From fac7261cfc41958a244530ad4d894e356da5ea9e Mon Sep 17 00:00:00 2001
From: Dmitry Lopatin <dmitry.lopatin@flant.com>
Date: Fri, 27 Mar 2026 16:09:35 +0300
Subject: [PATCH 1/3] chore(core): cve mitigation in CSE

Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
---
 .../dev_module_build-and-registration.yml     |   2 +-
 .github/workflows/dev_module_build.yml        |   8 +-
 .github/workflows/dev_validation.yaml         |   8 +-
 api/client/examples/cancel-evacuation/go.mod  |   2 +-
 api/client/examples/list-resources/go.mod     |   2 +-
 api/go.mod                                    |   2 +-
 build/base-images/deckhouse_images.yml        | 632 +++++++++---------
 build/components/versions.yml                 |   4 +-
 images/base-alt-p11-binaries/werf.inc.yaml    |   3 +
 images/bounder/werf.inc.yaml                  |   2 +-
 images/cdi-artifact/werf.inc.yaml             |   4 +-
 images/cdi-cloner/werf.inc.yaml               |   2 +-
 images/debuger/werf.inc.yaml                  |   8 +-
 images/distroless/werf.inc.yaml               |   2 +-
 images/dvcr-artifact/Taskfile.dist.yaml       |   2 +-
 images/dvcr-artifact/go.mod                   |  50 +-
 images/dvcr-artifact/go.sum                   | 107 +--
 images/dvcr-artifact/werf.inc.yaml            |   2 +-
 images/dvcr/werf.inc.yaml                     |   2 +-
 images/hooks/go.mod                           |  28 +-
 images/hooks/go.sum                           |  36 +-
 images/hooks/werf.inc.yaml                    |   2 +-
 images/kube-api-rewriter/go.mod               |   2 +-
 images/kube-api-rewriter/werf.inc.yaml        |   2 +-
 images/libvirt/werf.inc.yaml                  |   2 +-
 images/packages/swtpm/werf.inc.yaml           |   2 +-
 images/pre-delete-hook/go.mod                 |   2 +-
 images/pre-delete-hook/werf.inc.yaml          |   2 +-
 images/qemu/werf.inc.yaml                     |   2 +-
 images/virt-artifact/werf.inc.yaml            |   2 +-
 images/virt-launcher/node-labeller/go.mod     |   2 +-
 images/virt-launcher/vlctl/go.mod             |  18 +-
 images/virt-launcher/vlctl/go.sum             |  94 ++-
 images/virt-launcher/werf.inc.yaml            |   4 +-
 .../Taskfile.init.yaml                        |   4 +-
 images/virtualization-artifact/go.mod         |  49 +-
 images/virtualization-artifact/go.sum         |  85 ++-
 images/virtualization-artifact/werf.inc.yaml  |   2 +-
 images/vm-route-forge/Taskfile.yaml           |   2 +-
 images/vm-route-forge/go.mod                  |  14 +-
 images/vm-route-forge/go.sum                  |  28 +-
 images/vm-route-forge/werf.inc.yaml           |   2 +-
 src/cli/go.mod                                |   2 +-
 tests/e2e/Taskfile.yaml                       |   2 +-
 tests/e2e/go.mod                              |  20 +-
 tests/e2e/go.sum                              |  39 +-
 tests/performance/shatal/go.mod               |   2 +-
 47 files changed, 702 insertions(+), 593 deletions(-)

diff --git a/.github/workflows/dev_module_build-and-registration.yml b/.github/workflows/dev_module_build-and-registration.yml
index ab5a89c2b9..c887e2c1f4 100644
--- a/.github/workflows/dev_module_build-and-registration.yml
+++ b/.github/workflows/dev_module_build-and-registration.yml
@@ -25,7 +25,7 @@ env:
   MODULES_MODULE_TAG: ${{ github.event.inputs.tag }}
