e8" # from: builder/scratch
-libs/icu: "sha256:b6c93deb9356206d560bf9da85d11f8796c4ec90ba4beeb991b1735ea0bce1e8" # from: builder/scratch
-libs/json-c-json-c-0.18-20240915: "sha256:2870f8a8339d28de46bc3dabfc882921f186111ff1e5d55578a7d3117bae3a3f" # from: builder/scratch
-libs/json-c: "sha256:2870f8a8339d28de46bc3dabfc882921f186111ff1e5d55578a7d3117bae3a3f" # from: builder/scratch
-libs/keyutils: "sha256:105a1c8e01ce6b32dbde55c396542f345022c63facbdb3b8f9e619526b20035f" # from: builder/scratch
-libs/keyutils-v1.6.1: "sha256:105a1c8e01ce6b32dbde55c396542f345022c63facbdb3b8f9e619526b20035f" # from: builder/scratch
-libs/krb5-krb5-1.21.3-final: "sha256:49e2b4d0ebd67199c11c8a582e44189f4c72b938407fb44ef718be628bebeb30" # from: builder/scratch
-libs/krb5: "sha256:49e2b4d0ebd67199c11c8a582e44189f4c72b938407fb44ef718be628bebeb30" # from: builder/scratch
-libs/libaio-libaio-0.3.113: "sha256:ad48bb81940e6cb93cd93efe1516597a8dea109186e061d1a439bab17ce56507" # from: builder/scratch
-libs/libaio: "sha256:ad48bb81940e6cb93cd93efe1516597a8dea109186e061d1a439bab17ce56507" # from: builder/scratch
-libs/libcap: "sha256:4f7abb1bbbe5b4c472041b9f3b30c627e9f8d96263cbdbba34872faf1364b199" # from: builder/scratch
-libs/libcap-v1.2.69: "sha256:fbd54053086db03e1c7d9330c25416f58d2f7af06d3285e653c65628bc22692f" # from: builder/scratch
-libs/libcap-v1.2.71: "sha256:4f7abb1bbbe5b4c472041b9f3b30c627e9f8d96263cbdbba34872faf1364b199" # from: builder/scratch
-libs/libedit: "sha256:5744e228efb525b5e706777721893da6c30aa3ecee7e28513f72355cd6d13ecc" # from: builder/scratch
-libs/libedit-v20250104.3.1: "sha256:5744e228efb525b5e706777721893da6c30aa3ecee7e28513f72355cd6d13ecc" # from: builder/scratch
-libs/libevent-release-2.2.1-alpha: "sha256:c145a67da3187809b468daf627ace7c58d16834836c87272a14a9dbf81b148a0" # from: builder/scratch
-libs/libevent: "sha256:c145a67da3187809b468daf627ace7c58d16834836c87272a14a9dbf81b148a0" # from: builder/scratch
-libs/libev: "sha256:dc6390d5ba3d81d0247806ffbde76d19c46b4e71650da7f01a005b866422b50d" # from: builder/scratch
-libs/libev-v4.33: "sha256:dc6390d5ba3d81d0247806ffbde76d19c46b4e71650da7f01a005b866422b50d" # from: builder/scratch
-libs/libffi: "sha256:f49f4f57537001db206cac41f5f366b2a4836b99628f81ef549470506e7f2bf7" # from: builder/scratch
-libs/libffi-v3.4.8: "sha256:f49f4f57537001db206cac41f5f366b2a4836b99628f81ef549470506e7f2bf7" # from: builder/scratch
-libs/libgcrypt-libgcrypt-1.11.1: "sha256:4c5b46c2918046a41081d34b832ed7e6409cbdc6f180e47d90f228d451f2fbec" # from: builder/scratch
-libs/libgcrypt: "sha256:4c5b46c2918046a41081d34b832ed7e6409cbdc6f180e47d90f228d451f2fbec" # from: builder/scratch
-libs/libgpg-error-libgpg-error-1.55: "sha256:74bb11cb78feec083af8b897fc515f1ece0211579e7aa6095824505f3399d0a4" # from: builder/scratch
-libs/libgpg-error: "sha256:74bb11cb78feec083af8b897fc515f1ece0211579e7aa6095824505f3399d0a4" # from: builder/scratch
-libs/libidn2: "sha256:0eed614805fbe2da25b2e9195d549f15ec1ff373ad01cb34b039c1bd7aa63ffc" # from: builder/scratch
-libs/libidn2-v2.3.8: "sha256:0eed614805fbe2da25b2e9195d549f15ec1ff373ad01cb34b039c1bd7aa63ffc" # from: builder/scratch
-libs/libidn: "sha256:b597f320d1b2b8e17f19706a82e75370b462fd5d143e95faf83b1312aa4d700d" # from: builder/scratch
-libs/libidn-v1.43: "sha256:b597f320d1b2b8e17f19706a82e75370b462fd5d143e95faf83b1312aa4d700d" # from: builder/scratch
-libs/libinih-r60: "sha256:35a89e45565fe3ad5a513efec079edf502e246efdf3916a43bb3a38af1731776" # from: builder/scratch
-libs/libinih: "sha256:35a89e45565fe3ad5a513efec079edf502e246efdf3916a43bb3a38af1731776" # from: builder/scratch
-libs/libmaxminddb-1.12.2: "sha256:fddb7f60ffc929ecf1b1a85806568ba27f90692b0499ba492452ec4c0c3c4e61" # from: builder/scratch
-libs/libmaxminddb: "sha256:fddb7f60ffc929ecf1b1a85806568ba27f90692b0499ba492452ec4c0c3c4e61" # from: builder/scratch
-libs/libmnl-libmnl-1.0.5: "sha256:389a2e55a67ad26f14d8982e46df187771a8f96b4d4482b63495eb94a524bbc0" # from: builder/scratch
-libs/libmnl: "sha256:389a2e55a67ad26f14d8982e46df187771a8f96b4d4482b63495eb94a524bbc0" # from: builder/scratch
-libs/libnetfilter_conntrack-libnetfilter_conntrack-1.1.0: "sha256:6bd6da6e28604c6b1d7951273803f163ca7bdbd1ad7663062cb9415a00968330" # from: builder/scratch
-libs/libnetfilter_conntrack: "sha256:6bd6da6e28604c6b1d7951273803f163ca7bdbd1ad7663062cb9415a00968330" # from: builder/scratch
-libs/libnetfilter_cthelper-libnetfilter_cthelper-1.0.1: "sha256:744a1fb7b4cb3d47f6fae0ea2ba7b77b1e380df585ffaa26ee3127714e739b00" # from: builder/scratch
-libs/libnetfilter_cthelper: "sha256:744a1fb7b4cb3d47f6fae0ea2ba7b77b1e380df585ffaa26ee3127714e739b00" # from: builder/scratch
-libs/libnetfilter_cttimeout-libnetfilter_cttimeout-1.0.1: "sha256:ba9c2d0102ca6254f5eb1ec3160abcf96594dcbb7f33cc2878a787dfc88e97d0" # from: builder/scratch
-libs/libnetfilter_cttimeout: "sha256:ba9c2d0102ca6254f5eb1ec3160abcf96594dcbb7f33cc2878a787dfc88e97d0" # from: builder/scratch
-libs/libnetfilter_queue-libnetfilter_queue-1.0.5: "sha256:1acc22685296d521c4c494dea0c6243867ec98c3bbb95a506349ccaa8107c2eb" # from: builder/scratch
-libs/libnetfilter_queue: "sha256:1acc22685296d521c4c494dea0c6243867ec98c3bbb95a506349ccaa8107c2eb" # from: builder/scratch
-libs/libnfnetlink-libnfnetlink-1.0.2: "sha256:14c51706ddfafd244e9a63b512943026f57bf41e7700127463858123889cb576" # from: builder/scratch
-libs/libnfnetlink: "sha256:14c51706ddfafd244e9a63b512943026f57bf41e7700127463858123889cb576" # from: builder/scratch
-libs/libnftnl-libnftnl-1.2.9: "sha256:b90addfd327b2e435f0b907e57e8e1af80794e70b014a58e575e47208b5a5de8" # from: builder/scratch
-libs/libnftnl: "sha256:b90addfd327b2e435f0b907e57e8e1af80794e70b014a58e575e47208b5a5de8" # from: builder/scratch
-libs/libnl-libnl3_2_25: "sha256:ec5589dc7a6c20199e6f0dc02ba5154aad9e77143c3a87a36a1afc0f02d9a0cd" # from: builder/scratch
-libs/libnl: "sha256:ec5589dc7a6c20199e6f0dc02ba5154aad9e77143c3a87a36a1afc0f02d9a0cd" # from: builder/scratch
-libs/libnvme: "sha256:e92c8a4b965d4fb6814931a9b353606d9156e829f467a7986b93eba4f63340bb" # from: builder/scratch
-libs/libnvme-v1.16.1: "sha256:e92c8a4b965d4fb6814931a9b353606d9156e829f467a7986b93eba4f63340bb" # from: builder/scratch
-libs/libpq-REL_17_5: "sha256:27e8e97b31934fc1eae6bd6698a34b7d6fd340d8a199cf9ebca2a471e771c51b" # from: builder/scratch
-libs/libpq: "sha256:27e8e97b31934fc1eae6bd6698a34b7d6fd340d8a199cf9ebca2a471e771c51b" # from: builder/scratch
-libs/libpsl-0.21.5: "sha256:f28d6e92f76ab55ef5db4df4c104a208b9ab5fca100cadc499107dd17c0458c7" # from: builder/scratch
-libs/libpsl: "sha256:f28d6e92f76ab55ef5db4df4c104a208b9ab5fca100cadc499107dd17c0458c7" # from: builder/scratch
-libs/libtirpc-libtirpc-1-3-6: "sha256:9514f6b2454ba55886ba95128f1b521fa357e9e966ad458badc60741ef9a63df" # from: builder/scratch
-libs/libtirpc: "sha256:9514f6b2454ba55886ba95128f1b521fa357e9e966ad458badc60741ef9a63df" # from: builder/scratch
-libs/libunistring: "sha256:47e2fa2e3511c4c8c64e1fc103bdd97c5cce2e005dcaa9d977aa74817e9034cc" # from: builder/scratch
-libs/libunistring-v1.3: "sha256:47e2fa2e3511c4c8c64e1fc103bdd97c5cce2e005dcaa9d977aa74817e9034cc" # from: builder/scratch
-libs/libuv: "sha256:1b50f0bee31afff3ebde13760b8ca0beefdff1005b48247225afd7cb45a847b3" # from: builder/scratch
-libs/libuv-v1.51.0: "sha256:1b50f0bee31afff3ebde13760b8ca0beefdff1005b48247225afd7cb45a847b3" # from: builder/scratch
-libs/libxml2: "sha256:bc6751a22021e112ed317163e9b8cd3f7691004905bcd851ea9f80ae5f7080e7" # from: builder/scratch
-libs/libxml2-v2.13.8: "sha256:c4b7f7da35c072448e3b5e34b205905f541ae9999777d0261272d300fe7f7700" # from: builder/scratch
-libs/libxml2-v2.14.3: "sha256:bc6751a22021e112ed317163e9b8cd3f7691004905bcd851ea9f80ae5f7080e7" # from: builder/scratch
-libs/libxslt: "sha256:5d29726517726bd3ca94905a75855344ffb74988cc8d073c5c1dff0847c44e65" # from: builder/scratch
-libs/libxslt-v1.1.43: "sha256:5d29726517726bd3ca94905a75855344ffb74988cc8d073c5c1dff0847c44e65" # from: builder/scratch
-libs/libyaml-0.2.5: "sha256:61ca1fc190a93c462857d5d28863f1945ba88ec14f195f782ca566caf722b2ab" # from: builder/scratch
-libs/libyaml: "sha256:61ca1fc190a93c462857d5d28863f1945ba88ec14f195f782ca566caf722b2ab" # from: builder/scratch
-libs/lmdb-LMDB_0.9.31: "sha256:5769c82e1e969ee966f12ec7a5c0d2104b8d83e414452aab28005523446e4446" # from: builder/scratch
-libs/lmdb: "sha256:5769c82e1e969ee966f12ec7a5c0d2104b8d83e414452aab28005523446e4446" # from: builder/scratch
-libs/lua-iconv-7-3: "sha256:eb11950f76000b4ef2bf392358408d4939156908c4f45d6f9a04b73570787035" # from: builder/scratch
-libs/lua-iconv: "sha256:eb11950f76000b4ef2bf392358408d4939156908c4f45d6f9a04b73570787035" # from: builder/scratch
-libs/lua-protobuf-0.5.1: "sha256:804ac09be8cd41f3f366f12517244f531ef4c3023ec5cbfa45cb2a41778c2cca" # from: builder/scratch
-libs/lua-protobuf: "sha256:804ac09be8cd41f3f366f12517244f531ef4c3023ec5cbfa45cb2a41778c2cca" # from: builder/scratch
-libs/mpc1-1.3.1: "sha256:e745110ea48a0c04afd848388726034fe64e82ae5cc90877ad218ffe02310d6c" # from: builder/scratch
-libs/mpc1: "sha256:e745110ea48a0c04afd848388726034fe64e82ae5cc90877ad218ffe02310d6c" # from: builder/scratch
-libs/mpfr4-4.2.1: "sha256:cf5cb11810027600974085a4370389dd90f9d1877b2de0adeb3f6e9a4f7c359b" # from: builder/scratch
-libs/mpfr4: "sha256:cf5cb11810027600974085a4370389dd90f9d1877b2de0adeb3f6e9a4f7c359b" # from: builder/scratch
-libs/musl-fts: "sha256:ee574d6ec7a225edfc1605a55dee0b4c0741af488a759daf1e56fafade6a0780" # from: builder/scratch
-libs/musl-fts-v1.2.7: "sha256:ee574d6ec7a225edfc1605a55dee0b4c0741af488a759daf1e56fafade6a0780" # from: builder/scratch
-libs/musl-obstack: "sha256:cd9a6fc44b17f1b16e9b7b7011bc59b4b997bb333d79d54be63ba78634dae4c8" # from: builder/scratch
-libs/musl-obstack-v1.2.3: "sha256:cd9a6fc44b17f1b16e9b7b7011bc59b4b997bb333d79d54be63ba78634dae4c8" # from: builder/scratch
-libs/musl: "sha256:8d8b96575db08844aad856592c09fb4c95e165ebfdba95d9985e06d8413b64da" # from: builder/scratch
-libs/musl-v1.2.5: "sha256:8d8b96575db08844aad856592c09fb4c95e165ebfdba95d9985e06d8413b64da" # from: builder/scratch
-libs/ncurses: "sha256:808cbd4350c3d2abe85979b68043e0e3fdb914bcd6c110168c730ca623cfe237" # from: builder/scratch
-libs/ncurses-v6_5_20250920: "sha256:808cbd4350c3d2abe85979b68043e0e3fdb914bcd6c110168c730ca623cfe237" # from: builder/scratch
-libs/nghttp2: "sha256:5c62f3eb1c35321dfb0981d419a37faa3e1c6916b4e5975fe36ed7e722ed8fbd" # from: builder/scratch
-libs/nghttp2-v1.66.0: "sha256:5c62f3eb1c35321dfb0981d419a37faa3e1c6916b4e5975fe36ed7e722ed8fbd" # from: builder/scratch
-libs/oniguruma: "sha256:e1f9a578dca9574145ea06b7c2cc8f308f8d566eb77296b51dfd2291ee060f26" # from: builder/scratch
-libs/oniguruma-v6.9.10: "sha256:e1f9a578dca9574145ea06b7c2cc8f308f8d566eb77296b51dfd2291ee060f26" # from: builder/scratch
-libs/pcre2-pcre2-10.45: "sha256:bcf54aac458981b6e247f1f8ffa19cce3df5c314cffce7231365a775e30d5af9" # from: builder/scratch
-libs/pcre2: "sha256:bcf54aac458981b6e247f1f8ffa19cce3df5c314cffce7231365a775e30d5af9" # from: builder/scratch
-libs/pcre-8.45: "sha256:667b91f93f410bc10c5f0873d3843aa2145f0482d0fb81f5af203cc113da4667" # from: builder/scratch
-libs/pcre: "sha256:667b91f93f410bc10c5f0873d3843aa2145f0482d0fb81f5af203cc113da4667" # from: builder/scratch
-libs/popt-popt-1.19-release: "sha256:d1abf88cedb83c8c5e03f36210074e5042357033ecaee74bff41b20e1ccacac2" # from: builder/scratch
-libs/popt: "sha256:d1abf88cedb83c8c5e03f36210074e5042357033ecaee74bff41b20e1ccacac2" # from: builder/scratch
-libs/protobuf: "sha256:6b47c6c94c8ea0d4397d273e33bd3b550af2e4884c1914e48cd55c0856a27c26" # from: builder/scratch
-libs/protobuf-v29.4: "sha256:6b47c6c94c8ea0d4397d273e33bd3b550af2e4884c1914e48cd55c0856a27c26" # from: builder/scratch
-libs/python-wheel: "sha256:4a0fff73311c85685df75de138dbca48cac9d72ceb44d72feb8a91d418134ec1" # from: builder/scratch
-libs/python-wheel-v0.1: "sha256:4a0fff73311c85685df75de138dbca48cac9d72ceb44d72feb8a91d418134ec1" # from: builder/scratch
-libs/re2-2024-07-02: "sha256:bbc7f4c9abb0c569df2ba01fad9734e474e4310e6ac677df617d84bee2e18f39" # from: builder/scratch
-libs/re2: "sha256:bbc7f4c9abb0c569df2ba01fad9734e474e4310e6ac677df617d84bee2e18f39" # from: builder/scratch
-libs/readline-readline-8.2: "sha256:7c69b2465cdeed0dd9fd551900cd467d8ffa9fbea21e902ce61cf1cdafd3b4b9" # from: builder/scratch
-libs/readline: "sha256:7c69b2465cdeed0dd9fd551900cd467d8ffa9fbea21e902ce61cf1cdafd3b4b9" # from: builder/scratch
-libs/skalibs: "sha256:ea218919c6a716457783b5537e419b707b765d5526f70d16641bd0646a07b482" # from: builder/scratch
-libs/skalibs-v2.14.3.0: "sha256:ea218919c6a716457783b5537e419b707b765d5526f70d16641bd0646a07b482" # from: builder/scratch
-libs/sqlite: "sha256:cf420eca89a0d495ca28b54cb5a9bbece5720e6597b5573bcad18d681029338c" # from: builder/scratch
-libs/sqlite-version-3.49.1: "sha256:cf420eca89a0d495ca28b54cb5a9bbece5720e6597b5573bcad18d681029338c" # from: builder/scratch
-libs/userspace-rcu: "sha256:b6e384c9bf9f31ec953d6bf2cb28e656436f95315a5d921de3680197235b48cf" # from: builder/scratch
-libs/userspace-rcu-v0.15.2: "sha256:b6e384c9bf9f31ec953d6bf2cb28e656436f95315a5d921de3680197235b48cf" # from: builder/scratch
-libs/utmps: "sha256:2bc67c4cec15e7c1d5d9d4b434146c164d9004da93793ed3edb68a82006257b9" # from: builder/scratch
-libs/utmps-v0.1.2.3: "sha256:2bc67c4cec15e7c1d5d9d4b434146c164d9004da93793ed3edb68a82006257b9" # from: builder/scratch
-libs/xz: "sha256:bb3598b38e64e6b10035c3724ec1e24fffeb59081e1f5a9c2e45cfd366c01c12" # from: builder/scratch
-libs/xz-v5.8.1: "sha256:bb3598b38e64e6b10035c3724ec1e24fffeb59081e1f5a9c2e45cfd366c01c12" # from: builder/scratch
-libs/yajl-2.1.0: "sha256:dabb5b7af863d4cbbf70ed3c4b4b0a551b8ff05e9b374b10b1ecb3eee6c0691a" # from: builder/scratch
-libs/yajl: "sha256:dabb5b7af863d4cbbf70ed3c4b4b0a551b8ff05e9b374b10b1ecb3eee6c0691a" # from: builder/scratch
-libs/zlib: "sha256:2afd8f86a0f285371e7a6502f8c0335c476a8d36b0d75a647201320c0164708a" # from: builder/scratch
-libs/zlib-v1.3.1: "sha256:2afd8f86a0f285371e7a6502f8c0335c476a8d36b0d75a647201320c0164708a" # from: builder/scratch
-libs/zstd: "sha256:c1589bcf4f8f1c01c0137ade5a639e02e48ef78d8fed33cf7a2632c860cce3c4" # from: builder/scratch
-libs/zstd-v1.5.7: "sha256:c1589bcf4f8f1c01c0137ade5a639e02e48ef78d8fed33cf7a2632c860cce3c4" # from: builder/scratch
-tools/bash-completion-2.16.0: "sha256:f76e83e0c969212ca612dc78f1301b4eee9d02d1488a3c86131bf17936f54385" # from: builder/scratch
-tools/bash-completion: "sha256:f76e83e0c969212ca612dc78f1301b4eee9d02d1488a3c86131bf17936f54385" # from: builder/scratch
-tools/bash: "sha256:5c1f50c38ed22115094c11fd6ead78ff227a2bacda48a99010e0dee6489f2c71" # from: builder/scratch
-tools/bash-v5.2.37: "sha256:5c1f50c38ed22115094c11fd6ead78ff227a2bacda48a99010e0dee6489f2c71" # from: builder/scratch
-tools/conntrack-tools-conntrack-tools-1.4.8: "sha256:0971978df9c5a73edec4cc2b53d31a4a51494a31fb10db87d15f47b4f31f22ce" # from: builder/scratch
-tools/conntrack-tools: "sha256:0971978df9c5a73edec4cc2b53d31a4a51494a31fb10db87d15f47b4f31f22ce" # from: builder/scratch
-tools/coreutils: "sha256:543a3a48b303cf6d2abfea7343a3ffd28744fbf593dd9686415d22b8049236ac" # from: builder/scratch
-tools/coreutils-v9.7: "sha256:543a3a48b303cf6d2abfea7343a3ffd28744fbf593dd9686415d22b8049236ac" # from: builder/scratch
-tools/cosign: "sha256:120904c0e4ca7f6c57bd1c6f51493245d6167defdeaf9a34d93e28ebb42ba8b6" # from: builder/scratch
-tools/cosign-v2.4.3: "sha256:120904c0e4ca7f6c57bd1c6f51493245d6167defdeaf9a34d93e28ebb42ba8b6" # from: builder/scratch
-tools/cryptsetup: "sha256:c6148af06a6d3cce89316d6ca61e9455bdbe30abb95e99804e02fd504297931c" # from: builder/scratch
-tools/cryptsetup-v2.7.5: "sha256:c6148af06a6d3cce89316d6ca61e9455bdbe30abb95e99804e02fd504297931c" # from: builder/scratch
-tools/curl-curl-8_17_0: "sha256:a26c005481d82dfdcdf0fe782edba0fbaa064085b7b4a08808e1c4767c7d3acd" # from: builder/scratch
-tools/curl: "sha256:a26c005481d82dfdcdf0fe782edba0fbaa064085b7b4a08808e1c4767c7d3acd" # from: builder/scratch
-tools/diffutils: "sha256:cb6227f8c67595732fe50835ae47938d9e1f8556e7772e6090866e2bce0be0fc" # from: builder/scratch
-tools/diffutils-v3.12: "sha256:cb6227f8c67595732fe50835ae47938d9e1f8556e7772e6090866e2bce0be0fc" # from: builder/scratch
-tools/dumb-init: "sha256:8023a218203526e7b01cf539e1889bdac6a51406cba8320c6157e13608c94ee3" # from: builder/scratch
-tools/dumb-init-v1.2.5: "sha256:8023a218203526e7b01cf539e1889bdac6a51406cba8320c6157e13608c94ee3" # from: builder/scratch
-tools/e2fsprogs: "sha256:65e7bb836057d0decdc5b1386455840616cce1f6bcff91e1f6427671aca6d238" # from: builder/scratch
-tools/e2fsprogs-v1.47.2: "sha256:65e7bb836057d0decdc5b1386455840616cce1f6bcff91e1f6427671aca6d238" # from: builder/scratch
-tools/elfutils-elfutils-0.193: "sha256:b2565b5fc0231190e3b35f52451192792c12e9111cbbad2db8dd6a821e96f49f" # from: builder/scratch
-tools/elfutils: "sha256:b2565b5fc0231190e3b35f52451192792c12e9111cbbad2db8dd6a821e96f49f" # from: builder/scratch
-tools/erofs-utils: "sha256:215045baa67408ff709bcde88ae39e747e25424db5898fa7cb0d5fb9a5e98d7c" # from: builder/scratch
-tools/erofs-utils-v1.8.10: "sha256:215045baa67408ff709bcde88ae39e747e25424db5898fa7cb0d5fb9a5e98d7c" # from: builder/scratch
-tools/ethtool: "sha256:62e8c609e4066e00fd2f6a7e5dcf654343ef975eecd194995cd55ceee0bc3d06" # from: builder/scratch
-tools/ethtool-v6.15: "sha256:62e8c609e4066e00fd2f6a7e5dcf654343ef975eecd194995cd55ceee0bc3d06" # from: builder/scratch
-tools/findutils: "sha256:ab871f54bbf1d95ec4f95bc70e7f8d51edc5b82c0f586b6770729353bd732b2b" # from: builder/scratch
-tools/findutils-v4.10.0: "sha256:ab871f54bbf1d95ec4f95bc70e7f8d51edc5b82c0f586b6770729353bd732b2b" # from: builder/scratch
-tools/gawk: "sha256:7ca875b23d356ed7ca35372160e5a4b4b8c3552532b5c8fce366d0db0525710a" # from: builder/scratch
-tools/gawk-v5.3.2: "sha256:7ca875b23d356ed7ca35372160e5a4b4b8c3552532b5c8fce366d0db0525710a" # from: builder/scratch
-tools/gcc-12.1.0: "sha256:43924e061e9895c005622d213690ba509372ac2aedac033081deef21c55b974f" # from: builder/scratch
-tools/gcc-gnu-releases/gcc-14.2.0: "sha256:94dc9c9be75acf0074cadeefe0f5e34ba154150b018fa0f2015f4eddf5653f64" # from: builder/scratch
-tools/gcc-gnu: "sha256:94dc9c9be75acf0074cadeefe0f5e34ba154150b018fa0f2015f4eddf5653f64" # from: builder/scratch
-tools/gcc: "sha256:43924e061e9895c005622d213690ba509372ac2aedac033081deef21c55b974f" # from: builder/scratch
-tools/git: "sha256:5f8e9cbb04c26deb0fdbac1197ec554061866435d526131db5de907cfb3a0105" # from: builder/scratch
-tools/git-v2.50.1: "sha256:5f8e9cbb04c26deb0fdbac1197ec554061866435d526131db5de907cfb3a0105" # from: builder/scratch
-tools/golang-1.24.13: "sha256:4dc370fd0a45492aab8435d1628a2082c328ba63926e88e879895cad01306118" # from: builder/scratch
-tools/golang-1.25.7: "sha256:227f742764bde45608d1209ed1758c35b1b5313a2f8d99ee0cc48aecfda80dc7" # from: builder/scratch
-tools/golang: "sha256:227f742764bde45608d1209ed1758c35b1b5313a2f8d99ee0cc48aecfda80dc7" # from: builder/scratch
-tools/grep-grep-3.11: "sha256:2dbeb25b1e742a98863f70eb3b3cb3aaf9435f43f255b91093bc87a360a52a38" # from: builder/scratch
-tools/grep: "sha256:2dbeb25b1e742a98863f70eb3b3cb3aaf9435f43f255b91093bc87a360a52a38" # from: builder/scratch
-tools/iproute2: "sha256:46150bdc7959c3ff8395a427bff4d75da028f604f87139069fac951637310708" # from: builder/scratch
-tools/iproute2-v6.12.0: "sha256:46150bdc7959c3ff8395a427bff4d75da028f604f87139069fac951637310708" # from: builder/scratch
-tools/ipset: "sha256:b53afdf8b69d7a3161335780feed92373852f485bb0ac585e113392037682a94" # from: builder/scratch
-tools/ipset-v7.22: "sha256:b53afdf8b69d7a3161335780feed92373852f485bb0ac585e113392037682a94" # from: builder/scratch
-tools/iptables: "sha256:a63759d838499b37317be04c5f687b2ecb3a3cbdb50f1a3010998e671b30da34" # from: builder/scratch
-tools/iptables-v1.8.9: "sha256:a63759d838499b37317be04c5f687b2ecb3a3cbdb50f1a3010998e671b30da34" # from: builder/scratch
-tools/jq-1.7.1: "sha256:8e801f72604880a20af7ebfb3eb7238e17dcf61821f59c2af4d38d7e6caf25f6" # from: builder/scratch
-tools/jq: "sha256:8e801f72604880a20af7ebfb3eb7238e17dcf61821f59c2af4d38d7e6caf25f6" # from: builder/scratch
-tools/kmod: "sha256:91cf59c465a9e4a250ed91238fde9d954317c9335d3f68831a4625dec3ae5057" # from: builder/scratch
-tools/kmod-v33: "sha256:91cf59c465a9e4a250ed91238fde9d954317c9335d3f68831a4625dec3ae5057" # from: builder/scratch
-tools/less-less-668: "sha256:a424329717329eed9b5a9b57b051d45f3eddcc437f12e8f8ba177cc372ade3c0" # from: builder/scratch
-tools/less: "sha256:a424329717329eed9b5a9b57b051d45f3eddcc437f12e8f8ba177cc372ade3c0" # from: builder/scratch
-tools/libcap: "sha256:4e395c7a954005432d73cee46398fd86140cf0e5fcf69257a80c22b8e527ee5f" # from: builder/scratch
-tools/libcap-v1.2.76: "sha256:4e395c7a954005432d73cee46398fd86140cf0e5fcf69257a80c22b8e527ee5f" # from: builder/scratch
-tools/lsscsi: "sha256:a43ed25918ccc1d0abdf093ce5065012895ff8d46e360f81444fb382ed8dbb55" # from: builder/scratch
-tools/lsscsi-v0.28: "sha256:a43ed25918ccc1d0abdf093ce5065012895ff8d46e360f81444fb382ed8dbb55" # from: builder/scratch
-tools/lua5-1: "sha256:ec3884cd3837c4c18cae0edda08350a36dd0ca35b2b04ff790c8e7734140e63d" # from: builder/scratch
-tools/lua5-1-v5.1.5: "sha256:ec3884cd3837c4c18cae0edda08350a36dd0ca35b2b04ff790c8e7734140e63d" # from: builder/scratch
-tools/luarocks5-1: "sha256:575cdcfa01417222ec95792f0bf337aef03632e9e811da5639cef70d36257b67" # from: builder/scratch
-tools/luarocks5-1-v3.12.2: "sha256:575cdcfa01417222ec95792f0bf337aef03632e9e811da5639cef70d36257b67" # from: builder/scratch
-tools/lvm2: "sha256:6e001216f07a8603ee1d701b3754d62e623f14ef31a7c7752c72b98801f72b3a" # from: builder/scratch
-tools/lvm2-v2_03_31: "sha256:6e001216f07a8603ee1d701b3754d62e623f14ef31a7c7752c72b98801f72b3a" # from: builder/scratch
-tools/memcached-1.6.39: "sha256:fdf34bfa45490d998891558a9685064d2ad7c9c1e1e72e4f99bb6a4c11f54012" # from: builder/scratch
-tools/memcached: "sha256:fdf34bfa45490d998891558a9685064d2ad7c9c1e1e72e4f99bb6a4c11f54012" # from: builder/scratch
-tools/multipath-tools-0.13.0: "sha256:4e3526182d3956425f49a3913a4ab0289e26b583534db7c1cd418aa92a180aa4" # from: builder/scratch
-tools/multipath-tools: "sha256:4e3526182d3956425f49a3913a4ab0289e26b583534db7c1cd418aa92a180aa4" # from: builder/scratch
-tools/nfs-utils-nfs-utils-2-8-2: "sha256:f3a7eec206f18e5b45cb9fc6ca5b969dd3b9bf63b87a74f52b4a67b35017c165" # from: builder/scratch
-tools/nfs-utils: "sha256:f3a7eec206f18e5b45cb9fc6ca5b969dd3b9bf63b87a74f52b4a67b35017c165" # from: builder/scratch
-tools/nginx-njs-release-1.28.0: "sha256:1de97adbc36db2488445e5a02e1c5e7355aef8a24ba2e647329a1363d2f9a7f8" # from: builder/scratch
-tools/nginx-njs: "sha256:1de97adbc36db2488445e5a02e1c5e7355aef8a24ba2e647329a1363d2f9a7f8" # from: builder/scratch
-tools/nginx-release-1.28.0: "sha256:95a6825be72e3aedc90fa921d4ddb8b301678b5c1ab1d318f122f8aca56571c3" # from: builder/scratch
-tools/nginx: "sha256:95a6825be72e3aedc90fa921d4ddb8b301678b5c1ab1d318f122f8aca56571c3" # from: builder/scratch
-tools/nvme-cli: "sha256:39cf96527b63ee0c9fe42fe533c5249ca6b398a7f0083ab42e4e6adc8681fd64" # from: builder/scratch
-tools/nvme-cli-v2.16: "sha256:39cf96527b63ee0c9fe42fe533c5249ca6b398a7f0083ab42e4e6adc8681fd64" # from: builder/scratch
-tools/open-iscsi-2.1.11: "sha256:69332f7c54a1dd5ecc095cb221a3a94be311a197af19fbf54a7769292d38cb48" # from: builder/scratch
-tools/open-iscsi: "sha256:69332f7c54a1dd5ecc095cb221a3a94be311a197af19fbf54a7769292d38cb48" # from: builder/scratch
-tools/openssl-3.6.0: "sha256:293bc2d64d27266bbbcfa3a0c314fe997543eca9e6028516a83ec661b445fff9" # from: builder/scratch
-tools/openssl: "sha256:293bc2d64d27266bbbcfa3a0c314fe997543eca9e6028516a83ec661b445fff9" # from: builder/scratch
-tools/procps: "sha256:c3d43ed90cf407fef9f9db00973a1df6483de9e4da162b56064ff88f31517522" # from: builder/scratch
-tools/procps-v4.0.5: "sha256:c3d43ed90cf407fef9f9db00973a1df6483de9e4da162b56064ff88f31517522" # from: builder/scratch
-tools/pwru: "sha256:e2685495eded8e7a5de01b4a1b04963faa5e780b3e055ec50f48abcffef84f51" # from: builder/scratch
-tools/pwru-v1.0.10: "sha256:e2685495eded8e7a5de01b4a1b04963faa5e780b3e055ec50f48abcffef84f51" # from: builder/scratch
-tools/rpcbind-rpcbind-1_2_8: "sha256:6b874a1bd3bb7ae7035a24950958502902b0be9072dd308ea7d9c2dcfcf523f7" # from: builder/scratch
-tools/rpcbind: "sha256:6b874a1bd3bb7ae7035a24950958502902b0be9072dd308ea7d9c2dcfcf523f7" # from: builder/scratch
-tools/sed: "sha256:c8593139a87d91776d4f74218913c434f18ba399ee697dbb39fedf611b5f8c3e" # from: builder/scratch
-tools/sed-v4.9: "sha256:c8593139a87d91776d4f74218913c434f18ba399ee697dbb39fedf611b5f8c3e" # from: builder/scratch
-tools/semver-3.4.0: "sha256:d10c2dcee12c42900281bad834ac0ed0a085b492dcce5d1d6addd335ac1d54fd" # from: builder/scratch
-tools/semver: "sha256:d10c2dcee12c42900281bad834ac0ed0a085b492dcce5d1d6addd335ac1d54fd" # from: builder/scratch
-tools/shell-operator: "sha256:6d2ec80f05a3610f74c0a08c36bac7204b8229bd4f53533962761de56c8cf32b" # from: builder/scratch
-tools/shell-operator-v1.9.3: "sha256:6d2ec80f05a3610f74c0a08c36bac7204b8229bd4f53533962761de56c8cf32b" # from: builder/scratch
-tools/ssh: "sha256:321d9b04ced197458a5bf1e0a3d2d5b64e4377f4ba6cafb1e1a871c2b437a96c" # from: builder/scratch
-tools/ssh-V_10_0_P2: "sha256:321d9b04ced197458a5bf1e0a3d2d5b64e4377f4ba6cafb1e1a871c2b437a96c" # from: builder/scratch
-tools/tar: "sha256:e23dfd80a2beedd81773f873f3e31c84c7b9173f3e2ef1de3fa0d6af0d03d6be" # from: builder/scratch
-tools/tar-v1.35: "sha256:e23dfd80a2beedd81773f873f3e31c84c7b9173f3e2ef1de3fa0d6af0d03d6be" # from: builder/scratch
-tools/tini: "sha256:734fb4c383204922db3c2c9bfe5562caf1c06335ee27f1345546b57aa4b9d0ea" # from: builder/scratch
-tools/tini-v0.19.0: "sha256:734fb4c383204922db3c2c9bfe5562caf1c06335ee27f1345546b57aa4b9d0ea" # from: builder/scratch
-tools/util-linux: "sha256:934f825b349549512c57a735d77f42af009383c2833bbd1db9cac7e3c7f0f3e3" # from: builder/scratch
-tools/util-linux-v2.41: "sha256:934f825b349549512c57a735d77f42af009383c2833bbd1db9cac7e3c7f0f3e3" # from: builder/scratch
-tools/vim: "sha256:12cfd8984130986c5522e45099b0cb22d81850dafcb256f5004bc536cf3740f6" # from: builder/scratch
-tools/vim-v9.1.1236: "sha256:12cfd8984130986c5522e45099b0cb22d81850dafcb256f5004bc536cf3740f6" # from: builder/scratch
-tools/xfsprogs: "sha256:ec14d7e45fca638728c198b7eb8d675934e777dd4cfaca6f914eb543247c9444" # from: builder/scratch
-tools/xfsprogs-v6.16.0: "sha256:ec14d7e45fca638728c198b7eb8d675934e777dd4cfaca6f914eb543247c9444" # from: builder/scratch
-tools/yq: "sha256:4f294d46559f45bbd7d20f2306e2eaa2b6ec1cb6e826f906377c10bb9eea04d5" # from: builder/scratch
-tools/yq-v4.45.1: "sha256:893d67cc466e2be16006f9053d43701cb8bd376cd6864547ca43bafa08e01127" # from: builder/scratch
-tools/yq-v4.47.1: "sha256:4f294d46559f45bbd7d20f2306e2eaa2b6ec1cb6e826f906377c10bb9eea04d5" # from: builder/scratch
+builder/src: "sha256:64a20329676de3e32f403f0a746e43cdcbc804eb3b6ba3af9e7d134d9b836783" # from: builder/alt
+libs/abseil-cpp-20240722.1: "sha256:02dc4fb80966c487c827d3e5064573e31b46074b8b3b4d8ed979bba2f15cf6c0" # from: builder/scratch
+libs/abseil-cpp: "sha256:02dc4fb80966c487c827d3e5064573e31b46074b8b3b4d8ed979bba2f15cf6c0" # from: builder/scratch
+libs/abseil-cpp-static-20230125: "sha256:8ce5ee60e61cc98333dbad088f1655cbbe6226d38543a4397853db0b1d82f34c" # from: builder/scratch
+libs/abseil-cpp-static-20240722: "sha256:efbbbf8b8ffdc8b4fbebe8918026e21ce617f3a0c9ed6b6184feb94f4549396c" # from: builder/scratch
+libs/abseil-cpp-static: "sha256:efbbbf8b8ffdc8b4fbebe8918026e21ce617f3a0c9ed6b6184feb94f4549396c" # from: builder/scratch
+libs/argp-standalone-1.5.0: "sha256:f84f02815af76a5dff076077853d0626b1622c04b00d221042ae8af8e75eccbf" # from: builder/scratch
+libs/argp-standalone: "sha256:f84f02815af76a5dff076077853d0626b1622c04b00d221042ae8af8e75eccbf" # from: builder/scratch
+libs/brotli: "sha256:1575c2ec6fd9bb5ddc5adb66f31f8381bff08ec24016da5aa52a1c95c49b89f7" # from: builder/scratch
+libs/brotli-v1.1.0: "sha256:1575c2ec6fd9bb5ddc5adb66f31f8381bff08ec24016da5aa52a1c95c49b89f7" # from: builder/scratch
+libs/bzip2-bzip2-1.0.8: "sha256:f0fc0373743322145b5f52582490fa49c1d8c51dd0f70287f0d2e294106ab263" # from: builder/scratch
+libs/bzip2: "sha256:f0fc0373743322145b5f52582490fa49c1d8c51dd0f70287f0d2e294106ab263" # from: builder/scratch
+libs/c-ares: "sha256:5738a4a5029c38ca358b307356f90f33de9b778abca1592483809b1c4f32d8aa" # from: builder/scratch
+libs/c-ares-v1.34.5: "sha256:5738a4a5029c38ca358b307356f90f33de9b778abca1592483809b1c4f32d8aa" # from: builder/scratch
+libs/gdbm: "sha256:b079a09ee6753dac317b7e8ec97c3cb4e392a2641315babb53acf4bf7391a0e1" # from: builder/scratch
+libs/gdbm-v1.24: "sha256:b079a09ee6753dac317b7e8ec97c3cb4e392a2641315babb53acf4bf7391a0e1" # from: builder/scratch
+libs/glibc: "sha256:c73a69aa3669683eaa86d41d7dc5155687d5ebba4d4ee8230f28aebf0cd0d6d5" # from: builder/scratch
+libs/glibc-v2.41: "sha256:c73a69aa3669683eaa86d41d7dc5155687d5ebba4d4ee8230f28aebf0cd0d6d5" # from: builder/scratch
+libs/gmp-6.3.0: "sha256:0acb0d524ea27309ded2a7cf0bccf648c23e8772edfcdbcb1b5028ec7e52e313" # from: builder/scratch
+libs/gmp: "sha256:0acb0d524ea27309ded2a7cf0bccf648c23e8772edfcdbcb1b5028ec7e52e313" # from: builder/scratch
+libs/grpc: "sha256:5636167caeb8c6763c3546b3c80bbed4ab7992cbb729324f721d4c0807aeabc1" # from: builder/scratch
+libs/grpc-v1.62.1: "sha256:5636167caeb8c6763c3546b3c80bbed4ab7992cbb729324f721d4c0807aeabc1" # from: builder/scratch
+libs/icu-release-77-1: "sha256:7492eafe179024573232246572309b162750e83164aaa0908ac7842cf930c381" # from: builder/scratch
+libs/icu: "sha256:7492eafe179024573232246572309b162750e83164aaa0908ac7842cf930c381" # from: builder/scratch
+libs/json-c-json-c-0.18-20240915: "sha256:fc572acaee800df5cb188795c65abc291a663d05a9f5d191c60586abf0105b8d" # from: builder/scratch
+libs/json-c: "sha256:fc572acaee800df5cb188795c65abc291a663d05a9f5d191c60586abf0105b8d" # from: builder/scratch
+libs/keyutils: "sha256:7bf6dbd6cbf44273bad12b9a0519a18838bfae054244ba0aa977a9dc47559143" # from: builder/scratch
+libs/keyutils-v1.6.1: "sha256:7bf6dbd6cbf44273bad12b9a0519a18838bfae054244ba0aa977a9dc47559143" # from: builder/scratch
+libs/krb5-krb5-1.21.3-final: "sha256:052d67e78831afb3f53486846053275d2d0d8f0c5b96f0f76bb3ca842532a5f2" # from: builder/scratch
+libs/krb5: "sha256:052d67e78831afb3f53486846053275d2d0d8f0c5b96f0f76bb3ca842532a5f2" # from: builder/scratch
+libs/libaio-libaio-0.3.113: "sha256:a59c62550c4cd6c63a8110b7d73f37b32f0d18e38f17f4bb62bf628fdfcc87e3" # from: builder/scratch
+libs/libaio: "sha256:a59c62550c4cd6c63a8110b7d73f37b32f0d18e38f17f4bb62bf628fdfcc87e3" # from: builder/scratch
+libs/libcap: "sha256:83ee7446640c5ce94dae0f4b2fac4648962a1b9d835a9dd5710fa8239b15cd68" # from: builder/scratch
+libs/libcap-v1.2.69: "sha256:b82febcf55fda51d2d22c1bf38cf3c69da019a8f056522d19fdbfeae9c9b0d35" # from: builder/scratch
+libs/libcap-v1.2.71: "sha256:83ee7446640c5ce94dae0f4b2fac4648962a1b9d835a9dd5710fa8239b15cd68" # from: builder/scratch
+libs/libedit: "sha256:d091e27028de067f74e9cf5b7f21533774048ec7739ba295a5e2886c41aec94c" # from: builder/scratch
+libs/libedit-v20250104.3.1: "sha256:d091e27028de067f74e9cf5b7f21533774048ec7739ba295a5e2886c41aec94c" # from: builder/scratch
+libs/libevent-release-2.2.1-alpha: "sha256:e2abf4f47f616a36ceb2f601f63297eb56f0f4b60ab024b464c4a968cc8ada50" # from: builder/scratch
+libs/libevent: "sha256:e2abf4f47f616a36ceb2f601f63297eb56f0f4b60ab024b464c4a968cc8ada50" # from: builder/scratch
+libs/libev: "sha256:58d32c60b7fb59d55c39e4cec4c5a5d41c22d14a2aaf5077e1d4ee6e549de336" # from: builder/scratch
+libs/libev-v4.33: "sha256:58d32c60b7fb59d55c39e4cec4c5a5d41c22d14a2aaf5077e1d4ee6e549de336" # from: builder/scratch
+libs/libffi: "sha256:61f6df57ba7c7d8e36b291f6f3d00a9ab9894cca46f28497e7f4a4ca5e1306db" # from: builder/scratch
+libs/libffi-v3.4.8: "sha256:61f6df57ba7c7d8e36b291f6f3d00a9ab9894cca46f28497e7f4a4ca5e1306db" # from: builder/scratch
+libs/libfuse-3.18.1: "sha256:f687ff27d72565d7124e75b26a39b57fe428fcc5ccb43cc80d1ea9ccab998740" # from: builder/scratch
+libs/libfuse: "sha256:f687ff27d72565d7124e75b26a39b57fe428fcc5ccb43cc80d1ea9ccab998740" # from: builder/scratch
+libs/libgcrypt-libgcrypt-1.11.1: "sha256:dbf2ff5297ab254d56853e021a0258c02476e5bccde44622dabb54fdd6b261ab" # from: builder/scratch
+libs/libgcrypt: "sha256:dbf2ff5297ab254d56853e021a0258c02476e5bccde44622dabb54fdd6b261ab" # from: builder/scratch
+libs/libgpg-error-libgpg-error-1.55: "sha256:b1c242ec7a464c9f0c23b9bba0a11d678c0b10f0c730cd5d22913056d5f328c0" # from: builder/scratch
+libs/libgpg-error: "sha256:b1c242ec7a464c9f0c23b9bba0a11d678c0b10f0c730cd5d22913056d5f328c0" # from: builder/scratch
+libs/libidn2: "sha256:5889849c290405d7ce46ccc9e08c2eace6178020ef36dd555d983284eece7cde" # from: builder/scratch
+libs/libidn2-v2.3.8: "sha256:5889849c290405d7ce46ccc9e08c2eace6178020ef36dd555d983284eece7cde" # from: builder/scratch
+libs/libidn: "sha256:453e6a35d826af8fe1610c8bb1906a2ead7cb3a009ab655c765a4f838e462e7c" # from: builder/scratch
+libs/libidn-v1.43: "sha256:453e6a35d826af8fe1610c8bb1906a2ead7cb3a009ab655c765a4f838e462e7c" # from: builder/scratch
+libs/libinih-r60: "sha256:c6720a56eb95d4f5fe3a6db7c017bc8c7e0105e7ae3e2e73de74a2165e770a80" # from: builder/scratch
+libs/libinih: "sha256:c6720a56eb95d4f5fe3a6db7c017bc8c7e0105e7ae3e2e73de74a2165e770a80" # from: builder/scratch
+libs/libiscsi-0.0.5: "sha256:85997bdf6c3c729a466a139b55cb7bf4830d1c7c10755b38fe2638d5b847509a" # from: builder/scratch
+libs/libiscsi: "sha256:85997bdf6c3c729a466a139b55cb7bf4830d1c7c10755b38fe2638d5b847509a" # from: builder/scratch
+libs/libmaxminddb-1.12.2: "sha256:5277c5cf0aeb4e9cc68048a371a72328d8af6115f04d63c44baf4406e102c601" # from: builder/scratch
+libs/libmaxminddb: "sha256:5277c5cf0aeb4e9cc68048a371a72328d8af6115f04d63c44baf4406e102c601" # from: builder/scratch
+libs/libmnl-libmnl-1.0.5: "sha256:4ca0f3efd753bc32325918a8ed1180e1ef2b0960fac6d3024c734c3e2431dc4c" # from: builder/scratch
+libs/libmnl: "sha256:4ca0f3efd753bc32325918a8ed1180e1ef2b0960fac6d3024c734c3e2431dc4c" # from: builder/scratch
+libs/libnetfilter_conntrack-libnetfilter_conntrack-1.1.0: "sha256:8941fa70dade946e29aa153eb032e7be0c3fda438bc3fd813e8eefbdacb2f532" # from: builder/scratch
+libs/libnetfilter_conntrack: "sha256:8941fa70dade946e29aa153eb032e7be0c3fda438bc3fd813e8eefbdacb2f532" # from: builder/scratch
+libs/libnetfilter_cthelper-libnetfilter_cthelper-1.0.1: "sha256:d71db0ed984c24a9f0d2a98e53ce2507de928bfb6dba7e69f4c92e2f8cb1a2c6" # from: builder/scratch
+libs/libnetfilter_cthelper: "sha256:d71db0ed984c24a9f0d2a98e53ce2507de928bfb6dba7e69f4c92e2f8cb1a2c6" # from: builder/scratch
+libs/libnetfilter_cttimeout-libnetfilter_cttimeout-1.0.1: "sha256:c414832d087d210f40ed0a9b49b3c89bd93dcad37e1b232ceb6efbcba9b34e04" # from: builder/scratch
+libs/libnetfilter_cttimeout: "sha256:c414832d087d210f40ed0a9b49b3c89bd93dcad37e1b232ceb6efbcba9b34e04" # from: builder/scratch
+libs/libnetfilter_queue-libnetfilter_queue-1.0.5: "sha256:bcc55fdd7d127d486d43f34098f860afb4ff10df1ff98cfcd767e7213d4dc518" # from: builder/scratch
+libs/libnetfilter_queue: "sha256:bcc55fdd7d127d486d43f34098f860afb4ff10df1ff98cfcd767e7213d4dc518" # from: builder/scratch
+libs/libnfnetlink-libnfnetlink-1.0.2: "sha256:ed4f46d82ebbb227c649c10eb89306178de7f3362b0a1dcd06e413778abec07c" # from: builder/scratch
+libs/libnfnetlink: "sha256:ed4f46d82ebbb227c649c10eb89306178de7f3362b0a1dcd06e413778abec07c" # from: builder/scratch
+libs/libnftnl-libnftnl-1.2.9: "sha256:129a8731a73a0530612b9e3036c617f39f38626d4a849705911d25ce699a2ac2" # from: builder/scratch
+libs/libnftnl: "sha256:129a8731a73a0530612b9e3036c617f39f38626d4a849705911d25ce699a2ac2" # from: builder/scratch
+libs/libnl-3.12.0: "sha256:88be546cb40844740490463ec7caacdf21c5fd5f644e058e625517eae3dc581d" # from: builder/scratch
+libs/libnl: "sha256:88be546cb40844740490463ec7caacdf21c5fd5f644e058e625517eae3dc581d" # from: builder/scratch
+libs/libnvme: "sha256:b457700ecb5d4af1a5919089cf80a137db015a3700307402dff0989c15c11e07" # from: builder/scratch
+libs/libnvme-v1.16.1: "sha256:b457700ecb5d4af1a5919089cf80a137db015a3700307402dff0989c15c11e07" # from: builder/scratch
+libs/libpcap-pwru: "sha256:b98b71b1751b62631fef20fab234a73ef2888e72ca7bbae21b106d0fe2a3ebb0" # from: builder/scratch
+libs/libpcap-pwru-v1.0.11: "sha256:b98b71b1751b62631fef20fab234a73ef2888e72ca7bbae21b106d0fe2a3ebb0" # from: builder/scratch
+libs/libpq-REL_17_5: "sha256:14aecb3b6bb7b2c0e77856bb2c1816e880e02b554d1c6d73d53ff547c6a3d584" # from: builder/scratch
+libs/libpq: "sha256:14aecb3b6bb7b2c0e77856bb2c1816e880e02b554d1c6d73d53ff547c6a3d584" # from: builder/scratch
+libs/libpsl-0.21.5: "sha256:6531c7df56c8f8657edfdc88239461c3e991a0b3567d2eb0fe11ddce8b330b51" # from: builder/scratch
+libs/libpsl: "sha256:6531c7df56c8f8657edfdc88239461c3e991a0b3567d2eb0fe11ddce8b330b51" # from: builder/scratch
+libs/libtirpc-libtirpc-1-3-6: "sha256:1be16aae0e8326a938b3dc7107b535860a15148517aafe32ef371a9de14cfcf6" # from: builder/scratch
+libs/libtirpc: "sha256:1be16aae0e8326a938b3dc7107b535860a15148517aafe32ef371a9de14cfcf6" # from: builder/scratch
+libs/libunistring: "sha256:ffa35e8aebbe09d128a6b71b952ca319a5ace66232c54e0c56e89b689d511daa" # from: builder/scratch
+libs/libunistring-v1.3: "sha256:ffa35e8aebbe09d128a6b71b952ca319a5ace66232c54e0c56e89b689d511daa" # from: builder/scratch
+libs/libuv: "sha256:f4eb2316678a807096541c70e5f310c5d5f261706e14afae98787e1fba141156" # from: builder/scratch
+libs/libuv-v1.51.0: "sha256:f4eb2316678a807096541c70e5f310c5d5f261706e14afae98787e1fba141156" # from: builder/scratch
+libs/libxml2: "sha256:79b72362a960c417d1a3dbe0ae3970058037aa37c14c18eed02f7a522d2b6042" # from: builder/scratch
+libs/libxml2-v2.13.8: "sha256:d8692c1e3fbf22080f092bd2c11b2fa624547d8875602cb6fb9558c0a03c46b7" # from: builder/scratch
+libs/libxml2-v2.14.3: "sha256:79b72362a960c417d1a3dbe0ae3970058037aa37c14c18eed02f7a522d2b6042" # from: builder/scratch
+libs/libxslt: "sha256:fb7120d4f5ff0745a89a63542cab4b8fe4eb9cc0bc4a3b958400ddd439c37dc4" # from: builder/scratch
+libs/libxslt-v1.1.43: "sha256:fb7120d4f5ff0745a89a63542cab4b8fe4eb9cc0bc4a3b958400ddd439c37dc4" # from: builder/scratch
+libs/libyaml-0.2.5: "sha256:4cafe940534db3a00b9b6c23ec13fa57f690a73db051e0ba6e82ed2885aa7659" # from: builder/scratch
+libs/libyaml: "sha256:4cafe940534db3a00b9b6c23ec13fa57f690a73db051e0ba6e82ed2885aa7659" # from: builder/scratch
+libs/lmdb-LMDB_0.9.31: "sha256:af0991d7e5d90315550689845cac20cde87adf0e9ec956acfabccc546cb03cba" # from: builder/scratch
+libs/lmdb: "sha256:af0991d7e5d90315550689845cac20cde87adf0e9ec956acfabccc546cb03cba" # from: builder/scratch
+libs/lua-iconv-7-3: "sha256:39c1fe22979ddebb0c1338bbf461fba0f5db8c96d93232e9a75e773cca5b8d35" # from: builder/scratch
+libs/lua-iconv: "sha256:39c1fe22979ddebb0c1338bbf461fba0f5db8c96d93232e9a75e773cca5b8d35" # from: builder/scratch
+libs/lua-protobuf-0.5.1: "sha256:c29fd9302da1bf7ba5feed985f4a101defc7161e1514406f0d3372814c1aff29" # from: builder/scratch
+libs/lua-protobuf: "sha256:c29fd9302da1bf7ba5feed985f4a101defc7161e1514406f0d3372814c1aff29" # from: builder/scratch
+libs/mpc1-1.3.1: "sha256:189ff0af066c27912c63b0f27732956674f68fc85648888c00015639f3e416b4" # from: builder/scratch
+libs/mpc1: "sha256:189ff0af066c27912c63b0f27732956674f68fc85648888c00015639f3e416b4" # from: builder/scratch
+libs/mpfr4-4.2.1: "sha256:ee60e326581c4ab00617888abe96ed0134ffc25e1014eb89c36482c324b43c52" # from: builder/scratch
+libs/mpfr4: "sha256:ee60e326581c4ab00617888abe96ed0134ffc25e1014eb89c36482c324b43c52" # from: builder/scratch
+libs/musl-fts: "sha256:65c129802a29097542097959326dd8ca23bc33752f64c7a0cbfa9a4aab348bde" # from: builder/scratch
+libs/musl-fts-v1.2.7: "sha256:65c129802a29097542097959326dd8ca23bc33752f64c7a0cbfa9a4aab348bde" # from: builder/scratch
+libs/musl-obstack: "sha256:63f6addd06f0c9bec1df5aef86fb14e89611981ccb2cc14a653e1a930936241a" # from: builder/scratch
+libs/musl-obstack-v1.2.3: "sha256:63f6addd06f0c9bec1df5aef86fb14e89611981ccb2cc14a653e1a930936241a" # from: builder/scratch
+libs/musl: "sha256:c9ef83ee607117ebea6e44f0a293dc00e28f8874e35bc5f5c8799bdfe6881124" # from: builder/scratch
+libs/musl-v1.2.5: "sha256:c9ef83ee607117ebea6e44f0a293dc00e28f8874e35bc5f5c8799bdfe6881124" # from: builder/scratch
+libs/ncurses: "sha256:3f1dd67c0485103b362d53efd09538be493c3ef45721bd90b00317cfa765ad84" # from: builder/scratch
+libs/ncurses-v6_5_20250920: "sha256:3f1dd67c0485103b362d53efd09538be493c3ef45721bd90b00317cfa765ad84" # from: builder/scratch
+libs/nghttp2: "sha256:1c1ce37c5a1279dba7568163f9422b6808e25cc3e485e7ad5da6093be723515b" # from: builder/scratch
+libs/nghttp2-v1.66.0: "sha256:1c1ce37c5a1279dba7568163f9422b6808e25cc3e485e7ad5da6093be723515b" # from: builder/scratch
+libs/oniguruma: "sha256:38798120c6c776f403c890275bc1174e204c937dc534232fdda7be2c232b0179" # from: builder/scratch
+libs/oniguruma-v6.9.10: "sha256:38798120c6c776f403c890275bc1174e204c937dc534232fdda7be2c232b0179" # from: builder/scratch
+libs/pcre2-pcre2-10.45: "sha256:147e47f82d85cd807fea40512da59613fbe103fe4d1d809bbdb756d96081a688" # from: builder/scratch
+libs/pcre2: "sha256:147e47f82d85cd807fea40512da59613fbe103fe4d1d809bbdb756d96081a688" # from: builder/scratch
+libs/pcre-8.45: "sha256:fcb06371a5727a41a54dd144802e8ee55fabaf4f87f701476cd3ad6291c7a0ee" # from: builder/scratch
+libs/pcre: "sha256:fcb06371a5727a41a54dd144802e8ee55fabaf4f87f701476cd3ad6291c7a0ee" # from: builder/scratch
+libs/popt-popt-1.19-release: "sha256:646f3bc77b9cd8712573bb1b130be8d5c6ff4706ab747330e8ef35b06036a33d" # from: builder/scratch
+libs/popt: "sha256:646f3bc77b9cd8712573bb1b130be8d5c6ff4706ab747330e8ef35b06036a33d" # from: builder/scratch
+libs/protobuf: "sha256:3f7657aa841f3ee42f09c98d3b5f59a829400d11fa2817221910a3e4ec9856a8" # from: builder/scratch
+libs/protobuf-v29.4: "sha256:3f7657aa841f3ee42f09c98d3b5f59a829400d11fa2817221910a3e4ec9856a8" # from: builder/scratch
+libs/python-wheel: "sha256:094062e84a06571c0cefc9fe960f9a6d6e02d86a2a990aefc1a82ac2975d0519" # from: builder/scratch
+libs/python-wheel-v0.1: "sha256:094062e84a06571c0cefc9fe960f9a6d6e02d86a2a990aefc1a82ac2975d0519" # from: builder/scratch
+libs/re2-2024-07-02: "sha256:1bef956f3244a8f5fe87816a4bfa3470b1d3e46b874cfe04bbc5133e5b6ecb0f" # from: builder/scratch
+libs/re2: "sha256:1bef956f3244a8f5fe87816a4bfa3470b1d3e46b874cfe04bbc5133e5b6ecb0f" # from: builder/scratch
+libs/readline-readline-8.2: "sha256:2ce60af1b63de3f2f1853f0356277803cd20ab3004b3eff0987d1b97b95d2438" # from: builder/scratch
+libs/readline: "sha256:2ce60af1b63de3f2f1853f0356277803cd20ab3004b3eff0987d1b97b95d2438" # from: builder/scratch
+libs/skalibs: "sha256:8e212f565cdba51603b33b542d47b196222bc8910544846e2e655d38eb4b3721" # from: builder/scratch
+libs/skalibs-v2.14.3.0: "sha256:8e212f565cdba51603b33b542d47b196222bc8910544846e2e655d38eb4b3721" # from: builder/scratch
+libs/sqlite: "sha256:6b513c1ea6579e8b540ba16462f0880a0d40cb316fbd6e092e0fc115d6514b9e" # from: builder/scratch
+libs/sqlite-version-3.49.1: "sha256:6b513c1ea6579e8b540ba16462f0880a0d40cb316fbd6e092e0fc115d6514b9e" # from: builder/scratch
+libs/userspace-rcu: "sha256:c686739972451041f083132c56ae9e8a7c1866d42674b390120f6fe2df01b359" # from: builder/scratch
+libs/userspace-rcu-v0.15.2: "sha256:c686739972451041f083132c56ae9e8a7c1866d42674b390120f6fe2df01b359" # from: builder/scratch
+libs/utmps: "sha256:184604b50f674e2e8519291bc93fa3f1ac680ec8e9bdcd736ec7f8a797910436" # from: builder/scratch
+libs/utmps-v0.1.2.3: "sha256:184604b50f674e2e8519291bc93fa3f1ac680ec8e9bdcd736ec7f8a797910436" # from: builder/scratch
+libs/xz: "sha256:2595ff40d992891f76782ff4e1fd7cc062af7222644db70f483072d8e35c0a62" # from: builder/scratch
+libs/xz-v5.8.1: "sha256:2595ff40d992891f76782ff4e1fd7cc062af7222644db70f483072d8e35c0a62" # from: builder/scratch
+libs/yajl-2.1.0: "sha256:bdc50bf5257558debcb66d1859d338355c4f15c62c4c6faa9381085b61852cee" # from: builder/scratch
+libs/yajl: "sha256:bdc50bf5257558debcb66d1859d338355c4f15c62c4c6faa9381085b61852cee" # from: builder/scratch
+libs/zlib: "sha256:99610f35462f5a1f04d764fef3e149e486d4b6895aa2edda5f5e72ebca8b0492" # from: builder/scratch
+libs/zlib-v1.3.1: "sha256:99610f35462f5a1f04d764fef3e149e486d4b6895aa2edda5f5e72ebca8b0492" # from: builder/scratch
+libs/zstd: "sha256:6bd8208ef57fdf9e0095f386f614e7377174d5ef7526e9b992dfc6fe5aa22b60" # from: builder/scratch
+libs/zstd-v1.5.7: "sha256:6bd8208ef57fdf9e0095f386f614e7377174d5ef7526e9b992dfc6fe5aa22b60" # from: builder/scratch
+tools/bash-completion-2.16.0: "sha256:9ad1615e0428a7074f2e8026189f9a8d04b8804a64f94314b160ed9767ce053c" # from: builder/scratch
+tools/bash-completion: "sha256:9ad1615e0428a7074f2e8026189f9a8d04b8804a64f94314b160ed9767ce053c" # from: builder/scratch
+tools/bash: "sha256:02b08330b1e73ce40568b84c1d128f640b0a71faffaa3703e56aa02bbb47608a" # from: builder/scratch
+tools/bash-v5.2.37: "sha256:02b08330b1e73ce40568b84c1d128f640b0a71faffaa3703e56aa02bbb47608a" # from: builder/scratch
+tools/bazel-6.3.2: "sha256:57d78348dcb79c2af7481e8534f1cd4a47dd3d957ea2454603ca9ab6ebb8d215" # from: builder/scratch
+tools/bazel-6.5.0: "sha256:4d017416c603b3834a9a2542a6926ed3e622a626b8330de7e7d15672ea133bb0" # from: builder/scratch
+tools/bazel: "sha256:4d017416c603b3834a9a2542a6926ed3e622a626b8330de7e7d15672ea133bb0" # from: builder/scratch
+tools/conntrack-tools-conntrack-tools-1.4.8: "sha256:c6151bf048e37b9a85ccdd038805d756e2b1295a0172bf3af462a48c4afdd857" # from: builder/scratch
+tools/conntrack-tools: "sha256:c6151bf048e37b9a85ccdd038805d756e2b1295a0172bf3af462a48c4afdd857" # from: builder/scratch
+tools/coreutils: "sha256:974629f4702f1b483a65496ab17eaf1a195adbc0d2bdc6325d7aca63f2a24b4b" # from: builder/scratch
+tools/coreutils-v9.7: "sha256:974629f4702f1b483a65496ab17eaf1a195adbc0d2bdc6325d7aca63f2a24b4b" # from: builder/scratch
+tools/cosign: "sha256:3914d84658e055040a95a5e712d3a043b465504ab8c54eee88f13b5987408b35" # from: builder/scratch
+tools/cosign-v2.4.3: "sha256:3914d84658e055040a95a5e712d3a043b465504ab8c54eee88f13b5987408b35" # from: builder/scratch
+tools/cryptsetup: "sha256:6a446532c85a631cf078a9879622d334c2e4f6480e40d5a2a931274c59ecbc06" # from: builder/scratch
+tools/cryptsetup-v2.7.5: "sha256:6a446532c85a631cf078a9879622d334c2e4f6480e40d5a2a931274c59ecbc06" # from: builder/scratch
+tools/curl-curl-8_18_0: "sha256:8f31f5dd039e250355a3192882a230e76c85139d25bd138d8aa35622882353d0" # from: builder/scratch
+tools/curl: "sha256:8f31f5dd039e250355a3192882a230e76c85139d25bd138d8aa35622882353d0" # from: builder/scratch
+tools/diffutils: "sha256:d79beec5e5cca886e4d965f944ceccf9397bda30fe777fae0cc50538bdc7e120" # from: builder/scratch
+tools/diffutils-v3.12: "sha256:d79beec5e5cca886e4d965f944ceccf9397bda30fe777fae0cc50538bdc7e120" # from: builder/scratch
+tools/dumb-init: "sha256:40e63e56f08c23e7789fd06f78e71bafbbc5c909e08894ffc420a44a0a9c1c0e" # from: builder/scratch
+tools/dumb-init-v1.2.5: "sha256:40e63e56f08c23e7789fd06f78e71bafbbc5c909e08894ffc420a44a0a9c1c0e" # from: builder/scratch
+tools/e2fsprogs: "sha256:bd585e05e5fd4b540ba187333d03aa76da4b764e103bc99cc53957a00da6c5d7" # from: builder/scratch
+tools/e2fsprogs-v1.47.2: "sha256:bd585e05e5fd4b540ba187333d03aa76da4b764e103bc99cc53957a00da6c5d7" # from: builder/scratch
+tools/elfutils-elfutils-0.193: "sha256:297e48a2cf60c85382aa823f493350b516052857092b7991aa8e9d579307dc02" # from: builder/scratch
+tools/elfutils: "sha256:297e48a2cf60c85382aa823f493350b516052857092b7991aa8e9d579307dc02" # from: builder/scratch
+tools/erofs-utils: "sha256:cfa419dfb4eadc5eb6e93f389b49a31bc932cbbee1954dc0e9fc8148d30effd2" # from: builder/scratch
+tools/erofs-utils-v1.8.10: "sha256:cfa419dfb4eadc5eb6e93f389b49a31bc932cbbee1954dc0e9fc8148d30effd2" # from: builder/scratch
+tools/ethtool: "sha256:c23b2ea3c65b7e348743161291b9e3101470134d7b569e041d2a8585a3af7056" # from: builder/scratch
+tools/ethtool-v6.15: "sha256:c23b2ea3c65b7e348743161291b9e3101470134d7b569e041d2a8585a3af7056" # from: builder/scratch
+tools/findutils: "sha256:fc3771fff46713451c76b7bfe0511d947aa3e2f92d6e02da28de611822d50d45" # from: builder/scratch
+tools/findutils-v4.10.0: "sha256:fc3771fff46713451c76b7bfe0511d947aa3e2f92d6e02da28de611822d50d45" # from: builder/scratch
+tools/gawk: "sha256:127cd0deec95da956fa80cc642a328b030961cda40d957acb9a12cdc96841417" # from: builder/scratch
+tools/gawk-v5.3.2: "sha256:127cd0deec95da956fa80cc642a328b030961cda40d957acb9a12cdc96841417" # from: builder/scratch
+tools/gcc-12.1.0: "sha256:c51f177ee84227ed9d767ae9e808792f732d7431aca1e486ba3deca5ec0c2339" # from: builder/scratch
+tools/gcc-gnu-releases/gcc-14.2.0: "sha256:1e4d4aacc16488153fd638ff92cedc7c6f89b1a2cb004dc9fdca0998e23f19d8" # from: builder/scratch
+tools/gcc-gnu: "sha256:1e4d4aacc16488153fd638ff92cedc7c6f89b1a2cb004dc9fdca0998e23f19d8" # from: builder/scratch
+tools/gcc: "sha256:c51f177ee84227ed9d767ae9e808792f732d7431aca1e486ba3deca5ec0c2339" # from: builder/scratch
+tools/git: "sha256:639c27908e5f11c2ed09052ef3f2eb722b79fdd578e092b1415ef9f38b398f2c" # from: builder/scratch
+tools/git-v2.50.1: "sha256:639c27908e5f11c2ed09052ef3f2eb722b79fdd578e092b1415ef9f38b398f2c" # from: builder/scratch
+tools/golang-1.24.13: "sha256:8433c4d59e23cdb2e10b1910c5fb3b6a92c3b012f8bc84c8314e0001a8a4add2" # from: builder/scratch
+tools/golang-1.25.9: "sha256:d7575eb1bcec5a2f8688c646c54aeceda02f8d8272c4d521d1b1de7abe7e50c3" # from: builder/scratch
+tools/golang: "sha256:d7575eb1bcec5a2f8688c646c54aeceda02f8d8272c4d521d1b1de7abe7e50c3" # from: builder/scratch
+tools/grep-grep-3.11: "sha256:c83c35bd1321103162d6e12030f6b49e9220eae00870eee2cea32e60b2eb1949" # from: builder/scratch
+tools/grep: "sha256:c83c35bd1321103162d6e12030f6b49e9220eae00870eee2cea32e60b2eb1949" # from: builder/scratch
+tools/iproute2: "sha256:1802839b7eb6c80b2e0c8c6527d1030ca5b77eb974b9e2e7f7dd81f4b35e59b9" # from: builder/scratch
+tools/iproute2-v6.12.0: "sha256:1802839b7eb6c80b2e0c8c6527d1030ca5b77eb974b9e2e7f7dd81f4b35e59b9" # from: builder/scratch
+tools/ipset: "sha256:ccbf19497f939baf8a3bce2d723db946b4bbe31d57ce727db064dc71feabf2b7" # from: builder/scratch
+tools/ipset-v7.22: "sha256:ccbf19497f939baf8a3bce2d723db946b4bbe31d57ce727db064dc71feabf2b7" # from: builder/scratch
+tools/iptables: "sha256:7bba522179a4fb511ae2d905f7ba9c1741d67052d0c8fd5037ab58b93f3f8a88" # from: builder/scratch
+tools/iptables-v1.8.9: "sha256:7bba522179a4fb511ae2d905f7ba9c1741d67052d0c8fd5037ab58b93f3f8a88" # from: builder/scratch
+tools/iputils-20250605: "sha256:95babdf3ec18fc51a7970df78131ce8b0d267153e057350610a69e5015f66943" # from: builder/scratch
+tools/iputils: "sha256:95babdf3ec18fc51a7970df78131ce8b0d267153e057350610a69e5015f66943" # from: builder/scratch
+tools/iscsi-command-0.0.5: "sha256:6af8d39279a36ef8e577d172e63b68ec3d2ebed34addad115103f3025424994f" # from: builder/scratch
+tools/iscsi-command: "sha256:6af8d39279a36ef8e577d172e63b68ec3d2ebed34addad115103f3025424994f" # from: builder/scratch
+tools/jq-1.7.1: "sha256:7218b86b49a12d03911cc745cfcc7720e6b2803a97db2b7a30c3d70753c6ad77" # from: builder/scratch
+tools/jq: "sha256:7218b86b49a12d03911cc745cfcc7720e6b2803a97db2b7a30c3d70753c6ad77" # from: builder/scratch
+tools/kmod: "sha256:b7056c3071d9adf63035fc689f16e5ef14d7920959d4839653605c99fe96606e" # from: builder/scratch
+tools/kmod-v33: "sha256:b7056c3071d9adf63035fc689f16e5ef14d7920959d4839653605c99fe96606e" # from: builder/scratch
+tools/ktls-utils-1.3.0: "sha256:a7332a4f9633969889e436739e3efaafd8063c08c8e578497804e78238a8bcc5" # from: builder/scratch
+tools/ktls-utils: "sha256:a7332a4f9633969889e436739e3efaafd8063c08c8e578497804e78238a8bcc5" # from: builder/scratch
+tools/less-less-668: "sha256:752e8bfd8a6a8112fd28d5aab0c98b4d798c2696f30888aa6677e199e368ac37" # from: builder/scratch
+tools/less: "sha256:752e8bfd8a6a8112fd28d5aab0c98b4d798c2696f30888aa6677e199e368ac37" # from: builder/scratch
+tools/libcap: "sha256:95cddf1738d5a4ee9291fffb91e909dcfd32370b11aa5297bcbfcc94184aa6ec" # from: builder/scratch
+tools/libcap-v1.2.76: "sha256:95cddf1738d5a4ee9291fffb91e909dcfd32370b11aa5297bcbfcc94184aa6ec" # from: builder/scratch
+tools/lsscsi: "sha256:ba8301b91d07c277ff350cad160215a3903f36650b5c09980b4c379fbcd79cc1" # from: builder/scratch
+tools/lsscsi-v0.28: "sha256:ba8301b91d07c277ff350cad160215a3903f36650b5c09980b4c379fbcd79cc1" # from: builder/scratch
+tools/lua5-1: "sha256:1792ffe9782a946a79a293487e9b58c112b8688e84fab340e115740c7ea0e3ff" # from: builder/scratch
+tools/lua5-1-v5.1.5: "sha256:1792ffe9782a946a79a293487e9b58c112b8688e84fab340e115740c7ea0e3ff" # from: builder/scratch
+tools/luarocks5-1: "sha256:632b8a92ecb2da645b8771f205b4c341d39cae6f684e0ee603262e8b33ae000d" # from: builder/scratch
+tools/luarocks5-1-v3.12.2: "sha256:632b8a92ecb2da645b8771f205b4c341d39cae6f684e0ee603262e8b33ae000d" # from: builder/scratch
+tools/lvm2: "sha256:d8e0f806cc340426a3d9c2e3c5a8368869d564516f9604522666b4beee1f6686" # from: builder/scratch
+tools/lvm2-v2_03_31: "sha256:d8e0f806cc340426a3d9c2e3c5a8368869d564516f9604522666b4beee1f6686" # from: builder/scratch
+tools/memcached-1.6.39: "sha256:60d587804a50892c5f0c61a64fbb2c28f1b01d99a4aa47e2dd92996f8de166a2" # from: builder/scratch
+tools/memcached: "sha256:60d587804a50892c5f0c61a64fbb2c28f1b01d99a4aa47e2dd92996f8de166a2" # from: builder/scratch
+tools/multipath-tools-0.13.0: "sha256:860adeacd5181a7a4b50297b67fa001f3542325fad791f47b1bba6b40e0a3aa7" # from: builder/scratch
+tools/multipath-tools: "sha256:860adeacd5181a7a4b50297b67fa001f3542325fad791f47b1bba6b40e0a3aa7" # from: builder/scratch
+tools/nfs-utils-nfs-utils-2-8-2: "sha256:ec1a8d8447c8e81cfa5f59820ff7d1c2eeb02e3812171cddd83eb50167c3d960" # from: builder/scratch
+tools/nfs-utils: "sha256:ec1a8d8447c8e81cfa5f59820ff7d1c2eeb02e3812171cddd83eb50167c3d960" # from: builder/scratch
+tools/nginx-njs-release-1.28.0: "sha256:d60179dc0b1ec40c7a90589756dae29c99831bc6a8a890a0684f47b9ea475ffe" # from: builder/scratch
+tools/nginx-njs: "sha256:d60179dc0b1ec40c7a90589756dae29c99831bc6a8a890a0684f47b9ea475ffe" # from: builder/scratch
+tools/nginx-release-1.28.0: "sha256:601e5a92b84e08b958a65b901c02b2321d5c31b220466e802af6cc2e347a6afb" # from: builder/scratch
+tools/nginx: "sha256:601e5a92b84e08b958a65b901c02b2321d5c31b220466e802af6cc2e347a6afb" # from: builder/scratch
+tools/nvme-cli: "sha256:5a0a627687e4dd997a66897f9df3482adea9f117ca23c41b5520f724fad2b125" # from: builder/scratch
+tools/nvme-cli-v2.16: "sha256:5a0a627687e4dd997a66897f9df3482adea9f117ca23c41b5520f724fad2b125" # from: builder/scratch
+tools/open-iscsi-2.1.11: "sha256:7cf4967824a6ae74bba69532a69aa5329fae55aef287bcb5b3dfa317cfe16def" # from: builder/scratch
+tools/open-iscsi: "sha256:7cf4967824a6ae74bba69532a69aa5329fae55aef287bcb5b3dfa317cfe16def" # from: builder/scratch
+tools/openssl-3.6.0: "sha256:27a6f59849d06b81c07936b15518549592782ce62aa23926f14507de57ae8905" # from: builder/scratch
+tools/openssl: "sha256:27a6f59849d06b81c07936b15518549592782ce62aa23926f14507de57ae8905" # from: builder/scratch
+tools/procps: "sha256:4d01d9f751c707f07d74ab0c7db1102a059abb4e5f3bde9bfe4a2666608dc4f7" # from: builder/scratch
+tools/procps-v4.0.5: "sha256:4d01d9f751c707f07d74ab0c7db1102a059abb4e5f3bde9bfe4a2666608dc4f7" # from: builder/scratch
+tools/protoc-22.3: "sha256:450466d7e90d7dd65e60c41208a8793a5d175f8d4254dd989e31d559e253c809" # from: builder/scratch
+tools/protoc-30.2: "sha256:83085d63402f03b742699e3664ac3a8ed6816488ec1309d4505585770bb09ebf" # from: builder/scratch
+tools/protoc: "sha256:83085d63402f03b742699e3664ac3a8ed6816488ec1309d4505585770bb09ebf" # from: builder/scratch
+tools/pwru: "sha256:cd27531d4150b0933cdff9e70ea707d00c0cd4124f804b8bfed5a384df6fdde4" # from: builder/scratch
+tools/pwru-v1.0.11: "sha256:cd27531d4150b0933cdff9e70ea707d00c0cd4124f804b8bfed5a384df6fdde4" # from: builder/scratch
+tools/rclone-1.73.1: "sha256:2171c2c96fe9e3adf168a188f1605bfc340164fc15a3fc53d9cfaa3cac7163cf" # from: builder/scratch
+tools/rclone: "sha256:2171c2c96fe9e3adf168a188f1605bfc340164fc15a3fc53d9cfaa3cac7163cf" # from: builder/scratch
+tools/rpcbind-rpcbind-1_2_8: "sha256:6a0b585505b38a0f2251c4e229d69fe94b021820948c83c8bd24dfb873f68ed7" # from: builder/scratch
+tools/rpcbind: "sha256:6a0b585505b38a0f2251c4e229d69fe94b021820948c83c8bd24dfb873f68ed7" # from: builder/scratch
+tools/s3fs-fuse-1.97: "sha256:1f3d0d991a1dbe94d8fe6a4a392d063c0857668677cd507a77f43d1425fcf7c3" # from: builder/scratch
+tools/s3fs-fuse: "sha256:1f3d0d991a1dbe94d8fe6a4a392d063c0857668677cd507a77f43d1425fcf7c3" # from: builder/scratch
+tools/sed: "sha256:03139bab0878f523e1d8256faea9d63f31325efa65f4330de19a91cc18032b8c" # from: builder/scratch
+tools/sed-v4.9: "sha256:03139bab0878f523e1d8256faea9d63f31325efa65f4330de19a91cc18032b8c" # from: builder/scratch
+tools/semver-3.4.0: "sha256:1820728a5bc6d57ec962b075461a679034d965ad7521a11fcf73dec29d85e739" # from: builder/scratch
+tools/semver: "sha256:1820728a5bc6d57ec962b075461a679034d965ad7521a11fcf73dec29d85e739" # from: builder/scratch
+tools/shell-operator: "sha256:43c0c7f1ed239fd177228994a42655738d7896808c923aebb40eb42e1f3fa16e" # from: builder/scratch
+tools/shell-operator-v1.14.3: "sha256:43c0c7f1ed239fd177228994a42655738d7896808c923aebb40eb42e1f3fa16e" # from: builder/scratch
+tools/ssh: "sha256:25fbf77913f932f27973049480826b8dc30de17d2bbbf11ba6ac154f1735e0ae" # from: builder/scratch
+tools/ssh-V_10_0_P2: "sha256:25fbf77913f932f27973049480826b8dc30de17d2bbbf11ba6ac154f1735e0ae" # from: builder/scratch
+tools/tar: "sha256:89060034cd11076104af31fa9d613100149227c64890d10ad683fd3e475ce5c2" # from: builder/scratch
+tools/tar-v1.35: "sha256:89060034cd11076104af31fa9d613100149227c64890d10ad683fd3e475ce5c2" # from: builder/scratch
+tools/tini: "sha256:fe793f5ef388a143c71b085222591c9dc1e7a19d675aeacb3e889878b700dc9e" # from: builder/scratch
+tools/tini-v0.19.0: "sha256:fe793f5ef388a143c71b085222591c9dc1e7a19d675aeacb3e889878b700dc9e" # from: builder/scratch
+tools/udev-2.59.1: "sha256:4d9af46ad9694d270acce78c7701b582611d43be7662bf66cadceafcbb28141e" # from: builder/scratch
+tools/udev: "sha256:4d9af46ad9694d270acce78c7701b582611d43be7662bf66cadceafcbb28141e" # from: builder/scratch
+tools/util-linux: "sha256:cdfc92bd8bd683bd8308f9ba29bfd2c4d41f17e1267a1d6c0dfcc0a01c561371" # from: builder/scratch
+tools/util-linux-v2.41: "sha256:cdfc92bd8bd683bd8308f9ba29bfd2c4d41f17e1267a1d6c0dfcc0a01c561371" # from: builder/scratch
+tools/vim: "sha256:a7a8fd17135befeaf2565c18fc888a504e5076803649fba776f5c6b8b24382f7" # from: builder/scratch
+tools/vim-v9.1.1236: "sha256:a7a8fd17135befeaf2565c18fc888a504e5076803649fba776f5c6b8b24382f7" # from: builder/scratch
+tools/xfsprogs: "sha256:30170f2cf5a9f9b34cc1abf028a2f6bfa3572ed95f78110f5c2f0f4f9281d028" # from: builder/scratch
+tools/xfsprogs-v6.16.0: "sha256:30170f2cf5a9f9b34cc1abf028a2f6bfa3572ed95f78110f5c2f0f4f9281d028" # from: builder/scratch
+tools/yq: "sha256:cbdabf06879bd87c4ec619b1be3a593d73ed321b44a70b535604325c517e4bd7" # from: builder/scratch
+tools/yq-v4.45.1: "sha256:2f91cda243862c5faffd80ffec4241eded21f2071017858d5ee023b0d2739e32" # from: builder/scratch
+tools/yq-v4.47.1: "sha256:cbdabf06879bd87c4ec619b1be3a593d73ed321b44a70b535604325c517e4bd7" # from: builder/scratch
diff --git a/build/components/versions.yml b/build/components/versions.yml
index 7d0bba16a2..68f4e9ce1c 100644
--- a/build/components/versions.yml
+++ b/build/components/versions.yml
@@ -3,8 +3,8 @@ firmware:
   libvirt: v10.9.0
   edk2: stable202411
 core:
-  3p-kubevirt: v1.6.2-v12n.12
-  3p-containerized-data-importer: v1.60.3-v12n.15
+  3p-kubevirt: v1.6.2-v12n.20
+  3p-containerized-data-importer: v1.60.3-v12n.18
   distribution: 2.8.3
 package:
   acl: v2.3.1
diff --git a/images/bounder/werf.inc.yaml b/images/bounder/werf.inc.yaml
index 86b1dfa77c..35a3f60fd9 100644
--- a/images/bounder/werf.inc.yaml
+++ b/images/bounder/werf.inc.yaml
@@ -12,7 +12,7 @@ imageSpec:
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-cbuilder
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.25" "builder/golang-alt-svace-1.25" }}
 git:
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}/static_binaries
     to: /static_binaries
diff --git a/images/cdi-artifact/werf.inc.yaml b/images/cdi-artifact/werf.inc.yaml
index 9f7812728c..e638a8f364 100644
--- a/images/cdi-artifact/werf.inc.yaml
+++ b/images/cdi-artifact/werf.inc.yaml
@@ -47,7 +47,7 @@ shell:
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.25" "builder/golang-alt-svace-1.25" }}
 mount:
 - fromPath: ~/go-pkg-cache
   to: /go/pkg
@@ -141,7 +141,7 @@ shell:
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-cbuilder
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.25" "builder/golang-alt-svace-1.25" }}
 git:
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}
     to: /
diff --git a/images/cdi-cloner/werf.inc.yaml b/images/cdi-cloner/werf.inc.yaml
index 58a21af3ef..d0da52d99b 100644
--- a/images/cdi-cloner/werf.inc.yaml
+++ b/images/cdi-cloner/werf.inc.yaml
@@ -53,7 +53,7 @@ shell:
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-gobuild
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.25" "builder/golang-alt-svace-1.25" }}
 git:
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}/cloner-startup
     to: /app
diff --git a/images/dvcr-artifact/go.mod b/images/dvcr-artifact/go.mod
index a5af1dd4dc..a868d57861 100644
--- a/images/dvcr-artifact/go.mod
+++ b/images/dvcr-artifact/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/virtualization-controller/dvcr-importers
 