   SOURCE_REPO: "${{secrets.SOURCE_REPO}}"
   SOURCE_REPO_GIT: "${{secrets.SOURCE_REPO_GIT}}"
-  GO_VERSION: "1.24.13"
+  GO_VERSION: "1.25.8"
   MODULE_EDITION: "EE"
 
 on:
diff --git a/.github/workflows/dev_module_build.yml b/.github/workflows/dev_module_build.yml
index 932b04d42b..9453557392 100644
--- a/.github/workflows/dev_module_build.yml
+++ b/.github/workflows/dev_module_build.yml
@@ -21,8 +21,8 @@ env:
   MODULES_MODULE_SOURCE: ${{ vars.DEV_MODULE_SOURCE }}
   MODULES_REGISTRY_LOGIN: ${{ vars.DEV_MODULES_REGISTRY_LOGIN }}
   MODULES_REGISTRY_PASSWORD: ${{ secrets.DEV_MODULES_REGISTRY_PASSWORD }}
-  GO_VERSION: "1.24.13"
-  GOLANGCI_LINT_VERSION: "1.64.8"
+  GO_VERSION: "1.25.8"
+  GOLANGCI_LINT_VERSION: "2.11.1"
   SOURCE_REPO: "${{secrets.SOURCE_REPO}}"
   SOURCE_REPO_GIT: "${{secrets.SOURCE_REPO_GIT}}"
   TRIVY_DISABLE_VEX_NOTICE: "true"
@@ -255,11 +255,11 @@ jobs:
             find_errors=0
             cd "$dir" || { echo "::error::Failed to access directory $dir"; continue; }
 
-            if ! output=$(golangci-lint run --sort-results); then
+            if ! output=$(golangci-lint run); then
               error_count=$(( error_count + 1 ))
               echo "::group::📂 Linting directory ❌: $dir"
               echo -e "❌ Errors:\n$output\n"
-              golangci-lint run --sort-results || true
+              golangci-lint run || true
             else
               echo "::group::📂 Linting directory ✅: $dir"
               echo -e "✅ All check passed\n"
diff --git a/.github/workflows/dev_validation.yaml b/.github/workflows/dev_validation.yaml
index 526b1ccaaf..081d6a4f12 100644
--- a/.github/workflows/dev_validation.yaml
+++ b/.github/workflows/dev_validation.yaml
@@ -15,7 +15,7 @@
 name: Validations
 
 env:
-  GO_VERSION: "1.24.13"
+  GO_VERSION: "1.25.8"
 on:
   pull_request:
     types: [opened, synchronize, labeled, unlabeled]
@@ -158,9 +158,9 @@ jobs:
       matrix:
         # Define two groups of components with their respective Go versions
         components:
-          - { component: virtualization-artifact, go-version: "1.24.13" }
-          - { component: vm-route-forge, go-version: "1.24.13" }
-          - { component: api, go-version: "1.24.13" }
+          - { component: virtualization-artifact, go-version: "1.25.8" }
+          - { component: vm-route-forge, go-version: "1.25.8" }
+          - { component: api, go-version: "1.25.8" }
 
     steps:
       - name: Set skip flag
diff --git a/api/client/examples/cancel-evacuation/go.mod b/api/client/examples/cancel-evacuation/go.mod
index b7a851ed9a..06b78b19e8 100644
--- a/api/client/examples/cancel-evacuation/go.mod
+++ b/api/client/examples/cancel-evacuation/go.mod
@@ -2,7 +2,7 @@ module github.com/deckhouse/virtualization/api/client/examples/cancel-evacuation
 
 replace github.com/deckhouse/virtualization/api => ./../../../../api
 
-go 1.24.13
+go 1.25.8
 
 require (
 	github.com/deckhouse/virtualization/api v0.0.0-00010101000000-000000000000
diff --git a/api/client/examples/list-resources/go.mod b/api/client/examples/list-resources/go.mod
index 50fbe71515..5969714c74 100644
--- a/api/client/examples/list-resources/go.mod
+++ b/api/client/examples/list-resources/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/virtualization/api/client/examples/list-resources
 
-go 1.24.13
+go 1.25.8
 
 require (
 	github.com/deckhouse/virtualization/api v0.0.0-20240322104947-2d492906a8b2
diff --git a/api/go.mod b/api/go.mod
index 9e58dc7906..85d0f72e26 100644
--- a/api/go.mod
+++ b/api/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/virtualization/api
 
-go 1.24.13
+go 1.25.8
 
 tool (
 	k8s.io/code-generator
diff --git a/build/base-images/deckhouse_images.yml b/build/base-images/deckhouse_images.yml
index 38b6764d64..6d8eafb356 100644
--- a/build/base-images/deckhouse_images.yml
+++ b/build/base-images/deckhouse_images.yml
@@ -1,319 +1,323 @@
-# version=v0.5.55
+# version=v0.5.64
 # REGISTRY_PATH is a special key which is concatenated with other base images
-REGISTRY_PATH: registry.deckhouse.ru/base_images
-
-# ommon-go-build.tmpl -> ../../modules/990-observability/.werf/defines/common-go-build.tmpl после обновления можно убрать
-builder/alt-go-svace-2025-05-31: "sha256:c7273a31d00fcf5b4ba1827dea9079a4edd4b9cf194119c648178fcd458d6c2f" # fromImage: builder/golang-alt-svace-1.24
-
-# modules/650-runtime-audit-engine после обновления можно убрать
-builder/alt-go-svace: "sha256:09bbd461f14cab1e697d73d6cb77b7644f538863d848ea0c1ab474bf43514f60" # fromImage: builder/golang-alt-svace-1.25
-
-# backport version=v0.5.55
-base/distroless: "sha256:5cd4bb0e0a50c10524589fc26cc687bcc9bdd25019a9f66af5a00890115ad04f" # from: builder/scratch
-base/nginx-release-1.28.0: "sha256:9aaabbd54f2740c54a348d553b3c2902d1b9d6b5d3241471e19175d2cc718680" # from: tools/nginx-release-1.28.0
-base/nginx: "sha256:9aaabbd54f2740c54a348d553b3c2902d1b9d6b5d3241471e19175d2cc718680" # from: tools/nginx-release-1.28.0
-base/python: "sha256:026270f37eec801ae8f75a28aee6e670ae878b5c63fdf20fb3764deed57b9611" # from: builder/scratch
-base/python-v3.12.12: "sha256:026270f37eec801ae8f75a28aee6e670ae878b5c63fdf20fb3764deed57b9611" # from: builder/scratch
-base/redis-7.4.5: "sha256:71661a993885bc50df31de202332454ceb9e0d4cccab6217ca8f8ab9c1481366" # from: builder/scratch
-base/redis-7.4.7: "sha256:bee636c6483834c4cdea2f3dec29c543a6a8dfd604584f718ff0061eab85baa6" # from: builder/scratch
-base/redis: "sha256:bee636c6483834c4cdea2f3dec29c543a6a8dfd604584f718ff0061eab85baa6" # from: builder/scratch
-base/ruby-bundler: "sha256:0017d8101fd03cb6c85ac69ea4916a03b9f56999c71205f1bfced7b5e26d8a4c" # from: builder/alpine
-base/ruby-bundler-v3_4_7: "sha256:0017d8101fd03cb6c85ac69ea4916a03b9f56999c71205f1bfced7b5e26d8a4c" # from: builder/alpine
-base/ruby: "sha256:147a2bfa5ae63e2a83d647c0204bef9b1d1b37b223d2c6090c5d5abd2096878a" # from: base/distroless
-base/ruby-v3_4_7: "sha256:147a2bfa5ae63e2a83d647c0204bef9b1d1b37b223d2c6090c5d5abd2096878a" # from: base/distroless
+REGISTRY_PATH: registry.deckhouse.io/base_images
+base/distroless: "sha256:9b74f52a191b90ceeba64b8c11dfd1ae054a82dbd360d4df6530637f60707bf7" # from: builder/scratch
+base/nginx-release-1.28.0: "sha256:305a6086dbeba19f9a7d3bb65636680112bb3538dde961edc52c6af8ee8891cd" # from: tools/nginx-release-1.28.0
+base/nginx: "sha256:305a6086dbeba19f9a7d3bb65636680112bb3538dde961edc52c6af8ee8891cd" # from: tools/nginx-release-1.28.0
+base/python: "sha256:459f2773c568d992759c6c4a6b54cd692e15dcca716f3ca20879973efbef2bbb" # from: builder/scratch
+base/python-v3.12.12: "sha256:459f2773c568d992759c6c4a6b54cd692e15dcca716f3ca20879973efbef2bbb" # from: builder/scratch