-go 1.24.13
+go 1.25.9
 
 require (
 	github.com/containers/image/v5 v5.32.0
@@ -18,8 +18,8 @@ require (
 	github.com/prometheus/client_model v0.6.0
 	github.com/spf13/cobra v1.8.1
 	github.com/spf13/pflag v1.0.5
-	golang.org/x/sync v0.18.0
-	golang.org/x/sys v0.40.0
+	golang.org/x/sync v0.19.0
+	golang.org/x/sys v0.42.0
 	k8s.io/apimachinery v0.30.2
 	k8s.io/klog/v2 v2.120.1
 	kubevirt.io/containerized-data-importer v0.0.0-00010101000000-000000000000
@@ -28,12 +28,13 @@ require (
 
 require (
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
-	go.opentelemetry.io/otel/sdk v1.40.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.43.0 // indirect
+	go.opentelemetry.io/otel/sdk/metric v1.43.0 // indirect
 )
 
 require (
 	cloud.google.com/go v0.112.0 // indirect
-	cloud.google.com/go/compute/metadata v0.3.0 // indirect
+	cloud.google.com/go/compute/metadata v0.9.0 // indirect
 	cloud.google.com/go/iam v1.1.5 // indirect
 	cloud.google.com/go/storage v1.36.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6
@@ -112,22 +113,22 @@ require (
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
-	go.opentelemetry.io/otel v1.40.0 // indirect
-	go.opentelemetry.io/otel/metric v1.40.0 // indirect
-	go.opentelemetry.io/otel/trace v1.40.0 // indirect
-	golang.org/x/crypto v0.38.0 // indirect
+	go.opentelemetry.io/otel v1.43.0 // indirect
+	go.opentelemetry.io/otel/metric v1.43.0 // indirect
+	go.opentelemetry.io/otel/trace v1.43.0 // indirect
+	golang.org/x/crypto v0.46.0 // indirect
 	golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 // indirect
-	golang.org/x/net v0.47.0 // indirect
-	golang.org/x/oauth2 v0.27.0 // indirect
-	golang.org/x/term v0.37.0 // indirect
-	golang.org/x/text v0.31.0 // indirect
+	golang.org/x/net v0.48.0 // indirect
+	golang.org/x/oauth2 v0.34.0 // indirect
+	golang.org/x/term v0.38.0 // indirect
+	golang.org/x/text v0.32.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	google.golang.org/api v0.155.0 // indirect
 	google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect
-	google.golang.org/grpc v1.64.1 // indirect
-	google.golang.org/protobuf v1.34.2 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect
+	google.golang.org/grpc v1.79.3 // indirect
+	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
@@ -149,7 +150,7 @@ require (
 replace (
 	github.com/aws/aws-sdk-go => github.com/aws/aws-sdk-go v1.34.0
 	github.com/chzyer/logex => github.com/chzyer/logex v1.2.1
-	github.com/go-jose/go-jose/v3 => github.com/go-jose/go-jose/v3 v3.0.4
+	github.com/go-jose/go-jose/v3 => github.com/go-jose/go-jose/v3 v3.0.5
 	github.com/openshift/api => github.com/openshift/api v0.0.0-20230406152840-ce21e3fe5da2
 	github.com/openshift/client-go => github.com/openshift/client-go v0.0.0-20230324103026-3f1513df25e0
 	github.com/openshift/library-go => github.com/mhenriks/library-go v0.0.0-20230310153733-63d38b55bd5a
@@ -194,7 +195,6 @@ replace (
 
 // CVE Replaces
 replace (
+	github.com/docker/docker => ./staging/src/github.com/docker/docker // CVE-2026-34040,CVE-2026-33997
 	golang.org/x/crypto => golang.org/x/crypto v0.45.0 // CVE-2024-45337,CVE-2025-22869,CVE-2025-47914
-	golang.org/x/net => golang.org/x/net v0.40.0 // CVE-2025-22870, CVE-2025-22872
-	golang.org/x/oauth2 => golang.org/x/oauth2 v0.27.0 // CVE-2025-22868
 )
diff --git a/images/dvcr-artifact/go.sum b/images/dvcr-artifact/go.sum
index 1c6ab6d191..c01ada8286 100644
--- a/images/dvcr-artifact/go.sum
+++ b/images/dvcr-artifact/go.sum
@@ -1,8 +1,8 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.112.0 h1:tpFCD7hpHFlQ8yPwT3x+QeXqc2T6+n6T+hmABHfDUSM=
 cloud.google.com/go v0.112.0/go.mod h1:3jEEVwZ/MHU4djK5t5RHuKOA/GbLddgTdVubX1qnPD4=
-cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
-cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
+cloud.google.com/go/compute/metadata v0.9.0 h1:pDUj4QMoPejqq20dK0Pg2N4yG9zIkYGdBtwLoEkH9Zs=
+cloud.google.com/go/compute/metadata v0.9.0/go.mod h1:E0bWwX5wTnLPedCKqk3pJmVgCBSM6qQI1yTBdEb3C10=
 cloud.google.com/go/iam v1.1.5 h1:1jTsCu4bcsNsE4iiqNT5SHwrDRCfRmIaaaVFhRveTJI=
 cloud.google.com/go/iam v1.1.5/go.mod h1:rB6P/Ic3mykPbFio+vo7403drjlgvoWfYpJhMXEbzv8=
 cloud.google.com/go/storage v1.36.0 h1:P0mOkAcaJxhCTvAkMhxMfrTKiNcub4YmmPBtlhAyTr8=
@@ -34,10 +34,8 @@ github.com/chzyer/test v1.0.0 h1:p3BQDXSxOhOG0P9z6/hGnII4LGiEPOYBhs8asl/fC04=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/xds/go v0.0.0-20240318125728-8a4994d93e50 h1:DBmgJDC9dTfkVyGgipamEh2BpGYxScCH1TOF1LL1cXc=
-github.com/cncf/xds/go v0.0.0-20240318125728-8a4994d93e50/go.mod h1:5e1+Vvlzido69INQaVO6d87Qn543Xr6nooe9Kz7oBFM=
-github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
-github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
+github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 h1:6xNmx7iTtyBRev0+D/Tv1FZd4SCg8axKApyNyRsAt/w=
+github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5/go.mod h1:KdCmV+x/BuvyMxRnYBlmVaq4OLiKW6iRQfvC62cvdkI=
 github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU=
 github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk=
 github.com/containers/image/v5 v5.32.0 h1:yjbweazPfr8xOzQ2hkkYm1A2V0jN96/kES6Gwyxj7hQ=
@@ -65,14 +63,10 @@ github.com/docker/cli v29.2.0+incompatible h1:9oBd9+YM7rxjZLfyMGxjraKBKE4/nVyvVf
 github.com/docker/cli v29.2.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v28.0.0+incompatible h1:Olh0KS820sJ7nPsBKChVhk5pzqcwDR15fumfAd/p9hM=
-github.com/docker/docker v28.0.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo=
 github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
 github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
 github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
-github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8=
-github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
 github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
@@ -84,9 +78,12 @@ github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRr
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/go-control-plane v0.14.0 h1:hbG2kr4RuFj222B6+7T83thSPqLjwBIfQawTkC++2HA=
+github.com/envoyproxy/go-control-plane/envoy v1.36.0 h1:yg/JjO5E7ubRyKX3m07GF3reDNEnfOboJ0QySbH736g=
+github.com/envoyproxy/go-control-plane/envoy v1.36.0/go.mod h1:ty89S1YCCVruQAm9OtKeEkQLTb+Lkz0k8v9W0Oxsv98=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A=
-github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew=
+github.com/envoyproxy/protoc-gen-validate v1.3.0 h1:TvGH1wof4H33rezVKWSpqKz5NXWg5VPuZ0uONDT6eb4=
+github.com/envoyproxy/protoc-gen-validate v1.3.0/go.mod h1:HvYl7zwPa5mffgyeTUHA9zHIH36nmrm7oCbo4YKoSWA=
 github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
 github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
@@ -101,8 +98,8 @@ github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyT
 github.com/fxamacker/cbor/v2 v2.6.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
 github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-jose/go-jose/v3 v3.0.4 h1:Wp5HA7bLQcKnf6YYao/4kpRpVMp/yf6+pJKV8WFSaNY=
-github.com/go-jose/go-jose/v3 v3.0.4/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
+github.com/go-jose/go-jose/v3 v3.0.5 h1:BLLJWbC4nMZOfuPVxoZIxeYsn6Nl2r1fITaJ78UQlVQ=
+github.com/go-jose/go-jose/v3 v3.0.5/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
 github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
 github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
 github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
@@ -354,6 +351,8 @@ github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtP
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgmp0tecUJ0sJuv4pzYCqS9+RGSn52M3FUwPs+uo=
+github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -415,14 +414,16 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.4
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1/go.mod h1:4UoMYEZOC0yN/sPGH76KPkkU7zgiEWYWL9vwmbnTJPE=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw=
-go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms=
-go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g=
-go.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g=
-go.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc=
-go.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8=
-go.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE=
-go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw=
-go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA=
+go.opentelemetry.io/otel v1.43.0 h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I=
+go.opentelemetry.io/otel v1.43.0/go.mod h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0=
+go.opentelemetry.io/otel/metric v1.43.0 h1:d7638QeInOnuwOONPp4JAOGfbCEpYb+K6DVWvdxGzgM=
+go.opentelemetry.io/otel/metric v1.43.0/go.mod h1:RDnPtIxvqlgO8GRW18W6Z/4P462ldprJtfxHxyKd2PY=
+go.opentelemetry.io/otel/sdk v1.43.0 h1:pi5mE86i5rTeLXqoF/hhiBtUNcrAGHLKQdhg4h4V9Dg=
+go.opentelemetry.io/otel/sdk v1.43.0/go.mod h1:P+IkVU3iWukmiit/Yf9AWvpyRDlUeBaRg6Y+C58QHzg=
+go.opentelemetry.io/otel/sdk/metric v1.43.0 h1:S88dyqXjJkuBNLeMcVPRFXpRw2fuwdvfCGLEo89fDkw=
+go.opentelemetry.io/otel/sdk/metric v1.43.0/go.mod h1:C/RJtwSEJ5hzTiUz5pXF1kILHStzb9zFlIEe85bhj6A=
+go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09nk+3A=
+go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
@@ -451,15 +452,61 @@ golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
 golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
 golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ=
 golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc=
 golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI=
 golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w=
-golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM=
+golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
+golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
+golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
+golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
+golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
+golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
+golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
-golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
-golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
+golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA=
+golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
+golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
+golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
+golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210=
+golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
+golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
+golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=
+golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -478,8 +525,9 @@ golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
-golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
 golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -488,15 +536,22 @@ golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -522,8 +577,8 @@ golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
-golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=
+golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
 golang.org/x/telemetry v0.0.0-20240208230135-b75ee8823808/go.mod h1:KG1lNk5ZFNssSZLrpVb4sMXKMpGwGXOxSG3rnu2gZQQ=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0=
@@ -531,12 +586,36 @@ golang.org/x/telemetry v0.0.0-20250710130107-8d8967aff50b/go.mod h1:4ZwOYna0/zsO
 golang.org/x/telemetry v0.0.0-20250807160809-1a19826ec488/go.mod h1:fGb/2+tgXXjhjHsTNdVEEMZNWA0quBnfrO+AfoDSAKw=
 golang.org/x/telemetry v0.0.0-20250908211612-aef8a434d053/go.mod h1:+nZKN+XVh4LCiA9DV3ywrzN4gumyCnKjau3NGb9SGoE=
 golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8/go.mod h1:Pi4ztBfryZoJEkyFTI5/Ocsu2jXyDr6iSdgJiYE/uwE=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
+golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
+golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
+golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
+golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
+golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
+golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
+golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
-golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
+golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0=
+golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw=
+golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA=
+golang.org/x/term v0.36.0/go.mod h1:Qu394IJq6V6dCBRgwqshf3mPF85AqzYEzofzRdZkWss=
 golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=
+golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
+golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
@@ -548,9 +627,16 @@ golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
-golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
+golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
+golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU=
+golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
+golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
+golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM=
 golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
+golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
+golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
 golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
 golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
@@ -580,12 +666,14 @@ golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg
 golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
 golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI=
 golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
 golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
 golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
 golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w=
-golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
 golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
+golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
+golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -594,6 +682,8 @@ golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3j
 golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
 gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
+gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
+gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
 google.golang.org/api v0.155.0 h1:vBmGhCYs0djJttDNynWo44zosHlPvHmA0XiN2zP2DtA=
 google.golang.org/api v0.155.0/go.mod h1:GI5qK5f40kCpHfPn6+YzGAByIKWv8ujFnmoWm7Igduk=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
@@ -603,17 +693,17 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ=
 google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro=
-google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237 h1:RFiFrvy37/mpSpdySBDrUdipW/dHwsRwh3J3+A9VgT4=
-google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237/go.mod h1:Z5Iiy3jtmioajWHDGFk7CeugTyHtPvMHA4UTmUkyalE=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 h1:NnYq6UN9ReLM9/Y01KWNOWyI5xQ9kbIms5GGJVwS/Yc=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
+google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls=
+google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA=
-google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0=
+google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE=
+google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -628,8 +718,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
-google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
-google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
+google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
diff --git a/images/dvcr-artifact/staging/src/github.com/docker/docker/api/types/versions/compare.go b/images/dvcr-artifact/staging/src/github.com/docker/docker/api/types/versions/compare.go
new file mode 100644
index 0000000000..a99e9ebfd1
--- /dev/null
+++ b/images/dvcr-artifact/staging/src/github.com/docker/docker/api/types/versions/compare.go
@@ -0,0 +1,79 @@
+// Copyright 2017 The Docker Authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package versions
+
+import (
+	"strconv"
+	"strings"
+)
+
+// compare compares two version strings
+// returns -1 if v1 < v2, 1 if v1 > v2, 0 otherwise.
+func compare(v1, v2 string) int {
+	if v1 == v2 {
+		return 0
+	}
+	var (
+		currTab  = strings.Split(v1, ".")
+		otherTab = strings.Split(v2, ".")
+	)
+
+	maxVer := len(currTab)
+	if len(otherTab) > maxVer {
+		maxVer = len(otherTab)
+	}
+	for i := 0; i < maxVer; i++ {
+		var currInt, otherInt int
+
+		if len(currTab) > i {
+			currInt, _ = strconv.Atoi(currTab[i])
+		}
+		if len(otherTab) > i {
+			otherInt, _ = strconv.Atoi(otherTab[i])
+		}
+		if currInt > otherInt {
+			return 1
+		}
+		if otherInt > currInt {
+			return -1
+		}
+	}
+	return 0
+}
+
+// LessThan checks if a version is less than another
+func LessThan(v, other string) bool {
+	return compare(v, other) == -1
+}
+
+// LessThanOrEqualTo checks if a version is less than or equal to another
+func LessThanOrEqualTo(v, other string) bool {
+	return compare(v, other) <= 0
+}
+
+// GreaterThan checks if a version is greater than another
+func GreaterThan(v, other string) bool {
+	return compare(v, other) == 1
+}
+
+// GreaterThanOrEqualTo checks if a version is greater than or equal to another
+func GreaterThanOrEqualTo(v, other string) bool {
+	return compare(v, other) >= 0
+}
+
+// Equal checks if a version is equal to another
+func Equal(v, other string) bool {
+	return compare(v, other) == 0
+}
diff --git a/images/dvcr-artifact/staging/src/github.com/docker/docker/go.mod b/images/dvcr-artifact/staging/src/github.com/docker/docker/go.mod
new file mode 100644
index 0000000000..7126574947
--- /dev/null
+++ b/images/dvcr-artifact/staging/src/github.com/docker/docker/go.mod
@@ -0,0 +1,3 @@
+module github.com/docker/docker
+
+go 1.24.0
diff --git a/images/dvcr-artifact/staging/src/github.com/docker/docker/registry/registry.go b/images/dvcr-artifact/staging/src/github.com/docker/docker/registry/registry.go
new file mode 100644
index 0000000000..5c3672b0e7
--- /dev/null
+++ b/images/dvcr-artifact/staging/src/github.com/docker/docker/registry/registry.go
@@ -0,0 +1,15 @@
+// Copyright 2015 The Docker Authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package registry
diff --git a/images/dvcr-artifact/werf.inc.yaml b/images/dvcr-artifact/werf.inc.yaml
index 0cc0e9928f..60d7dc0cae 100644
--- a/images/dvcr-artifact/werf.inc.yaml
+++ b/images/dvcr-artifact/werf.inc.yaml
@@ -23,7 +23,7 @@ packages:
 
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-builder
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.25" "builder/golang-alt-svace-1.25" }}
 secrets:
 - id: GOPROXY
   value: {{ .GOPROXY }}
diff --git a/images/dvcr/werf.inc.yaml b/images/dvcr/werf.inc.yaml
index 3996b79377..001b309195 100644
--- a/images/dvcr/werf.inc.yaml
+++ b/images/dvcr/werf.inc.yaml
@@ -40,7 +40,7 @@ imageSpec:
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-builder
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.25" "builder/golang-alt-svace-1.25" }}
 mount:
   - fromPath: ~/go-pkg-cache
     to: /go/pkg
diff --git a/images/hooks/go.mod b/images/hooks/go.mod
index 26c0bd5576..c7b8dae55d 100644
--- a/images/hooks/go.mod
+++ b/images/hooks/go.mod
@@ -1,6 +1,6 @@
 module hooks
 
-go 1.24.13
+go 1.25.9
 
 tool github.com/onsi/ginkgo/v2/ginkgo
 
@@ -12,9 +12,10 @@ require (
 	github.com/onsi/ginkgo/v2 v2.23.3
 	github.com/onsi/gomega v1.37.0
 	github.com/tidwall/gjson v1.18.0
-	golang.org/x/crypto v0.45.0
+	golang.org/x/crypto v0.46.0
 	k8s.io/api v0.34.2
 	k8s.io/apimachinery v0.34.2
+	k8s.io/client-go v0.34.2
 	k8s.io/utils v0.0.0-20250604170112-4c0f3b243397
 )
 
@@ -83,26 +84,25 @@ require (
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/zmap/zcrypto v0.0.0-20230310154051-c8b263fd8300 // indirect
 	github.com/zmap/zlint/v3 v3.5.0 // indirect
-	go.opentelemetry.io/otel v1.40.0 // indirect
-	go.opentelemetry.io/otel/trace v1.40.0 // indirect
+	go.opentelemetry.io/otel v1.43.0 // indirect
+	go.opentelemetry.io/otel/trace v1.43.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
-	golang.org/x/net v0.47.0 // indirect
-	golang.org/x/oauth2 v0.30.0 // indirect
-	golang.org/x/sync v0.18.0 // indirect
-	golang.org/x/sys v0.40.0 // indirect
-	golang.org/x/term v0.37.0 // indirect
-	golang.org/x/text v0.31.0 // indirect
+	golang.org/x/net v0.48.0 // indirect
+	golang.org/x/oauth2 v0.34.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sys v0.42.0 // indirect
+	golang.org/x/term v0.38.0 // indirect
+	golang.org/x/text v0.32.0 // indirect
 	golang.org/x/time v0.11.0 // indirect
-	golang.org/x/tools v0.38.0 // indirect
+	golang.org/x/tools v0.39.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/protobuf v1.36.6 // indirect
+	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/apiextensions-apiserver v0.34.2 // indirect
 	k8s.io/apiserver v0.34.2 // indirect
-	k8s.io/client-go v0.34.2 // indirect
 	k8s.io/component-base v0.34.2 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect
diff --git a/images/hooks/go.sum b/images/hooks/go.sum
index 290f03e79b..3517141daa 100644
--- a/images/hooks/go.sum
+++ b/images/hooks/go.sum
@@ -42,8 +42,6 @@ github.com/deckhouse/deckhouse/pkg/log v0.0.0-20250424095005-9ab587d01d7a h1:c4C
 github.com/deckhouse/deckhouse/pkg/log v0.0.0-20250424095005-9ab587d01d7a/go.mod h1:pbAxTSDcPmwyl3wwKDcEB3qdxHnRxqTV+J0K+sha8bw=
 github.com/deckhouse/module-sdk v0.3.3 h1:wyrLZekD2qLCRXUQtbs7mSVRXmSDIQCfS5Uk1zk3eZg=
 github.com/deckhouse/module-sdk v0.3.3/go.mod h1:kM/K2z1muGkCmCNVSpxALiXvsKJHuLAFTF4wswVrGFE=
-github.com/docker/cli v28.2.2+incompatible h1:qzx5BNUDFqlvyq4AHzdNB7gSyVTmU4cgsyN9SdInc1A=
-github.com/docker/cli v28.2.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/cli v29.2.0+incompatible h1:9oBd9+YM7rxjZLfyMGxjraKBKE4/nVyvVfN4qNl9XRM=
 github.com/docker/cli v29.2.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
@@ -380,10 +378,10 @@ github.com/zmap/zcrypto v0.0.0-20230310154051-c8b263fd8300/go.mod h1:mOd4yUMgn2f
 github.com/zmap/zlint/v3 v3.0.0/go.mod h1:paGwFySdHIBEMJ61YjoqT4h7Ge+fdYG4sUQhnTb1lJ8=
 github.com/zmap/zlint/v3 v3.5.0 h1:Eh2B5t6VKgVH0DFmTwOqE50POvyDhUaU9T2mJOe1vfQ=
 github.com/zmap/zlint/v3 v3.5.0/go.mod h1:JkNSrsDJ8F4VRtBZcYUQSvnWFL7utcjDIn+FE64mlBI=
-go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms=
-go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g=
-go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw=
-go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA=
+go.opentelemetry.io/otel v1.43.0 h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I=
+go.opentelemetry.io/otel v1.43.0/go.mod h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0=
+go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09nk+3A=
+go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
@@ -449,8 +447,9 @@ golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
-golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
 golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -502,8 +501,8 @@ golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
-golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=
+golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0=
 golang.org/x/telemetry v0.0.0-20250710130107-8d8967aff50b/go.mod h1:4ZwOYna0/zsOKwuR5X/m0QFOJpSZvAxFfkQT+Erd9D4=
@@ -511,8 +510,9 @@ golang.org/x/telemetry v0.0.0-20250807160809-1a19826ec488/go.mod h1:fGb/2+tgXXjh
 golang.org/x/telemetry v0.0.0-20250908211612-aef8a434d053/go.mod h1:+nZKN+XVh4LCiA9DV3ywrzN4gumyCnKjau3NGb9SGoE=
 golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8/go.mod h1:Pi4ztBfryZoJEkyFTI5/Ocsu2jXyDr6iSdgJiYE/uwE=
 golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
-golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
 golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=
+golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
+golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -534,8 +534,9 @@ golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
 golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
-golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
 golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
+golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
+golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
 golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
 golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
@@ -574,8 +575,9 @@ golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg
 golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
 golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
 golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w=
-golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
 golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
+golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
+golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -607,8 +609,8 @@ google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHh
 google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
-google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
-google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
+google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
+google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
diff --git a/images/hooks/werf.inc.yaml b/images/hooks/werf.inc.yaml
index 8407506de8..f816d46ca9 100644
--- a/images/hooks/werf.inc.yaml
+++ b/images/hooks/werf.inc.yaml
@@ -24,7 +24,7 @@ shell:
 ---
 image: {{ .ModuleNamePrefix }}go-hooks-artifact
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.25" "builder/golang-alt-svace-1.25" }}
 import:
   - image: {{ .ModuleNamePrefix }}{{ .ImageName }}-src-artifact
     add: /src
diff --git a/images/kube-api-rewriter/go.mod b/images/kube-api-rewriter/go.mod
index 6385af8b78..3cdcd85caa 100644
--- a/images/kube-api-rewriter/go.mod
+++ b/images/kube-api-rewriter/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/kube-api-rewriter
 
-go 1.24.13
+go 1.25.9
 
 require (
 	github.com/fsnotify/fsnotify v1.9.0
diff --git a/images/kube-api-rewriter/werf.inc.yaml b/images/kube-api-rewriter/werf.inc.yaml
index 3ff9afb8e2..3593026903 100644
--- a/images/kube-api-rewriter/werf.inc.yaml
+++ b/images/kube-api-rewriter/werf.inc.yaml
@@ -13,7 +13,7 @@ git:
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-builder
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.25" "builder/golang-alt-svace-1.25" }}
 import:
   - image: {{ .ModuleNamePrefix }}{{ .ImageName }}-src-artifact
     add: /src
diff --git a/images/packages/libvirt/werf.inc.yaml b/images/packages/libvirt/werf.inc.yaml
index b7862bb10f..b9f5371dd7 100644
--- a/images/packages/libvirt/werf.inc.yaml
+++ b/images/packages/libvirt/werf.inc.yaml
@@ -110,7 +110,7 @@ packages:
 {{ $builderDependencies := include "$name" . | fromYaml }}
 image: {{ .ModuleNamePrefix }}{{ .PackagePath }}/{{ .ImageName }}-builder
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/alt" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/alt" "builder/golang-alt-svace-1.25" }}
 import:
 - image: {{ .ModuleNamePrefix }}{{ .PackagePath }}/{{ .ImageName }}-src-artifact
   add: /src/{{ $gitRepoName }}-{{ $version }}
diff --git a/images/packages/rdma-core/werf.inc.yaml b/images/packages/rdma-core/werf.inc.yaml
index a0824e48fd..b0ac60b67a 100644
--- a/images/packages/rdma-core/werf.inc.yaml
+++ b/images/packages/rdma-core/werf.inc.yaml
@@ -64,6 +64,12 @@ shell:
     OUTDIR=/out
 
     cd /src
+
+    # Fix typo in rdma-core v53.0 pyverbs source that breaks Cython parsing:
+    # f'{<Mlx5FlowActionAttr>attr).attr.type}.' -> f'{(<Mlx5FlowActionAttr>attr).attr.type}.'
+    sed -i "s|f'{<Mlx5FlowActionAttr>attr).attr.type}\.'|f'{(<Mlx5FlowActionAttr>attr).attr.type}.'|" \
+      /src/pyverbs/providers/mlx5/mlx5dv_flow.pyx
+
     cmake -GNinja \
       -DCMAKE_BUILD_TYPE=Release \
       -DCMAKE_INSTALL_PREFIX=/usr \
diff --git a/images/packages/swtpm/werf.inc.yaml b/images/packages/swtpm/werf.inc.yaml
index 5981399098..3e982ca39a 100644
--- a/images/packages/swtpm/werf.inc.yaml
+++ b/images/packages/swtpm/werf.inc.yaml
@@ -50,7 +50,7 @@ packages:
 
 image: {{ .ModuleNamePrefix }}{{ .PackagePath }}/{{ .ImageName }}-builder
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/alt" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/alt" "builder/golang-alt-svace-1.25" }}
 import:
 - image: {{ .ModuleNamePrefix }}{{ .PackagePath }}/{{ .ImageName }}-src-artifact
   add: /src
diff --git a/images/pre-delete-hook/go.mod b/images/pre-delete-hook/go.mod
index 1ff97b8627..f3777efc65 100644
--- a/images/pre-delete-hook/go.mod
+++ b/images/pre-delete-hook/go.mod
@@ -1,6 +1,6 @@
 module pre-delete-hook
 
-go 1.24.13
+go 1.25.9
 
 require (
 	github.com/ilyakaznacheev/cleanenv v1.5.0
diff --git a/images/pre-delete-hook/werf.inc.yaml b/images/pre-delete-hook/werf.inc.yaml
index 8a647cca53..5b7b345b26 100644
--- a/images/pre-delete-hook/werf.inc.yaml
+++ b/images/pre-delete-hook/werf.inc.yaml
@@ -13,7 +13,7 @@ git:
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-builder
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.25" "builder/golang-alt-svace-1.25" }}
 import:
 - image: {{ .ModuleNamePrefix }}{{ .ImageName }}-src-artifact
   add: /src
diff --git a/images/qemu/werf.inc.yaml b/images/qemu/werf.inc.yaml
index 019a5f5d58..e0b902975f 100644
--- a/images/qemu/werf.inc.yaml
+++ b/images/qemu/werf.inc.yaml
@@ -140,7 +140,7 @@ packages:
 
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/alt" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/alt" "builder/golang-alt-svace-1.25" }}
 import:
 - image: {{ .ModuleNamePrefix }}{{ .ImageName }}-src-artifact
   add: /src/{{ $gitRepoName }}-{{ $version }}
diff --git a/images/virt-artifact/werf.inc.yaml b/images/virt-artifact/werf.inc.yaml
index 3aea0aca59..e879c42c97 100644
--- a/images/virt-artifact/werf.inc.yaml
+++ b/images/virt-artifact/werf.inc.yaml
@@ -44,7 +44,7 @@ packages:
 
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.25" "builder/golang-alt-svace-1.25" }}
 mount:
 - fromPath: ~/go-pkg-cache
   to: /go/pkg
diff --git a/images/virt-launcher/node-labeller/go.mod b/images/virt-launcher/node-labeller/go.mod
index 964070d579..3b32fa6f83 100644
--- a/images/virt-launcher/node-labeller/go.mod
+++ b/images/virt-launcher/node-labeller/go.mod
@@ -1,6 +1,6 @@
 module node-labeller
 
-go 1.24.13
+go 1.25.9
 
 require (
 	golang.org/x/sys v0.25.0
diff --git a/images/virt-launcher/vlctl/go.mod b/images/virt-launcher/vlctl/go.mod
index ee05c4826b..f283fb18e7 100644
--- a/images/virt-launcher/vlctl/go.mod
+++ b/images/virt-launcher/vlctl/go.mod
@@ -1,12 +1,12 @@
 module vlctl
 
-go 1.24.13
+go 1.25.9
 
 require (
 	github.com/spf13/cobra v1.9.1
 	github.com/spf13/pflag v1.0.6
-	google.golang.org/grpc v1.65.0
-	google.golang.org/protobuf v1.36.1
+	google.golang.org/grpc v1.79.3
+	google.golang.org/protobuf v1.36.10
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/apimachinery v0.32.5
 	kubevirt.io/api v0.0.0-20250930144221-aaa67e9803df
@@ -14,7 +14,7 @@ require (
 
 require (
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
-	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
@@ -24,10 +24,10 @@ require (
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/openshift/custom-resource-status v1.1.2 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	golang.org/x/net v0.38.0 // indirect
-	golang.org/x/sys v0.33.0 // indirect
-	golang.org/x/text v0.25.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7 // indirect
+	golang.org/x/net v0.48.0 // indirect
+	golang.org/x/sys v0.39.0 // indirect
+	golang.org/x/text v0.32.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	k8s.io/api v0.32.5 // indirect
 	k8s.io/apiextensions-apiserver v0.32.5 // indirect
@@ -78,7 +78,4 @@ replace (
 )
 
 // CVE Replaces
-replace (
-	github.com/golang/glog => github.com/golang/glog v1.2.4 // CVE-2024-45339
-	golang.org/x/net => golang.org/x/net v0.40.0 // CVE-2025-22870, CVE-2025-22872
-)
+replace github.com/golang/glog => github.com/golang/glog v1.2.4 // CVE-2024-45339
diff --git a/images/virt-launcher/vlctl/go.sum b/images/virt-launcher/vlctl/go.sum
index fec8cafa44..c1e59373c2 100644
--- a/images/virt-launcher/vlctl/go.sum
+++ b/images/virt-launcher/vlctl/go.sum
@@ -3,6 +3,8 @@ github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbt
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chromedp/cdproto v0.0.0-20230802225258-3cf4e6d46a89/go.mod h1:GKljq0VrfU4D5yc+2qA6OVr8pmO/MBbPEWqWQ/oqGEs=
 github.com/chromedp/chromedp v0.9.2/go.mod h1:LkSXJKONWTCHAfQasKFUZI+mxqS4tZqhmtGzzhLsnLs=
 github.com/chromedp/sysutil v1.0.0/go.mod h1:kgWmDdq8fTzXYcKIBqIYvRRTnYb9aNS9moAV0xufSww=
@@ -31,8 +33,11 @@ github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV
 github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
-github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
+github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
 github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns=
@@ -60,6 +65,7 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -68,8 +74,9 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
@@ -193,10 +200,34 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
+go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
+go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48=
+go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8=
+go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0=
+go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs=
+go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18=
+go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE=
+go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8=
+go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew=
+go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI=
+go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
-golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw=
+golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
+golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
+golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
+golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
+golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M=
+golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
+golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
@@ -211,8 +242,41 @@ golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
-golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
+golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
+golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM=
+golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
+golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
+golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
+golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
+golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
+golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
+golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
+golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
+golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
+golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
+golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -225,13 +289,16 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -241,6 +308,7 @@ golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -254,20 +322,39 @@ golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
-golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
+golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
+golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
+golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
+golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
+golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
+golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
+golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
+golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
+golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
+golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
+golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
@@ -281,8 +368,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
-golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4=
-golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
+golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
+golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
 golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -310,10 +397,12 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7 h1:2035KHhUv+EpyB+hWgJnaWKJOdX1E95w2S8Rr4uWKTs=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
-google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc=
-google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ=
+gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
+gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
+google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE=
+google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -326,8 +415,8 @@ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
-google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk=
-google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
+google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
diff --git a/images/virt-launcher/werf.inc.yaml b/images/virt-launcher/werf.inc.yaml
index e88a8199d3..9ab3081cd2 100644
--- a/images/virt-launcher/werf.inc.yaml
+++ b/images/virt-launcher/werf.inc.yaml
@@ -394,7 +394,7 @@ shell:
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-gobuilder
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.25" "builder/golang-alt-svace-1.25" }}
 git:
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}/node-labeller
     to: /node-labeller
@@ -446,7 +446,7 @@ shell:
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-cbuilder
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.25" "builder/golang-alt-svace-1.25" }}
 git:
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}/static_binaries
     to: /static_binaries
diff --git a/images/virtualization-artifact/Taskfile.init.yaml b/images/virtualization-artifact/Taskfile.init.yaml
index fe6458322d..73cbf043b4 100644
--- a/images/virtualization-artifact/Taskfile.init.yaml
+++ b/images/virtualization-artifact/Taskfile.init.yaml
@@ -17,9 +17,7 @@ tasks:
 
   moq:
     cmds:
-      # Use 0.4.0 to not install Go 1.23 during installation.
-      # TODO Update version after migrating to Go 1.23 in the root go.mod.
-      - go install github.com/matryer/moq@v0.4.0
+      - go install github.com/matryer/moq@v0.5.3
 
   default:
     cmds:
diff --git a/images/virtualization-artifact/go.mod b/images/virtualization-artifact/go.mod
index 41b72d703a..b0c60b9175 100644
--- a/images/virtualization-artifact/go.mod
+++ b/images/virtualization-artifact/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/virtualization-controller
 