+base/redis-7.4.5: "sha256:8a9ed1dfaa235e34887388b8d28ec62c243bbf01eb83f5f84370fc98bcdc1911" # from: builder/scratch
+base/redis-7.4.7: "sha256:27a2b389e378c466012e9a75008e80fa9de125f092dbd7e48d8a962ed377834b" # from: builder/scratch
+base/redis: "sha256:27a2b389e378c466012e9a75008e80fa9de125f092dbd7e48d8a962ed377834b" # from: builder/scratch
+base/ruby-bundler: "sha256:8e2b58fbc7767edfddc1b9f0f3f26931518934e68e20d84d4de4d238bb2f8a77" # from: builder/alpine
+base/ruby-bundler-v3_4_9: "sha256:8e2b58fbc7767edfddc1b9f0f3f26931518934e68e20d84d4de4d238bb2f8a77" # from: builder/alpine
+base/ruby: "sha256:4e931fab3a0dbcc8d9880461ef2199b80c81b989b0a581df8062d700c7458f58" # from: base/distroless
+base/ruby-v3_4_9: "sha256:4e931fab3a0dbcc8d9880461ef2199b80c81b989b0a581df8062d700c7458f58" # from: base/distroless
 base/scratch: "sha256:cfac1c6b53f9365ee59ffe94c90211253f2a85ece372a6a9dfad61f4e0ab0bea" # from: builder/scratch
-base/shell-operator: "sha256:c7176f7ad676d3d3155a2813b4f2e3d9a7469a2fa9a08126eb434e69dc57b782" # from: builder/scratch
-base/shell-operator-v1.9.3: "sha256:c7176f7ad676d3d3155a2813b4f2e3d9a7469a2fa9a08126eb434e69dc57b782" # from: builder/scratch
-builder/alpine-3.21: "sha256:246f2091837b004c5b7728f3a9fbdb5f63f599770a85b83122bc53326d7eaa51" # from: alpine:3.21.5
+base/shell-operator: "sha256:c25edaaebc0e5ed0a95370e0d3589d7eed39d583c95c1b70e8da3f84898d3428" # from: builder/scratch
+base/shell-operator-v1.14.3: "sha256:c25edaaebc0e5ed0a95370e0d3589d7eed39d583c95c1b70e8da3f84898d3428" # from: builder/scratch
+builder/alpine-3.21: "sha256:924f440a8693883b9317f3fe5ab34431f711c08dcc9f61ac4ac4dd3cca4ff3f5" # from: alpine:3.21.5
 builder/alpine-3.22: "sha256:2ffd38fd342a64e79ed28cf52d71216bf119b28d96b9871184acfea672a7acc8" # from: alpine:3.22.2
 builder/alpine: "sha256:2ffd38fd342a64e79ed28cf52d71216bf119b28d96b9871184acfea672a7acc8" # from: alpine:3.22.2
-builder/alpine-svace-3.21: "sha256:d24e9e1897bfd33b550377d121af2ad701328ff0eeec509090a209ed405984c8" # from: builder/alpine-3.21
-builder/alpine-svace-3.22: "sha256:f318567c3fd8336495f5e275ae51ef5616e9428053c060866a8595f76e84567e" # from: builder/alpine-3.22
-builder/alpine-svace: "sha256:f318567c3fd8336495f5e275ae51ef5616e9428053c060866a8595f76e84567e" # from: builder/alpine-3.22
-builder/alt-2026-02-07: "sha256:7791565e23a6945aea87cec65d4dec288ba5853cf0b0089b09081bc82951dbe3" # from: registry.altlinux.org/p11/alt:20250625
-builder/alt: "sha256:7791565e23a6945aea87cec65d4dec288ba5853cf0b0089b09081bc82951dbe3" # from: registry.altlinux.org/p11/alt:20250625
-builder/debian-12.11-slim: "sha256:1f8cc64ce776da8df63ec4049dde01ac2bab3b65b85ce907c899342e4421fbcd" # from: debian:12.11-slim
-builder/debian: "sha256:3c1d3c4d417bd7431601f7d4129bb6a4f5fca07154fec546846dd0f5c583bf68" # from: debian:trixie-slim
-builder/debian-svace-12.11-slim: "sha256:b25f224fcdef2e26fe885196f17d6bf94da229d187c6f1d93914d1dcf829084c" # from: builder/debian-12.11-slim
-builder/debian-svace: "sha256:1ba0306a2dd104cb450fddfb21bc8a76b7d84c8dc1ac3aa4d5c6d8469fd5f07a" # from: builder/debian-trixie-slim
-builder/debian-svace-trixie-slim: "sha256:1ba0306a2dd104cb450fddfb21bc8a76b7d84c8dc1ac3aa4d5c6d8469fd5f07a" # from: builder/debian-trixie-slim
-builder/debian-trixie-slim: "sha256:3c1d3c4d417bd7431601f7d4129bb6a4f5fca07154fec546846dd0f5c583bf68" # from: debian:trixie-slim
-builder/golang-alpine-1.24: "sha256:32566cf941a031df35d4cb89823f3322526ee48d2d4699b0183f3a2268149e16" # from: builder/alpine
-builder/golang-alpine-1.25: "sha256:8942c65fbf29a0fd44d032cb58e98382bea3055bd19bb5517282d38d37c66ad2" # from: builder/alpine
-builder/golang-alpine: "sha256:8942c65fbf29a0fd44d032cb58e98382bea3055bd19bb5517282d38d37c66ad2" # from: builder/alpine
-builder/golang-alpine-svace-1.24: "sha256:76b6ac39f4d1fbb0bc0266f9ad98f29b72173e9e3cbc42c14f5365444a16dc03" # from: builder/golang-alpine-1.24
-builder/golang-alpine-svace-1.25: "sha256:95d200e85fd9a927ef4b3d266588aef7eae48a7249984afe5cdfc4cc1a129c8f" # from: builder/golang-alpine-1.25
-builder/golang-alpine-svace: "sha256:95d200e85fd9a927ef4b3d266588aef7eae48a7249984afe5cdfc4cc1a129c8f" # from: builder/golang-alpine-1.25
-builder/golang-alt-1.24: "sha256:639cf0a80b9e1ef08e8b5daaa611105dcef4bc6136ecf14a55a9fb5d038cfc37" # from: builder/alt
-builder/golang-alt-1.25: "sha256:fe8406a15434b9e453de7c022e0edf09ffd2bd1a59fa9678acf795859e6efc6d" # from: builder/alt
-builder/golang-alt: "sha256:fe8406a15434b9e453de7c022e0edf09ffd2bd1a59fa9678acf795859e6efc6d" # from: builder/alt
-builder/golang-alt-svace-1.24: "sha256:c7273a31d00fcf5b4ba1827dea9079a4edd4b9cf194119c648178fcd458d6c2f" # from: builder/golang-alt-1.24
-builder/golang-alt-svace-1.25: "sha256:09bbd461f14cab1e697d73d6cb77b7644f538863d848ea0c1ab474bf43514f60" # from: builder/golang-alt-1.25
-builder/golang-alt-svace: "sha256:09bbd461f14cab1e697d73d6cb77b7644f538863d848ea0c1ab474bf43514f60" # from: builder/golang-alt-1.25
-builder/golang-bookworm-1.24: "sha256:1c88f1db2d5f7d9772817469342f3556544a9b94cbe38a4f68448a6b83c36007" # from: golang:1.24.13-bookworm
-builder/golang-bookworm-1.25: "sha256:a1bab0365c4328100e80e450037912aa8641c406d965032808b7df5e2baec080" # from: golang:1.25.7-bookworm
-builder/golang-bookworm: "sha256:a1bab0365c4328100e80e450037912aa8641c406d965032808b7df5e2baec080" # from: golang:1.25.7-bookworm
-builder/golang-bookworm-svace-1.24: "sha256:d04e527a701ce88d908d3a56c929e8947d20642451a67ea1bc5545aa95583ae9" # from: builder/golang-bookworm-1.24
-builder/golang-bookworm-svace-1.25: "sha256:dc780ede5be332d9d8ff7dd72a25a64896a1a7f6cb0eddf56905dd2d67878951" # from: builder/golang-bookworm-1.25
-builder/golang-bookworm-svace: "sha256:dc780ede5be332d9d8ff7dd72a25a64896a1a7f6cb0eddf56905dd2d67878951" # from: builder/golang-bookworm-1.25
-builder/golang-bullseye-1.24: "sha256:38ad74c3c7830c587e549a76edd0d5e23edfb741e1a602f93e0c8b8b91056394" # from: golang:1.24.6-bullseye
-builder/golang-bullseye: "sha256:38ad74c3c7830c587e549a76edd0d5e23edfb741e1a602f93e0c8b8b91056394" # from: golang:1.24.6-bullseye
-builder/golang-gost-alpine-1.24: "sha256:66f2fba42b40340212df5304a66a219ee493e8f6b80f21490aab7b7950ce039b" # from: golang:1.24.13-alpine3.22
-builder/golang-gost-alpine-1.25: "sha256:7ae9075724b8ec3934fe05c70a063807854bf31db57f1c2cd1115080f075ffe1" # from: golang:1.25.7-alpine3.22
-builder/golang-gost-alpine: "sha256:7ae9075724b8ec3934fe05c70a063807854bf31db57f1c2cd1115080f075ffe1" # from: golang:1.25.7-alpine3.22
-builder/golang-gost-bookworm-1.24: "sha256:94869846cab626f99abd9d115d941a64d76324eca390b7a8c1ee22b95f054b3b" # from: golang:1.24.13-bookworm
-builder/golang-gost-bookworm-1.25: "sha256:d09adba26df7d179817b228ca1d92e8506887d1cba52b1d3c3e4a01e5a7933c5" # from: golang:1.25.7-bookworm