-go 1.24.13
+go 1.25.9
 
 tool (
 	github.com/matryer/moq
@@ -41,7 +41,7 @@ require (
 )
 
 require (
-	cel.dev/expr v0.24.0 // indirect
+	cel.dev/expr v0.25.1 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
 	github.com/DataDog/gostackparse v0.7.0 // indirect
 	github.com/NYTimes/gziphandler v1.1.1 // indirect
@@ -110,32 +110,32 @@ require (
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect
-	go.opentelemetry.io/otel v1.40.0 // indirect
+	go.opentelemetry.io/otel v1.43.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.34.0 // indirect
-	go.opentelemetry.io/otel/metric v1.40.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.40.0 // indirect
-	go.opentelemetry.io/otel/trace v1.40.0 // indirect
+	go.opentelemetry.io/otel/metric v1.43.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.43.0 // indirect
+	go.opentelemetry.io/otel/trace v1.43.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.5.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
-	golang.org/x/crypto v0.38.0 // indirect
+	golang.org/x/crypto v0.46.0 // indirect
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
-	golang.org/x/mod v0.29.0 // indirect
-	golang.org/x/net v0.47.0 // indirect
-	golang.org/x/oauth2 v0.30.0 // indirect
-	golang.org/x/sync v0.18.0 // indirect
-	golang.org/x/sys v0.40.0 // indirect
-	golang.org/x/term v0.37.0 // indirect
-	golang.org/x/text v0.31.0 // indirect
+	golang.org/x/mod v0.30.0 // indirect
+	golang.org/x/net v0.48.0 // indirect
+	golang.org/x/oauth2 v0.34.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sys v0.42.0 // indirect
+	golang.org/x/term v0.38.0 // indirect
+	golang.org/x/text v0.32.0 // indirect
 	golang.org/x/time v0.11.0 // indirect
-	golang.org/x/tools v0.38.0 // indirect
+	golang.org/x/tools v0.39.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb // indirect
-	google.golang.org/grpc v1.72.1 // indirect
-	google.golang.org/protobuf v1.36.6
+	google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect
+	google.golang.org/grpc v1.79.3 // indirect
+	google.golang.org/protobuf v1.36.10
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
@@ -163,7 +163,6 @@ replace (
 // CVE Replaces
 replace (
 	golang.org/x/crypto => golang.org/x/crypto v0.45.0 // CVE-2024-45337,CVE-2025-22869,CVE-2025-47914
-	golang.org/x/net => golang.org/x/net v0.40.0 // CVE-2025-22870, CVE-2025-22872
 	golang.org/x/oauth2 => golang.org/x/oauth2 v0.27.0 // CVE-2025-22868
 )
 
diff --git a/images/virtualization-artifact/go.sum b/images/virtualization-artifact/go.sum
index f296612ef5..2a2d3ca3ab 100644
--- a/images/virtualization-artifact/go.sum
+++ b/images/virtualization-artifact/go.sum
@@ -1,5 +1,5 @@
-cel.dev/expr v0.24.0 h1:56OvJKSH3hDGL0ml5uSxZmz3/3Pq4tJ+fb1unVLAFcY=
-cel.dev/expr v0.24.0/go.mod h1:hLPLo1W4QUmuYdA72RBX06QTs6MXw941piREPl3Yfiw=
+cel.dev/expr v0.25.1 h1:1KrZg61W6TWSxuNZ37Xy49ps13NUovb66QLprthtwi4=
+cel.dev/expr v0.25.1/go.mod h1:hrXvqGP6G6gyx8UAHSHJ5RGk//1Oj5nXQ2NI02Nrsg4=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
@@ -404,20 +404,20 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.6
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0/go.mod h1:rg+RlpR5dKwaS95IyyZqj5Wd4E13lk/msnTS0Xl9lJM=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q=
-go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms=
-go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g=
+go.opentelemetry.io/otel v1.43.0 h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I=
+go.opentelemetry.io/otel v1.43.0/go.mod h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0 h1:OeNbIYk/2C15ckl7glBlOBp5+WlYsOElzTNmiPW/x60=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.34.0/go.mod h1:7Bept48yIeqxP2OZ9/AqIpYS94h2or0aB4FypJTc8ZM=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.34.0 h1:tgJ0uaNS4c98WRNUEx5U3aDlrDOI5Rs+1Vifcw4DJ8U=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.34.0/go.mod h1:U7HYyW0zt/a9x5J1Kjs+r1f/d4ZHnYFclhYY2+YbeoE=
-go.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g=
-go.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc=
-go.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8=
-go.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE=
-go.opentelemetry.io/otel/sdk/metric v1.40.0 h1:mtmdVqgQkeRxHgRv4qhyJduP3fYJRMX4AtAlbuWdCYw=
-go.opentelemetry.io/otel/sdk/metric v1.40.0/go.mod h1:4Z2bGMf0KSK3uRjlczMOeMhKU2rhUqdWNoKcYrtcBPg=
-go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw=
-go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA=
+go.opentelemetry.io/otel/metric v1.43.0 h1:d7638QeInOnuwOONPp4JAOGfbCEpYb+K6DVWvdxGzgM=
+go.opentelemetry.io/otel/metric v1.43.0/go.mod h1:RDnPtIxvqlgO8GRW18W6Z/4P462ldprJtfxHxyKd2PY=
+go.opentelemetry.io/otel/sdk v1.43.0 h1:pi5mE86i5rTeLXqoF/hhiBtUNcrAGHLKQdhg4h4V9Dg=
+go.opentelemetry.io/otel/sdk v1.43.0/go.mod h1:P+IkVU3iWukmiit/Yf9AWvpyRDlUeBaRg6Y+C58QHzg=
+go.opentelemetry.io/otel/sdk/metric v1.43.0 h1:S88dyqXjJkuBNLeMcVPRFXpRw2fuwdvfCGLEo89fDkw=
+go.opentelemetry.io/otel/sdk/metric v1.43.0/go.mod h1:C/RJtwSEJ5hzTiUz5pXF1kILHStzb9zFlIEe85bhj6A=
+go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09nk+3A=
+go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0=
 go.opentelemetry.io/proto/otlp v1.5.0 h1:xJvq7gMzB31/d406fB8U5CBdyQGw4P399D1aQWU/3i4=
 go.opentelemetry.io/proto/otlp v1.5.0/go.mod h1:keN8WnHxOy8PG0rQZjJJ5A2ebUoafqWp0eVQ4yIXvJ4=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
@@ -458,14 +458,65 @@ golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
 golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
 golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ=
 golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc=
 golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI=
-golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA=
 golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w=
-golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
+golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk=
+golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM=
+golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
+golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
+golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
+golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
+golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA=
+golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI=
+golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
+golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY=
+golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
+golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
+golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
+golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
+golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
+golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
+golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
 golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
+golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA=
+golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
+golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
+golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
+golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210=
+golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
+golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
+golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
 golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
 golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -487,8 +538,9 @@ golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
-golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
 golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -496,10 +548,16 @@ golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -509,6 +567,7 @@ golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220422013727-9388b58f7150/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -523,6 +582,7 @@ golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
@@ -533,27 +593,57 @@ golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
-golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=
+golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0=
 golang.org/x/telemetry v0.0.0-20250710130107-8d8967aff50b/go.mod h1:4ZwOYna0/zsOKwuR5X/m0QFOJpSZvAxFfkQT+Erd9D4=
 golang.org/x/telemetry v0.0.0-20250807160809-1a19826ec488/go.mod h1:fGb/2+tgXXjhjHsTNdVEEMZNWA0quBnfrO+AfoDSAKw=
 golang.org/x/telemetry v0.0.0-20250908211612-aef8a434d053/go.mod h1:+nZKN+XVh4LCiA9DV3ywrzN4gumyCnKjau3NGb9SGoE=
 golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8/go.mod h1:Pi4ztBfryZoJEkyFTI5/Ocsu2jXyDr6iSdgJiYE/uwE=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
+golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
+golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
+golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU=
+golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
+golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
+golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
+golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
+golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
+golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
+golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0=
+golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4=
+golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
+golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
+golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
 golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
-golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
+golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0=
+golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw=
+golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA=
+golang.org/x/term v0.36.0/go.mod h1:Qu394IJq6V6dCBRgwqshf3mPF85AqzYEzofzRdZkWss=
 golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=
+golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
+golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
@@ -571,8 +661,14 @@ golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
 golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
-golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
+golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
+golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU=
+golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
+golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4=
+golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM=
 golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
+golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
+golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
 golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
 golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
@@ -608,33 +704,37 @@ golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c
 golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI=
 golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ=
 golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
+golang.org/x/tools v0.33.0/go.mod h1:CIJMaWEY88juyUfo7UbgPqbC8rU2OqfAV1h2Qp0oMYI=
 golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
 golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
 golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
 golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w=
-golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
 golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
+golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
+golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
 gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
+gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
+gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb h1:p31xT4yrYrSM/G4Sn2+TNUkVhFCbG9y8itM2S6Th950=
-google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb/go.mod h1:jbe3Bkdp+Dh2IrslsFCklNhweNTBgSYanP1UXhJDhKg=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb h1:TLPQVbx1GJ8VKZxz52VAxl1EBgKXXbTiU9Fc5fZeLn4=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb/go.mod h1:LuRYeWDFV6WOn90g357N17oMCaxpgCnbi/44qJvDn2I=
+google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls=
+google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.72.1 h1:HR03wO6eyZ7lknl75XlxABNVLLFc2PAb6mHlYh756mA=
-google.golang.org/grpc v1.72.1/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM=
+google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE=
+google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -652,8 +752,8 @@ google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHh
 google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
-google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
-google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
+google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
+google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
diff --git a/images/virtualization-artifact/werf.inc.yaml b/images/virtualization-artifact/werf.inc.yaml
index 4405f76b4b..fc6f1448c3 100644
--- a/images/virtualization-artifact/werf.inc.yaml
+++ b/images/virtualization-artifact/werf.inc.yaml
@@ -22,7 +22,7 @@ git:
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.25" "builder/golang-alt-svace-1.25" }}
 import:
 - image: {{ .ModuleNamePrefix }}{{ .ImageName }}-src-artifact
   add: /src
diff --git a/images/virtualization-dra/go.mod b/images/virtualization-dra/go.mod
index f1996e4b9b..2afe3de559 100644
--- a/images/virtualization-dra/go.mod
+++ b/images/virtualization-dra/go.mod
@@ -13,9 +13,9 @@ require (
 	github.com/onsi/gomega v1.35.1
 	github.com/spf13/cobra v1.10.1
 	github.com/spf13/pflag v1.0.9
-	golang.org/x/sync v0.12.0
+	golang.org/x/sync v0.19.0
 	golang.org/x/sys v0.40.0
-	google.golang.org/grpc v1.72.1
+	google.golang.org/grpc v1.79.3
 	k8s.io/api v0.34.2
 	k8s.io/apimachinery v0.34.2
 	k8s.io/client-go v0.34.2
@@ -77,15 +77,15 @@ require (
 	go.uber.org/zap v1.27.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
-	golang.org/x/mod v0.21.0 // indirect
-	golang.org/x/net v0.38.0 // indirect
-	golang.org/x/oauth2 v0.27.0 // indirect
-	golang.org/x/term v0.30.0 // indirect
-	golang.org/x/text v0.23.0 // indirect
+	golang.org/x/mod v0.30.0 // indirect
+	golang.org/x/net v0.48.0 // indirect
+	golang.org/x/oauth2 v0.34.0 // indirect
+	golang.org/x/term v0.38.0 // indirect
+	golang.org/x/text v0.32.0 // indirect
 	golang.org/x/time v0.9.0 // indirect
-	golang.org/x/tools v0.26.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb // indirect
-	google.golang.org/protobuf v1.36.5 // indirect
+	golang.org/x/tools v0.39.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect
+	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
diff --git a/images/virtualization-dra/go.sum b/images/virtualization-dra/go.sum
index 0d9d9ecb85..5c98b67ff7 100644
--- a/images/virtualization-dra/go.sum
+++ b/images/virtualization-dra/go.sum
@@ -181,21 +181,21 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
-golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk=
+golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
-golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
-golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
-golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
+golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
+golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
+golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=
+golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
-golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -205,30 +205,32 @@ golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
 golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
-golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
+golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
+golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
-golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
+golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
 golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
 golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
-golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
+golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
+golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb h1:TLPQVbx1GJ8VKZxz52VAxl1EBgKXXbTiU9Fc5fZeLn4=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb/go.mod h1:LuRYeWDFV6WOn90g357N17oMCaxpgCnbi/44qJvDn2I=
-google.golang.org/grpc v1.72.1 h1:HR03wO6eyZ7lknl75XlxABNVLLFc2PAb6mHlYh756mA=
-google.golang.org/grpc v1.72.1/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM=
-google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
-google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
+gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
+google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE=
+google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=
+google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
+google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
diff --git a/images/vm-route-forge/go.mod b/images/vm-route-forge/go.mod
index f85b508120..6e73616cfc 100644
--- a/images/vm-route-forge/go.mod
+++ b/images/vm-route-forge/go.mod
@@ -1,19 +1,19 @@
 module vm-route-forge
 
-go 1.24.13
+go 1.25.9
 
 tool github.com/cilium/ebpf/cmd/bpf2go
 
 require (
-	github.com/cilium/cilium v1.16.17
-	github.com/cilium/ebpf v0.16.0
+	github.com/cilium/cilium v1.17.14
+	github.com/cilium/ebpf v0.17.1
 	github.com/deckhouse/virtualization/api v0.0.0-00010101000000-000000000000
 	github.com/go-logr/logr v1.4.3
 	github.com/spf13/cobra v1.9.1
 	github.com/spf13/pflag v1.0.7
-	github.com/vishvananda/netlink v1.3.1-0.20241022031324-976bd8de7d81
+	github.com/vishvananda/netlink v1.3.1-0.20250303224720-0e7078ed04c8
 	go.uber.org/zap v1.27.0
-	golang.org/x/sys v0.40.0
+	golang.org/x/sys v0.42.0
 	k8s.io/apimachinery v0.33.3
 	k8s.io/client-go v0.33.3
 	sigs.k8s.io/controller-runtime v0.21.0
@@ -26,13 +26,15 @@ require (
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/cilium/hive v0.0.0-20240529072208-d997f86e4219 // indirect
+	github.com/cilium/hive v0.0.0-20250522145610-0734675df148 // indirect
 	github.com/cilium/proxy v0.0.0-20250526114940-b80199397e8a // indirect
+	github.com/cilium/statedb v0.4.5 // indirect
+	github.com/cilium/stream v0.0.0-20241203114243-53c3e5d79744 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emicklei/go-restful/v3 v3.12.0 // indirect
 	github.com/evanphx/json-patch/v5 v5.9.11 // indirect
-	github.com/fsnotify/fsnotify v1.7.0 // indirect
-	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
+	github.com/fsnotify/fsnotify v1.8.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.8.0 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-logr/zapr v1.3.0 // indirect
 	github.com/go-openapi/analysis v0.23.0 // indirect
@@ -46,21 +48,20 @@ require (
 	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/go-openapi/validate v0.24.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
-	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
 	github.com/google/btree v1.1.3 // indirect
 	github.com/google/gnostic-models v0.7.0 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
-	github.com/google/gopacket v1.1.19 // indirect
 	github.com/google/uuid v1.6.0 // indirect
+	github.com/gopacket/gopacket v1.3.1 // indirect
 	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/kr/pretty v0.3.1 // indirect
-	github.com/kr/text v0.2.0 // indirect
 	github.com/mackerelio/go-osstat v0.2.5 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
@@ -71,41 +72,40 @@ require (
 	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
 	github.com/petermattis/goid v0.0.0-20240813172612-4fcff4a6cae7 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_golang v1.22.0 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/common v0.62.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
-	github.com/rogpeppe/go-internal v1.14.1 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/sasha-s/go-deadlock v0.3.5 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/afero v1.11.0 // indirect
-	github.com/spf13/cast v1.6.0 // indirect
+	github.com/spf13/cast v1.7.0 // indirect
 	github.com/spf13/viper v1.19.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
-	github.com/vishvananda/netns v0.0.4 // indirect
+	github.com/vishvananda/netns v0.0.5 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	go.mongodb.org/mongo-driver v1.14.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
-	go.opentelemetry.io/otel v1.40.0 // indirect
-	go.opentelemetry.io/otel/metric v1.40.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.40.0 // indirect
-	go.opentelemetry.io/otel/trace v1.40.0 // indirect
+	go.opentelemetry.io/otel v1.43.0 // indirect
+	go.opentelemetry.io/otel/metric v1.43.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.43.0 // indirect
+	go.opentelemetry.io/otel/trace v1.43.0 // indirect
 	go.uber.org/dig v1.17.1 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
 	go.yaml.in/yaml/v3 v3.0.3 // indirect
 	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect
-	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
+	golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa // indirect
 	golang.org/x/net v0.47.0 // indirect
 	golang.org/x/oauth2 v0.30.0 // indirect
 	golang.org/x/sync v0.18.0 // indirect
 	golang.org/x/term v0.37.0 // indirect
 	golang.org/x/text v0.31.0 // indirect
 	golang.org/x/time v0.12.0 // indirect
+	golang.org/x/tools v0.38.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/protobuf v1.36.6 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
@@ -116,7 +116,7 @@ require (
 	k8s.io/apiextensions-apiserver v0.33.3 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20250701173324-9bd5c66d9911 // indirect
-	k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect
+	k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 // indirect
 	kubevirt.io/api v1.6.2 // indirect
 	kubevirt.io/containerized-data-importer-api v1.60.3-0.20241105012228-50fbed985de9 // indirect
 	kubevirt.io/controller-lifecycle-operator-sdk/api v0.0.0-20220329064328-f3cc58c6ed90 // indirect
diff --git a/images/vm-route-forge/go.sum b/images/vm-route-forge/go.sum
index 2762863bcc..21105b5157 100644
--- a/images/vm-route-forge/go.sum
+++ b/images/vm-route-forge/go.sum
@@ -2,8 +2,8 @@ cel.dev/expr v0.20.0 h1:OunBvVCfvpWlt4dN7zg3FM6TDkzOePe1+foGJ9AXeeI=
 cel.dev/expr v0.20.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
-github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=
-github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk=
+github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
@@ -26,14 +26,18 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P
 github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
-github.com/cilium/cilium v1.16.17 h1:5DUFyl/DhCEhWGdMQjw0eA9FlI8dBFpg2ENYJan3Wk0=
-github.com/cilium/cilium v1.16.17/go.mod h1:Wa47utg/8XuOe8pq64KwNOM8wDsXoYP3HZ6uw3IYDVg=
-github.com/cilium/ebpf v0.16.0 h1:+BiEnHL6Z7lXnlGUsXQPPAE7+kenAd4ES8MQ5min0Ok=
-github.com/cilium/ebpf v0.16.0/go.mod h1:L7u2Blt2jMM/vLAVgjxluxtBKlz3/GWjB0dMOEngfwE=
-github.com/cilium/hive v0.0.0-20240529072208-d997f86e4219 h1:iX4v9lg63iTv8x8MWUMVbeWqtAGcV6yh/w3Zp9sP3ME=
-github.com/cilium/hive v0.0.0-20240529072208-d997f86e4219/go.mod h1:6tW1eCwSq8Wz8IVtpZE0MemoCWSrEOUa8aLKotmBRCo=
+github.com/cilium/cilium v1.17.14 h1:Kpg8Ul6Bo6e6m8J4hXsmXwibDJOk0nsP+95BiT5iUUI=
+github.com/cilium/cilium v1.17.14/go.mod h1:tXBsNjYmMtf7EiXzN1sJeQPkFdWLoPptrXU8h7E+BzU=
+github.com/cilium/ebpf v0.17.1 h1:G8mzU81R2JA1nE5/8SRubzqvBMmAmri2VL8BIZPWvV0=
+github.com/cilium/ebpf v0.17.1/go.mod h1:vay2FaYSmIlv3r8dNACd4mW/OCaZLJKJOo+IHBvCIO8=
+github.com/cilium/hive v0.0.0-20250522145610-0734675df148 h1:0zljF9fNEJ36/OyifWahfcizUcs+X9OMSvEv58+wo5g=
+github.com/cilium/hive v0.0.0-20250522145610-0734675df148/go.mod h1:pI2GJ1n3SLKIQVFrKF7W6A6gb6BQkZ+3Hp4PAEo5SuI=
 github.com/cilium/proxy v0.0.0-20250526114940-b80199397e8a h1:5pJ6eaVk/y1C8cBMpfUWMuHa+qTefq2jqcNf0et0mGk=
 github.com/cilium/proxy v0.0.0-20250526114940-b80199397e8a/go.mod h1:Bs5kHQ+FYHLrAkEaTQpbwblJIv6NfU2Tsuo+wCkN+9s=
+github.com/cilium/statedb v0.4.5 h1:WP1xbkAdDup0wOkhRZUJG/Wh4+ZLAOgl7yIIxJ3vIEo=
+github.com/cilium/statedb v0.4.5/go.mod h1:DlxX9OQi/nM8oumUuz8VjxXUtVRiEfbfo8Ri1YWNCGI=
+github.com/cilium/stream v0.0.0-20241203114243-53c3e5d79744 h1:f+CgYUy2YyZ2EX31QSqf3vwFiJJQSAMIQLn4d3QQYno=
+github.com/cilium/stream v0.0.0-20241203114243-53c3e5d79744/go.mod h1:/e83AwqvNKpyg4n3C41qmnmj1x2G9DwzI+jb7GkF4lI=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443 h1:aQ3y1lwWyqYPiWZThqv1aFbZMiM9vblcSArJRf2Irls=
 github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
@@ -66,10 +70,10 @@ github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHk
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
-github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
-github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
-github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
+github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M=
+github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
+github.com/fxamacker/cbor/v2 v2.8.0 h1:fFtUGXUzXPHTIUdne5+zzMPTfffl3RD5qYnkY40vtxU=
+github.com/fxamacker/cbor/v2 v2.8.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
 github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
 github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
@@ -126,8 +130,8 @@ github.com/gobwas/ws v1.2.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/K
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
-github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ=
+github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
@@ -159,8 +163,6 @@ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/
 github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gopacket v1.1.19 h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=
-github.com/google/gopacket v1.1.19/go.mod h1:iJ8V8n6KS+z2U1A8pUwu8bW5SyEMkXJB8Yo/Vo+TKTo=
 github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
 github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo=
@@ -170,6 +172,8 @@ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA=
+github.com/gopacket/gopacket v1.3.1 h1:ZppWyLrOJNZPe5XkdjLbtuTkfQoxQ0xyMJzQCqtqaPU=
+github.com/gopacket/gopacket v1.3.1/go.mod h1:3I13qcqSpB2R9fFQg866OOgzylYkZxLTmkvcXhvf6qg=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM=
 github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM=
@@ -203,6 +207,8 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs=
+github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0=
+github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE=
 github.com/mackerelio/go-osstat v0.2.5 h1:+MqTbZUhoIt4m8qzkVoXUJg1EuifwlAJSk4Yl2GXh+o=
 github.com/mackerelio/go-osstat v0.2.5/go.mod h1:atxwWF+POUZcdtR1wnsUcQxTytoHG4uhl2AKKzrOajY=
 github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
@@ -216,6 +222,8 @@ github.com/mdlayher/netlink v1.7.2 h1:/UtM3ofJap7Vl4QWCPDGXY8d3GIY2UGSDbK+QWmY8/
 github.com/mdlayher/netlink v1.7.2/go.mod h1:xraEF7uJbxLhc5fpHL4cPe221LI2bdttWlU+ZGLfQSw=
 github.com/mdlayher/socket v0.4.1 h1:eM9y2/jlbs1M615oshPQOHZzj6R6wMT7bX5NPiQvn2U=
 github.com/mdlayher/socket v0.4.1/go.mod h1:cAqeGjoufqdxWkD7DkpyS+wcefOtmu5OQ8KuoJGIReA=
+github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
+github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
@@ -326,8 +334,8 @@ github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIK
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
 github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
 github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
-github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0=
-github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
+github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w=
+github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
 github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo=
 github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
@@ -355,10 +363,11 @@ github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
-github.com/vishvananda/netlink v1.3.1-0.20241022031324-976bd8de7d81 h1:9fkQcQYvtTr9ayFXuMfDMVuDt4+BYG9FwsGLnrBde0M=
-github.com/vishvananda/netlink v1.3.1-0.20241022031324-976bd8de7d81/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs=
-github.com/vishvananda/netns v0.0.4 h1:Oeaw1EM2JMxD51g9uhtC0D7erkIjgmj8+JZc26m1YX8=
+github.com/vishvananda/netlink v1.3.1-0.20250303224720-0e7078ed04c8 h1:Y4egeTrP7sccowz2GWTJVtHlwkZippgBTpUmMteFUWQ=
+github.com/vishvananda/netlink v1.3.1-0.20250303224720-0e7078ed04c8/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs=
 github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
+github.com/vishvananda/netns v0.0.5 h1:DfiHV+j8bA32MFM7bfEunvT8IAqQ/NzSJHtcmW5zdEY=
+github.com/vishvananda/netns v0.0.5/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
@@ -370,14 +379,14 @@ go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd
 go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c=
 go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
 go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
-go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms=
-go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g=
-go.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g=
-go.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc=
-go.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8=
-go.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE=
-go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw=
-go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA=
+go.opentelemetry.io/otel v1.43.0 h1:mYIM03dnh5zfN7HautFE4ieIig9amkNANT+xcVxAj9I=
+go.opentelemetry.io/otel v1.43.0/go.mod h1:JuG+u74mvjvcm8vj8pI5XiHy1zDeoCS2LB1spIq7Ay0=
+go.opentelemetry.io/otel/metric v1.43.0 h1:d7638QeInOnuwOONPp4JAOGfbCEpYb+K6DVWvdxGzgM=
+go.opentelemetry.io/otel/metric v1.43.0/go.mod h1:RDnPtIxvqlgO8GRW18W6Z/4P462ldprJtfxHxyKd2PY=
+go.opentelemetry.io/otel/sdk v1.43.0 h1:pi5mE86i5rTeLXqoF/hhiBtUNcrAGHLKQdhg4h4V9Dg=
+go.opentelemetry.io/otel/sdk v1.43.0/go.mod h1:P+IkVU3iWukmiit/Yf9AWvpyRDlUeBaRg6Y+C58QHzg=
+go.opentelemetry.io/otel/trace v1.43.0 h1:BkNrHpup+4k4w+ZZ86CZoHHEkohws8AY+WTX09nk+3A=
+go.opentelemetry.io/otel/trace v1.43.0/go.mod h1:/QJhyVBUUswCphDVxq+8mld+AvhXZLhe+8WVFxiFff0=
 go.uber.org/dig v1.17.1 h1:Tga8Lz8PcYNsWsyHMZ1Vm0OQOUaJNDyvPImgbAu9YSc=
 go.uber.org/dig v1.17.1/go.mod h1:Us0rSJiThwCv2GteUN0Q7OKvU7n5J4dxZ9JKUXozFdE=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
@@ -394,13 +403,11 @@ go4.org/netipx v0.0.0-20231129151722-fdeea329fbba h1:0b9z3AuHCjxk0x/opv64kcgZLBs
 go4.org/netipx v0.0.0-20231129151722-fdeea329fbba/go.mod h1:PLyyIXexvUFg3Owu6p/WfdlivPbZJsZdgWZlrGope/Y=
 golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
-golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
+golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa h1:ELnwvuAXPNtPk1TJRuGkI9fDTwym6AYBu0qzT8AcHdI=
+golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
@@ -449,7 +456,6 @@ golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -491,8 +497,8 @@ golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
-golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=
+golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0=
 golang.org/x/telemetry v0.0.0-20250710130107-8d8967aff50b/go.mod h1:4ZwOYna0/zsOKwuR5X/m0QFOJpSZvAxFfkQT+Erd9D4=
@@ -529,7 +535,6 @@ golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
@@ -644,8 +649,8 @@ k8s.io/kube-openapi v0.0.0-20250701173324-9bd5c66d9911 h1:gAXU86Fmbr/ktY17lkHwSj
 k8s.io/kube-openapi v0.0.0-20250701173324-9bd5c66d9911/go.mod h1:GLOk5B+hDbRROvt0X2+hqX64v/zO3vXN7J78OUmBSKw=
 k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
-k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro=
-k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2 h1:AZYQSJemyQB5eRxqcPky+/7EdBj0xi3g0ZcxxJ7vbWU=
+k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2/go.mod h1:xDxuJ0whA3d0I4mf/C4ppKHxXynQ+fxnkmQH0vTHnuk=
 kubevirt.io/api v1.6.2 h1:aoqZ4KsbOyDjLnuDw7H9wEgE/YTd/q5BBmYeQjJNizc=
 kubevirt.io/api v1.6.2/go.mod h1:p66fEy/g79x7VpgUwrkUgOoG2lYs5LQq37WM6JXMwj4=
 kubevirt.io/containerized-data-importer-api v1.60.3-0.20241105012228-50fbed985de9 h1:KTb8wO1Lxj220DX7d2Rdo9xovvlyWWNo3AVm2ua+1nY=
diff --git a/images/vm-route-forge/werf.inc.yaml b/images/vm-route-forge/werf.inc.yaml
index c3e72b05f8..757cfca516 100644
--- a/images/vm-route-forge/werf.inc.yaml
+++ b/images/vm-route-forge/werf.inc.yaml
@@ -18,7 +18,7 @@ git:
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-builder
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.25" "builder/golang-alt-svace-1.25" }}
 import:
 - image: {{ .ModuleNamePrefix }}{{ .ImageName }}-src-artifact
   add: /src
diff --git a/src/cli/go.mod b/src/cli/go.mod
index 6f1b9ee6e6..0061c0b3b6 100644
--- a/src/cli/go.mod
+++ b/src/cli/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/virtualization/src/cli
 
-go 1.24.13
+go 1.25.9
 
 require (
 	github.com/deckhouse/virtualization/api v0.15.0
diff --git a/test/e2e/go.mod b/test/e2e/go.mod
index 0ad4e8cf42..2c41638bea 100644
--- a/test/e2e/go.mod
+++ b/test/e2e/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/virtualization/test/e2e
 
-go 1.24.13
+go 1.25.9
 
 tool github.com/onsi/ginkgo/v2/ginkgo
 
@@ -65,15 +65,15 @@ require (
 	go.uber.org/zap v1.27.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
-	golang.org/x/net v0.47.0 // indirect
-	golang.org/x/oauth2 v0.30.0 // indirect
-	golang.org/x/sync v0.18.0 // indirect
-	golang.org/x/sys v0.40.0 // indirect
-	golang.org/x/term v0.37.0 // indirect
-	golang.org/x/text v0.31.0 // indirect
+	golang.org/x/net v0.48.0 // indirect
+	golang.org/x/oauth2 v0.34.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sys v0.42.0 // indirect
+	golang.org/x/term v0.38.0 // indirect
+	golang.org/x/text v0.32.0 // indirect
 	golang.org/x/time v0.11.0 // indirect
-	golang.org/x/tools v0.38.0 // indirect
-	google.golang.org/protobuf v1.36.6 // indirect
+	golang.org/x/tools v0.39.0 // indirect
+	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	k8s.io/apiextensions-apiserver v0.34.2 // indirect
diff --git a/test/e2e/go.sum b/test/e2e/go.sum
index d3f4cd2b02..18ddf7c612 100644
--- a/test/e2e/go.sum
+++ b/test/e2e/go.sum
@@ -381,11 +381,11 @@ golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
 golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
 golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
 golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
-golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
-golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
+golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
+golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
-golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
+golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=
+golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -401,8 +401,8 @@ golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
-golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
-golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -454,8 +454,8 @@ golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
-golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=
+golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -482,8 +482,8 @@ golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4=
 golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
 golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
 golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
-golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
-golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=
+golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
+golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -504,8 +504,8 @@ golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
-golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
-golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
+golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
+golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
 golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
 golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
@@ -540,8 +540,8 @@ golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c
 golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI=
 golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ=
 golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
-golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
-golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
+golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
+golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -571,8 +571,8 @@ google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHh
 google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
-google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
-google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
+google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
+google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
diff --git a/test/performance/tools/shatal/go.mod b/test/performance/tools/shatal/go.mod
index 315f9d5d4c..e5be7c6b12 100644
--- a/test/performance/tools/shatal/go.mod
+++ b/test/performance/tools/shatal/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/virtualization/shatal
 
-go 1.24.13
+go 1.25.9
 
 require (
 	github.com/deckhouse/virtualization/api v1.0.0

From f4b6b8d9b6f7cedfe2040667075107883fd73781 Mon Sep 17 00:00:00 2001
From: Dmitry Lopatin <dmitry.lopatin@flant.com>
Date: Thu, 16 Apr 2026 10:48:55 +0300
Subject: [PATCH 2/4] chore(core): fix linter errors

Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
---
 .github/workflows/dev_module_build.yml        |   4 +-
 images/dvcr-artifact/.golangci.yaml           | 158 ++++++++++-------
 images/dvcr-artifact/Taskfile.dist.yaml       |   2 +-
 images/hooks/.golangci.yaml                   | 159 +++++++++--------
 images/hooks/Taskfile.yaml                    |  17 +-
 .../hooks/cmd/module-config-reporter/main.go  |   2 +-
 .../virtualization-module-hooks/register.go   |   3 +-
 .../hook.go                                   |   2 +-
 .../hook.go                                   |   2 +-
 .../hooks/discovery-workload-nodes/hook.go    |   2 +-
 .../pkg/hooks/dvcr-garbage-collection/hook.go |   2 +-
 .../hooks/generate-secret-for-dvcr/hook.go    |   3 +-
 .../pkg/hooks/install-vmclass-generic/hook.go |   2 +-
 .../hook.go                                   |   2 +-
 .../hook.go                                   |   2 +-
 .../hooks/tls-certificates-api-proxy/main.go  |   2 +-
 .../pkg/hooks/tls-certificates-audit/hook.go  |   3 +-
 .../hooks/tls-certificates-controller/hook.go |   2 +-
 .../pkg/hooks/tls-certificates-dvcr/hook.go   |   2 +-
 .../pkg/hooks/validate-module-config/hook.go  |   2 +-
 .../hooks/validate-module-config/hook_test.go |   3 +-
 images/hooks/pkg/readiness/probe.go           |   2 +-
 images/virtualization-artifact/.golangci.yaml | 158 ++++++++++-------
 images/virtualization-artifact/Taskfile.yaml  |  22 ++-
 .../pkg/audit/events/forbid/forbid_test.go    |   2 +-
 .../pkg/common/array/array.go                 |   2 +-
 .../pkg/common/pointer/pointer.go             |   2 +-
 .../controller/cvi/internal/source/http.go    |   2 +-
 .../cvi/internal/source/object_ref.go         |   2 +-
 .../cvi/internal/source/registry.go           |   2 +-
 .../controller/cvi/internal/source/upload.go  |   2 +-
 .../internal/watcher/vdsnapshot_watcher.go    |   4 +-
 .../internal/watcher/virtualdisk_watcher.go   |   4 +-
 .../pkg/controller/gc/fake.go                 |   4 +-
 .../pkg/controller/kvbuilder/kvvm.go          |   2 +-
 .../pkg/controller/reconciler/resource.go     |   2 +-
 .../pkg/controller/service/disk_service.go    |   2 +-
 .../controller/service/protection_service.go  |   3 +-
 .../controller/service/size_policy_service.go |   6 +-
 .../controller/supplements/copier/secret.go   |   2 +-
 .../controller/vd/internal/migration_test.go  |   2 +-
 .../validator/storage_class_validator.go      |   2 +-
 .../vd/internal/watcher/pvc_watcher.go        |   2 +-
 .../watcher/resource_quota_watcher.go         |   4 +-
 .../vd/internal/watcher/vdsnapshot_watcher.go |   6 +-
 .../internal/watcher/kvvmi_watcher.go         |   6 +-
 .../vdsnapshot/internal/watcher/vd_watcher.go |   4 +-
 .../vdsnapshot/internal/watcher/vm_watcher.go |   6 +-
 .../controller/vi/internal/source/sources.go  |   4 +-
 .../vi/internal/watcher/vdsnapshot_watcher.go |   4 +-
 .../internal/watcher/virdualdisk_watcher.go   |   4 +-
 .../vi/internal/watcher/vm_watcher.go         |   2 +-
 .../vm/internal/service/migration_volumes.go  |   2 +-
 .../pkg/controller/vm/internal/util.go        |   2 +-
 .../internal/service/attachment_service.go    |   2 +-
 .../vmbda/internal/watcher/cvi_watcher.go     |   4 +-
 .../vmbda/internal/watcher/vd_watcher.go      |   4 +-
 .../vmbda/internal/watcher/vi_watcher.go      |   4 +-
 .../vmbda/internal/watcher/vm_watcher.go      |   4 +-
 .../pkg/controller/vmclass/internal/util.go   |   2 +-
 .../internal/watcher/vmiplease_watcher.go     |   4 +-
 .../vmiplease/internal/retention_handler.go   |   2 +-
 .../internal/watcher/vmip_watcher.go          |   2 +-
 .../internal/watcher/vmmaclease_watcher.go    |   2 +-
 .../internal/watcher/kvvm_watcher.go          |   6 +-
 .../vmrestore/internal/watcher/vd_watcher.go  |   8 +-
 .../vmrestore/internal/watcher/vm_watcher.go  |   6 +-
 .../internal/watcher/vmbda_watcher.go         |  12 +-
 .../internal/watcher/vmsnapshot_watcher.go    |   4 +-
 .../internal/watcher/kvvmi_watcher.go         |   4 +-
 .../vmsnapshot/internal/watcher/vd_watcher.go |   4 +-
 .../internal/watcher/vdsnapshot_watcher.go    |   4 +-
 .../vmsnapshot/internal/watcher/vm_watcher.go |   4 +-
 .../internal/handler/migration.go             |   2 +-
 .../volumemigration/internal/watcher/vm.go    |   2 +-
 .../pkg/controller/watchers/cvi_enqueuer.go   |   4 +-
 .../pkg/controller/watchers/vd_enqueuer.go    |  12 +-
 .../pkg/controller/watchers/vi_enqueuer.go    |   4 +-
 .../pkg/livemigration/policy.go               |   2 +-
 .../pkg/monitoring/metrics/cvi/collector.go   |   2 +-
 .../pkg/monitoring/metrics/vd/collector.go    |   2 +-
 .../metrics/vdsnapshot/collector.go           |   2 +-
 .../pkg/monitoring/metrics/vi/collector.go    |   2 +-
 .../metrics/virtualmachine/collector.go       |   2 +-
 .../pkg/monitoring/metrics/vmbda/collector.go |   2 +-
 .../pkg/monitoring/metrics/vmop/collector.go  |   2 +-
 .../metrics/vmsnapshot/collector.go           |   2 +-
 images/virtualization-dra/.golangci.yaml      |  15 +-
 images/virtualization-dra/Taskfile.yaml       |  20 +++
 images/vm-route-forge/Taskfile.yaml           |  21 ++-
 src/cli/.golangci.yaml                        | 158 ++++++++++-------
 src/cli/Taskfile.yaml                         |  24 ++-
 .../cmd/ansibleinventory/ansibleinventory.go  |  10 +-
 src/cli/internal/cmd/lifecycle/vmop/vmop.go   |   8 +-
 src/cli/internal/cmd/scp/scp.go               |   4 +-
 src/cli/internal/cmd/scp/wrapped.go           |   2 +-
 src/cli/internal/cmd/ssh/ssh.go               |   4 +-
 src/cli/internal/cmd/ssh/wrapped.go           |   9 +-
 src/cli/internal/cmd/vnc/vnc.go               |  13 +-
 src/cli/internal/templates/target.go          |   8 +-
 test/e2e/.golangci.yaml                       | 163 ++++++++++--------
 test/e2e/Taskfile.yaml                        |  19 +-
 test/e2e/legacy/util.go                       |   2 +-
 test/e2e/vm/additional_network_interfaces.go  |   4 +-
 test/e2e/vm/connectivity.go                   |   4 +-
 test/e2e/vm/migration.go                      |   4 +-
 test/e2e/vm/power_state.go                    |   2 +-
 .../volume_migration_storage_class_changed.go |   2 +-
 108 files changed, 726 insertions(+), 545 deletions(-)

diff --git a/.github/workflows/dev_module_build.yml b/.github/workflows/dev_module_build.yml
index 605594cc0f..16e969f018 100644
--- a/.github/workflows/dev_module_build.yml
+++ b/.github/workflows/dev_module_build.yml
@@ -257,11 +257,11 @@ jobs:
             find_errors=0
             cd "$dir" || { echo "::error::Failed to access directory $dir"; continue; }
 
-            if ! output=$(golangci-lint run --sort-results); then
+            if ! output=$(golangci-lint run); then
               error_count=$(( error_count + 1 ))
               echo "::group::📂 Linting directory ❌: $dir"
               echo -e "❌ Errors:\n$output\n"
-              golangci-lint run --sort-results || true
+              golangci-lint run || true
             else
               echo "::group::📂 Linting directory ✅: $dir"
               echo -e "✅ All check passed\n"
diff --git a/images/dvcr-artifact/.golangci.yaml b/images/dvcr-artifact/.golangci.yaml
index 1be21e2a37..41db9929a5 100644
--- a/images/dvcr-artifact/.golangci.yaml
+++ b/images/dvcr-artifact/.golangci.yaml
@@ -1,100 +1,61 @@
+# https://golangci-lint.run/usage/configuration/
+version: "2"
+
 run:
   concurrency: 4
   timeout: 10m
+
 issues:
   # Show all errors.
   max-issues-per-linter: 0
   max-same-issues: 0
   exclude:
     - "don't use an underscore in package name"
+
 output:
   sort-results: true
 
-exclude-files:
-  - "^zz_generated.*"
+exclusions:
+  paths:
+    - "^zz_generated.*"
 
-linters-settings:
-  gofumpt:
-    extra-rules: true
-  gci:
-    sections:
-      - standard
-      - default
-      - prefix(github.com/deckhouse/)
-  goimports:
-    local-prefixes: github.com/deckhouse/
-  errcheck:
-    exclude-functions: fmt:.*,[rR]ead|[wW]rite|[cC]lose,io:Copy
-  revive:
-    rules:
-      - name: dot-imports
-        disabled: true
-  nolintlint:
-    # Exclude following linters from requiring an explanation.
-    # Default: []
-    allow-no-explanation: [funlen, gocognit, lll]
-    # Enable to require an explanation of nonzero length after each nolint directive.
-    # Default: false
-    require-explanation: true
-    # Enable to require nolint directives to mention the specific linter being suppressed.
-    # Default: false
-    require-specific: true
-  importas:
-    # Do not allow unaliased imports of aliased packages.
-    # Default: false
-    no-unaliased: true
-    # Do not allow non-required aliases.
-    # Default: false
-    no-extra-aliases: false
-    # List of aliases
-    # Default: []
-    alias:
-      - pkg: github.com/deckhouse/virtualization/api/core/v1alpha2
-        alias: ""
-      - pkg: github.com/deckhouse/virtualization/api/subresources/v1alpha2
-        alias: subv1alpha2
-      - pkg: kubevirt.io/api/core/v1
-        alias: virtv1
-      - pkg: k8s.io/api/core/v1
-        alias: corev1
-      - pkg: k8s.io/api/authentication/v1
-        alias: authnv1
-      - pkg: k8s.io/api/storage/v1
-        alias: storagev1
-      - pkg: k8s.io/api/networking/v1
-        alias: netv1
-      - pkg: k8s.io/api/policy/v1
-        alias: policyv1
-      - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
-        alias: metav1
+formatters:
+  enable:
+    - gci
+    - gofmt
+    - gofumpt
+    - goimports
+  settings:
+    gci:
+      sections:
+        - standard
+        - default
+        - prefix(github.com/deckhouse/)
+    gofumpt:
+      extra-rules: true
+    goimports:
+      local-prefixes: github.com/deckhouse/
 
 linters:
-  disable-all: true
+  default: none
   enable:
     - asciicheck # checks that your code does not contain non-ASCII identifiers
     - bidichk # checks for dangerous unicode character sequences
     - bodyclose # checks whether HTTP response body is closed successfully
-    - contextcheck # [maby too many false positives] checks the function whether use a non-inherited context
+    - contextcheck # [maybe too many false positives] checks the function whether use a non-inherited context
     - dogsled # checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
     - errcheck # checking for unchecked errors, these unchecked errors can be critical bugs in some cases
     - errname # checks that sentinel errors are prefixed with the Err and error types are suffixed with the Error
     - errorlint # finds code that will cause problems with the error wrapping scheme introduced in Go 1.13
     - copyloopvar # detects places where loop variables are copied (Go 1.22+)
-    - gci # controls golang package import order and makes it always deterministic
     - gocritic # provides diagnostics that check for bugs, performance and style issues
-    - gofmt # [replaced by goimports] checks whether code was gofmt-ed
-    - gofumpt # [replaced by goimports, gofumports is not available yet] checks whether code was gofumpt-ed
-    - goimports # in addition to fixing imports, goimports also formats your code in the same style as gofmt
-    - gosimple # specializes in simplifying a code
     - govet # reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
     - ineffassign # detects when assignments to existing variables are not used
     - misspell # finds commonly misspelled English words in comments
     - nolintlint # reports ill-formed or insufficient nolint directives
-    - reassign # Checks that package variables are not reassigned.
+    - reassign # checks that package variables are not reassigned
     - revive # fast, configurable, extensible, flexible, and beautiful linter for Go, drop-in replacement of golint
-    - stylecheck # is a replacement for golint
     - staticcheck # is a go vet on steroids, applying a ton of static analysis checks
-    - typecheck # like the front-end of a Go compiler, parses and type-checks Go code
     - testifylint # checks usage of github.com/stretchr/testify
     - unconvert # removes unnecessary type conversions
     - unparam # reports unused function parameters
@@ -104,5 +65,68 @@ linters:
     - thelper # detects golang test helpers without t.Helper() call and checks the consistency of test helpers
     - tparallel # detects inappropriate usage of t.Parallel() method in your Go test codes
     - whitespace # detects leading and trailing whitespace
-    - wastedassign # Finds wasted assignment statements.
+    - wastedassign # finds wasted assignment statements
     - importas # checks import aliases against the configured convention
+  settings:
+    errcheck:
+      exclude-functions:
+        - "(*os.File).Close"
+        - "(*net.TCPConn).Close"
+        - "(io.ReadCloser).Close"
+        - "(net.Listener).Close"
+        - "(net.Conn).Close"
+        - "(net.Conn).Close"
+        - "(*golang.org/x/crypto/ssh.Session).Close"
+        - "(*github.com/fsnotify/fsnotify.Watcher).Close"
+    staticcheck:
+      dot-import-whitelist:
+        - github.com/onsi/ginkgo/v2
+        - github.com/onsi/gomega
+    revive:
+      rules:
+        - name: dot-imports
+          disabled: true
+        - name: exported
+          disabled: true
+        - name: package-comments
+          disabled: true
+    nolintlint:
+      # Exclude following linters from requiring an explanation.
+      # Default: []
+      allow-no-explanation: [funlen, gocognit, lll]
+      # Enable to require an explanation of nonzero length after each nolint directive.
+      # Default: false
+      require-explanation: true
+      # Enable to require nolint directives to mention the specific linter being suppressed.
+      # Default: false
+      require-specific: true
+    importas:
+      # Do not allow unaliased imports of aliased packages.
+      # Default: false
+      no-unaliased: true
+      # Do not allow non-required aliases.
+      # Default: false
+      no-extra-aliases: false
+      # List of aliases
+      # Default: []
+      alias:
+        - pkg: github.com/deckhouse/virtualization/api/core/v1alpha2
+          alias: ""
+        - pkg: github.com/deckhouse/virtualization/api/subresources/v1alpha2
+          alias: subv1alpha2
+        - pkg: kubevirt.io/api/core/v1
+          alias: virtv1
+        - pkg: k8s.io/api/core/v1
+          alias: corev1
+        - pkg: k8s.io/api/authentication/v1
+          alias: authnv1
+        - pkg: k8s.io/api/storage/v1
+          alias: storagev1
+        - pkg: k8s.io/api/networking/v1
+          alias: netv1
+        - pkg: k8s.io/api/policy/v1
+          alias: policyv1
+        - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
+          alias: metav1
+        - pkg: k8s.io/api/resource/v1
+          alias: resourcev1
diff --git a/images/dvcr-artifact/Taskfile.dist.yaml b/images/dvcr-artifact/Taskfile.dist.yaml
index d6e4e6a51a..67fbf1c2e4 100644
--- a/images/dvcr-artifact/Taskfile.dist.yaml
+++ b/images/dvcr-artifact/Taskfile.dist.yaml
@@ -80,7 +80,7 @@ tasks:
       - _ensure:golangci-lint
     cmds:
       - |
-        golangci-lint run --sort-results
+        golangci-lint run
 
   _ensure:golangci-lint:
     desc: "Ensure golangci-lint is available"
diff --git a/images/hooks/.golangci.yaml b/images/hooks/.golangci.yaml
index 6ca090e460..41db9929a5 100644
--- a/images/hooks/.golangci.yaml
+++ b/images/hooks/.golangci.yaml
@@ -1,101 +1,61 @@
+# https://golangci-lint.run/usage/configuration/
+version: "2"
+
 run:
   concurrency: 4
   timeout: 10m
+
 issues:
   # Show all errors.
   max-issues-per-linter: 0
   max-same-issues: 0
   exclude:
     - "don't use an underscore in package name"
-    - "should not use underscores in package names"
+
 output:
   sort-results: true
 
-exclude-files:
-  - "^zz_generated.*"
+exclusions:
+  paths:
+    - "^zz_generated.*"
 
-linters-settings:
-  gofumpt:
-    extra-rules: true
-  gci:
-    sections:
-      - standard
-      - default
-      - localmodule
-      - prefix(github.com/deckhouse/)
-  goimports:
-    local-prefixes: github.com/deckhouse/
-  errcheck:
-    exclude-functions: fmt:.*,[rR]ead|[wW]rite|[cC]lose,io:Copy
-  revive:
-    rules:
-      - name: dot-imports
-        disabled: true
-  nolintlint:
-    # Exclude following linters from requiring an explanation.
-    # Default: []
-    allow-no-explanation: [funlen, gocognit, lll]
-    # Enable to require an explanation of nonzero length after each nolint directive.
-    # Default: false
-    require-explanation: true
-    # Enable to require nolint directives to mention the specific linter being suppressed.
-    # Default: false
-    require-specific: true
-  importas:
-    # Do not allow unaliased imports of aliased packages.
-    # Default: false
-    no-unaliased: true
-    # Do not allow non-required aliases.
-    # Default: false
-    no-extra-aliases: false
-    # List of aliases
-    # Default: []
-    alias:
-      - pkg: github.com/deckhouse/virtualization/api/core/v1alpha2
-        alias: ""
-      - pkg: github.com/deckhouse/virtualization/api/subresources/v1alpha2
-        alias: subv1alpha2
-      - pkg: kubevirt.io/api/core/v1
-        alias: virtv1
-      - pkg: k8s.io/api/core/v1
-        alias: corev1
-      - pkg: k8s.io/api/authentication/v1
-        alias: authnv1
-      - pkg: k8s.io/api/storage/v1
-        alias: storagev1
-      - pkg: k8s.io/api/networking/v1
-        alias: netv1
-      - pkg: k8s.io/api/policy/v1
-        alias: policyv1
-      - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
-        alias: metav1
+formatters:
+  enable:
+    - gci
+    - gofmt
+    - gofumpt
+    - goimports
+  settings:
+    gci:
+      sections:
+        - standard
+        - default
+        - prefix(github.com/deckhouse/)
+    gofumpt:
+      extra-rules: true
+    goimports:
+      local-prefixes: github.com/deckhouse/
 
 linters:
-  disable-all: true
+  default: none
   enable:
     - asciicheck # checks that your code does not contain non-ASCII identifiers
     - bidichk # checks for dangerous unicode character sequences
     - bodyclose # checks whether HTTP response body is closed successfully
-    - contextcheck # [maby too many false positives] checks the function whether use a non-inherited context
+    - contextcheck # [maybe too many false positives] checks the function whether use a non-inherited context
     - dogsled # checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
     - errcheck # checking for unchecked errors, these unchecked errors can be critical bugs in some cases
     - errname # checks that sentinel errors are prefixed with the Err and error types are suffixed with the Error
     - errorlint # finds code that will cause problems with the error wrapping scheme introduced in Go 1.13
     - copyloopvar # detects places where loop variables are copied (Go 1.22+)
-    - gofmt # [replaced by goimports] checks whether code was gofmt-ed
-    - gofumpt # [replaced by goimports, gofumports is not available yet] checks whether code was gofumpt-ed
     - gocritic # provides diagnostics that check for bugs, performance and style issues
-    - goimports # in addition to fixing imports, goimports also formats your code in the same style as gofmt
-    - gosimple # specializes in simplifying a code
     - govet # reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
     - ineffassign # detects when assignments to existing variables are not used
     - misspell # finds commonly misspelled English words in comments
     - nolintlint # reports ill-formed or insufficient nolint directives
-    - reassign # Checks that package variables are not reassigned.
+    - reassign # checks that package variables are not reassigned
     - revive # fast, configurable, extensible, flexible, and beautiful linter for Go, drop-in replacement of golint
-    - stylecheck # is a replacement for golint
     - staticcheck # is a go vet on steroids, applying a ton of static analysis checks
-    - typecheck # like the front-end of a Go compiler, parses and type-checks Go code
     - testifylint # checks usage of github.com/stretchr/testify
     - unconvert # removes unnecessary type conversions
     - unparam # reports unused function parameters
@@ -105,5 +65,68 @@ linters:
     - thelper # detects golang test helpers without t.Helper() call and checks the consistency of test helpers
     - tparallel # detects inappropriate usage of t.Parallel() method in your Go test codes
     - whitespace # detects leading and trailing whitespace
-    - wastedassign # Finds wasted assignment statements.
+    - wastedassign # finds wasted assignment statements
     - importas # checks import aliases against the configured convention
+  settings:
+    errcheck:
+      exclude-functions:
+        - "(*os.File).Close"
+        - "(*net.TCPConn).Close"
+        - "(io.ReadCloser).Close"
+        - "(net.Listener).Close"
+        - "(net.Conn).Close"
+        - "(net.Conn).Close"
+        - "(*golang.org/x/crypto/ssh.Session).Close"
+        - "(*github.com/fsnotify/fsnotify.Watcher).Close"
+    staticcheck:
+      dot-import-whitelist:
+        - github.com/onsi/ginkgo/v2
+        - github.com/onsi/gomega
+    revive:
+      rules:
+        - name: dot-imports
+          disabled: true
+        - name: exported
+          disabled: true
+        - name: package-comments
+          disabled: true
+    nolintlint:
+      # Exclude following linters from requiring an explanation.
+      # Default: []
+      allow-no-explanation: [funlen, gocognit, lll]
+      # Enable to require an explanation of nonzero length after each nolint directive.
+      # Default: false
+      require-explanation: true
+      # Enable to require nolint directives to mention the specific linter being suppressed.
+      # Default: false
+      require-specific: true
+    importas:
+      # Do not allow unaliased imports of aliased packages.
+      # Default: false
+      no-unaliased: true
+      # Do not allow non-required aliases.
+      # Default: false
+      no-extra-aliases: false
+      # List of aliases
+      # Default: []
+      alias:
+        - pkg: github.com/deckhouse/virtualization/api/core/v1alpha2
+          alias: ""
+        - pkg: github.com/deckhouse/virtualization/api/subresources/v1alpha2
+          alias: subv1alpha2
+        - pkg: kubevirt.io/api/core/v1
+          alias: virtv1
+        - pkg: k8s.io/api/core/v1
+          alias: corev1
+        - pkg: k8s.io/api/authentication/v1
+          alias: authnv1
+        - pkg: k8s.io/api/storage/v1
+          alias: storagev1
+        - pkg: k8s.io/api/networking/v1
+          alias: netv1
+        - pkg: k8s.io/api/policy/v1
+          alias: policyv1
+        - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
+          alias: metav1
+        - pkg: k8s.io/api/resource/v1
+          alias: resourcev1
diff --git a/images/hooks/Taskfile.yaml b/images/hooks/Taskfile.yaml
index c5e28b018a..06a62d0175 100644
--- a/images/hooks/Taskfile.yaml
+++ b/images/hooks/Taskfile.yaml
@@ -25,12 +25,17 @@ tasks:
         golangci-lint run
 
   _ensure:golangci-lint:
-    desc: "Ensure golangci-lint is available"
+    desc: "Ensure golangci-lint v2+ is available"
     internal: true
     cmds:
       - |
-        echo -e >&2 "Please install golangci-lint https://golangci-lint.run/usage/install/"
-        exit 1
-    status:
-      - |
-        [ -f ./golangci-lint ] || which golangci-lint
+        GOLANGCI_LINT_MIN_VERSION="2.0"
+        if ! command -v golangci-lint &> /dev/null; then
+          echo "Installing golangci-lint..."
+          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin
+        fi
+        CURRENT_VERSION=$(golangci-lint --version 2>/dev/null | grep -oP 'version \K[0-9]+\.[0-9]+' || echo "0.0")
+        if [ "$(printf '%s\n' "$GOLANGCI_LINT_MIN_VERSION" "$CURRENT_VERSION" | sort -V | head -n1)" != "$GOLANGCI_LINT_MIN_VERSION" ]; then
+          echo "Upgrading golangci-lint from $CURRENT_VERSION to $GOLANGCI_LINT_MIN_VERSION+"
+          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin
+        fi
diff --git a/images/hooks/cmd/module-config-reporter/main.go b/images/hooks/cmd/module-config-reporter/main.go
index 8c1b414588..3728b95c30 100644
--- a/images/hooks/cmd/module-config-reporter/main.go
+++ b/images/hooks/cmd/module-config-reporter/main.go
@@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-     http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/images/hooks/cmd/virtualization-module-hooks/register.go b/images/hooks/cmd/virtualization-module-hooks/register.go
index f4143973cb..82ee44f172 100644
--- a/images/hooks/cmd/virtualization-module-hooks/register.go
+++ b/images/hooks/cmd/virtualization-module-hooks/register.go
@@ -17,10 +17,9 @@ limitations under the License.
 package main
 
 import (
-	_ "hooks/pkg/hooks/discover-kube-apiserver-feature-gates"
-
 	_ "hooks/pkg/hooks/ca-discovery"
 	_ "hooks/pkg/hooks/copy-custom-certificate"
+	_ "hooks/pkg/hooks/discover-kube-apiserver-feature-gates"
 	_ "hooks/pkg/hooks/discovery-clusterip-service-for-dvcr"
 	_ "hooks/pkg/hooks/discovery-workload-nodes"
 	_ "hooks/pkg/hooks/dvcr-garbage-collection"
diff --git a/images/hooks/pkg/hooks/discover-kube-apiserver-feature-gates/hook.go b/images/hooks/pkg/hooks/discover-kube-apiserver-feature-gates/hook.go
index 4aaa571b47..f71f588a6e 100644
--- a/images/hooks/pkg/hooks/discover-kube-apiserver-feature-gates/hook.go
+++ b/images/hooks/pkg/hooks/discover-kube-apiserver-feature-gates/hook.go
@@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-     http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/images/hooks/pkg/hooks/discovery-clusterip-service-for-dvcr/hook.go b/images/hooks/pkg/hooks/discovery-clusterip-service-for-dvcr/hook.go
index 6aa4cdfc2e..a7b7440338 100644
--- a/images/hooks/pkg/hooks/discovery-clusterip-service-for-dvcr/hook.go
+++ b/images/hooks/pkg/hooks/discovery-clusterip-service-for-dvcr/hook.go
@@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-     http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/images/hooks/pkg/hooks/discovery-workload-nodes/hook.go b/images/hooks/pkg/hooks/discovery-workload-nodes/hook.go
index d2c89d9239..3ea0789f72 100644
--- a/images/hooks/pkg/hooks/discovery-workload-nodes/hook.go
+++ b/images/hooks/pkg/hooks/discovery-workload-nodes/hook.go
@@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-     http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/images/hooks/pkg/hooks/dvcr-garbage-collection/hook.go b/images/hooks/pkg/hooks/dvcr-garbage-collection/hook.go
index 7e85c958ad..3913e7bddf 100644
--- a/images/hooks/pkg/hooks/dvcr-garbage-collection/hook.go
+++ b/images/hooks/pkg/hooks/dvcr-garbage-collection/hook.go
@@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-     http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/images/hooks/pkg/hooks/generate-secret-for-dvcr/hook.go b/images/hooks/pkg/hooks/generate-secret-for-dvcr/hook.go
index 28a8ecf72f..9aa77ff10a 100644
--- a/images/hooks/pkg/hooks/generate-secret-for-dvcr/hook.go
+++ b/images/hooks/pkg/hooks/generate-secret-for-dvcr/hook.go
@@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-     http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -26,7 +26,6 @@ import (
 	"time"
 
 	"golang.org/x/crypto/bcrypt"
-
 	"k8s.io/utils/ptr"
 
 	"github.com/deckhouse/module-sdk/pkg"
diff --git a/images/hooks/pkg/hooks/install-vmclass-generic/hook.go b/images/hooks/pkg/hooks/install-vmclass-generic/hook.go
index f275444d65..dc46bb8dd1 100644
--- a/images/hooks/pkg/hooks/install-vmclass-generic/hook.go
+++ b/images/hooks/pkg/hooks/install-vmclass-generic/hook.go
@@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-     http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/images/hooks/pkg/hooks/migrate-virthandler-kvm-node-labels/hook.go b/images/hooks/pkg/hooks/migrate-virthandler-kvm-node-labels/hook.go
index 919325516f..fd680c38ea 100644
--- a/images/hooks/pkg/hooks/migrate-virthandler-kvm-node-labels/hook.go
+++ b/images/hooks/pkg/hooks/migrate-virthandler-kvm-node-labels/hook.go
@@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-     http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/images/hooks/pkg/hooks/parallel-outbound-migrations-per-node/hook.go b/images/hooks/pkg/hooks/parallel-outbound-migrations-per-node/hook.go
index 3f4857b71a..27fae88b07 100644
--- a/images/hooks/pkg/hooks/parallel-outbound-migrations-per-node/hook.go
+++ b/images/hooks/pkg/hooks/parallel-outbound-migrations-per-node/hook.go
@@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-     http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/images/hooks/pkg/hooks/tls-certificates-api-proxy/main.go b/images/hooks/pkg/hooks/tls-certificates-api-proxy/main.go
index 49388c97ff..350d39f766 100644
--- a/images/hooks/pkg/hooks/tls-certificates-api-proxy/main.go
+++ b/images/hooks/pkg/hooks/tls-certificates-api-proxy/main.go
@@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-     http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/images/hooks/pkg/hooks/tls-certificates-audit/hook.go b/images/hooks/pkg/hooks/tls-certificates-audit/hook.go
index 52c50caf5a..3bb1fe05d4 100644
--- a/images/hooks/pkg/hooks/tls-certificates-audit/hook.go
+++ b/images/hooks/pkg/hooks/tls-certificates-audit/hook.go
@@ -12,10 +12,11 @@ import (
 	"context"
 	"fmt"
 
+	"hooks/pkg/settings"
+
 	tlscertificate "github.com/deckhouse/module-sdk/common-hooks/tls-certificate"
 	"github.com/deckhouse/module-sdk/pkg"
 	"github.com/deckhouse/module-sdk/pkg/registry"
-	"hooks/pkg/settings"
 )
 
 var conf = tlscertificate.GenSelfSignedTLSHookConf{
diff --git a/images/hooks/pkg/hooks/tls-certificates-controller/hook.go b/images/hooks/pkg/hooks/tls-certificates-controller/hook.go
index 3b2ce83c49..6251c166eb 100644
--- a/images/hooks/pkg/hooks/tls-certificates-controller/hook.go
+++ b/images/hooks/pkg/hooks/tls-certificates-controller/hook.go
@@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-     http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/images/hooks/pkg/hooks/tls-certificates-dvcr/hook.go b/images/hooks/pkg/hooks/tls-certificates-dvcr/hook.go
index f452d0069b..e2e13368c3 100644
--- a/images/hooks/pkg/hooks/tls-certificates-dvcr/hook.go
+++ b/images/hooks/pkg/hooks/tls-certificates-dvcr/hook.go
@@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-     http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/images/hooks/pkg/hooks/validate-module-config/hook.go b/images/hooks/pkg/hooks/validate-module-config/hook.go
index 052a64791e..06040cc27d 100644
--- a/images/hooks/pkg/hooks/validate-module-config/hook.go
+++ b/images/hooks/pkg/hooks/validate-module-config/hook.go
@@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-     http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/images/hooks/pkg/hooks/validate-module-config/hook_test.go b/images/hooks/pkg/hooks/validate-module-config/hook_test.go
index e2cd68b3c5..24f5d23f49 100644
--- a/images/hooks/pkg/hooks/validate-module-config/hook_test.go
+++ b/images/hooks/pkg/hooks/validate-module-config/hook_test.go
@@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-     http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -25,7 +25,6 @@ import (
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	"github.com/tidwall/gjson"
-
 	corev1 "k8s.io/api/core/v1"
 
 	"github.com/deckhouse/deckhouse/pkg/log"
diff --git a/images/hooks/pkg/readiness/probe.go b/images/hooks/pkg/readiness/probe.go
index 2b8d93f06d..57a637f1d3 100644
--- a/images/hooks/pkg/readiness/probe.go
+++ b/images/hooks/pkg/readiness/probe.go
@@ -5,7 +5,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-     http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/images/virtualization-artifact/.golangci.yaml b/images/virtualization-artifact/.golangci.yaml
index 1be21e2a37..41db9929a5 100644
--- a/images/virtualization-artifact/.golangci.yaml
+++ b/images/virtualization-artifact/.golangci.yaml
@@ -1,100 +1,61 @@
+# https://golangci-lint.run/usage/configuration/
+version: "2"
+
 run:
   concurrency: 4
   timeout: 10m
+
 issues:
   # Show all errors.
   max-issues-per-linter: 0
   max-same-issues: 0
   exclude:
     - "don't use an underscore in package name"
+
 output:
   sort-results: true
 
-exclude-files:
-  - "^zz_generated.*"
+exclusions:
+  paths:
+    - "^zz_generated.*"
 
-linters-settings:
-  gofumpt:
-    extra-rules: true
-  gci:
-    sections:
-      - standard
-      - default
-      - prefix(github.com/deckhouse/)
-  goimports:
-    local-prefixes: github.com/deckhouse/
-  errcheck:
-    exclude-functions: fmt:.*,[rR]ead|[wW]rite|[cC]lose,io:Copy
-  revive:
-    rules:
-      - name: dot-imports
-        disabled: true
-  nolintlint:
-    # Exclude following linters from requiring an explanation.
-    # Default: []
-    allow-no-explanation: [funlen, gocognit, lll]
-    # Enable to require an explanation of nonzero length after each nolint directive.
-    # Default: false
-    require-explanation: true
-    # Enable to require nolint directives to mention the specific linter being suppressed.
-    # Default: false
-    require-specific: true
-  importas:
-    # Do not allow unaliased imports of aliased packages.
-    # Default: false
-    no-unaliased: true
-    # Do not allow non-required aliases.
-    # Default: false
-    no-extra-aliases: false
-    # List of aliases
-    # Default: []
-    alias:
-      - pkg: github.com/deckhouse/virtualization/api/core/v1alpha2
-        alias: ""
-      - pkg: github.com/deckhouse/virtualization/api/subresources/v1alpha2
-        alias: subv1alpha2
-      - pkg: kubevirt.io/api/core/v1
-        alias: virtv1
-      - pkg: k8s.io/api/core/v1
-        alias: corev1
-      - pkg: k8s.io/api/authentication/v1
-        alias: authnv1
-      - pkg: k8s.io/api/storage/v1
-        alias: storagev1
-      - pkg: k8s.io/api/networking/v1
-        alias: netv1
-      - pkg: k8s.io/api/policy/v1
-        alias: policyv1
-      - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
-        alias: metav1
+formatters:
+  enable:
+    - gci
+    - gofmt
+    - gofumpt
+    - goimports
+  settings:
+    gci:
+      sections:
+        - standard
+        - default
+        - prefix(github.com/deckhouse/)
+    gofumpt:
+      extra-rules: true
+    goimports:
+      local-prefixes: github.com/deckhouse/
 
 linters:
-  disable-all: true
+  default: none
   enable:
     - asciicheck # checks that your code does not contain non-ASCII identifiers
     - bidichk # checks for dangerous unicode character sequences
     - bodyclose # checks whether HTTP response body is closed successfully
-    - contextcheck # [maby too many false positives] checks the function whether use a non-inherited context
+    - contextcheck # [maybe too many false positives] checks the function whether use a non-inherited context
     - dogsled # checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
     - errcheck # checking for unchecked errors, these unchecked errors can be critical bugs in some cases
     - errname # checks that sentinel errors are prefixed with the Err and error types are suffixed with the Error
     - errorlint # finds code that will cause problems with the error wrapping scheme introduced in Go 1.13
     - copyloopvar # detects places where loop variables are copied (Go 1.22+)
-    - gci # controls golang package import order and makes it always deterministic
     - gocritic # provides diagnostics that check for bugs, performance and style issues
-    - gofmt # [replaced by goimports] checks whether code was gofmt-ed
-    - gofumpt # [replaced by goimports, gofumports is not available yet] checks whether code was gofumpt-ed
-    - goimports # in addition to fixing imports, goimports also formats your code in the same style as gofmt
-    - gosimple # specializes in simplifying a code
     - govet # reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
     - ineffassign # detects when assignments to existing variables are not used
     - misspell # finds commonly misspelled English words in comments
     - nolintlint # reports ill-formed or insufficient nolint directives
-    - reassign # Checks that package variables are not reassigned.
+    - reassign # checks that package variables are not reassigned
     - revive # fast, configurable, extensible, flexible, and beautiful linter for Go, drop-in replacement of golint
-    - stylecheck # is a replacement for golint
     - staticcheck # is a go vet on steroids, applying a ton of static analysis checks
-    - typecheck # like the front-end of a Go compiler, parses and type-checks Go code
     - testifylint # checks usage of github.com/stretchr/testify
     - unconvert # removes unnecessary type conversions
     - unparam # reports unused function parameters
@@ -104,5 +65,68 @@ linters:
     - thelper # detects golang test helpers without t.Helper() call and checks the consistency of test helpers
     - tparallel # detects inappropriate usage of t.Parallel() method in your Go test codes
     - whitespace # detects leading and trailing whitespace
-    - wastedassign # Finds wasted assignment statements.
+    - wastedassign # finds wasted assignment statements
     - importas # checks import aliases against the configured convention
+  settings:
+    errcheck:
+      exclude-functions:
+        - "(*os.File).Close"
+        - "(*net.TCPConn).Close"
+        - "(io.ReadCloser).Close"
+        - "(net.Listener).Close"
+        - "(net.Conn).Close"
+        - "(net.Conn).Close"
+        - "(*golang.org/x/crypto/ssh.Session).Close"
+        - "(*github.com/fsnotify/fsnotify.Watcher).Close"
+    staticcheck:
+      dot-import-whitelist:
+        - github.com/onsi/ginkgo/v2
+        - github.com/onsi/gomega
+    revive:
+      rules:
+        - name: dot-imports
+          disabled: true
+        - name: exported
+          disabled: true
+        - name: package-comments
+          disabled: true
+    nolintlint:
+      # Exclude following linters from requiring an explanation.
+      # Default: []
+      allow-no-explanation: [funlen, gocognit, lll]
+      # Enable to require an explanation of nonzero length after each nolint directive.
+      # Default: false
+      require-explanation: true
+      # Enable to require nolint directives to mention the specific linter being suppressed.
+      # Default: false
+      require-specific: true
+    importas:
+      # Do not allow unaliased imports of aliased packages.
+      # Default: false
+      no-unaliased: true
+      # Do not allow non-required aliases.
+      # Default: false
+      no-extra-aliases: false
+      # List of aliases
+      # Default: []
+      alias:
+        - pkg: github.com/deckhouse/virtualization/api/core/v1alpha2
+          alias: ""
+        - pkg: github.com/deckhouse/virtualization/api/subresources/v1alpha2
+          alias: subv1alpha2
+        - pkg: kubevirt.io/api/core/v1
+          alias: virtv1
+        - pkg: k8s.io/api/core/v1
+          alias: corev1
+        - pkg: k8s.io/api/authentication/v1
+          alias: authnv1
+        - pkg: k8s.io/api/storage/v1
+          alias: storagev1
+        - pkg: k8s.io/api/networking/v1
+          alias: netv1
+        - pkg: k8s.io/api/policy/v1
+          alias: policyv1
+        - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
+          alias: metav1
+        - pkg: k8s.io/api/resource/v1
+          alias: resourcev1
diff --git a/images/virtualization-artifact/Taskfile.yaml b/images/virtualization-artifact/Taskfile.yaml
index 122ad42a16..e167e48f57 100644
--- a/images/virtualization-artifact/Taskfile.yaml
+++ b/images/virtualization-artifact/Taskfile.yaml
@@ -65,7 +65,10 @@ tasks:
       - _ensure:golangci-lint
     cmds:
       - |
-        golangci-lint run
+        export TMPDIR="$PWD/.tmp"
+        export GOTMPDIR="$PWD/.tmp"
+        mkdir -p "$TMPDIR"
+        golangci-lint run --allow-parallel-runners
 
   mirrord:run:controller:
     desc: "Run local virtualization-controller in cluster using a mirrord"
@@ -192,15 +195,20 @@ tasks:
       - which crane >/dev/null
 
   _ensure:golangci-lint:
-    desc: "Ensure golangci-lint is available"
+    desc: "Ensure golangci-lint v2+ is available"
     internal: true
     cmds:
       - |
-        echo -e >&2 "Please install golangci-lint https://golangci-lint.run/usage/install/"
-        exit 1
-    status:
-      - |
-        [ -f ./golangci-lint ] || which golangci-lint
+        GOLANGCI_LINT_MIN_VERSION="2.0"
+        if ! command -v golangci-lint &> /dev/null; then
+          echo "Installing golangci-lint..."
+          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin
+        fi
+        CURRENT_VERSION=$(golangci-lint --version 2>/dev/null | grep -oP 'version \K[0-9]+\.[0-9]+' || echo "0.0")
+        if [ "$(printf '%s\n' "$GOLANGCI_LINT_MIN_VERSION" "$CURRENT_VERSION" | sort -V | head -n1)" != "$GOLANGCI_LINT_MIN_VERSION" ]; then
+          echo "Upgrading golangci-lint from $CURRENT_VERSION to $GOLANGCI_LINT_MIN_VERSION+"
+          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin
+        fi
 
   _ensure:mirrord:
     desc: "Ensure mirrord tool is installed"
diff --git a/images/virtualization-artifact/pkg/audit/events/forbid/forbid_test.go b/images/virtualization-artifact/pkg/audit/events/forbid/forbid_test.go
index 94d0906873..b23e4f0d1b 100644
--- a/images/virtualization-artifact/pkg/audit/events/forbid/forbid_test.go
+++ b/images/virtualization-artifact/pkg/audit/events/forbid/forbid_test.go
@@ -93,7 +93,7 @@ var _ = Describe("Forbid Events", func() {
 			}
 
 			fakeClient := fake.NewSimpleClientset()
-			fakeClient.Fake.PrependReactor("create", "subjectaccessreviews", func(action kubetesting.Action) (
+			fakeClient.PrependReactor("create", "subjectaccessreviews", func(action kubetesting.Action) (
 				handled bool,
 				ret runtime.Object,
 				err error,
diff --git a/images/virtualization-artifact/pkg/common/array/array.go b/images/virtualization-artifact/pkg/common/array/array.go
index 4a4b05075d..249670a207 100644
--- a/images/virtualization-artifact/pkg/common/array/array.go
+++ b/images/virtualization-artifact/pkg/common/array/array.go
@@ -36,7 +36,7 @@ func SetArrayElem[T any](elems []T, newElem T, matchFunc func(v1, v2 T) bool, re
 	if !isFound {
 		res = append(res, newElem)
 	}
-	return
+	return res
 }
 
 type FilterFunc[T any] func(obj *T) (keep bool)
diff --git a/images/virtualization-artifact/pkg/common/pointer/pointer.go b/images/virtualization-artifact/pkg/common/pointer/pointer.go
index 07280eb87a..18ac88c6f0 100644
--- a/images/virtualization-artifact/pkg/common/pointer/pointer.go
+++ b/images/virtualization-artifact/pkg/common/pointer/pointer.go
@@ -25,7 +25,7 @@ func ToPointersArray[T any](items []T) (res []*T) {
 	for _, item := range items {
 		res = append(res, GetPointer(item))
 	}
-	return
+	return res
 }
 
 func GetPointer[T any](obj T) *T {
diff --git a/images/virtualization-artifact/pkg/controller/cvi/internal/source/http.go b/images/virtualization-artifact/pkg/controller/cvi/internal/source/http.go
index 6fd6288e03..d6b105c4b8 100644
--- a/images/virtualization-artifact/pkg/controller/cvi/internal/source/http.go
+++ b/images/virtualization-artifact/pkg/controller/cvi/internal/source/http.go
@@ -73,7 +73,7 @@ func (ds HTTPDataSource) Sync(ctx context.Context, cvi *v1alpha2.ClusterVirtualI
 	cb := conditions.NewConditionBuilder(cvicondition.ReadyType).Generation(cvi.Generation)
 	defer func() {
 		// It is necessary to avoid setting unknown for the ready condition if it was already set to true.
-		if !(cb.Condition().Status == metav1.ConditionUnknown && condition.Status == metav1.ConditionTrue) {
+		if cb.Condition().Status != metav1.ConditionUnknown || condition.Status != metav1.ConditionTrue {
 			conditions.SetCondition(cb, &cvi.Status.Conditions)
 		}
 	}()
diff --git a/images/virtualization-artifact/pkg/controller/cvi/internal/source/object_ref.go b/images/virtualization-artifact/pkg/controller/cvi/internal/source/object_ref.go
index b9f0531ba2..a2d6dc4c5d 100644
--- a/images/virtualization-artifact/pkg/controller/cvi/internal/source/object_ref.go
+++ b/images/virtualization-artifact/pkg/controller/cvi/internal/source/object_ref.go
@@ -90,7 +90,7 @@ func (ds ObjectRefDataSource) Sync(ctx context.Context, cvi *v1alpha2.ClusterVir
 	cb := conditions.NewConditionBuilder(cvicondition.ReadyType).Generation(cvi.Generation)
 	defer func() {
 		// It is necessary to avoid setting unknown for the ready condition if it was already set to true.
-		if !(cb.Condition().Status == metav1.ConditionUnknown && condition.Status == metav1.ConditionTrue) {
+		if cb.Condition().Status != metav1.ConditionUnknown || condition.Status != metav1.ConditionTrue {
 			conditions.SetCondition(cb, &cvi.Status.Conditions)
 		}
 	}()
diff --git a/images/virtualization-artifact/pkg/controller/cvi/internal/source/registry.go b/images/virtualization-artifact/pkg/controller/cvi/internal/source/registry.go
index 06495f18e5..f3566eba60 100644
--- a/images/virtualization-artifact/pkg/controller/cvi/internal/source/registry.go
+++ b/images/virtualization-artifact/pkg/controller/cvi/internal/source/registry.go
@@ -78,7 +78,7 @@ func (ds RegistryDataSource) Sync(ctx context.Context, cvi *v1alpha2.ClusterVirt
 	cb := conditions.NewConditionBuilder(cvicondition.ReadyType).Generation(cvi.Generation)
 	defer func() {
 		// It is necessary to avoid setting unknown for the ready condition if it was already set to true.
-		if !(cb.Condition().Status == metav1.ConditionUnknown && condition.Status == metav1.ConditionTrue) {
+		if cb.Condition().Status != metav1.ConditionUnknown || condition.Status != metav1.ConditionTrue {
 			conditions.SetCondition(cb, &cvi.Status.Conditions)
 		}
 	}()
diff --git a/images/virtualization-artifact/pkg/controller/cvi/internal/source/upload.go b/images/virtualization-artifact/pkg/controller/cvi/internal/source/upload.go
index e94dc830bb..dbbb968549 100644
--- a/images/virtualization-artifact/pkg/controller/cvi/internal/source/upload.go
+++ b/images/virtualization-artifact/pkg/controller/cvi/internal/source/upload.go
@@ -73,7 +73,7 @@ func (ds UploadDataSource) Sync(ctx context.Context, cvi *v1alpha2.ClusterVirtua
 	cb := conditions.NewConditionBuilder(cvicondition.ReadyType).Generation(cvi.Generation)
 	defer func() {
 		// It is necessary to avoid setting unknown for the ready condition if it was already set to true.
-		if !(cb.Condition().Status == metav1.ConditionUnknown && condition.Status == metav1.ConditionTrue) {
+		if cb.Condition().Status != metav1.ConditionUnknown || condition.Status != metav1.ConditionTrue {
 			conditions.SetCondition(cb, &cvi.Status.Conditions)
 		}
 	}()
diff --git a/images/virtualization-artifact/pkg/controller/cvi/internal/watcher/vdsnapshot_watcher.go b/images/virtualization-artifact/pkg/controller/cvi/internal/watcher/vdsnapshot_watcher.go
index 58591441ee..849ffb0e07 100644
--- a/images/virtualization-artifact/pkg/controller/cvi/internal/watcher/vdsnapshot_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/cvi/internal/watcher/vdsnapshot_watcher.go
@@ -76,7 +76,7 @@ func (w VirtualDiskSnapshotWatcher) enqueueRequests(ctx context.Context, vdSnaps
 	})
 	if err != nil {
 		w.logger.Error(fmt.Sprintf("failed to list cluster virtual images: %s", err))
-		return
+		return requests
 	}
 
 	for _, cvi := range cvis.Items {
@@ -92,7 +92,7 @@ func (w VirtualDiskSnapshotWatcher) enqueueRequests(ctx context.Context, vdSnaps
 		})
 	}
 
-	return
+	return requests
 }
 
 func isSnapshotDataSource(ds v1alpha2.ClusterVirtualImageDataSource, vdSnapshot metav1.Object) bool {
diff --git a/images/virtualization-artifact/pkg/controller/cvi/internal/watcher/virtualdisk_watcher.go b/images/virtualization-artifact/pkg/controller/cvi/internal/watcher/virtualdisk_watcher.go
index a47aa9751b..7db21c3d53 100644
--- a/images/virtualization-artifact/pkg/controller/cvi/internal/watcher/virtualdisk_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/cvi/internal/watcher/virtualdisk_watcher.go
@@ -76,7 +76,7 @@ func (w *VirtualDiskWatcher) enqueueRequestsFromVDs(ctx context.Context, vd *v1a
 	err := w.client.List(ctx, &cviList, &client.ListOptions{})
 	if err != nil {
 		slog.Default().Error(fmt.Sprintf("failed to list cvi: %s", err))
-		return
+		return requests
 	}
 
 	for _, cvi := range cviList.Items {
@@ -95,5 +95,5 @@ func (w *VirtualDiskWatcher) enqueueRequestsFromVDs(ctx context.Context, vd *v1a
 		})
 	}
 
-	return
+	return requests
 }
diff --git a/images/virtualization-artifact/pkg/controller/gc/fake.go b/images/virtualization-artifact/pkg/controller/gc/fake.go
index 78de851b29..9358cd645f 100644
--- a/images/virtualization-artifact/pkg/controller/gc/fake.go
+++ b/images/virtualization-artifact/pkg/controller/gc/fake.go
@@ -67,7 +67,7 @@ type FakeObject struct {
 func (f FakeObject) DeepCopyObject() runtime.Object {
 	return &FakeObject{
 		TypeMeta:   f.TypeMeta,
-		ObjectMeta: *f.ObjectMeta.DeepCopy(),
+		ObjectMeta: *f.DeepCopy(),
 		RefObject:  f.RefObject,
 		Phase:      f.Phase,
 	}
@@ -91,7 +91,7 @@ func (f *FakeObjectList) DeepCopyObject() runtime.Object {
 
 	return &FakeObjectList{
 		TypeMeta: f.TypeMeta,
-		ListMeta: *f.ListMeta.DeepCopy(),
+		ListMeta: *f.DeepCopy(),
 		Items:    items,
 	}
 }
diff --git a/images/virtualization-artifact/pkg/controller/kvbuilder/kvvm.go b/images/virtualization-artifact/pkg/controller/kvbuilder/kvvm.go
index 606fae973b..5a459f5e71 100644
--- a/images/virtualization-artifact/pkg/controller/kvbuilder/kvvm.go
+++ b/images/virtualization-artifact/pkg/controller/kvbuilder/kvvm.go
@@ -574,7 +574,7 @@ func (b *KVVM) SetNetworkInterface(name, macAddress string) {
 		Name:  name,
 		Model: devPreset.InterfaceModel,
 	}
-	iface.InterfaceBindingMethod.Bridge = &virtv1.InterfaceBridge{}
+	iface.Bridge = &virtv1.InterfaceBridge{}
 	if macAddress != "" {
 		iface.MacAddress = macAddress
 	}
diff --git a/images/virtualization-artifact/pkg/controller/reconciler/resource.go b/images/virtualization-artifact/pkg/controller/reconciler/resource.go
index 104630318a..3507722c04 100644
--- a/images/virtualization-artifact/pkg/controller/reconciler/resource.go
+++ b/images/virtualization-artifact/pkg/controller/reconciler/resource.go
@@ -71,7 +71,7 @@ func (r *Resource[T, ST]) getObjStatus(obj T) (ret ST) {
 	if obj != r.emptyObj {
 		ret = r.objStatusGetter(obj)
 	}
-	return
+	return ret
 }
 
 func (r *Resource[T, ST]) Name() types.NamespacedName {
diff --git a/images/virtualization-artifact/pkg/controller/service/disk_service.go b/images/virtualization-artifact/pkg/controller/service/disk_service.go
index 03827c74b2..5df183bc2e 100644
--- a/images/virtualization-artifact/pkg/controller/service/disk_service.go
+++ b/images/virtualization-artifact/pkg/controller/service/disk_service.go
@@ -246,7 +246,7 @@ func (s DiskService) CleanUpSupplements(ctx context.Context, sup supplements.Gen
 		})
 
 		if len(pvc.OwnerReferences) != len(ownerReferences) {
-			pvc.ObjectMeta.OwnerReferences = ownerReferences
+			pvc.OwnerReferences = ownerReferences
 			err = s.client.Update(ctx, pvc)
 			if err != nil && !k8serrors.IsNotFound(err) {
 				return false, fmt.Errorf("update owner ref of pvc: %w", err)
diff --git a/images/virtualization-artifact/pkg/controller/service/protection_service.go b/images/virtualization-artifact/pkg/controller/service/protection_service.go
index a788dbdf7e..73b35ae6e2 100644
--- a/images/virtualization-artifact/pkg/controller/service/protection_service.go
+++ b/images/virtualization-artifact/pkg/controller/service/protection_service.go
@@ -126,7 +126,8 @@ func (s ProtectionService) GetFinalizer() string {
 }
 
 // MakeOwnerReference makes the owner reference for the controller without controller.
-// Deprecated: use MakeControllerOwnerReference instead.
+// Deprecated:
+// use MakeControllerOwnerReference instead.
 func MakeOwnerReference(owner client.Object) metav1.OwnerReference {
 	return metav1.OwnerReference{
 		APIVersion: owner.GetObjectKind().GroupVersionKind().GroupVersion().String(),
diff --git a/images/virtualization-artifact/pkg/controller/service/size_policy_service.go b/images/virtualization-artifact/pkg/controller/service/size_policy_service.go
index c31126cb2e..c6e4149600 100644
--- a/images/virtualization-artifact/pkg/controller/service/size_policy_service.go
+++ b/images/virtualization-artifact/pkg/controller/service/size_policy_service.go
@@ -199,7 +199,7 @@ func validateIsQuantized(value, min, max, step resource.Quantity, source string)
 		cmpRightResult := value.Cmp(grid[i+1])
 
 		if cmpLeftResult == common.CmpEqual || cmpRightResult == common.CmpEqual {
-			return
+			return err
 		} else if cmpLeftResult == common.CmpGreater && cmpRightResult == common.CmpLesser {
 			err = fmt.Errorf(
 				"requested %s does not match any available values, nearest valid values are [%s, %s]",
@@ -207,11 +207,11 @@ func validateIsQuantized(value, min, max, step resource.Quantity, source string)
 				grid[i].String(),
 				grid[i+1].String(),
 			)
-			return
+			return err
 		}
 	}
 