-builder/golang-gost-bookworm: "sha256:d09adba26df7d179817b228ca1d92e8506887d1cba52b1d3c3e4a01e5a7933c5" # from: golang:1.25.7-bookworm
-builder/golang-gost-bullseye-1.24: "sha256:04f45f0e73abc6115e3615a094d45be219188beed274fec321061a8c7d2be6a1" # from: golang:1.24.6-bullseye
-builder/golang-gost-bullseye: "sha256:04f45f0e73abc6115e3615a094d45be219188beed274fec321061a8c7d2be6a1" # from: golang:1.24.6-bullseye
-builder/node-alpine-22.16: "sha256:46006b550bb981ab23fc6cd9070a497c0741d7282b3aab2681feef36c6fd73c6" # from: node:22.16.0-alpine3.20
-builder/node-alpine-23.10: "sha256:bf25334120e31742566a810dc309264fd2b46b09c7856301fec67d0303d9cf20" # from: node:23.10.0-alpine3.20
-builder/node-alpine: "sha256:46006b550bb981ab23fc6cd9070a497c0741d7282b3aab2681feef36c6fd73c6" # from: node:22.16.0-alpine3.20
+builder/alpine-svace-3.21: "sha256:7a4b4b5505dd78ac51cfaecdcec5c8e58d4ac0d19b8eac10200c28a6b1e7a7cb" # from: builder/alpine-3.21
+builder/alpine-svace-3.22: "sha256:1fd0e9095f36623862fdcd409aeb9150b691f0b7a8e1d45f008f4a160fde299e" # from: builder/alpine-3.22
+builder/alpine-svace: "sha256:1fd0e9095f36623862fdcd409aeb9150b691f0b7a8e1d45f008f4a160fde299e" # from: builder/alpine-3.22
+builder/alt-2026-02-07: "sha256:d314d8b4ba1c431d1d1566bc736ebcb04c2e8e1c7fec6c2923122bcbcf5bcc04" # from: registry.altlinux.org/p11/alt:20250625
+builder/alt: "sha256:d314d8b4ba1c431d1d1566bc736ebcb04c2e8e1c7fec6c2923122bcbcf5bcc04" # from: registry.altlinux.org/p11/alt:20250625
+builder/debian-12.11-slim: "sha256:32e33c3566a56b85fb708d0e7d5895e260fcb4a2dd0130a3d26305ea146d8ef3" # from: debian:12.11-slim
+builder/debian: "sha256:cb1a802f2b79d201ed2a530c99b9fa0188187783c7c396ec40b9f458ab44d426" # from: debian:trixie-slim
+builder/debian-svace-12.11-slim: "sha256:98e479ded43836286664ed40ac9ba1c6fff714e7af3b7f539e399bd140030994" # from: builder/debian-12.11-slim
+builder/debian-svace: "sha256:efc4539ef4b04be27ff722d3182fc6b108fe9dec9904c3d066f38eba88ce52c8" # from: builder/debian-trixie-slim
+builder/debian-svace-trixie-slim: "sha256:efc4539ef4b04be27ff722d3182fc6b108fe9dec9904c3d066f38eba88ce52c8" # from: builder/debian-trixie-slim
+builder/debian-trixie-slim: "sha256:cb1a802f2b79d201ed2a530c99b9fa0188187783c7c396ec40b9f458ab44d426" # from: debian:trixie-slim
+builder/golang-alpine-1.24: "sha256:fc2b5185de5be4b0a37a43579ff080e4d061a83f4028056603b7f87e94c6ca7d" # from: builder/alpine
+builder/golang-alpine-1.25: "sha256:d3c6daab73d6a5234982cca1151129a513eb77c96e0e38f116ece308bf7c2495" # from: builder/alpine
+builder/golang-alpine: "sha256:d3c6daab73d6a5234982cca1151129a513eb77c96e0e38f116ece308bf7c2495" # from: builder/alpine
+builder/golang-alpine-svace-1.24: "sha256:4f456e3016bb66c97c4573e43336ad68a0bb1aedea731790aea80cc1332ef543" # from: builder/golang-alpine-1.24
+builder/golang-alpine-svace-1.25: "sha256:01bac5cddbd6fa22113902dc6a0bfe7dc0e99f6df07340d0d2514efc1d022391" # from: builder/golang-alpine-1.25
+builder/golang-alpine-svace: "sha256:01bac5cddbd6fa22113902dc6a0bfe7dc0e99f6df07340d0d2514efc1d022391" # from: builder/golang-alpine-1.25
+builder/golang-alt-1.24: "sha256:d94eb1b152ce5352557824ea0cf5c0b4d9bb29365d200d7248bfab751f588d3c" # from: builder/alt
+builder/golang-alt-1.25: "sha256:c128823538baef05c9b5b149cd9127837c5d77d6144d701f93c0a9eff0f5a53f" # from: builder/alt