-	return
+	return err
 }
 
 func generateValidGrid(min, max, step resource.Quantity) []resource.Quantity {
diff --git a/images/virtualization-artifact/pkg/controller/supplements/copier/secret.go b/images/virtualization-artifact/pkg/controller/supplements/copier/secret.go
index 1b35c014aa..89257dfb3c 100644
--- a/images/virtualization-artifact/pkg/controller/supplements/copier/secret.go
+++ b/images/virtualization-artifact/pkg/controller/supplements/copier/secret.go
@@ -81,7 +81,7 @@ func (s Secret) makeSecret(data map[string][]byte, secretType corev1.SecretType)
 	}
 
 	if s.OwnerReference.Name != "" {
-		secret.ObjectMeta.OwnerReferences = []metav1.OwnerReference{
+		secret.OwnerReferences = []metav1.OwnerReference{
 			s.OwnerReference,
 		}
 	}
diff --git a/images/virtualization-artifact/pkg/controller/vd/internal/migration_test.go b/images/virtualization-artifact/pkg/controller/vd/internal/migration_test.go
index ed74b27256..c7fc88842b 100644
--- a/images/virtualization-artifact/pkg/controller/vd/internal/migration_test.go
+++ b/images/virtualization-artifact/pkg/controller/vd/internal/migration_test.go
@@ -489,5 +489,5 @@ func newEmptyPVC(name, namespace string) *corev1.PersistentVolumeClaim {
 }
 
 func withOwner(pvc *corev1.PersistentVolumeClaim, owner client.Object) {
-	pvc.ObjectMeta.OwnerReferences = []metav1.OwnerReference{service.MakeControllerOwnerReference(owner)}
+	pvc.OwnerReferences = []metav1.OwnerReference{service.MakeControllerOwnerReference(owner)}
 }
diff --git a/images/virtualization-artifact/pkg/controller/vd/internal/validator/storage_class_validator.go b/images/virtualization-artifact/pkg/controller/vd/internal/validator/storage_class_validator.go
index a5bc40521e..1be2a714cf 100644
--- a/images/virtualization-artifact/pkg/controller/vd/internal/validator/storage_class_validator.go
+++ b/images/virtualization-artifact/pkg/controller/vd/internal/validator/storage_class_validator.go
@@ -117,7 +117,7 @@ func (v *StorageClassValidator) validateTargetStorageClassForVolumeMigration(ctx
 		return err
 	}
 
-	if !(vm.Status.Phase == v1alpha2.MachineRunning || vm.Status.Phase == v1alpha2.MachineMigrating) {
+	if vm.Status.Phase != v1alpha2.MachineRunning && vm.Status.Phase != v1alpha2.MachineMigrating {
 		return fmt.Errorf("storage class cannot be changed unless the VirtualDisk is mounted to a running virtual machine")
 	}
 
diff --git a/images/virtualization-artifact/pkg/controller/vd/internal/watcher/pvc_watcher.go b/images/virtualization-artifact/pkg/controller/vd/internal/watcher/pvc_watcher.go
index d07b409879..c771577ce1 100644
--- a/images/virtualization-artifact/pkg/controller/vd/internal/watcher/pvc_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vd/internal/watcher/pvc_watcher.go
@@ -97,7 +97,7 @@ func (w PersistentVolumeClaimWatcher) enqueueRequestsFromOwnerRefsRecursively(ct
 		}
 	}
 
-	return
+	return requests
 }
 
 func (w PersistentVolumeClaimWatcher) filterUpdateEvents(e event.TypedUpdateEvent[*corev1.PersistentVolumeClaim]) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vd/internal/watcher/resource_quota_watcher.go b/images/virtualization-artifact/pkg/controller/vd/internal/watcher/resource_quota_watcher.go
index c99dc923ae..08fc9f9fa6 100644
--- a/images/virtualization-artifact/pkg/controller/vd/internal/watcher/resource_quota_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vd/internal/watcher/resource_quota_watcher.go
@@ -73,7 +73,7 @@ func (w ResourceQuotaWatcher) enqueueRequests(ctx context.Context, obj client.Ob
 	err := w.client.List(ctx, &vds, client.InNamespace(obj.GetNamespace()))
 	if err != nil {
 		w.logger.Error(fmt.Sprintf("failed to get virtual disks: %s", err))
-		return
+		return requests
 	}
 
 	for _, vd := range vds.Items {
@@ -86,5 +86,5 @@ func (w ResourceQuotaWatcher) enqueueRequests(ctx context.Context, obj client.Ob
 		}
 	}
 
-	return
+	return requests
 }
diff --git a/images/virtualization-artifact/pkg/controller/vd/internal/watcher/vdsnapshot_watcher.go b/images/virtualization-artifact/pkg/controller/vd/internal/watcher/vdsnapshot_watcher.go
index 189b2b6f63..d1685cb6a6 100644
--- a/images/virtualization-artifact/pkg/controller/vd/internal/watcher/vdsnapshot_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vd/internal/watcher/vdsnapshot_watcher.go
@@ -74,7 +74,7 @@ func (w VirtualDiskSnapshotWatcher) enqueueRequests(ctx context.Context, vdSnaps
 	}, w.client, &v1alpha2.VirtualDisk{})
 	if err != nil {
 		w.logger.Error(fmt.Sprintf("failed to get virtual disk: %s", err))
-		return
+		return requests
 	}
 
 	if vd != nil {
@@ -96,7 +96,7 @@ func (w VirtualDiskSnapshotWatcher) enqueueRequests(ctx context.Context, vdSnaps
 	})
 	if err != nil {
 		w.logger.Error(fmt.Sprintf("failed to list virtual disks: %s", err))
-		return
+		return requests
 	}
 
 	for _, vd := range vds.Items {
@@ -113,7 +113,7 @@ func (w VirtualDiskSnapshotWatcher) enqueueRequests(ctx context.Context, vdSnaps
 		})
 	}
 
-	return
+	return requests
 }
 
 func isSnapshotDataSource(ds *v1alpha2.VirtualDiskDataSource, vdSnapshotName string) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vdsnapshot/internal/watcher/kvvmi_watcher.go b/images/virtualization-artifact/pkg/controller/vdsnapshot/internal/watcher/kvvmi_watcher.go
index 45c182dad8..70330e48d2 100644
--- a/images/virtualization-artifact/pkg/controller/vdsnapshot/internal/watcher/kvvmi_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vdsnapshot/internal/watcher/kvvmi_watcher.go
@@ -74,7 +74,7 @@ func (w KVVMIWatcher) enqueueRequests(ctx context.Context, kvvmi *virtv1.Virtual
 	}
 
 	if len(volumeByName) == 0 {
-		return
+		return requests
 	}
 
 	var vdSnapshots v1alpha2.VirtualDiskSnapshotList
@@ -83,7 +83,7 @@ func (w KVVMIWatcher) enqueueRequests(ctx context.Context, kvvmi *virtv1.Virtual
 	})
 	if err != nil {
 		slog.Default().Error(fmt.Sprintf("failed to list virtual disk snapshots: %s", err))
-		return
+		return requests
 	}
 
 	for _, vdSnapshot := range vdSnapshots.Items {
@@ -100,7 +100,7 @@ func (w KVVMIWatcher) enqueueRequests(ctx context.Context, kvvmi *virtv1.Virtual
 		})
 	}
 
-	return
+	return requests
 }
 
 func (w KVVMIWatcher) filterUpdateEvents(e event.TypedUpdateEvent[*virtv1.VirtualMachineInstance]) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vdsnapshot/internal/watcher/vd_watcher.go b/images/virtualization-artifact/pkg/controller/vdsnapshot/internal/watcher/vd_watcher.go
index 75debfec1e..9e14c6d40a 100644
--- a/images/virtualization-artifact/pkg/controller/vdsnapshot/internal/watcher/vd_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vdsnapshot/internal/watcher/vd_watcher.go
@@ -67,7 +67,7 @@ func (w VirtualDiskWatcher) enqueueRequests(ctx context.Context, vd *v1alpha2.Vi
 	})
 	if err != nil {
 		slog.Default().Error(fmt.Sprintf("failed to list vdsnapshots: %s", err))
-		return
+		return requests
 	}
 
 	for _, vdSnapshot := range vdSnapshots.Items {
@@ -83,7 +83,7 @@ func (w VirtualDiskWatcher) enqueueRequests(ctx context.Context, vd *v1alpha2.Vi
 		})
 	}
 
-	return
+	return requests
 }
 
 func (w VirtualDiskWatcher) filterUpdateEvents(e event.TypedUpdateEvent[*v1alpha2.VirtualDisk]) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vdsnapshot/internal/watcher/vm_watcher.go b/images/virtualization-artifact/pkg/controller/vdsnapshot/internal/watcher/vm_watcher.go
index 4f7eed7d9a..2531e6087b 100644
--- a/images/virtualization-artifact/pkg/controller/vdsnapshot/internal/watcher/vm_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vdsnapshot/internal/watcher/vm_watcher.go
@@ -71,7 +71,7 @@ func (w VirtualMachineWatcher) enqueueRequests(ctx context.Context, vm *v1alpha2
 	}
 
 	if len(vdByName) == 0 {
-		return
+		return requests
 	}
 
 	var vdSnapshots v1alpha2.VirtualDiskSnapshotList
@@ -80,7 +80,7 @@ func (w VirtualMachineWatcher) enqueueRequests(ctx context.Context, vm *v1alpha2
 	})
 	if err != nil {
 		slog.Default().Error(fmt.Sprintf("failed to list virtual disk snapshots: %s", err))
-		return
+		return requests
 	}
 
 	for _, vdSnapshot := range vdSnapshots.Items {
@@ -97,7 +97,7 @@ func (w VirtualMachineWatcher) enqueueRequests(ctx context.Context, vm *v1alpha2
 		})
 	}
 
-	return
+	return requests
 }
 
 func (w VirtualMachineWatcher) filterUpdateEvents(e event.TypedUpdateEvent[*v1alpha2.VirtualMachine]) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vi/internal/source/sources.go b/images/virtualization-artifact/pkg/controller/vi/internal/source/sources.go
index 2734afaf6e..5292845849 100644
--- a/images/virtualization-artifact/pkg/controller/vi/internal/source/sources.go
+++ b/images/virtualization-artifact/pkg/controller/vi/internal/source/sources.go
@@ -116,8 +116,8 @@ func setPhaseConditionForFinishedImage(
 	phase *v1alpha2.ImagePhase,
 	supgen supplements.Generator,
 ) {
-	switch {
-	case pvc == nil:
+	switch pvc {
+	case nil:
 		*phase = v1alpha2.ImagePVCLost
 		cb.
 			Status(metav1.ConditionFalse).
diff --git a/images/virtualization-artifact/pkg/controller/vi/internal/watcher/vdsnapshot_watcher.go b/images/virtualization-artifact/pkg/controller/vi/internal/watcher/vdsnapshot_watcher.go
index 174b925de1..d61dba485e 100644
--- a/images/virtualization-artifact/pkg/controller/vi/internal/watcher/vdsnapshot_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vi/internal/watcher/vdsnapshot_watcher.go
@@ -75,7 +75,7 @@ func (w VirtualDiskSnapshotWatcher) enqueueRequests(ctx context.Context, vdSnaps
 	})
 	if err != nil {
 		w.logger.Error(fmt.Sprintf("failed to list virtual images: %s", err))
-		return
+		return requests
 	}
 
 	for _, vi := range vis.Items {
@@ -92,7 +92,7 @@ func (w VirtualDiskSnapshotWatcher) enqueueRequests(ctx context.Context, vdSnaps
 		})
 	}
 
-	return
+	return requests
 }
 
 func isSnapshotDataSource(ds v1alpha2.VirtualImageDataSource, vdSnapshotName string) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vi/internal/watcher/virdualdisk_watcher.go b/images/virtualization-artifact/pkg/controller/vi/internal/watcher/virdualdisk_watcher.go
index 6ff61abd78..607db6fcca 100644
--- a/images/virtualization-artifact/pkg/controller/vi/internal/watcher/virdualdisk_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vi/internal/watcher/virdualdisk_watcher.go
@@ -76,7 +76,7 @@ func (w *VirtualDiskWatcher) enqueueRequestsFromVDs(ctx context.Context, vd *v1a
 	})
 	if err != nil {
 		slog.Default().Error(fmt.Sprintf("failed to list vi: %s", err))
-		return
+		return requests
 	}
 
 	for _, vi := range viList.Items {
@@ -96,5 +96,5 @@ func (w *VirtualDiskWatcher) enqueueRequestsFromVDs(ctx context.Context, vd *v1a
 		})
 	}
 
-	return
+	return requests
 }
diff --git a/images/virtualization-artifact/pkg/controller/vi/internal/watcher/vm_watcher.go b/images/virtualization-artifact/pkg/controller/vi/internal/watcher/vm_watcher.go
index 4126bc9197..bd8e29b1ca 100644
--- a/images/virtualization-artifact/pkg/controller/vi/internal/watcher/vm_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vi/internal/watcher/vm_watcher.go
@@ -97,7 +97,7 @@ func (w VirtualMachineWatcher) enqueueRequests(ctx context.Context, vm *v1alpha2
 		})
 	}
 
-	return
+	return requests
 }
 
 func (w VirtualMachineWatcher) hasVirtualImageRef(vm *v1alpha2.VirtualMachine) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vm/internal/service/migration_volumes.go b/images/virtualization-artifact/pkg/controller/vm/internal/service/migration_volumes.go
index d2ea35d71a..5f208c9f1c 100644
--- a/images/virtualization-artifact/pkg/controller/vm/internal/service/migration_volumes.go
+++ b/images/virtualization-artifact/pkg/controller/vm/internal/service/migration_volumes.go
@@ -132,7 +132,7 @@ func (s MigrationVolumesService) SyncVolumes(ctx context.Context, vmState state.
 
 	kvvmSynced := equality.Semantic.DeepEqual(builtKVVMWithMigrationVolumes.Spec.Template.Spec.Volumes, kvvmInCluster.Spec.Template.Spec.Volumes)
 	if kvvmSynced {
-		if vmop != nil && !(readWriteOnceDisksSynced && storageClassChangedDisksSynced) {
+		if vmop != nil && (!readWriteOnceDisksSynced || !storageClassChangedDisksSynced) {
 			return reconcile.Result{RequeueAfter: 10 * time.Second}, nil
 		}
 		// we already synced our vm with kvvm
diff --git a/images/virtualization-artifact/pkg/controller/vm/internal/util.go b/images/virtualization-artifact/pkg/controller/vm/internal/util.go
index dffea528cb..c47ee80776 100644
--- a/images/virtualization-artifact/pkg/controller/vm/internal/util.go
+++ b/images/virtualization-artifact/pkg/controller/vm/internal/util.go
@@ -51,7 +51,7 @@ func addAllUnknown(vm *v1alpha2.VirtualMachine, conds ...vmcondition.Type) (upda
 		conditions.SetCondition(cb, &vm.Status.Conditions)
 		update = true
 	}
-	return
+	return update
 }
 
 func conditionStatus(status string) metav1.ConditionStatus {
diff --git a/images/virtualization-artifact/pkg/controller/vmbda/internal/service/attachment_service.go b/images/virtualization-artifact/pkg/controller/vmbda/internal/service/attachment_service.go
index 31440c3a3a..6032079351 100644
--- a/images/virtualization-artifact/pkg/controller/vmbda/internal/service/attachment_service.go
+++ b/images/virtualization-artifact/pkg/controller/vmbda/internal/service/attachment_service.go
@@ -224,7 +224,7 @@ func (s AttachmentService) IsConflictedAttachment(ctx context.Context, vmbda *v1
 			return true, vmbdas.Items[i].Name, nil
 		}
 
-		switch vmbdas.Items[i].CreationTimestamp.Time.Compare(vmbda.CreationTimestamp.Time) {
+		switch vmbdas.Items[i].CreationTimestamp.Compare(vmbda.CreationTimestamp.Time) {
 		case -1:
 			// The current VMBDA undergoing reconciliation conflicts with another previously created VMBDA.
 			return true, vmbdas.Items[i].Name, nil
diff --git a/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/cvi_watcher.go b/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/cvi_watcher.go
index 57338dd8f1..8337031642 100644
--- a/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/cvi_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/cvi_watcher.go
@@ -75,7 +75,7 @@ func (w ClusterVirtualImageWatcher) enqueueRequests(ctx context.Context, cvi *v1
 	err := w.client.List(ctx, &vmbdas)
 	if err != nil {
 		slog.Default().Error(fmt.Sprintf("failed to list vmbdas: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmbda := range vmbdas.Items {
@@ -91,5 +91,5 @@ func (w ClusterVirtualImageWatcher) enqueueRequests(ctx context.Context, cvi *v1
 		})
 	}
 
-	return
+	return requests
 }
diff --git a/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/vd_watcher.go b/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/vd_watcher.go
index 3971036f93..eddd7d9e0b 100644
--- a/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/vd_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/vd_watcher.go
@@ -77,7 +77,7 @@ func (w VirtualDiskWatcher) enqueueRequests(ctx context.Context, vd *v1alpha2.Vi
 	})
 	if err != nil {
 		slog.Default().Error(fmt.Sprintf("failed to list vmbdas: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmbda := range vmbdas.Items {
@@ -93,5 +93,5 @@ func (w VirtualDiskWatcher) enqueueRequests(ctx context.Context, vd *v1alpha2.Vi
 		})
 	}
 
-	return
+	return requests
 }
diff --git a/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/vi_watcher.go b/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/vi_watcher.go
index 00d942f7ef..49d34183e7 100644
--- a/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/vi_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/vi_watcher.go
@@ -77,7 +77,7 @@ func (w VirtualImageWatcher) enqueueRequests(ctx context.Context, vi *v1alpha2.V
 	})
 	if err != nil {
 		slog.Default().Error(fmt.Sprintf("failed to list vmbdas: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmbda := range vmbdas.Items {
@@ -93,5 +93,5 @@ func (w VirtualImageWatcher) enqueueRequests(ctx context.Context, vi *v1alpha2.V
 		})
 	}
 
-	return
+	return requests
 }
diff --git a/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/vm_watcher.go b/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/vm_watcher.go
index afe472de81..efca5f6e84 100644
--- a/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/vm_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/vm_watcher.go
@@ -78,7 +78,7 @@ func (w VirtualMachineWatcher) enqueueRequests(ctx context.Context, vm *v1alpha2
 	})
 	if err != nil {
 		slog.Default().Error(fmt.Sprintf("failed to list vmbdas: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmbda := range vmbdas.Items {
@@ -94,7 +94,7 @@ func (w VirtualMachineWatcher) enqueueRequests(ctx context.Context, vm *v1alpha2
 		})
 	}
 
-	return
+	return requests
 }
 
 func (w VirtualMachineWatcher) hasBlockDeviceAttachmentChanges(oldVM, newVM *v1alpha2.VirtualMachine) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vmclass/internal/util.go b/images/virtualization-artifact/pkg/controller/vmclass/internal/util.go
index f6a7a72ddf..94597b1e24 100644
--- a/images/virtualization-artifact/pkg/controller/vmclass/internal/util.go
+++ b/images/virtualization-artifact/pkg/controller/vmclass/internal/util.go
@@ -41,5 +41,5 @@ func addAllUnknown(class *v1alpha2.VirtualMachineClass, conds ...vmclassconditio
 		}
 	}
 	class.Status.Conditions = mgr.Generate()
-	return
+	return update
 }
diff --git a/images/virtualization-artifact/pkg/controller/vmip/internal/watcher/vmiplease_watcher.go b/images/virtualization-artifact/pkg/controller/vmip/internal/watcher/vmiplease_watcher.go
index 4567b1ce02..2ce3c33b3e 100644
--- a/images/virtualization-artifact/pkg/controller/vmip/internal/watcher/vmiplease_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmip/internal/watcher/vmiplease_watcher.go
@@ -76,7 +76,7 @@ func (w VirtualMachineIPAddressLeaseWatcher) enqueueRequests(ctx context.Context
 	err := w.client.List(ctx, &vmips, &opts)
 	if err != nil {
 		w.logger.Error(fmt.Sprintf("failed to list vmips: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmip := range vmips.Items {
@@ -88,5 +88,5 @@ func (w VirtualMachineIPAddressLeaseWatcher) enqueueRequests(ctx context.Context
 		})
 	}
 
-	return
+	return requests
 }
diff --git a/images/virtualization-artifact/pkg/controller/vmiplease/internal/retention_handler.go b/images/virtualization-artifact/pkg/controller/vmiplease/internal/retention_handler.go
index 2431f10463..ba202715d2 100644
--- a/images/virtualization-artifact/pkg/controller/vmiplease/internal/retention_handler.go
+++ b/images/virtualization-artifact/pkg/controller/vmiplease/internal/retention_handler.go
@@ -54,7 +54,7 @@ func (h *RetentionHandler) Handle(ctx context.Context, lease *v1alpha2.VirtualMa
 	if boundCondition.Reason == vmiplcondition.Released.String() && conditions.IsLastUpdated(boundCondition, lease) {
 		currentTime := time.Now().UTC()
 
-		duration := currentTime.Sub(boundCondition.LastTransitionTime.Time.UTC())
+		duration := currentTime.Sub(boundCondition.LastTransitionTime.UTC())
 		if duration >= h.retentionDuration {
 			log.Info(fmt.Sprintf("Released VirtualMachineIPAddressLease has not been used for more than %s. It will be deleted now.", h.retentionDuration.String()))
 
diff --git a/images/virtualization-artifact/pkg/controller/vmiplease/internal/watcher/vmip_watcher.go b/images/virtualization-artifact/pkg/controller/vmiplease/internal/watcher/vmip_watcher.go
index 1fb5596f90..a0c7a78b85 100644
--- a/images/virtualization-artifact/pkg/controller/vmiplease/internal/watcher/vmip_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmiplease/internal/watcher/vmip_watcher.go
@@ -79,7 +79,7 @@ func (w VirtualMachineIPAddressWatcher) enqueueRequests(ctx context.Context, vmi
 	})
 	if err != nil {
 		w.logger.Error(fmt.Sprintf("failed to list leases: %s", err))
-		return
+		return requests
 	}
 
 	for _, lease := range leases.Items {
diff --git a/images/virtualization-artifact/pkg/controller/vmmac/internal/watcher/vmmaclease_watcher.go b/images/virtualization-artifact/pkg/controller/vmmac/internal/watcher/vmmaclease_watcher.go
index f9f5eace77..e32934b35a 100644
--- a/images/virtualization-artifact/pkg/controller/vmmac/internal/watcher/vmmaclease_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmmac/internal/watcher/vmmaclease_watcher.go
@@ -67,7 +67,7 @@ func (w VirtualMachineMACAddressLeaseWatcher) Watch(mgr manager.Manager, ctr con
 					}
 				}
 
-				return
+				return requests
 			}),
 			predicate.TypedFuncs[*v1alpha2.VirtualMachineMACAddressLease]{
 				CreateFunc: func(e event.TypedCreateEvent[*v1alpha2.VirtualMachineMACAddressLease]) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/kvvm_watcher.go b/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/kvvm_watcher.go
index 96d505290c..d0eae8ad48 100644
--- a/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/kvvm_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/kvvm_watcher.go
@@ -63,7 +63,7 @@ func (w InternalVirtualMachineWatcher) enqueueRequests(ctx context.Context, kvvm
 	})
 	if err != nil {
 		log.Error(fmt.Sprintf("failed to list vmRestores: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmRestore := range vmRestores.Items {
@@ -72,7 +72,7 @@ func (w InternalVirtualMachineWatcher) enqueueRequests(ctx context.Context, kvvm
 		err := w.client.Get(ctx, types.NamespacedName{Name: vmSnapshotName, Namespace: kvvm.GetNamespace()}, &vmSnapshot)
 		if err != nil {
 			log.Error(fmt.Sprintf("failed to get vmSnapshot: %s", err))
-			return
+			return requests
 		}
 
 		if w.isKvvmNameMatch(kvvm.Name, vmSnapshot.Spec.VirtualMachineName, vmRestore.Spec.NameReplacements) {
@@ -85,7 +85,7 @@ func (w InternalVirtualMachineWatcher) enqueueRequests(ctx context.Context, kvvm
 		}
 	}
 
-	return
+	return requests
 }
 
 func (w InternalVirtualMachineWatcher) isKvvmNameMatch(kvvmName, restoredName string, nameReplacements []v1alpha2.NameReplacement) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vd_watcher.go b/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vd_watcher.go
index c9673b4e2c..883e12204e 100644
--- a/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vd_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vd_watcher.go
@@ -60,7 +60,7 @@ func (w VirtualDiskWatcher) enqueueRequests(ctx context.Context, vd *v1alpha2.Vi
 	})
 	if err != nil {
 		log.Error(fmt.Sprintf("failed to list vmRestores: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmRestore := range vmRestores.Items {
@@ -69,14 +69,14 @@ func (w VirtualDiskWatcher) enqueueRequests(ctx context.Context, vd *v1alpha2.Vi
 		err := w.client.Get(ctx, types.NamespacedName{Name: vmSnapshotName, Namespace: vd.GetNamespace()}, &vmSnapshot)
 		if err != nil {
 			log.Error(fmt.Sprintf("failed to get vmSnapshot: %s", err))
-			return
+			return requests
 		}
 		for _, vdsnapshotName := range vmSnapshot.Status.VirtualDiskSnapshotNames {
 			var vdSnapshot v1alpha2.VirtualDiskSnapshot
 			err := w.client.Get(ctx, types.NamespacedName{Name: vdsnapshotName, Namespace: vd.GetNamespace()}, &vdSnapshot)
 			if err != nil {
 				log.Error(fmt.Sprintf("failed to get vdSnapshot: %s", err))
-				return
+				return requests
 			}
 
 			if w.isVdNameMatch(vd.Name, vdSnapshot.Spec.VirtualDiskName, vmRestore.Spec.NameReplacements) {
@@ -90,7 +90,7 @@ func (w VirtualDiskWatcher) enqueueRequests(ctx context.Context, vd *v1alpha2.Vi
 		}
 	}
 
-	return
+	return requests
 }
 
 func (w VirtualDiskWatcher) isVdNameMatch(vdName, restoredName string, nameReplacements []v1alpha2.NameReplacement) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vm_watcher.go b/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vm_watcher.go
index d67c7cd048..55c8e9cf72 100644
--- a/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vm_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vm_watcher.go
@@ -60,7 +60,7 @@ func (w VirtualMachineWatcher) enqueueRequests(ctx context.Context, vm *v1alpha2
 	})
 	if err != nil {
 		log.Error(fmt.Sprintf("failed to list vmRestores: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmRestore := range vmRestores.Items {
@@ -69,7 +69,7 @@ func (w VirtualMachineWatcher) enqueueRequests(ctx context.Context, vm *v1alpha2
 		err := w.client.Get(ctx, types.NamespacedName{Name: vmSnapshotName, Namespace: vm.GetNamespace()}, &vmSnapshot)
 		if err != nil {
 			log.Error(fmt.Sprintf("failed to get vmSnapshot: %s", err))
-			return
+			return requests
 		}
 
 		if w.isVMNameMatch(vm.Name, vmSnapshot.Spec.VirtualMachineName, vmRestore.Spec.NameReplacements) {
@@ -82,7 +82,7 @@ func (w VirtualMachineWatcher) enqueueRequests(ctx context.Context, vm *v1alpha2
 		}
 	}
 
-	return
+	return requests
 }
 
 func (w VirtualMachineWatcher) isVMNameMatch(vmName, restoredName string, nameReplacements []v1alpha2.NameReplacement) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vmbda_watcher.go b/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vmbda_watcher.go
index f57362d437..e8a73040da 100644
--- a/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vmbda_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vmbda_watcher.go
@@ -65,7 +65,7 @@ func (w VirtualMachineBlockDeviceAttachmentWatcher) enqueueRequests(ctx context.
 	})
 	if err != nil {
 		log.Error(fmt.Sprintf("failed to list vmRestores: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmRestore := range vmRestores.Items {
@@ -74,7 +74,7 @@ func (w VirtualMachineBlockDeviceAttachmentWatcher) enqueueRequests(ctx context.
 		err := w.client.Get(ctx, types.NamespacedName{Name: vmSnapshotName, Namespace: vmbda.GetNamespace()}, &vmSnapshot)
 		if err != nil {
 			log.Error(fmt.Sprintf("failed to get vmSnapshot: %s", err))
-			return
+			return requests
 		}
 
 		if vmSnapshot.Status.VirtualMachineSnapshotSecretName == "" {
@@ -85,18 +85,18 @@ func (w VirtualMachineBlockDeviceAttachmentWatcher) enqueueRequests(ctx context.
 		restorerSecret, err := object.FetchObject(ctx, restorerSecretKey, w.client, &corev1.Secret{})
 		if err != nil {
 			log.Error(fmt.Sprintf("failed to get virtualMachineSnapshotSecret: %s", err))
-			return
+			return requests
 		}
 
 		if restorerSecret == nil {
 			log.Error(fmt.Sprintf("virtualMachineSnapshotSecret %q not found", vmSnapshot.Status.VirtualMachineSnapshotSecretName))
-			return
+			return requests
 		}
 
 		vmbdas, err := w.restorer.RestoreVirtualMachineBlockDeviceAttachments(ctx, restorerSecret)
 		if err != nil {
 			log.Error(fmt.Sprintf("failed to extract vmbda resources from the virtualMachineSnapshotSecret: %s", err))
-			return
+			return requests
 		}
 
 		for _, eVmbda := range vmbdas {
@@ -111,7 +111,7 @@ func (w VirtualMachineBlockDeviceAttachmentWatcher) enqueueRequests(ctx context.
 		}
 	}
 
-	return
+	return requests
 }
 
 func (w VirtualMachineBlockDeviceAttachmentWatcher) isVmbdaNameMatch(vmbdaName, restoredName string, nameReplacements []v1alpha2.NameReplacement) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vmsnapshot_watcher.go b/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vmsnapshot_watcher.go
index f0eb723525..4d664d3787 100644
--- a/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vmsnapshot_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vmsnapshot_watcher.go
@@ -70,7 +70,7 @@ func (w VirtualMachineSnapshotWatcher) enqueueRequests(ctx context.Context, vmSn
 	})
 	if err != nil {
 		log.Error(fmt.Sprintf("failed to list virtual machine restores: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmRestore := range vmRestores.Items {
@@ -82,5 +82,5 @@ func (w VirtualMachineSnapshotWatcher) enqueueRequests(ctx context.Context, vmSn
 		})
 	}
 
-	return
+	return requests
 }
diff --git a/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/kvvmi_watcher.go b/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/kvvmi_watcher.go
index b63c0063a2..d9612301c6 100644
--- a/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/kvvmi_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/kvvmi_watcher.go
@@ -70,7 +70,7 @@ func (w KVVMIWatcher) enqueueRequests(ctx context.Context, kvvmi *virtv1.Virtual
 	})
 	if err != nil {
 		slog.Default().Error(fmt.Sprintf("failed to list virtual machine snapshots: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmSnapshot := range vmSnapshots.Items {
@@ -84,7 +84,7 @@ func (w KVVMIWatcher) enqueueRequests(ctx context.Context, kvvmi *virtv1.Virtual
 		}
 	}
 
-	return
+	return requests
 }
 
 func (w KVVMIWatcher) filterUpdateEvents(e event.TypedUpdateEvent[*virtv1.VirtualMachineInstance]) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/vd_watcher.go b/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/vd_watcher.go
index 8ca221a4cb..1e1585bed2 100644
--- a/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/vd_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/vd_watcher.go
@@ -86,7 +86,7 @@ func (w VirtualDiskWatcher) enqueueRequests(ctx context.Context, vd *v1alpha2.Vi
 	})
 	if err != nil {
 		slog.Default().Error(fmt.Sprintf("failed to list virtual machine snapshots: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmSnapshot := range vmSnapshots.Items {
@@ -109,5 +109,5 @@ func (w VirtualDiskWatcher) enqueueRequests(ctx context.Context, vd *v1alpha2.Vi
 		}
 	}
 
-	return
+	return requests
 }
diff --git a/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/vdsnapshot_watcher.go b/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/vdsnapshot_watcher.go
index fae0870beb..43ddcc99ea 100644
--- a/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/vdsnapshot_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/vdsnapshot_watcher.go
@@ -71,7 +71,7 @@ func (w VirtualDiskSnapshotWatcher) enqueueRequests(ctx context.Context, vdSnaps
 	})
 	if err != nil {
 		slog.Default().Error(fmt.Sprintf("failed to list virtual machine snapshots: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmSnapshot := range vmSnapshots.Items {
@@ -83,5 +83,5 @@ func (w VirtualDiskSnapshotWatcher) enqueueRequests(ctx context.Context, vdSnaps
 		})
 	}
 
-	return
+	return requests
 }
diff --git a/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/vm_watcher.go b/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/vm_watcher.go
index 67e13804af..16b5d4a6f4 100644
--- a/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/vm_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/vm_watcher.go
@@ -71,7 +71,7 @@ func (w VirtualMachineWatcher) enqueueRequests(ctx context.Context, vm *v1alpha2
 	})
 	if err != nil {
 		slog.Default().Error(fmt.Sprintf("failed to list virtual machine snapshots: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmSnapshot := range vmSnapshots.Items {
@@ -85,7 +85,7 @@ func (w VirtualMachineWatcher) enqueueRequests(ctx context.Context, vm *v1alpha2
 		}
 	}
 
-	return
+	return requests
 }
 
 func (w VirtualMachineWatcher) filterUpdateEvents(e event.TypedUpdateEvent[*v1alpha2.VirtualMachine]) bool {
diff --git a/images/virtualization-artifact/pkg/controller/volumemigration/internal/handler/migration.go b/images/virtualization-artifact/pkg/controller/volumemigration/internal/handler/migration.go
index aa84dea95c..d6358228f8 100644
--- a/images/virtualization-artifact/pkg/controller/volumemigration/internal/handler/migration.go
+++ b/images/virtualization-artifact/pkg/controller/volumemigration/internal/handler/migration.go
@@ -75,7 +75,7 @@ func (h *MigrationHandler) Handle(ctx context.Context, vd *v1alpha2.VirtualDisk)
 	log.Info("Detected VirtualDisk with changed StorageClass")
 
 	ready, _ := conditions.GetCondition(vdcondition.ReadyType, vd.Status.Conditions)
-	if !(ready.Status == metav1.ConditionTrue && conditions.IsLastUpdated(ready, vd)) {
+	if ready.Status != metav1.ConditionTrue || !conditions.IsLastUpdated(ready, vd) {
 		h.recorder.Eventf(vd, corev1.EventTypeWarning, v1alpha2.ReasonVolumeMigrationCannotBeProcessed, "VirtualDisk is not ready. Cannot be migrated now.")
 		return reconcile.Result{}, nil
 	}
diff --git a/images/virtualization-artifact/pkg/controller/volumemigration/internal/watcher/vm.go b/images/virtualization-artifact/pkg/controller/volumemigration/internal/watcher/vm.go
index c607f3b29c..66cffe77cc 100644
--- a/images/virtualization-artifact/pkg/controller/volumemigration/internal/watcher/vm.go
+++ b/images/virtualization-artifact/pkg/controller/volumemigration/internal/watcher/vm.go
@@ -78,7 +78,7 @@ func (w *VMWatcher) Watch(mgr manager.Manager, ctr controller.Controller) error
 					return false
 				},
 				UpdateFunc: func(e event.TypedUpdateEvent[*v1alpha2.VirtualMachine]) bool {
-					if !(e.ObjectOld.Status.Phase != v1alpha2.MachineRunning && e.ObjectNew.Status.Phase == v1alpha2.MachineRunning) {
+					if e.ObjectOld.Status.Phase == v1alpha2.MachineRunning || e.ObjectNew.Status.Phase != v1alpha2.MachineRunning {
 						return false
 					}
 					for _, bd := range e.ObjectNew.Spec.BlockDeviceRefs {
diff --git a/images/virtualization-artifact/pkg/controller/watchers/cvi_enqueuer.go b/images/virtualization-artifact/pkg/controller/watchers/cvi_enqueuer.go
index d4ec7760fb..7e5ee95328 100644
--- a/images/virtualization-artifact/pkg/controller/watchers/cvi_enqueuer.go
+++ b/images/virtualization-artifact/pkg/controller/watchers/cvi_enqueuer.go
@@ -56,7 +56,7 @@ func (w ClusterVirtualImageRequestEnqueuer) EnqueueRequests(ctx context.Context,
 	err := w.client.List(ctx, &cvis)
 	if err != nil {
 		w.logger.Error(fmt.Sprintf("failed to list cvi: %s", err))
-		return
+		return requests
 	}
 
 	for _, cvi := range cvis.Items {
@@ -84,5 +84,5 @@ func (w ClusterVirtualImageRequestEnqueuer) EnqueueRequests(ctx context.Context,
 		}
 	}
 
-	return
+	return requests
 }
diff --git a/images/virtualization-artifact/pkg/controller/watchers/vd_enqueuer.go b/images/virtualization-artifact/pkg/controller/watchers/vd_enqueuer.go
index a3d4b35c78..1347b99da3 100644
--- a/images/virtualization-artifact/pkg/controller/watchers/vd_enqueuer.go
+++ b/images/virtualization-artifact/pkg/controller/watchers/vd_enqueuer.go
@@ -56,7 +56,7 @@ func (w VirtualDiskRequestEnqueuer) EnqueueRequestsFromVDs(ctx context.Context,
 	err := w.client.List(ctx, &vds)
 	if err != nil {
 		w.logger.Error(fmt.Sprintf("failed to list vd: %s", err))
-		return
+		return requests
 	}
 
 	for _, vd := range vds.Items {
@@ -86,7 +86,7 @@ func (w VirtualDiskRequestEnqueuer) EnqueueRequestsFromVDs(ctx context.Context,
 		}
 	}
 
-	return
+	return requests
 }
 
 func (w VirtualDiskRequestEnqueuer) EnqueueRequestsFromVIs(obj client.Object) (requests []reconcile.Request) {
@@ -94,7 +94,7 @@ func (w VirtualDiskRequestEnqueuer) EnqueueRequestsFromVIs(obj client.Object) (r
 		vi, ok := obj.(*v1alpha2.VirtualImage)
 		if !ok {
 			w.logger.Error(fmt.Sprintf("expected a VirtualImage but got a %T", obj))
-			return
+			return requests
 		}
 
 		if vi.Spec.DataSource.Type == v1alpha2.DataSourceTypeObjectRef && vi.Spec.DataSource.ObjectRef != nil && vi.Spec.DataSource.ObjectRef.Kind == v1alpha2.VirtualDiskKind {
@@ -106,7 +106,7 @@ func (w VirtualDiskRequestEnqueuer) EnqueueRequestsFromVIs(obj client.Object) (r
 			})
 		}
 	}
-	return
+	return requests
 }
 
 func (w VirtualDiskRequestEnqueuer) EnqueueRequestsFromCVIs(obj client.Object) (requests []reconcile.Request) {
@@ -114,7 +114,7 @@ func (w VirtualDiskRequestEnqueuer) EnqueueRequestsFromCVIs(obj client.Object) (
 		cvi, ok := obj.(*v1alpha2.ClusterVirtualImage)
 		if !ok {
 			w.logger.Error(fmt.Sprintf("expected a ClusterVirtualImage but got a %T", obj))
-			return
+			return requests
 		}
 
 		if cvi.Spec.DataSource.Type == v1alpha2.DataSourceTypeObjectRef && cvi.Spec.DataSource.ObjectRef != nil && cvi.Spec.DataSource.ObjectRef.Kind == v1alpha2.VirtualDiskKind {
@@ -126,7 +126,7 @@ func (w VirtualDiskRequestEnqueuer) EnqueueRequestsFromCVIs(obj client.Object) (
 			})
 		}
 	}
-	return
+	return requests
 }
 
 func (w VirtualDiskRequestEnqueuer) EnqueueRequests(ctx context.Context, obj client.Object) (requests []reconcile.Request) {
diff --git a/images/virtualization-artifact/pkg/controller/watchers/vi_enqueuer.go b/images/virtualization-artifact/pkg/controller/watchers/vi_enqueuer.go
index eb1c33449f..5fdd1182c1 100644
--- a/images/virtualization-artifact/pkg/controller/watchers/vi_enqueuer.go
+++ b/images/virtualization-artifact/pkg/controller/watchers/vi_enqueuer.go
@@ -56,7 +56,7 @@ func (w VirtualImageRequestEnqueuer) EnqueueRequests(ctx context.Context, obj cl
 	err := w.client.List(ctx, &vis)
 	if err != nil {
 		w.logger.Error(fmt.Sprintf("failed to list vi: %s", err))
-		return
+		return requests
 	}
 
 	for _, vi := range vis.Items {
@@ -85,5 +85,5 @@ func (w VirtualImageRequestEnqueuer) EnqueueRequests(ctx context.Context, obj cl
 		}
 	}
 
-	return
+	return requests
 }
diff --git a/images/virtualization-artifact/pkg/livemigration/policy.go b/images/virtualization-artifact/pkg/livemigration/policy.go
index a0c3acaba1..ccde0ac653 100644
--- a/images/virtualization-artifact/pkg/livemigration/policy.go
+++ b/images/virtualization-artifact/pkg/livemigration/policy.go
@@ -72,5 +72,5 @@ func CalculateEffectivePolicy(vm v1alpha2.VirtualMachine, vmop *v1alpha2.Virtual
 		autoConverge = *autoConvergePtr
 	}
 