+builder/golang-alt: "sha256:c128823538baef05c9b5b149cd9127837c5d77d6144d701f93c0a9eff0f5a53f" # from: builder/alt
+builder/golang-alt-svace-1.24: "sha256:5f2f6b8b34e1b150663fcc88562abff9a7fffc49c1efa5f33680942bc34bcf0a" # from: builder/golang-alt-1.24
+builder/golang-alt-svace-1.25: "sha256:a5666df483e6e754cc4ee7e6775637608b9714d8c033446e2d09d57355ae0842" # from: builder/golang-alt-1.25
+builder/golang-alt-svace: "sha256:a5666df483e6e754cc4ee7e6775637608b9714d8c033446e2d09d57355ae0842" # from: builder/golang-alt-1.25
+builder/golang-bookworm-1.24: "sha256:b0a75cc285d3c6319980e96d0b65afb8d293f83f303faebcd8720d117d9b440d" # from: golang:1.24.13-bookworm
+builder/golang-bookworm-1.25: "sha256:aa251228c56e6558b9aec6b2cd0aca1e64887400f4b16cc98ad2b93d0954984d" # from: golang:1.25.8-bookworm
+builder/golang-bookworm: "sha256:aa251228c56e6558b9aec6b2cd0aca1e64887400f4b16cc98ad2b93d0954984d" # from: golang:1.25.8-bookworm
+builder/golang-bookworm-svace-1.24: "sha256:dbf38fca4eb7a3d3dbed2e4314d9786e1258cb922ebb8aa419397d072433299a" # from: builder/golang-bookworm-1.24
+builder/golang-bookworm-svace-1.25: "sha256:320c920a57f82bcf1cf1554ee675b890dafef64233dea5ffc79033f3b63a6fc5" # from: builder/golang-bookworm-1.25
+builder/golang-bookworm-svace: "sha256:320c920a57f82bcf1cf1554ee675b890dafef64233dea5ffc79033f3b63a6fc5" # from: builder/golang-bookworm-1.25
+builder/golang-bullseye-1.24: "sha256:edb0672cf82cddf04047b2f9f0cfdff268a318762bdac70f2cfe75bc9b1395d7" # from: golang:1.24.6-bullseye
+builder/golang-bullseye: "sha256:edb0672cf82cddf04047b2f9f0cfdff268a318762bdac70f2cfe75bc9b1395d7" # from: golang:1.24.6-bullseye
+builder/golang-gost-alpine-1.24: "sha256:c0a13317d862968913e8df6ab4dd1489c24f41c097c6a875920711d74524994c" # from: golang:1.24.13-alpine3.22
+builder/golang-gost-alpine-1.25: "sha256:92a59cfc88b75e051b988e10a91b1d2883f2c53da0bb0ddc43c3f5138992603d" # from: golang:1.25.8-alpine3.22
+builder/golang-gost-alpine: "sha256:92a59cfc88b75e051b988e10a91b1d2883f2c53da0bb0ddc43c3f5138992603d" # from: golang:1.25.8-alpine3.22
+builder/golang-gost-bookworm-1.24: "sha256:883e8b62737dfcfa4442910f4d41e68cbc30dcc115a7389f7d430d703a06c243" # from: golang:1.24.13-bookworm
+builder/golang-gost-bookworm-1.25: "sha256:b021a83985c1a292d6a5e80a2891a65ec729a4f95fa12d8966a199f42efbffee" # from: golang:1.25.8-bookworm
+builder/golang-gost-bookworm: "sha256:b021a83985c1a292d6a5e80a2891a65ec729a4f95fa12d8966a199f42efbffee" # from: golang:1.25.8-bookworm
+builder/golang-gost-bullseye-1.24: "sha256:06bcf950ed30b706a5c2937d4a2a15fb122b0ca871f67ca3b33f57931abea020" # from: golang:1.24.6-bullseye
+builder/golang-gost-bullseye: "sha256:06bcf950ed30b706a5c2937d4a2a15fb122b0ca871f67ca3b33f57931abea020" # from: golang:1.24.6-bullseye
+builder/node-alpine-22.16: "sha256:961b4daaac24616952620706e81d266ed41d973b8c134ecaaa05d274e035cd70" # from: node:22.16.0-alpine
+builder/node-alpine-22.22: "sha256:3ab7e5e8ca689111c170fed11173faac77584d568b23b7d07811f477077d7c45" # from: node:22.22.1-alpine
+builder/node-alpine-23.10: "sha256:7e8cdbf7e2b0bcd8c99ca7b2cddc93a52914df21adecd432f6c86e7a1dffc38e" # from: node:23.10.0-alpine
+builder/node-alpine-24.14: "sha256:81a31f3f4b10d164395c944a2e71450d98fff0ed6d5aee79102fd73fa67681be" # from: node:24.14.0-alpine
+builder/node-alpine: "sha256:961b4daaac24616952620706e81d266ed41d973b8c134ecaaa05d274e035cd70" # from: node:22.16.0-alpine