-	return
+	return effectivePolicy, autoConverge, err
 }
diff --git a/images/virtualization-artifact/pkg/monitoring/metrics/cvi/collector.go b/images/virtualization-artifact/pkg/monitoring/metrics/cvi/collector.go
index 8ebbad1438..a3e52874df 100644
--- a/images/virtualization-artifact/pkg/monitoring/metrics/cvi/collector.go
+++ b/images/virtualization-artifact/pkg/monitoring/metrics/cvi/collector.go
@@ -64,7 +64,7 @@ func (c Collector) Collect(ch chan<- prometheus.Metric) {
 	defer cancel()
 	if err := c.iterator.Iter(ctx, func(m *dataMetric) (stop bool) {
 		s.Report(m)
-		return
+		return stop
 	}); err != nil {
 		c.log.Error("Failed to iterate over ClusterVirtualImages", logger.SlogErr(err))
 		return
diff --git a/images/virtualization-artifact/pkg/monitoring/metrics/vd/collector.go b/images/virtualization-artifact/pkg/monitoring/metrics/vd/collector.go
index 21c52602e7..7eaf1556b5 100644
--- a/images/virtualization-artifact/pkg/monitoring/metrics/vd/collector.go
+++ b/images/virtualization-artifact/pkg/monitoring/metrics/vd/collector.go
@@ -64,7 +64,7 @@ func (c Collector) Collect(ch chan<- prometheus.Metric) {
 	defer cancel()
 	if err := c.iterator.Iter(ctx, func(m *dataMetric) (stop bool) {
 		s.Report(m)
-		return
+		return stop
 	}); err != nil {
 		c.log.Error("Failed to iterate over VirtualDisks", logger.SlogErr(err))
 		return
diff --git a/images/virtualization-artifact/pkg/monitoring/metrics/vdsnapshot/collector.go b/images/virtualization-artifact/pkg/monitoring/metrics/vdsnapshot/collector.go
index 50fca01279..c06bdaf306 100644
--- a/images/virtualization-artifact/pkg/monitoring/metrics/vdsnapshot/collector.go
+++ b/images/virtualization-artifact/pkg/monitoring/metrics/vdsnapshot/collector.go
@@ -64,7 +64,7 @@ func (c Collector) Collect(ch chan<- prometheus.Metric) {
 	defer cancel()
 	if err := c.iterator.Iter(ctx, func(m *dataMetric) (stop bool) {
 		s.Report(m)
-		return
+		return stop
 	}); err != nil {
 		c.log.Error("Failed to iterate over VirtualDiskSnapshots", logger.SlogErr(err))
 		return
diff --git a/images/virtualization-artifact/pkg/monitoring/metrics/vi/collector.go b/images/virtualization-artifact/pkg/monitoring/metrics/vi/collector.go
index 2ead532dff..5763237f40 100644
--- a/images/virtualization-artifact/pkg/monitoring/metrics/vi/collector.go
+++ b/images/virtualization-artifact/pkg/monitoring/metrics/vi/collector.go
@@ -64,7 +64,7 @@ func (c Collector) Collect(ch chan<- prometheus.Metric) {
 	defer cancel()
 	if err := c.iterator.Iter(ctx, func(m *dataMetric) (stop bool) {
 		s.Report(m)
-		return
+		return stop
 	}); err != nil {
 		c.log.Error("Failed to iterate over VirtualImages", logger.SlogErr(err))
 		return
diff --git a/images/virtualization-artifact/pkg/monitoring/metrics/virtualmachine/collector.go b/images/virtualization-artifact/pkg/monitoring/metrics/virtualmachine/collector.go
index e382ac1870..5404408cc8 100644
--- a/images/virtualization-artifact/pkg/monitoring/metrics/virtualmachine/collector.go
+++ b/images/virtualization-artifact/pkg/monitoring/metrics/virtualmachine/collector.go
@@ -71,7 +71,7 @@ func (c Collector) Collect(ch chan<- prometheus.Metric) {
 	defer cancel()
 	if err := c.iterator.Iter(ctx, func(m *dataMetric) (stop bool) {
 		s.Report(m)
-		return
+		return stop
 	}); err != nil {
 		c.log.Error("Failed to iterate of VirtualMachines", logger.SlogErr(err))
 	}
diff --git a/images/virtualization-artifact/pkg/monitoring/metrics/vmbda/collector.go b/images/virtualization-artifact/pkg/monitoring/metrics/vmbda/collector.go
index 7dc1c63606..665bf7f671 100644
--- a/images/virtualization-artifact/pkg/monitoring/metrics/vmbda/collector.go
+++ b/images/virtualization-artifact/pkg/monitoring/metrics/vmbda/collector.go
@@ -65,7 +65,7 @@ func (c Collector) Collect(ch chan<- prometheus.Metric) {
 	defer cancel()
 	if err := c.iterator.Iter(ctx, func(m *dataMetric) (stop bool) {
 		s.Report(m)
-		return
+		return stop
 	}); err != nil {
 		c.log.Error("Failed to iterate over VMBDAs", logger.SlogErr(err))
 		return
diff --git a/images/virtualization-artifact/pkg/monitoring/metrics/vmop/collector.go b/images/virtualization-artifact/pkg/monitoring/metrics/vmop/collector.go
index 261b4a28fd..c5f5bd4f6a 100644
--- a/images/virtualization-artifact/pkg/monitoring/metrics/vmop/collector.go
+++ b/images/virtualization-artifact/pkg/monitoring/metrics/vmop/collector.go
@@ -64,7 +64,7 @@ func (c Collector) Collect(ch chan<- prometheus.Metric) {
 	defer cancel()
 	if err := c.iterator.Iter(ctx, func(m *dataMetric) (stop bool) {
 		s.Report(m)
-		return
+		return stop
 	}); err != nil {
 		c.log.Error("Failed to iterate over VMOPs", logger.SlogErr(err))
 		return
diff --git a/images/virtualization-artifact/pkg/monitoring/metrics/vmsnapshot/collector.go b/images/virtualization-artifact/pkg/monitoring/metrics/vmsnapshot/collector.go
index acf9754ead..5b7b1b8b3a 100644
--- a/images/virtualization-artifact/pkg/monitoring/metrics/vmsnapshot/collector.go
+++ b/images/virtualization-artifact/pkg/monitoring/metrics/vmsnapshot/collector.go
@@ -64,7 +64,7 @@ func (c Collector) Collect(ch chan<- prometheus.Metric) {
 	defer cancel()
 	if err := c.iterator.Iter(ctx, func(m *dataMetric) (stop bool) {
 		s.Report(m)
-		return
+		return stop
 	}); err != nil {
 		c.log.Error("Failed to iterate over VirtualMachineSnapshots", logger.SlogErr(err))
 		return
diff --git a/images/virtualization-dra/.golangci.yaml b/images/virtualization-dra/.golangci.yaml
index 087244eed8..41db9929a5 100644
--- a/images/virtualization-dra/.golangci.yaml
+++ b/images/virtualization-dra/.golangci.yaml
@@ -72,11 +72,16 @@ linters:
       exclude-functions:
         - "(*os.File).Close"
         - "(*net.TCPConn).Close"
-      # - "fmt:.*"
-      # - "[rR]ead"
-      # - "[wW]rite"
-      # - "[cC]lose"
-      # - "io:Copy"
+        - "(io.ReadCloser).Close"
+        - "(net.Listener).Close"
+        - "(net.Conn).Close"
+        - "(net.Conn).Close"
+        - "(*golang.org/x/crypto/ssh.Session).Close"
+        - "(*github.com/fsnotify/fsnotify.Watcher).Close"
+    staticcheck:
+      dot-import-whitelist:
+        - github.com/onsi/ginkgo/v2
+        - github.com/onsi/gomega
     revive:
       rules:
         - name: dot-imports
diff --git a/images/virtualization-dra/Taskfile.yaml b/images/virtualization-dra/Taskfile.yaml
index a66fa8427e..0fcb0f2466 100644
--- a/images/virtualization-dra/Taskfile.yaml
+++ b/images/virtualization-dra/Taskfile.yaml
@@ -52,16 +52,36 @@ tasks:
 
   lint:go:
     desc: "Run golangci-lint"
+    deps:
+      - _ensure:golangci-lint
     cmds:
       - |
         golangci-lint run
 
   lint:go:fix:
     desc: "Run golangci-lint with --fix"
+    deps:
+      - _ensure:golangci-lint
     cmds:
       - |
         golangci-lint run --fix
 
+  _ensure:golangci-lint:
+    desc: "Ensure golangci-lint v2+ is available"
+    internal: true
+    cmds:
+      - |
+        GOLANGCI_LINT_MIN_VERSION="2.0"
+        if ! command -v golangci-lint &> /dev/null; then
+          echo "Installing golangci-lint..."
+          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin
+        fi
+        CURRENT_VERSION=$(golangci-lint --version 2>/dev/null | grep -oP 'version \K[0-9]+\.[0-9]+' || echo "0.0")
+        if [ "$(printf '%s\n' "$GOLANGCI_LINT_MIN_VERSION" "$CURRENT_VERSION" | sort -V | head -n1)" != "$GOLANGCI_LINT_MIN_VERSION" ]; then
+          echo "Upgrading golangci-lint from $CURRENT_VERSION to $GOLANGCI_LINT_MIN_VERSION+"
+          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin
+        fi
+
   build:go-usbip:
     desc: "Build go-usbip binary"
     cmds:
diff --git a/images/vm-route-forge/Taskfile.yaml b/images/vm-route-forge/Taskfile.yaml
index 3b8764dc44..016d9f3da0 100644
--- a/images/vm-route-forge/Taskfile.yaml
+++ b/images/vm-route-forge/Taskfile.yaml
@@ -8,8 +8,27 @@ vars:
 
 tasks:
   lint:
+    desc: "Run linters locally"
+    deps:
+      - _ensure:golangci-lint
     cmds:
-      - golangci-lint run --sort-results
+      - golangci-lint run
+
+  _ensure:golangci-lint:
+    desc: "Ensure golangci-lint v2+ is available"
+    internal: true
+    cmds:
+      - |
+        GOLANGCI_LINT_MIN_VERSION="2.0"
+        if ! command -v golangci-lint &> /dev/null; then
+          echo "Installing golangci-lint..."
+          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin
+        fi
+        CURRENT_VERSION=$(golangci-lint --version 2>/dev/null | grep -oP 'version \K[0-9]+\.[0-9]+' || echo "0.0")
+        if [ "$(printf '%s\n' "$GOLANGCI_LINT_MIN_VERSION" "$CURRENT_VERSION" | sort -V | head -n1)" != "$GOLANGCI_LINT_MIN_VERSION" ]; then
+          echo "Upgrading golangci-lint from $CURRENT_VERSION to $GOLANGCI_LINT_MIN_VERSION+"
+          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin
+        fi
 
   gen:
     desc: "Generate"
diff --git a/src/cli/.golangci.yaml b/src/cli/.golangci.yaml
index 1be21e2a37..41db9929a5 100644
--- a/src/cli/.golangci.yaml
+++ b/src/cli/.golangci.yaml
@@ -1,100 +1,61 @@
+# https://golangci-lint.run/usage/configuration/
+version: "2"
+
 run:
   concurrency: 4
   timeout: 10m
+
 issues:
   # Show all errors.
   max-issues-per-linter: 0
   max-same-issues: 0
   exclude:
     - "don't use an underscore in package name"
+
 output:
   sort-results: true
 
-exclude-files:
-  - "^zz_generated.*"
+exclusions:
+  paths:
+    - "^zz_generated.*"
 
-linters-settings:
-  gofumpt:
-    extra-rules: true
-  gci:
-    sections:
-      - standard
-      - default
-      - prefix(github.com/deckhouse/)
-  goimports:
-    local-prefixes: github.com/deckhouse/
-  errcheck:
-    exclude-functions: fmt:.*,[rR]ead|[wW]rite|[cC]lose,io:Copy
-  revive:
-    rules:
-      - name: dot-imports
-        disabled: true
-  nolintlint:
-    # Exclude following linters from requiring an explanation.
-    # Default: []
-    allow-no-explanation: [funlen, gocognit, lll]
-    # Enable to require an explanation of nonzero length after each nolint directive.
-    # Default: false
-    require-explanation: true
-    # Enable to require nolint directives to mention the specific linter being suppressed.
-    # Default: false
-    require-specific: true
-  importas:
-    # Do not allow unaliased imports of aliased packages.
-    # Default: false
-    no-unaliased: true
-    # Do not allow non-required aliases.
-    # Default: false
-    no-extra-aliases: false
-    # List of aliases
-    # Default: []
-    alias:
-      - pkg: github.com/deckhouse/virtualization/api/core/v1alpha2
-        alias: ""
-      - pkg: github.com/deckhouse/virtualization/api/subresources/v1alpha2
-        alias: subv1alpha2
-      - pkg: kubevirt.io/api/core/v1
-        alias: virtv1
-      - pkg: k8s.io/api/core/v1
-        alias: corev1
-      - pkg: k8s.io/api/authentication/v1
-        alias: authnv1
-      - pkg: k8s.io/api/storage/v1
-        alias: storagev1
-      - pkg: k8s.io/api/networking/v1
-        alias: netv1
-      - pkg: k8s.io/api/policy/v1
-        alias: policyv1
-      - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
-        alias: metav1
+formatters:
+  enable:
+    - gci
+    - gofmt
+    - gofumpt
+    - goimports
+  settings:
+    gci:
+      sections:
+        - standard
+        - default
+        - prefix(github.com/deckhouse/)
+    gofumpt:
+      extra-rules: true
+    goimports:
+      local-prefixes: github.com/deckhouse/
 
 linters:
-  disable-all: true
+  default: none
   enable:
     - asciicheck # checks that your code does not contain non-ASCII identifiers
     - bidichk # checks for dangerous unicode character sequences
     - bodyclose # checks whether HTTP response body is closed successfully
-    - contextcheck # [maby too many false positives] checks the function whether use a non-inherited context
+    - contextcheck # [maybe too many false positives] checks the function whether use a non-inherited context
     - dogsled # checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
     - errcheck # checking for unchecked errors, these unchecked errors can be critical bugs in some cases
     - errname # checks that sentinel errors are prefixed with the Err and error types are suffixed with the Error
     - errorlint # finds code that will cause problems with the error wrapping scheme introduced in Go 1.13
     - copyloopvar # detects places where loop variables are copied (Go 1.22+)
-    - gci # controls golang package import order and makes it always deterministic
     - gocritic # provides diagnostics that check for bugs, performance and style issues
-    - gofmt # [replaced by goimports] checks whether code was gofmt-ed
-    - gofumpt # [replaced by goimports, gofumports is not available yet] checks whether code was gofumpt-ed
-    - goimports # in addition to fixing imports, goimports also formats your code in the same style as gofmt
-    - gosimple # specializes in simplifying a code
     - govet # reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
     - ineffassign # detects when assignments to existing variables are not used
     - misspell # finds commonly misspelled English words in comments
     - nolintlint # reports ill-formed or insufficient nolint directives
-    - reassign # Checks that package variables are not reassigned.
+    - reassign # checks that package variables are not reassigned
     - revive # fast, configurable, extensible, flexible, and beautiful linter for Go, drop-in replacement of golint
-    - stylecheck # is a replacement for golint
     - staticcheck # is a go vet on steroids, applying a ton of static analysis checks
-    - typecheck # like the front-end of a Go compiler, parses and type-checks Go code
     - testifylint # checks usage of github.com/stretchr/testify
     - unconvert # removes unnecessary type conversions
     - unparam # reports unused function parameters
@@ -104,5 +65,68 @@ linters:
     - thelper # detects golang test helpers without t.Helper() call and checks the consistency of test helpers
     - tparallel # detects inappropriate usage of t.Parallel() method in your Go test codes
     - whitespace # detects leading and trailing whitespace
-    - wastedassign # Finds wasted assignment statements.
+    - wastedassign # finds wasted assignment statements
     - importas # checks import aliases against the configured convention
+  settings:
+    errcheck:
+      exclude-functions:
+        - "(*os.File).Close"
+        - "(*net.TCPConn).Close"
+        - "(io.ReadCloser).Close"
+        - "(net.Listener).Close"
+        - "(net.Conn).Close"
+        - "(net.Conn).Close"
+        - "(*golang.org/x/crypto/ssh.Session).Close"
+        - "(*github.com/fsnotify/fsnotify.Watcher).Close"
+    staticcheck:
+      dot-import-whitelist:
+        - github.com/onsi/ginkgo/v2
+        - github.com/onsi/gomega
+    revive:
+      rules:
+        - name: dot-imports
+          disabled: true
+        - name: exported
+          disabled: true
+        - name: package-comments
+          disabled: true
+    nolintlint:
+      # Exclude following linters from requiring an explanation.
+      # Default: []
+      allow-no-explanation: [funlen, gocognit, lll]
+      # Enable to require an explanation of nonzero length after each nolint directive.
+      # Default: false
+      require-explanation: true
+      # Enable to require nolint directives to mention the specific linter being suppressed.
+      # Default: false
+      require-specific: true
+    importas:
+      # Do not allow unaliased imports of aliased packages.
+      # Default: false
+      no-unaliased: true
+      # Do not allow non-required aliases.
+      # Default: false
+      no-extra-aliases: false
+      # List of aliases
+      # Default: []
+      alias:
+        - pkg: github.com/deckhouse/virtualization/api/core/v1alpha2
+          alias: ""
+        - pkg: github.com/deckhouse/virtualization/api/subresources/v1alpha2
+          alias: subv1alpha2
+        - pkg: kubevirt.io/api/core/v1
+          alias: virtv1
+        - pkg: k8s.io/api/core/v1
+          alias: corev1
+        - pkg: k8s.io/api/authentication/v1
+          alias: authnv1
+        - pkg: k8s.io/api/storage/v1
+          alias: storagev1
+        - pkg: k8s.io/api/networking/v1
+          alias: netv1
+        - pkg: k8s.io/api/policy/v1
+          alias: policyv1
+        - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
+          alias: metav1
+        - pkg: k8s.io/api/resource/v1
+          alias: resourcev1
diff --git a/src/cli/Taskfile.yaml b/src/cli/Taskfile.yaml
index 776ccb788f..fa49212a5b 100644
--- a/src/cli/Taskfile.yaml
+++ b/src/cli/Taskfile.yaml
@@ -8,7 +8,8 @@ tasks:
   build:
     desc: "Build d8v cli"
     cmds:
-      - go build -o .out/d8v cmd/main.go
+      - echo Build binary ./d8v ...
+      - go build -o ./d8v cmd/main.go
   install:
     desc: "Install d8v cli to ~/.local/bin"
     deps: [build]
@@ -16,12 +17,12 @@ tasks:
       - echo "Check that ~/.local/bin in your PATH"
       - echo "Installing d8v to ~/.local/bin"
       - mkdir -p ~/.local/bin
-      - cp .out/d8v ~/.local/bin/d8v
+      - cp ./d8v ~/.local/bin/d8v
       - task: clean
   clean:
     desc: "Clean up build artifacts"
     cmds:
-      - rm -rf .out
+      - test -f ./d8v && rm -rf ./d8v
 
   lint:
     desc: "Run linters locally"
@@ -37,12 +38,17 @@ tasks:
         golangci-lint run
 
   _ensure:golangci-lint:
-    desc: "Ensure golangci-lint is available"
+    desc: "Ensure golangci-lint v2+ is available"
     internal: true
     cmds:
       - |
-        echo -e >&2 "Please install golangci-lint https://golangci-lint.run/usage/install/"
-        exit 1
-    status:
-      - |
-        [ -f ./golangci-lint ] || which golangci-lint
+        GOLANGCI_LINT_MIN_VERSION="2.0"
+        if ! command -v golangci-lint &> /dev/null; then
+          echo "Installing golangci-lint..."
+          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin
+        fi
+        CURRENT_VERSION=$(golangci-lint --version 2>/dev/null | grep -oP 'version \K[0-9]+\.[0-9]+' || echo "0.0")
+        if [ "$(printf '%s\n' "$GOLANGCI_LINT_MIN_VERSION" "$CURRENT_VERSION" | sort -V | head -n1)" != "$GOLANGCI_LINT_MIN_VERSION" ]; then
+          echo "Upgrading golangci-lint from $CURRENT_VERSION to $GOLANGCI_LINT_MIN_VERSION+"
+          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin
+        fi
diff --git a/src/cli/internal/cmd/ansibleinventory/ansibleinventory.go b/src/cli/internal/cmd/ansibleinventory/ansibleinventory.go
index ea4170924a..c9f51d270a 100644
--- a/src/cli/internal/cmd/ansibleinventory/ansibleinventory.go
+++ b/src/cli/internal/cmd/ansibleinventory/ansibleinventory.go
@@ -205,18 +205,18 @@ func (a *AnsibleInventory) generateInventoryINI(vms []v1alpha2.VirtualMachine) s
 	for hostName, hostVars := range data.hostVars {
 		builder.WriteString(hostName)
 		for varName, value := range hostVars {
-			builder.WriteString(fmt.Sprintf(" %s=%s", varName, value))
+			fmt.Fprintf(&builder, " %s=%s", varName, value)
 		}
 		builder.WriteString("\n")
 	}
 
 	builder.WriteString("\n[all:vars]\n")
-	builder.WriteString(fmt.Sprintf("%s=\"%s\"\n", ansibleSSHCommonArgsKey, ansibleSSHCommonArgs))
+	fmt.Fprintf(&builder, "%s=\"%s\"\n", ansibleSSHCommonArgsKey, ansibleSSHCommonArgs)
 
 	for group, hosts := range data.groups {
-		builder.WriteString(fmt.Sprintf("\n[%s]\n", group))
+		fmt.Fprintf(&builder, "\n[%s]\n", group)
 		for _, host := range hosts {
-			builder.WriteString(fmt.Sprintf("%s\n", host))
+			fmt.Fprintf(&builder, "%s\n", host)
 		}
 	}
 
@@ -425,7 +425,7 @@ func (a *AnsibleInventory) generateHostInfo(vm *v1alpha2.VirtualMachine) string
 			} else {
 				builder.WriteString(" ")
 			}
-			builder.WriteString(fmt.Sprintf("%s=%s", varName, value))
+			fmt.Fprintf(&builder, "%s=%s", varName, value)
 		}
 		builder.WriteString("\n")
 		output = builder.Bytes()
diff --git a/src/cli/internal/cmd/lifecycle/vmop/vmop.go b/src/cli/internal/cmd/lifecycle/vmop/vmop.go
index 668a4c1749..b51f473472 100644
--- a/src/cli/internal/cmd/lifecycle/vmop/vmop.go
+++ b/src/cli/internal/cmd/lifecycle/vmop/vmop.go
@@ -123,7 +123,7 @@ func (v VirtualMachineOperation) generateMsg(vmop *v1alpha2.VirtualMachineOperat
 	phase := vmop.Status.Phase
 
 	sb := strings.Builder{}
-	sb.WriteString(fmt.Sprintf("VirtualMachine %q ", vmKey.String()))
+	fmt.Fprintf(&sb, "VirtualMachine %q ", vmKey.String())
 
 	if v.isPhaseOrFailed(vmop, v1alpha2.VMOPPhaseCompleted) {
 		if !v.isCompleted(vmop) {
@@ -156,7 +156,7 @@ func (v VirtualMachineOperation) generateMsg(vmop *v1alpha2.VirtualMachineOperat
 		}
 	}
 
-	sb.WriteString(fmt.Sprintf("VirtualMachineOperation %q ", key.String()))
+	fmt.Fprintf(&sb, "VirtualMachineOperation %q ", key.String())
 	switch phase {
 	case v1alpha2.VMOPPhasePending:
 		sb.WriteString("pending.")
@@ -166,11 +166,11 @@ func (v VirtualMachineOperation) generateMsg(vmop *v1alpha2.VirtualMachineOperat
 		sb.WriteString("completed.")
 	case v1alpha2.VMOPPhaseFailed:
 		cond, _ := getCondition(vmopcondition.TypeCompleted.String(), vmop.Status.Conditions)
-		sb.WriteString(fmt.Sprintf("failed. type=%q reason=%q, message=%q.", cond.Type, cond.Reason, cond.Message))
+		fmt.Fprintf(&sb, "failed. type=%q reason=%q, message=%q.", cond.Type, cond.Reason, cond.Message)
 	case "":
 		sb.WriteString("created.")
 	default:
-		sb.WriteString(fmt.Sprintf(" phase=%q.", phase))
+		fmt.Fprintf(&sb, " phase=%q.", phase)
 	}
 	sb.WriteString("\n")
 	return sb.String()
diff --git a/src/cli/internal/cmd/scp/scp.go b/src/cli/internal/cmd/scp/scp.go
index 8368dd6e09..345c648c71 100644
--- a/src/cli/internal/cmd/scp/scp.go
+++ b/src/cli/internal/cmd/scp/scp.go
@@ -83,7 +83,7 @@ func PrepareCommand(cmd *cobra.Command, defaultNamespace string, opts *ssh.SSHOp
 	opts.IdentityFilePathProvided = cmd.Flags().Changed(ssh.IdentityFilePathFlag)
 	local, remote, toRemote, err = templates.ParseSCPArguments(args[0], args[1])
 	if err != nil {
-		return
+		return local, remote, toRemote, err
 	}
 
 	if remote.Namespace == "" {
@@ -93,7 +93,7 @@ func PrepareCommand(cmd *cobra.Command, defaultNamespace string, opts *ssh.SSHOp
 	if len(remote.Username) > 0 {
 		opts.SSHUsername = remote.Username
 	}
-	return
+	return local, remote, toRemote, err
 }
 
 func usage() string {
diff --git a/src/cli/internal/cmd/scp/wrapped.go b/src/cli/internal/cmd/scp/wrapped.go
index f5a7bb56c3..2016528a5f 100644
--- a/src/cli/internal/cmd/scp/wrapped.go
+++ b/src/cli/internal/cmd/scp/wrapped.go
@@ -49,5 +49,5 @@ func (o *SCP) buildSCPTarget(local templates.LocalSCPArgument, remote templates.
 	} else {
 		opts = append(opts, target.String(), local.Path)
 	}
-	return
+	return opts
 }
diff --git a/src/cli/internal/cmd/ssh/ssh.go b/src/cli/internal/cmd/ssh/ssh.go
index 9777afe5fb..d4f2c81d18 100644
--- a/src/cli/internal/cmd/ssh/ssh.go
+++ b/src/cli/internal/cmd/ssh/ssh.go
@@ -154,7 +154,7 @@ func PrepareCommand(cmd *cobra.Command, defaultNamespace string, opts *SSHOption
 	var targetUsername string
 	namespace, name, targetUsername, err = templates.ParseSSHTarget(args[0])
 	if err != nil {
-		return
+		return namespace, name, err
 	}
 
 	if len(namespace) < 1 {
@@ -164,7 +164,7 @@ func PrepareCommand(cmd *cobra.Command, defaultNamespace string, opts *SSHOption
 	if len(targetUsername) > 0 {
 		opts.SSHUsername = targetUsername
 	}
-	return
+	return namespace, name, err
 }
 
 func usage() string {
diff --git a/src/cli/internal/cmd/ssh/wrapped.go b/src/cli/internal/cmd/ssh/wrapped.go
index 01a8171528..846e24a119 100644
--- a/src/cli/internal/cmd/ssh/wrapped.go
+++ b/src/cli/internal/cmd/ssh/wrapped.go
@@ -62,10 +62,7 @@ func RunLocalClient(cmd *cobra.Command, namespace, name string, options *SSHOpti
 
 func buildProxyCommandOption(cmd *cobra.Command, namespace, name string, port int) string {
 	parents := make([]string, 0, 2)
-	for {
-		if !cmd.HasParent() {
-			break
-		}
+	for cmd.HasParent() {
 		cmd = cmd.Parent()
 		parents = append(parents, cmd.Name())
 	}
@@ -81,7 +78,7 @@ func buildProxyCommandOption(cmd *cobra.Command, namespace, name string, port in
 	proxyCommand.WriteString("ProxyCommand=")
 	proxyCommand.WriteString(pcmd.String())
 	proxyCommand.WriteString("port-forward --stdio=true ")
-	proxyCommand.WriteString(fmt.Sprintf("%s.%s", name, namespace))
+	fmt.Fprintf(&proxyCommand, "%s.%s", name, namespace)
 	proxyCommand.WriteString(" ")
 
 	proxyCommand.WriteString(strconv.Itoa(port))
@@ -103,5 +100,5 @@ func (o *SSH) buildSSHTarget(namespace, name string) (opts []string) {
 	if o.command != "" {
 		opts = append(opts, o.command)
 	}
-	return
+	return opts
 }
diff --git a/src/cli/internal/cmd/vnc/vnc.go b/src/cli/internal/cmd/vnc/vnc.go
index 794acfa4c2..49bd029ce1 100644
--- a/src/cli/internal/cmd/vnc/vnc.go
+++ b/src/cli/internal/cmd/vnc/vnc.go
@@ -244,7 +244,10 @@ func connect(ctx context.Context, ln *net.TCPListener, virtCli kubeclient.Client
 			if err != nil {
 				viewResErr <- fmt.Errorf("error encountered: %s", err.Error())
 			}
-			fmt.Fprintln(cmd.OutOrStdout(), string(optionString))
+			_, err = fmt.Fprintln(cmd.OutOrStdout(), string(optionString))
+			if err != nil {
+				viewResErr <- fmt.Errorf("error encountered: %s", err.Error())
+			}
 		} else {
 			// execute VNC Viewer
 			checkAndRunVNCViewer(ctx, doneChan, viewResErr, port)
@@ -342,12 +345,12 @@ func tigerVncArgs(port int) (args []string) {
 	if klog.V(4).Enabled() {
 		args = append(args, "Log=*:stderr:100")
 	}
-	return
+	return args
 }
 
 func chickenVncArgs(port int) (args []string) {
 	args = append(args, fmt.Sprintf(listenAddressFmt, port))
-	return
+	return args
 }
 
 func realVncArgs(port int) (args []string) {
@@ -358,7 +361,7 @@ func realVncArgs(port int) (args []string) {
 	if klog.V(4).Enabled() {
 		args = append(args, "-log=*:stderr:100")
 	}
-	return
+	return args
 }
 
 func remoteViewerArgs(port int) (args []string) {
@@ -366,7 +369,7 @@ func remoteViewerArgs(port int) (args []string) {
 	if klog.V(4).Enabled() {
 		args = append(args, "--debug")
 	}
-	return
+	return args
 }
 
 func usage() string {
diff --git a/src/cli/internal/templates/target.go b/src/cli/internal/templates/target.go
index eed0a91d77..14d6af461b 100644
--- a/src/cli/internal/templates/target.go
+++ b/src/cli/internal/templates/target.go
@@ -87,10 +87,10 @@ func ParseSCPArguments(arg1, arg2 string) (local LocalSCPArgument, remote Remote
 	switch {
 	case strings.Contains(arg1, ":") && strings.Contains(arg2, ":"):
 		err = fmt.Errorf("copying from a remote location to another remote location is not supported: %q to %q", arg1, arg2)
-		return
+		return local, remote, toRemote, err
 	case !strings.Contains(arg1, ":") && !strings.Contains(arg2, ":"):
 		err = fmt.Errorf("none of the two provided locations seems to be a remote location: %q to %q", arg1, arg2)
-		return
+		return local, remote, toRemote, err
 	case strings.Contains(localArg, ":"):
 		remoteArg = arg2
 		localArg = arg1
@@ -100,9 +100,9 @@ func ParseSCPArguments(arg1, arg2 string) (local LocalSCPArgument, remote Remote
 	split := strings.SplitN(remoteArg, ":", 2)
 	remote.Namespace, remote.Name, remote.Username, err = ParseSSHTarget(split[0])
 	if err != nil {
-		return
+		return local, remote, toRemote, err
 	}
 	remote.Path = split[1]
 	local.Path = localArg
-	return
+	return local, remote, toRemote, err
 }
diff --git a/test/e2e/.golangci.yaml b/test/e2e/.golangci.yaml
index 95c30ba8ec..41db9929a5 100644
--- a/test/e2e/.golangci.yaml
+++ b/test/e2e/.golangci.yaml
@@ -1,105 +1,61 @@
+# https://golangci-lint.run/usage/configuration/
+version: "2"
+
 run:
   concurrency: 4
   timeout: 10m
+
 issues:
   # Show all errors.
   max-issues-per-linter: 0
   max-same-issues: 0
   exclude:
     - "don't use an underscore in package name"
+
 output:
   sort-results: true
 
-exclude-files:
-  - "^zz_generated.*"
+exclusions:
+  paths:
+    - "^zz_generated.*"
 
-linters-settings:
-  gofumpt:
-    extra-rules: true
-  gci:
-    sections:
-      - standard
-      - default
-      - prefix(github.com/deckhouse/)
-  goimports:
-    local-prefixes: github.com/deckhouse/
-  errcheck:
-    exclude-functions: fmt:.*,[rR]ead|[wW]rite|[cC]lose,io:Copy
-  revive:
-    rules:
-      - name: dot-imports
-        disabled: true
-  stylecheck:
-    dot-import-whitelist:
-      - github.com/onsi/gomega
-      - github.com/onsi/ginkgo/v2
-      - github.com/deckhouse/virtualization/test/e2e/internal/helper
-  nolintlint:
-    # Exclude following linters from requiring an explanation.
-    # Default: []
-    allow-no-explanation: [funlen, gocognit, lll]
-    # Enable to require an explanation of nonzero length after each nolint directive.
-    # Default: false
-    require-explanation: true
-    # Enable to require nolint directives to mention the specific linter being suppressed.
-    # Default: false
-    require-specific: true
-  importas:
-    # Do not allow unaliased imports of aliased packages.
-    # Default: false
-    no-unaliased: true
-    # Do not allow non-required aliases.
-    # Default: false
-    no-extra-aliases: false
-    # List of aliases
-    # Default: []
-    alias:
-      - pkg: github.com/deckhouse/virtualization/api/core/v1alpha2
-        alias: ""
-      - pkg: github.com/deckhouse/virtualization/api/subresources/v1alpha2
-        alias: subv1alpha2
-      - pkg: kubevirt.io/api/core/v1
-        alias: virtv1
-      - pkg: k8s.io/api/core/v1
-        alias: corev1
-      - pkg: k8s.io/api/authentication/v1
-        alias: authnv1
-      - pkg: k8s.io/api/storage/v1
-        alias: storagev1
-      - pkg: k8s.io/api/networking/v1
-        alias: netv1
-      - pkg: k8s.io/api/policy/v1
-        alias: policyv1
-      - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
-        alias: metav1
+formatters:
+  enable:
+    - gci
+    - gofmt
+    - gofumpt
+    - goimports
+  settings:
+    gci:
+      sections:
+        - standard
+        - default
+        - prefix(github.com/deckhouse/)
+    gofumpt:
+      extra-rules: true
+    goimports:
+      local-prefixes: github.com/deckhouse/
 
 linters:
-  disable-all: true
+  default: none
   enable:
     - asciicheck # checks that your code does not contain non-ASCII identifiers
     - bidichk # checks for dangerous unicode character sequences
     - bodyclose # checks whether HTTP response body is closed successfully
-    - contextcheck # [maby too many false positives] checks the function whether use a non-inherited context
+    - contextcheck # [maybe too many false positives] checks the function whether use a non-inherited context
     - dogsled # checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
     - errcheck # checking for unchecked errors, these unchecked errors can be critical bugs in some cases
     - errname # checks that sentinel errors are prefixed with the Err and error types are suffixed with the Error
     - errorlint # finds code that will cause problems with the error wrapping scheme introduced in Go 1.13
     - copyloopvar # detects places where loop variables are copied (Go 1.22+)
-    - gci # controls golang package import order and makes it always deterministic
     - gocritic # provides diagnostics that check for bugs, performance and style issues
-    - gofmt # [replaced by goimports] checks whether code was gofmt-ed
-    - gofumpt # [replaced by goimports, gofumports is not available yet] checks whether code was gofumpt-ed
-    - goimports # in addition to fixing imports, goimports also formats your code in the same style as gofmt
-    - gosimple # specializes in simplifying a code
     - govet # reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
     - ineffassign # detects when assignments to existing variables are not used
     - misspell # finds commonly misspelled English words in comments
     - nolintlint # reports ill-formed or insufficient nolint directives
-    - reassign # Checks that package variables are not reassigned.
+    - reassign # checks that package variables are not reassigned
     - revive # fast, configurable, extensible, flexible, and beautiful linter for Go, drop-in replacement of golint
-    - stylecheck # is a replacement for golint
     - staticcheck # is a go vet on steroids, applying a ton of static analysis checks
-    - typecheck # like the front-end of a Go compiler, parses and type-checks Go code
     - testifylint # checks usage of github.com/stretchr/testify
     - unconvert # removes unnecessary type conversions
     - unparam # reports unused function parameters
@@ -109,5 +65,68 @@ linters:
     - thelper # detects golang test helpers without t.Helper() call and checks the consistency of test helpers
     - tparallel # detects inappropriate usage of t.Parallel() method in your Go test codes
     - whitespace # detects leading and trailing whitespace
-    - wastedassign # Finds wasted assignment statements.
+    - wastedassign # finds wasted assignment statements
     - importas # checks import aliases against the configured convention
+  settings:
+    errcheck:
+      exclude-functions:
+        - "(*os.File).Close"
+        - "(*net.TCPConn).Close"
+        - "(io.ReadCloser).Close"
+        - "(net.Listener).Close"
+        - "(net.Conn).Close"
+        - "(net.Conn).Close"
+        - "(*golang.org/x/crypto/ssh.Session).Close"
+        - "(*github.com/fsnotify/fsnotify.Watcher).Close"
+    staticcheck:
+      dot-import-whitelist:
+        - github.com/onsi/ginkgo/v2
+        - github.com/onsi/gomega
+    revive:
+      rules:
+        - name: dot-imports
+          disabled: true
+        - name: exported
+          disabled: true
+        - name: package-comments
+          disabled: true
+    nolintlint:
+      # Exclude following linters from requiring an explanation.
+      # Default: []
+      allow-no-explanation: [funlen, gocognit, lll]
+      # Enable to require an explanation of nonzero length after each nolint directive.
+      # Default: false
+      require-explanation: true
+      # Enable to require nolint directives to mention the specific linter being suppressed.
+      # Default: false
+      require-specific: true
+    importas:
+      # Do not allow unaliased imports of aliased packages.
+      # Default: false
+      no-unaliased: true
+      # Do not allow non-required aliases.
+      # Default: false
+      no-extra-aliases: false
+      # List of aliases
+      # Default: []
+      alias:
+        - pkg: github.com/deckhouse/virtualization/api/core/v1alpha2
+          alias: ""
+        - pkg: github.com/deckhouse/virtualization/api/subresources/v1alpha2
+          alias: subv1alpha2
+        - pkg: kubevirt.io/api/core/v1
+          alias: virtv1
+        - pkg: k8s.io/api/core/v1
+          alias: corev1
+        - pkg: k8s.io/api/authentication/v1
+          alias: authnv1
+        - pkg: k8s.io/api/storage/v1
+          alias: storagev1
+        - pkg: k8s.io/api/networking/v1
+          alias: netv1
+        - pkg: k8s.io/api/policy/v1
+          alias: policyv1
+        - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
+          alias: metav1
+        - pkg: k8s.io/api/resource/v1
+          alias: resourcev1
diff --git a/test/e2e/Taskfile.yaml b/test/e2e/Taskfile.yaml
index e7285076d3..a893dfe3ff 100644
--- a/test/e2e/Taskfile.yaml
+++ b/test/e2e/Taskfile.yaml
@@ -190,15 +190,20 @@ tasks:
         done
 
   _ensure:golangci-lint:
-    desc: "Ensure golangci-lint is available"
+    desc: "Ensure golangci-lint v2+ is available"
     internal: true
     cmds:
       - |
-        echo -e >&2 "Please install golangci-lint https://golangci-lint.run/usage/install/"
-        exit 1
-    status:
-      - |
-        [ -f ./golangci-lint ] || which golangci-lint
+        GOLANGCI_LINT_MIN_VERSION="2.0"
+        if ! command -v golangci-lint &> /dev/null; then
+          echo "Installing golangci-lint..."
+          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin
+        fi
+        CURRENT_VERSION=$(golangci-lint --version 2>/dev/null | grep -oP 'version \K[0-9]+\.[0-9]+' || echo "0.0")
+        if [ "$(printf '%s\n' "$GOLANGCI_LINT_MIN_VERSION" "$CURRENT_VERSION" | sort -V | head -n1)" != "$GOLANGCI_LINT_MIN_VERSION" ]; then
+          echo "Upgrading golangci-lint from $CURRENT_VERSION to $GOLANGCI_LINT_MIN_VERSION+"
+          curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin
+        fi
 
   lint:go:
     desc: "Run golangci-lint"
@@ -206,7 +211,7 @@ tasks:
       - _ensure:golangci-lint
     cmds:
       - |
-        golangci-lint run --sort-results
+        golangci-lint run
 
   set-url:ci:
     desc: "Change URL for images"
diff --git a/test/e2e/legacy/util.go b/test/e2e/legacy/util.go
index acd5ad1793..8e77a1fdf3 100644
--- a/test/e2e/legacy/util.go
+++ b/test/e2e/legacy/util.go
@@ -577,7 +577,7 @@ func GenerateVMOP(vmName, vmNamespace string, labels map[string]string, vmopType
 
 func GenerateVMOPWithSuffix(vmName, vmNamespace, suffix string, labels map[string]string, vmopType v1alpha2.VMOPType) *v1alpha2.VirtualMachineOperation {
 	res := GenerateVMOP(vmName, vmNamespace, labels, vmopType)
-	res.ObjectMeta.Name = fmt.Sprintf("%s%s", res.ObjectMeta.Name, suffix)
+	res.Name = fmt.Sprintf("%s%s", res.Name, suffix)
 	return res
 }
 
diff --git a/test/e2e/vm/additional_network_interfaces.go b/test/e2e/vm/additional_network_interfaces.go
index 3675bea47c..ff1dcb7065 100644
--- a/test/e2e/vm/additional_network_interfaces.go
+++ b/test/e2e/vm/additional_network_interfaces.go
@@ -128,11 +128,11 @@ var _ = Describe("VirtualMachineAdditionalNetworkInterfaces", func() {
 			})
 
 			By("Check Cilium agents after migration", func() {
-				err := network.CheckCiliumAgents(context.Background(), f.Clients.Kubectl(), vmFoo.Name, f.Namespace().Name)
+				err := network.CheckCiliumAgents(context.Background(), f.Kubectl(), vmFoo.Name, f.Namespace().Name)
 				Expect(err).NotTo(HaveOccurred(), "Cilium agents check for VM %s", vmFoo.Name)
 
 				if tc.vmBarHasMainNetwork {
-					err = network.CheckCiliumAgents(context.Background(), f.Clients.Kubectl(), vmBar.Name, f.Namespace().Name)
+					err = network.CheckCiliumAgents(context.Background(), f.Kubectl(), vmBar.Name, f.Namespace().Name)
 					Expect(err).NotTo(HaveOccurred(), "Cilium agents check for VM %s", vmBar.Name)
 				}
 			})
diff --git a/test/e2e/vm/connectivity.go b/test/e2e/vm/connectivity.go
index b7a07f02f8..a7612f448e 100644
--- a/test/e2e/vm/connectivity.go
+++ b/test/e2e/vm/connectivity.go
@@ -70,9 +70,9 @@ var _ = Describe("VirtualMachineConnectivity", func() {
 
 		// There is a known issue with the Cilium agent check.
 		By("Check Cilium agents are properly configured for the VMs", func() {
-			err := network.CheckCiliumAgents(context.Background(), f.Clients.Kubectl(), t.VMa.Name, f.Namespace().Name)
+			err := network.CheckCiliumAgents(context.Background(), f.Kubectl(), t.VMa.Name, f.Namespace().Name)
 			Expect(err).NotTo(HaveOccurred(), "Cilium agents check should succeed for VM %s", t.VMa.Name)
-			err = network.CheckCiliumAgents(context.Background(), f.Clients.Kubectl(), t.VMb.Name, f.Namespace().Name)
+			err = network.CheckCiliumAgents(context.Background(), f.Kubectl(), t.VMb.Name, f.Namespace().Name)
 			Expect(err).NotTo(HaveOccurred(), "Cilium agents check should succeed for VM %s", t.VMb.Name)
 		})
 
diff --git a/test/e2e/vm/migration.go b/test/e2e/vm/migration.go
index a342255852..f534979b12 100644
--- a/test/e2e/vm/migration.go
+++ b/test/e2e/vm/migration.go
@@ -130,9 +130,9 @@ var _ = Describe("VirtualMachineMigration", func() {
 
 		// There is a known issue with the Cilium agent check.
 		By("Check Cilium agents are properly configured for the VM", func() {
-			err := network.CheckCiliumAgents(context.Background(), f.Clients.Kubectl(), vmBIOS.Name, f.Namespace().Name)
+			err := network.CheckCiliumAgents(context.Background(), f.Kubectl(), vmBIOS.Name, f.Namespace().Name)
 			Expect(err).NotTo(HaveOccurred(), "Cilium agents check should succeed for VM %s", vmBIOS.Name)
-			err = network.CheckCiliumAgents(context.Background(), f.Clients.Kubectl(), vmUEFI.Name, f.Namespace().Name)
+			err = network.CheckCiliumAgents(context.Background(), f.Kubectl(), vmUEFI.Name, f.Namespace().Name)
 			Expect(err).NotTo(HaveOccurred(), "Cilium agents check should succeed for VM %s", vmUEFI.Name)
 		})
 
diff --git a/test/e2e/vm/power_state.go b/test/e2e/vm/power_state.go
index f109f963e9..cb7f39b9b9 100644
--- a/test/e2e/vm/power_state.go
+++ b/test/e2e/vm/power_state.go
@@ -172,7 +172,7 @@ var _ = Describe("PowerState", func() {
 		})
 
 		By("Check VM can reach external network", func() {
-			err := network.CheckCiliumAgents(context.Background(), f.Clients.Kubectl(), t.VM.Name, f.Namespace().Name)
+			err := network.CheckCiliumAgents(context.Background(), f.Kubectl(), t.VM.Name, f.Namespace().Name)
 			Expect(err).NotTo(HaveOccurred(), "Cilium agents check should succeed for VM %s", t.VM.Name)
 			network.CheckExternalConnectivity(f, t.VM.Name, network.ExternalHost, network.HTTPStatusOk)
 		})
diff --git a/test/e2e/vm/volume_migration_storage_class_changed.go b/test/e2e/vm/volume_migration_storage_class_changed.go
index 6c1f686407..4efb1bd0b9 100644
--- a/test/e2e/vm/volume_migration_storage_class_changed.go
+++ b/test/e2e/vm/volume_migration_storage_class_changed.go
@@ -285,7 +285,7 @@ var _ = Describe("StorageClassMigration", decoratorsForVolumeMigrations(), func(
 func getTargetStorageClass(f *framework.Framework, storageClass *storagev1.StorageClass) (string, error) {
 	// GetVolumeAndAccessModes needs no nil object.
 	notEmptyVD := &v1alpha2.VirtualDisk{}
-	modeGetter := volumemode.NewVolumeAndAccessModesGetter(f.Clients.GenericClient(), getStorageProfile(f))
+	modeGetter := volumemode.NewVolumeAndAccessModesGetter(f.GenericClient(), getStorageProfile(f))
 
 	volumeMode, _, err := modeGetter.GetVolumeAndAccessModes(context.Background(), notEmptyVD, storageClass)
 	if err != nil {

From d40af7fbbb4e6d7bb0c5bfd05faea590fdb8d2b1 Mon Sep 17 00:00:00 2001
From: Dmitry Lopatin <dmitry.lopatin@flant.com>
Date: Thu, 16 Apr 2026 14:55:09 +0300
Subject: [PATCH 3/4] chore(ci): fix golangci-lint issues in images/hooks,
 shatal and addlicense

- rename module from 'hooks' to 'github.com/deckhouse/virtualization/hooks' in go.mod
- fix gci import grouping: move hooks/pkg/settings to external packages group
- add .golangci.yaml v2 config to images/hooks
- update shatal and addlicense .golangci.yaml to version: "2" format

Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
---
 .../hooks/cmd/module-config-reporter/main.go  |   3 +-
 .../cmd/virtualization-module-hooks/main.go   |   3 +-
 .../virtualization-module-hooks/register.go   |  30 ++--
 .../register_ee.go                            |   2 +-
 images/hooks/go.mod                           |   2 +-
 images/hooks/pkg/hooks/ca-discovery/hook.go   |   2 +-
 .../pkg/hooks/copy-custom-certificate/main.go |   3 +-
 .../hook.go                                   |   2 +-
 .../hook.go                                   |   2 +-
 .../hooks/discovery-workload-nodes/hook.go    |   2 +-
 .../pkg/hooks/dvcr-garbage-collection/hook.go |   2 +-
 .../hooks/generate-secret-for-dvcr/hook.go    |   2 +-
 .../pkg/hooks/install-vmclass-generic/hook.go |   2 +-
 .../hook.go                                   |   2 +-
 .../hook.go                                   |   2 +-
 .../hooks/tls-certificates-api-proxy/main.go  |   2 +-
 .../pkg/hooks/tls-certificates-api/main.go    |   2 +-
 .../pkg/hooks/tls-certificates-audit/hook.go  |   3 +-
 .../hooks/tls-certificates-controller/hook.go |   2 +-
 .../pkg/hooks/tls-certificates-dvcr/hook.go   |   2 +-
 .../pkg/hooks/validate-module-config/hook.go  |   2 +-
 .../hooks/validate-module-config/hook_test.go |   2 +-
 images/hooks/pkg/readiness/probe.go           |   2 +-
 test/performance/tools/shatal/.golangci.yaml  | 158 +++++++++-------
 tools/addlicense/.golangci.yaml               | 168 +++++++++++++-----
 25 files changed, 253 insertions(+), 151 deletions(-)

diff --git a/images/hooks/cmd/module-config-reporter/main.go b/images/hooks/cmd/module-config-reporter/main.go
index 3728b95c30..ccd71b95e7 100644
--- a/images/hooks/cmd/module-config-reporter/main.go
+++ b/images/hooks/cmd/module-config-reporter/main.go
@@ -18,10 +18,11 @@ package main
 
 import (
 	"fmt"
-	"hooks/pkg/settings"
 	"os"
 
 	"github.com/tidwall/gjson"
+
+	"github.com/deckhouse/virtualization/hooks/pkg/settings"
 )
 
 /*
diff --git a/images/hooks/cmd/virtualization-module-hooks/main.go b/images/hooks/cmd/virtualization-module-hooks/main.go
index 1edb400ecd..f6737af4b6 100644
--- a/images/hooks/cmd/virtualization-module-hooks/main.go
+++ b/images/hooks/cmd/virtualization-module-hooks/main.go
@@ -17,9 +17,8 @@ limitations under the License.
 package main
 
 import (
-	"hooks/pkg/readiness"
-
 	"github.com/deckhouse/module-sdk/pkg/app"
+	"github.com/deckhouse/virtualization/hooks/pkg/readiness"
 )
 
 func main() {
diff --git a/images/hooks/cmd/virtualization-module-hooks/register.go b/images/hooks/cmd/virtualization-module-hooks/register.go
index 82ee44f172..8e625f5fa1 100644
--- a/images/hooks/cmd/virtualization-module-hooks/register.go
+++ b/images/hooks/cmd/virtualization-module-hooks/register.go
@@ -17,19 +17,19 @@ limitations under the License.
 package main
 
 import (
-	_ "hooks/pkg/hooks/ca-discovery"
-	_ "hooks/pkg/hooks/copy-custom-certificate"
-	_ "hooks/pkg/hooks/discover-kube-apiserver-feature-gates"
-	_ "hooks/pkg/hooks/discovery-clusterip-service-for-dvcr"
-	_ "hooks/pkg/hooks/discovery-workload-nodes"
-	_ "hooks/pkg/hooks/dvcr-garbage-collection"
-	_ "hooks/pkg/hooks/generate-secret-for-dvcr"
-	_ "hooks/pkg/hooks/install-vmclass-generic"
-	_ "hooks/pkg/hooks/migrate-virthandler-kvm-node-labels"
-	_ "hooks/pkg/hooks/parallel-outbound-migrations-per-node"
-	_ "hooks/pkg/hooks/tls-certificates-api"
-	_ "hooks/pkg/hooks/tls-certificates-api-proxy"
-	_ "hooks/pkg/hooks/tls-certificates-controller"
-	_ "hooks/pkg/hooks/tls-certificates-dvcr"
-	_ "hooks/pkg/hooks/validate-module-config"
+	_ "github.com/deckhouse/virtualization/hooks/pkg/hooks/ca-discovery"
+	_ "github.com/deckhouse/virtualization/hooks/pkg/hooks/copy-custom-certificate"
+	_ "github.com/deckhouse/virtualization/hooks/pkg/hooks/discover-kube-apiserver-feature-gates"
+	_ "github.com/deckhouse/virtualization/hooks/pkg/hooks/discovery-clusterip-service-for-dvcr"
+	_ "github.com/deckhouse/virtualization/hooks/pkg/hooks/discovery-workload-nodes"
+	_ "github.com/deckhouse/virtualization/hooks/pkg/hooks/dvcr-garbage-collection"
+	_ "github.com/deckhouse/virtualization/hooks/pkg/hooks/generate-secret-for-dvcr"
+	_ "github.com/deckhouse/virtualization/hooks/pkg/hooks/install-vmclass-generic"
+	_ "github.com/deckhouse/virtualization/hooks/pkg/hooks/migrate-virthandler-kvm-node-labels"
+	_ "github.com/deckhouse/virtualization/hooks/pkg/hooks/parallel-outbound-migrations-per-node"
+	_ "github.com/deckhouse/virtualization/hooks/pkg/hooks/tls-certificates-api"
+	_ "github.com/deckhouse/virtualization/hooks/pkg/hooks/tls-certificates-api-proxy"
+	_ "github.com/deckhouse/virtualization/hooks/pkg/hooks/tls-certificates-controller"
+	_ "github.com/deckhouse/virtualization/hooks/pkg/hooks/tls-certificates-dvcr"
+	_ "github.com/deckhouse/virtualization/hooks/pkg/hooks/validate-module-config"
 )
diff --git a/images/hooks/cmd/virtualization-module-hooks/register_ee.go b/images/hooks/cmd/virtualization-module-hooks/register_ee.go
index 650699b8c9..b33f772230 100644
--- a/images/hooks/cmd/virtualization-module-hooks/register_ee.go
+++ b/images/hooks/cmd/virtualization-module-hooks/register_ee.go
@@ -9,5 +9,5 @@ Licensed under the Deckhouse Platform Enterprise Edition (EE) license. See https
 package main
 
 import (
-	_ "hooks/pkg/hooks/tls-certificates-audit"
+	_ "github.com/deckhouse/virtualization/hooks/pkg/hooks/tls-certificates-audit"
 )
diff --git a/images/hooks/go.mod b/images/hooks/go.mod
index c7b8dae55d..3ed68bb4b2 100644
--- a/images/hooks/go.mod
+++ b/images/hooks/go.mod
@@ -1,4 +1,4 @@
-module hooks
+module github.com/deckhouse/virtualization/hooks
 
 go 1.25.9
 
diff --git a/images/hooks/pkg/hooks/ca-discovery/hook.go b/images/hooks/pkg/hooks/ca-discovery/hook.go
index 1e58e3da4b..81c089550f 100644
--- a/images/hooks/pkg/hooks/ca-discovery/hook.go
+++ b/images/hooks/pkg/hooks/ca-discovery/hook.go
@@ -19,12 +19,12 @@ package ca_discovery
 import (
 	"context"
 	"fmt"
-	"hooks/pkg/settings"
 
 	"k8s.io/utils/ptr"
 
 	"github.com/deckhouse/module-sdk/pkg"
 	"github.com/deckhouse/module-sdk/pkg/registry"
+	"github.com/deckhouse/virtualization/hooks/pkg/settings"
 )
 
 const (
diff --git a/images/hooks/pkg/hooks/copy-custom-certificate/main.go b/images/hooks/pkg/hooks/copy-custom-certificate/main.go
index 6d5802c119..a625c9fcd1 100644
--- a/images/hooks/pkg/hooks/copy-custom-certificate/main.go
+++ b/images/hooks/pkg/hooks/copy-custom-certificate/main.go
@@ -17,9 +17,8 @@ limitations under the License.
 package copy_custom_certificate
 
 import (
-	"hooks/pkg/settings"
-
 	copycustomcertificate "github.com/deckhouse/module-sdk/common-hooks/copy-custom-certificate"
+	"github.com/deckhouse/virtualization/hooks/pkg/settings"
 )
 
 var _ = copycustomcertificate.RegisterHook(settings.ModuleName)
diff --git a/images/hooks/pkg/hooks/discover-kube-apiserver-feature-gates/hook.go b/images/hooks/pkg/hooks/discover-kube-apiserver-feature-gates/hook.go
index f71f588a6e..77e3843fe3 100644
--- a/images/hooks/pkg/hooks/discover-kube-apiserver-feature-gates/hook.go
+++ b/images/hooks/pkg/hooks/discover-kube-apiserver-feature-gates/hook.go
@@ -19,13 +19,13 @@ package discover_kube_apiserver_feature_gates
 import (
 	"context"
 	"fmt"
-	"hooks/pkg/settings"
 	"strings"
 
 	"k8s.io/client-go/kubernetes"
 
 	"github.com/deckhouse/module-sdk/pkg"
 	"github.com/deckhouse/module-sdk/pkg/registry"
+	"github.com/deckhouse/virtualization/hooks/pkg/settings"
 )
 
 const (
diff --git a/images/hooks/pkg/hooks/discovery-clusterip-service-for-dvcr/hook.go b/images/hooks/pkg/hooks/discovery-clusterip-service-for-dvcr/hook.go
index a7b7440338..51a448acad 100644
--- a/images/hooks/pkg/hooks/discovery-clusterip-service-for-dvcr/hook.go
+++ b/images/hooks/pkg/hooks/discovery-clusterip-service-for-dvcr/hook.go
@@ -19,13 +19,13 @@ package discovery_clusterip_service_for_dvcr
 import (
 	"context"
 	"fmt"
-	"hooks/pkg/settings"
 	"strings"
 
 	"k8s.io/utils/ptr"
 
 	"github.com/deckhouse/module-sdk/pkg"
 	"github.com/deckhouse/module-sdk/pkg/registry"
+	"github.com/deckhouse/virtualization/hooks/pkg/settings"
 )
 
 const (
diff --git a/images/hooks/pkg/hooks/discovery-workload-nodes/hook.go b/images/hooks/pkg/hooks/discovery-workload-nodes/hook.go
index 3ea0789f72..1d22e779c6 100644
--- a/images/hooks/pkg/hooks/discovery-workload-nodes/hook.go
+++ b/images/hooks/pkg/hooks/discovery-workload-nodes/hook.go
@@ -19,13 +19,13 @@ package discovery_workload_nodes
 import (
 	"context"
 	"fmt"
-	"hooks/pkg/settings"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/utils/ptr"
 
 	"github.com/deckhouse/module-sdk/pkg"
 	"github.com/deckhouse/module-sdk/pkg/registry"
+	"github.com/deckhouse/virtualization/hooks/pkg/settings"
 )
 
 const (
diff --git a/images/hooks/pkg/hooks/dvcr-garbage-collection/hook.go b/images/hooks/pkg/hooks/dvcr-garbage-collection/hook.go
index 3913e7bddf..2d88ed3007 100644
--- a/images/hooks/pkg/hooks/dvcr-garbage-collection/hook.go
+++ b/images/hooks/pkg/hooks/dvcr-garbage-collection/hook.go
@@ -19,12 +19,12 @@ package dvcr_garbage_collection
 import (
 	"context"
 	"fmt"
-	"hooks/pkg/settings"
 
 	"k8s.io/utils/ptr"
 
 	"github.com/deckhouse/module-sdk/pkg"
 	"github.com/deckhouse/module-sdk/pkg/registry"
+	"github.com/deckhouse/virtualization/hooks/pkg/settings"
 )
 
 /**
diff --git a/images/hooks/pkg/hooks/generate-secret-for-dvcr/hook.go b/images/hooks/pkg/hooks/generate-secret-for-dvcr/hook.go
index 9aa77ff10a..7c8ec1d0d4 100644
--- a/images/hooks/pkg/hooks/generate-secret-for-dvcr/hook.go
+++ b/images/hooks/pkg/hooks/generate-secret-for-dvcr/hook.go
@@ -20,7 +20,6 @@ import (
 	"context"
 	"encoding/base64"
 	"fmt"
-	"hooks/pkg/settings"
 	"math/rand/v2"
 	"strings"
 	"time"
@@ -30,6 +29,7 @@ import (
 
 	"github.com/deckhouse/module-sdk/pkg"
 	"github.com/deckhouse/module-sdk/pkg/registry"
+	"github.com/deckhouse/virtualization/hooks/pkg/settings"
 )
 
 const (
diff --git a/images/hooks/pkg/hooks/install-vmclass-generic/hook.go b/images/hooks/pkg/hooks/install-vmclass-generic/hook.go
index dc46bb8dd1..4d9b544cd5 100644
--- a/images/hooks/pkg/hooks/install-vmclass-generic/hook.go
+++ b/images/hooks/pkg/hooks/install-vmclass-generic/hook.go
@@ -20,7 +20,6 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"hooks/pkg/settings"
 	"strings"
 	"time"
 
@@ -31,6 +30,7 @@ import (
 	"github.com/deckhouse/module-sdk/pkg"
 	"github.com/deckhouse/module-sdk/pkg/registry"
 	"github.com/deckhouse/virtualization/api/core/v1alpha2"
+	"github.com/deckhouse/virtualization/hooks/pkg/settings"
 )
 
 const (
diff --git a/images/hooks/pkg/hooks/migrate-virthandler-kvm-node-labels/hook.go b/images/hooks/pkg/hooks/migrate-virthandler-kvm-node-labels/hook.go
index fd680c38ea..9e865b1401 100644
--- a/images/hooks/pkg/hooks/migrate-virthandler-kvm-node-labels/hook.go
+++ b/images/hooks/pkg/hooks/migrate-virthandler-kvm-node-labels/hook.go
@@ -21,7 +21,6 @@ package migrate_virthandler_kvm_node_labels
 import (
 	"context"
 	"fmt"
-	"hooks/pkg/settings"
 	"strings"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -29,6 +28,7 @@ import (
 
 	"github.com/deckhouse/module-sdk/pkg"
 	"github.com/deckhouse/module-sdk/pkg/registry"
+	"github.com/deckhouse/virtualization/hooks/pkg/settings"
 )
 
 const (
diff --git a/images/hooks/pkg/hooks/parallel-outbound-migrations-per-node/hook.go b/images/hooks/pkg/hooks/parallel-outbound-migrations-per-node/hook.go
index 27fae88b07..582dd496eb 100644
--- a/images/hooks/pkg/hooks/parallel-outbound-migrations-per-node/hook.go
+++ b/images/hooks/pkg/hooks/parallel-outbound-migrations-per-node/hook.go
@@ -19,13 +19,13 @@ package parallel_outbound_migrations_per_node
 import (
 	"context"
 	"fmt"
-	"hooks/pkg/settings"
 	"strconv"
 
 	"k8s.io/utils/ptr"
 
 	"github.com/deckhouse/module-sdk/pkg"
 	"github.com/deckhouse/module-sdk/pkg/registry"
+	"github.com/deckhouse/virtualization/hooks/pkg/settings"
 )
 
 const (
diff --git a/images/hooks/pkg/hooks/tls-certificates-api-proxy/main.go b/images/hooks/pkg/hooks/tls-certificates-api-proxy/main.go
index 350d39f766..0ee01503de 100644
--- a/images/hooks/pkg/hooks/tls-certificates-api-proxy/main.go
+++ b/images/hooks/pkg/hooks/tls-certificates-api-proxy/main.go
@@ -18,12 +18,12 @@ package tls_certificates_api_proxy
 
 import (
 	"fmt"
-	"hooks/pkg/settings"
 
 	v1 "k8s.io/api/certificates/v1"
 
 	tlscertificate "github.com/deckhouse/module-sdk/common-hooks/tls-certificate"
 	"github.com/deckhouse/module-sdk/pkg"
+	"github.com/deckhouse/virtualization/hooks/pkg/settings"
 )
 
 var _ = tlscertificate.RegisterInternalTLSHookEM(tlscertificate.GenSelfSignedTLSHookConf{
diff --git a/images/hooks/pkg/hooks/tls-certificates-api/main.go b/images/hooks/pkg/hooks/tls-certificates-api/main.go
index 537cd1c61a..0038bcf943 100644
--- a/images/hooks/pkg/hooks/tls-certificates-api/main.go
+++ b/images/hooks/pkg/hooks/tls-certificates-api/main.go
@@ -18,9 +18,9 @@ package tls_certificates_api
 
 import (
 	"fmt"
-	"hooks/pkg/settings"
 
 	tlscertificate "github.com/deckhouse/module-sdk/common-hooks/tls-certificate"
+	"github.com/deckhouse/virtualization/hooks/pkg/settings"
 )
 
 var _ = tlscertificate.RegisterInternalTLSHookEM(tlscertificate.GenSelfSignedTLSHookConf{
diff --git a/images/hooks/pkg/hooks/tls-certificates-audit/hook.go b/images/hooks/pkg/hooks/tls-certificates-audit/hook.go
index 3bb1fe05d4..105085e718 100644
--- a/images/hooks/pkg/hooks/tls-certificates-audit/hook.go
+++ b/images/hooks/pkg/hooks/tls-certificates-audit/hook.go
@@ -12,11 +12,10 @@ import (
 	"context"
 	"fmt"
 
-	"hooks/pkg/settings"
-
 	tlscertificate "github.com/deckhouse/module-sdk/common-hooks/tls-certificate"
 	"github.com/deckhouse/module-sdk/pkg"
 	"github.com/deckhouse/module-sdk/pkg/registry"
+	"github.com/deckhouse/virtualization/hooks/pkg/settings"
 )
 
 var conf = tlscertificate.GenSelfSignedTLSHookConf{
diff --git a/images/hooks/pkg/hooks/tls-certificates-controller/hook.go b/images/hooks/pkg/hooks/tls-certificates-controller/hook.go
index 6251c166eb..9d8853d88f 100644
--- a/images/hooks/pkg/hooks/tls-certificates-controller/hook.go
+++ b/images/hooks/pkg/hooks/tls-certificates-controller/hook.go
@@ -18,9 +18,9 @@ package tls_certificates_controller
 
 import (
 	"fmt"
-	"hooks/pkg/settings"
 
 	tlscertificate "github.com/deckhouse/module-sdk/common-hooks/tls-certificate"
+	"github.com/deckhouse/virtualization/hooks/pkg/settings"
 )
 
 var _ = tlscertificate.RegisterInternalTLSHookEM(tlscertificate.GenSelfSignedTLSHookConf{
diff --git a/images/hooks/pkg/hooks/tls-certificates-dvcr/hook.go b/images/hooks/pkg/hooks/tls-certificates-dvcr/hook.go
index e2e13368c3..58f135e741 100644
--- a/images/hooks/pkg/hooks/tls-certificates-dvcr/hook.go
+++ b/images/hooks/pkg/hooks/tls-certificates-dvcr/hook.go
@@ -18,12 +18,12 @@ package tls_certificates_dvcr
 
 import (
 	"fmt"
-	"hooks/pkg/settings"
 
 	"github.com/tidwall/gjson"
 
 	tlscertificate "github.com/deckhouse/module-sdk/common-hooks/tls-certificate"
 	"github.com/deckhouse/module-sdk/pkg"
+	"github.com/deckhouse/virtualization/hooks/pkg/settings"
 )
 
 func dvcrGetServiceIP(input *pkg.HookInput) gjson.Result {
diff --git a/images/hooks/pkg/hooks/validate-module-config/hook.go b/images/hooks/pkg/hooks/validate-module-config/hook.go
index 06040cc27d..76efe20aa6 100644
--- a/images/hooks/pkg/hooks/validate-module-config/hook.go
+++ b/images/hooks/pkg/hooks/validate-module-config/hook.go
@@ -19,7 +19,6 @@ package validate_module_config
 import (
 	"context"
 	"fmt"
-	"hooks/pkg/settings"
 	"net/netip"
 
 	corev1 "k8s.io/api/core/v1"
@@ -29,6 +28,7 @@ import (
 	"github.com/deckhouse/module-sdk/pkg/registry"
 	"github.com/deckhouse/virtualization-controller/pkg/controller/moduleconfig"
 	mcapi "github.com/deckhouse/virtualization-controller/pkg/controller/moduleconfig/api"
+	"github.com/deckhouse/virtualization/hooks/pkg/settings"
 )
 
 const (
diff --git a/images/hooks/pkg/hooks/validate-module-config/hook_test.go b/images/hooks/pkg/hooks/validate-module-config/hook_test.go
index 24f5d23f49..0ee69ad562 100644
--- a/images/hooks/pkg/hooks/validate-module-config/hook_test.go
+++ b/images/hooks/pkg/hooks/validate-module-config/hook_test.go
@@ -19,7 +19,6 @@ package validate_module_config
 import (
 	"context"
 	"encoding/json"
-	"hooks/pkg/settings"
 	"testing"
 
 	. "github.com/onsi/ginkgo/v2"
@@ -31,6 +30,7 @@ import (
 	"github.com/deckhouse/module-sdk/pkg"
 	"github.com/deckhouse/module-sdk/testing/mock"
 	mcapi "github.com/deckhouse/virtualization-controller/pkg/controller/moduleconfig/api"
+	"github.com/deckhouse/virtualization/hooks/pkg/settings"
 )
 
 func TestValidateModuleConfig(t *testing.T) {
diff --git a/images/hooks/pkg/readiness/probe.go b/images/hooks/pkg/readiness/probe.go
index 57a637f1d3..ba0478ac3c 100644
--- a/images/hooks/pkg/readiness/probe.go
+++ b/images/hooks/pkg/readiness/probe.go
@@ -19,10 +19,10 @@ package readiness
 import (
 	"context"
 	"fmt"
-	"hooks/pkg/settings"
 
 	"github.com/deckhouse/module-sdk/pkg"
 	"github.com/deckhouse/module-sdk/pkg/app"
+	"github.com/deckhouse/virtualization/hooks/pkg/settings"
 )
 
 var ReadinessConfig = app.ReadinessConfig{
diff --git a/test/performance/tools/shatal/.golangci.yaml b/test/performance/tools/shatal/.golangci.yaml
index 1be21e2a37..41db9929a5 100644
--- a/test/performance/tools/shatal/.golangci.yaml
+++ b/test/performance/tools/shatal/.golangci.yaml
@@ -1,100 +1,61 @@
+# https://golangci-lint.run/usage/configuration/
+version: "2"
+
 run:
   concurrency: 4
   timeout: 10m
+
 issues:
   # Show all errors.
   max-issues-per-linter: 0
   max-same-issues: 0
   exclude:
     - "don't use an underscore in package name"
+
 output:
   sort-results: true
 
-exclude-files:
-  - "^zz_generated.*"
+exclusions:
+  paths:
+    - "^zz_generated.*"
 
-linters-settings:
-  gofumpt:
-    extra-rules: true
-  gci:
-    sections:
-      - standard
-      - default
-      - prefix(github.com/deckhouse/)
-  goimports:
-    local-prefixes: github.com/deckhouse/
-  errcheck:
-    exclude-functions: fmt:.*,[rR]ead|[wW]rite|[cC]lose,io:Copy
-  revive:
-    rules:
-      - name: dot-imports
-        disabled: true
-  nolintlint:
-    # Exclude following linters from requiring an explanation.
-    # Default: []
-    allow-no-explanation: [funlen, gocognit, lll]
-    # Enable to require an explanation of nonzero length after each nolint directive.
-    # Default: false
-    require-explanation: true
-    # Enable to require nolint directives to mention the specific linter being suppressed.
-    # Default: false
-    require-specific: true
-  importas:
-    # Do not allow unaliased imports of aliased packages.
-    # Default: false
-    no-unaliased: true
-    # Do not allow non-required aliases.
-    # Default: false
-    no-extra-aliases: false
-    # List of aliases
-    # Default: []
-    alias:
-      - pkg: github.com/deckhouse/virtualization/api/core/v1alpha2
-        alias: ""
-      - pkg: github.com/deckhouse/virtualization/api/subresources/v1alpha2
-        alias: subv1alpha2
-      - pkg: kubevirt.io/api/core/v1
-        alias: virtv1
-      - pkg: k8s.io/api/core/v1
-        alias: corev1
-      - pkg: k8s.io/api/authentication/v1
-        alias: authnv1
-      - pkg: k8s.io/api/storage/v1
-        alias: storagev1
-      - pkg: k8s.io/api/networking/v1
-        alias: netv1
-      - pkg: k8s.io/api/policy/v1
-        alias: policyv1
-      - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
-        alias: metav1
+formatters:
+  enable:
+    - gci
+    - gofmt
+    - gofumpt
+    - goimports
+  settings:
+    gci:
+      sections:
+        - standard
+        - default
+        - prefix(github.com/deckhouse/)
+    gofumpt:
+      extra-rules: true
+    goimports:
+      local-prefixes: github.com/deckhouse/
 
 linters:
-  disable-all: true
+  default: none
   enable:
     - asciicheck # checks that your code does not contain non-ASCII identifiers
     - bidichk # checks for dangerous unicode character sequences
     - bodyclose # checks whether HTTP response body is closed successfully
-    - contextcheck # [maby too many false positives] checks the function whether use a non-inherited context
+    - contextcheck # [maybe too many false positives] checks the function whether use a non-inherited context
     - dogsled # checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
     - errcheck # checking for unchecked errors, these unchecked errors can be critical bugs in some cases
     - errname # checks that sentinel errors are prefixed with the Err and error types are suffixed with the Error
     - errorlint # finds code that will cause problems with the error wrapping scheme introduced in Go 1.13
     - copyloopvar # detects places where loop variables are copied (Go 1.22+)
-    - gci # controls golang package import order and makes it always deterministic
     - gocritic # provides diagnostics that check for bugs, performance and style issues
-    - gofmt # [replaced by goimports] checks whether code was gofmt-ed
-    - gofumpt # [replaced by goimports, gofumports is not available yet] checks whether code was gofumpt-ed
-    - goimports # in addition to fixing imports, goimports also formats your code in the same style as gofmt
-    - gosimple # specializes in simplifying a code
     - govet # reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
     - ineffassign # detects when assignments to existing variables are not used
     - misspell # finds commonly misspelled English words in comments
     - nolintlint # reports ill-formed or insufficient nolint directives
-    - reassign # Checks that package variables are not reassigned.
+    - reassign # checks that package variables are not reassigned
     - revive # fast, configurable, extensible, flexible, and beautiful linter for Go, drop-in replacement of golint
-    - stylecheck # is a replacement for golint
     - staticcheck # is a go vet on steroids, applying a ton of static analysis checks
-    - typecheck # like the front-end of a Go compiler, parses and type-checks Go code
     - testifylint # checks usage of github.com/stretchr/testify
     - unconvert # removes unnecessary type conversions
     - unparam # reports unused function parameters
@@ -104,5 +65,68 @@ linters:
     - thelper # detects golang test helpers without t.Helper() call and checks the consistency of test helpers
     - tparallel # detects inappropriate usage of t.Parallel() method in your Go test codes
     - whitespace # detects leading and trailing whitespace
-    - wastedassign # Finds wasted assignment statements.
+    - wastedassign # finds wasted assignment statements
     - importas # checks import aliases against the configured convention
+  settings:
+    errcheck:
+      exclude-functions:
+        - "(*os.File).Close"
+        - "(*net.TCPConn).Close"
+        - "(io.ReadCloser).Close"
+        - "(net.Listener).Close"
+        - "(net.Conn).Close"
+        - "(net.Conn).Close"
+        - "(*golang.org/x/crypto/ssh.Session).Close"
+        - "(*github.com/fsnotify/fsnotify.Watcher).Close"
+    staticcheck:
+      dot-import-whitelist:
+        - github.com/onsi/ginkgo/v2
+        - github.com/onsi/gomega
+    revive:
+      rules:
+        - name: dot-imports
+          disabled: true
+        - name: exported
+          disabled: true
+        - name: package-comments
+          disabled: true
+    nolintlint:
+      # Exclude following linters from requiring an explanation.
+      # Default: []
+      allow-no-explanation: [funlen, gocognit, lll]
+      # Enable to require an explanation of nonzero length after each nolint directive.
+      # Default: false
+      require-explanation: true
+      # Enable to require nolint directives to mention the specific linter being suppressed.
+      # Default: false
+      require-specific: true
+    importas:
+      # Do not allow unaliased imports of aliased packages.
+      # Default: false
+      no-unaliased: true
+      # Do not allow non-required aliases.
+      # Default: false
+      no-extra-aliases: false
+      # List of aliases
+      # Default: []
+      alias:
+        - pkg: github.com/deckhouse/virtualization/api/core/v1alpha2
+          alias: ""
+        - pkg: github.com/deckhouse/virtualization/api/subresources/v1alpha2
+          alias: subv1alpha2
+        - pkg: kubevirt.io/api/core/v1
+          alias: virtv1
+        - pkg: k8s.io/api/core/v1
+          alias: corev1
+        - pkg: k8s.io/api/authentication/v1
+          alias: authnv1
+        - pkg: k8s.io/api/storage/v1
+          alias: storagev1
+        - pkg: k8s.io/api/networking/v1
+          alias: netv1
+        - pkg: k8s.io/api/policy/v1
+          alias: policyv1
+        - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
+          alias: metav1
+        - pkg: k8s.io/api/resource/v1
+          alias: resourcev1
diff --git a/tools/addlicense/.golangci.yaml b/tools/addlicense/.golangci.yaml
index f3105263a9..41db9929a5 100644
--- a/tools/addlicense/.golangci.yaml
+++ b/tools/addlicense/.golangci.yaml
@@ -1,52 +1,132 @@
+# https://golangci-lint.run/usage/configuration/
+version: "2"
+
 run:
   concurrency: 4
-  timeout: 2m
-  exclude-dirs:
-    - docs
-    - scripts
-
-linters-settings:
-  gofumpt:
-    extra-rules: true
-  gci:
-    sections:
-      - standard
-      - default
-  gocritic:
-    disabled-checks:
-      - ifElseChain
-  errorlint:
-    comparison: false
-    asserts: false
-  errcheck:
-    igexclude-functions: fmt:.*,[rR]ead|[wW]rite|[cC]lose,io:Copy
-
-linters:
-  disable-all: true
-  enable:
-    # Default linters.
-    - ineffassign
-    - typecheck
-    - unused
-
-    # Extra linters.
-    - asciicheck
-    - bidichk
-    - bodyclose
-    - errname
-    - errorlint
-    - copyloopvar
-    - gci
-    - gocritic
-    - gofumpt
-    - misspell
-    - nolintlint
+  timeout: 10m
 
 issues:
   # Show all errors.
   max-issues-per-linter: 0
   max-same-issues: 0
-
   exclude:
-    # TODO use %w in the future.
-    - "non-wrapping format verb for fmt.Errorf" # errorlint
+    - "don't use an underscore in package name"
+
+output:
+  sort-results: true
+
+exclusions:
+  paths:
+    - "^zz_generated.*"
+
+formatters:
+  enable:
+    - gci
+    - gofmt
+    - gofumpt
+    - goimports
+  settings:
+    gci:
+      sections:
+        - standard
+        - default
+        - prefix(github.com/deckhouse/)
+    gofumpt:
+      extra-rules: true
+    goimports:
+      local-prefixes: github.com/deckhouse/
+
+linters:
+  default: none
+  enable:
+    - asciicheck # checks that your code does not contain non-ASCII identifiers
+    - bidichk # checks for dangerous unicode character sequences
+    - bodyclose # checks whether HTTP response body is closed successfully
+    - contextcheck # [maybe too many false positives] checks the function whether use a non-inherited context
+    - dogsled # checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
+    - errcheck # checking for unchecked errors, these unchecked errors can be critical bugs in some cases
+    - errname # checks that sentinel errors are prefixed with the Err and error types are suffixed with the Error
+    - errorlint # finds code that will cause problems with the error wrapping scheme introduced in Go 1.13
+    - copyloopvar # detects places where loop variables are copied (Go 1.22+)
+    - gocritic # provides diagnostics that check for bugs, performance and style issues
+    - govet # reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
+    - ineffassign # detects when assignments to existing variables are not used
+    - misspell # finds commonly misspelled English words in comments
+    - nolintlint # reports ill-formed or insufficient nolint directives
+    - reassign # checks that package variables are not reassigned
+    - revive # fast, configurable, extensible, flexible, and beautiful linter for Go, drop-in replacement of golint
+    - staticcheck # is a go vet on steroids, applying a ton of static analysis checks
+    - testifylint # checks usage of github.com/stretchr/testify
+    - unconvert # removes unnecessary type conversions
+    - unparam # reports unused function parameters
+    - unused # checks for unused constants, variables, functions and types
+    - usetesting # reports uses of functions with replacement inside the testing package
+    - testableexamples # checks if examples are testable (have an expected output)
+    - thelper # detects golang test helpers without t.Helper() call and checks the consistency of test helpers
+    - tparallel # detects inappropriate usage of t.Parallel() method in your Go test codes
+    - whitespace # detects leading and trailing whitespace
+    - wastedassign # finds wasted assignment statements
+    - importas # checks import aliases against the configured convention
+  settings:
+    errcheck:
+      exclude-functions:
+        - "(*os.File).Close"
+        - "(*net.TCPConn).Close"
+        - "(io.ReadCloser).Close"
+        - "(net.Listener).Close"
+        - "(net.Conn).Close"
+        - "(net.Conn).Close"
+        - "(*golang.org/x/crypto/ssh.Session).Close"
+        - "(*github.com/fsnotify/fsnotify.Watcher).Close"
+    staticcheck:
+      dot-import-whitelist:
+        - github.com/onsi/ginkgo/v2
+        - github.com/onsi/gomega
+    revive:
+      rules:
+        - name: dot-imports
+          disabled: true
+        - name: exported
+          disabled: true
+        - name: package-comments
+          disabled: true
+    nolintlint:
+      # Exclude following linters from requiring an explanation.
+      # Default: []
+      allow-no-explanation: [funlen, gocognit, lll]
+      # Enable to require an explanation of nonzero length after each nolint directive.
+      # Default: false
+      require-explanation: true
+      # Enable to require nolint directives to mention the specific linter being suppressed.
+      # Default: false
+      require-specific: true
+    importas:
+      # Do not allow unaliased imports of aliased packages.
+      # Default: false
+      no-unaliased: true
+      # Do not allow non-required aliases.
+      # Default: false
+      no-extra-aliases: false
+      # List of aliases
+      # Default: []
+      alias:
+        - pkg: github.com/deckhouse/virtualization/api/core/v1alpha2
+          alias: ""
+        - pkg: github.com/deckhouse/virtualization/api/subresources/v1alpha2
+          alias: subv1alpha2
+        - pkg: kubevirt.io/api/core/v1
+          alias: virtv1
+        - pkg: k8s.io/api/core/v1
+          alias: corev1
+        - pkg: k8s.io/api/authentication/v1
+          alias: authnv1
+        - pkg: k8s.io/api/storage/v1
+          alias: storagev1
+        - pkg: k8s.io/api/networking/v1
+          alias: netv1
+        - pkg: k8s.io/api/policy/v1
+          alias: policyv1
+        - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
+          alias: metav1
+        - pkg: k8s.io/api/resource/v1
+          alias: resourcev1

From 1855ed8a377fdff4b7449ef9ed7d94dde52fbe64 Mon Sep 17 00:00:00 2001
From: Dmitry Lopatin <dmitry.lopatin@flant.com>
Date: Thu, 16 Apr 2026 15:04:50 +0300
Subject: [PATCH 4/4] wip

Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
---
 build/components/versions.yml                | 4 ++--
 images/virtualization-artifact/Taskfile.yaml | 5 +----
 tools/addlicense/addlicense_test.go          | 2 +-
 3 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/build/components/versions.yml b/build/components/versions.yml
index 68f4e9ce1c..e2c1ad7ca6 100644
--- a/build/components/versions.yml
+++ b/build/components/versions.yml
@@ -3,8 +3,8 @@ firmware:
   libvirt: v10.9.0
   edk2: stable202411
 core:
-  3p-kubevirt: v1.6.2-v12n.20
-  3p-containerized-data-importer: v1.60.3-v12n.18
+  3p-kubevirt: v1.6.2-v12n.12.3
+  3p-containerized-data-importer: v1.60.3-v12n.15.1
   distribution: 2.8.3
 package:
   acl: v2.3.1
diff --git a/images/virtualization-artifact/Taskfile.yaml b/images/virtualization-artifact/Taskfile.yaml
index e167e48f57..fb254e3ddd 100644
--- a/images/virtualization-artifact/Taskfile.yaml
+++ b/images/virtualization-artifact/Taskfile.yaml
@@ -65,10 +65,7 @@ tasks:
       - _ensure:golangci-lint
     cmds:
       - |
-        export TMPDIR="$PWD/.tmp"
-        export GOTMPDIR="$PWD/.tmp"
-        mkdir -p "$TMPDIR"
-        golangci-lint run --allow-parallel-runners
+        golangci-lint run
 
   mirrord:run:controller:
     desc: "Run local virtualization-controller in cluster using a mirrord"
diff --git a/tools/addlicense/addlicense_test.go b/tools/addlicense/addlicense_test.go
index 8a29c8eb06..fe17b4d45e 100644
--- a/tools/addlicense/addlicense_test.go
+++ b/tools/addlicense/addlicense_test.go
@@ -214,7 +214,7 @@ print("Hello")
 	for _, c := range validCases {
 		t.Run(c.title, func(t *testing.T) {
 			res := CELicenseRe.MatchString(c.content)
-			require.Equal(t, true, res)
+			require.True(t, res)
 
 			if !res {
 				t.Errorf("should detect license")