 builder/scratch: "sha256:1b7d59d0fd717710beaebed73c82caac21babcd7c6d22899a92a1e4fd5eafdfd" # from: registry.werf.io/werf/scratch
-builder/src: "sha256:97d57a2f99fe9be2f68009e45b46c0d0173f06c1d818c17ee04a0170073ca8da" # from: builder/alt
-libs/abseil-cpp-20240722.1: "sha256:3f43ff53149234dc0f242cddabcf5650dae18f2329dad9c3a2fffcd4a09bfebf" # from: builder/scratch
-libs/abseil-cpp: "sha256:3f43ff53149234dc0f242cddabcf5650dae18f2329dad9c3a2fffcd4a09bfebf" # from: builder/scratch
-libs/argp-standalone-1.5.0: "sha256:cb579b9f93fa2dd8ed90677d7f482a08867fd3729be94eacd453a3ba7c338b26" # from: builder/scratch
-libs/argp-standalone: "sha256:cb579b9f93fa2dd8ed90677d7f482a08867fd3729be94eacd453a3ba7c338b26" # from: builder/scratch
-libs/brotli: "sha256:1d9ef330b02d82bd0b84469bce47b7d43888de8167700e7af84745e6b1295e23" # from: builder/scratch
-libs/brotli-v1.1.0: "sha256:1d9ef330b02d82bd0b84469bce47b7d43888de8167700e7af84745e6b1295e23" # from: builder/scratch
-libs/bzip2-bzip2-1.0.8: "sha256:e70ccaf33f016ebc12314dd426608c90f93d3fe96ea2f40edb25567832211caa" # from: builder/scratch
-libs/bzip2: "sha256:e70ccaf33f016ebc12314dd426608c90f93d3fe96ea2f40edb25567832211caa" # from: builder/scratch
-libs/c-ares: "sha256:ddd91bb37265dc483c2e0fa42c1ef1d15eb4682fe839ab5bea09be947ef8f2f0" # from: builder/scratch
-libs/c-ares-v1.34.5: "sha256:ddd91bb37265dc483c2e0fa42c1ef1d15eb4682fe839ab5bea09be947ef8f2f0" # from: builder/scratch
-libs/gdbm: "sha256:835dbecfb8dccdc6026c791b530206148f5fce5adbd9cb168cd3bbe6687008fc" # from: builder/scratch
-libs/gdbm-v1.24: "sha256:835dbecfb8dccdc6026c791b530206148f5fce5adbd9cb168cd3bbe6687008fc" # from: builder/scratch
-libs/glibc: "sha256:dc3bebe259b2ec99e9e62137bbb82eb0af12c15288d18108fa33520489aa452c" # from: builder/scratch
-libs/glibc-v2.41: "sha256:dc3bebe259b2ec99e9e62137bbb82eb0af12c15288d18108fa33520489aa452c" # from: builder/scratch
-libs/gmp-6.3.0: "sha256:279b30af8b81c1bd50c0d7b62d9aef015dad475badd20b9e42333a5d9fb03578" # from: builder/scratch
-libs/gmp: "sha256:279b30af8b81c1bd50c0d7b62d9aef015dad475badd20b9e42333a5d9fb03578" # from: builder/scratch
-libs/grpc: "sha256:907c6020e909983e1c102d25394b59e706d1da5025e6a8d39f42ac75a86ee270" # from: builder/scratch
-libs/grpc-v1.62.1: "sha256:907c6020e909983e1c102d25394b59e706d1da5025e6a8d39f42ac75a86ee270" # from: builder/scratch
-libs/icu-release-77-1: "sha256:85638445b84be96f15732d95e6b979bb003e0a3576765c7e8c619014bbac7b7e" # from: builder/scratch
-libs/icu: "sha256:85638445b84be96f15732d95e6b979bb003e0a3576765c7e8c619014bbac7b7e" # from: builder/scratch
-libs/json-c-json-c-0.18-20240915: "sha256:f8a23c650805ac73e2a2c69e6c41886ddbdf706a734d3cd53820761a23aff844" # from: builder/scratch
-libs/json-c: "sha256:f8a23c650805ac73e2a2c69e6c41886ddbdf706a734d3cd53820761a23aff844" # from: builder/scratch
-libs/keyutils: "sha256:d2f7ce2608698869eca51335968c65749728ae03c644d8d63f4eebaef96e184c" # from: builder/scratch
-libs/keyutils-v1.6.1: "sha256:d2f7ce2608698869eca51335968c65749728ae03c644d8d63f4eebaef96e184c" # from: builder/scratch
-libs/krb5-krb5-1.21.3-final: "sha256:84b6653bdcdba2797212579674e6039f5a244c3c4f8420a3618a879be5ea7312" # from: builder/scratch
-libs/krb5: "sha256:84b6653bdcdba2797212579674e6039f5a244c3c4f8420a3618a879be5ea7312" # from: builder/scratch
-libs/libaio-libaio-0.3.113: "sha256:17e77a59fe100c6019489640d944979a6c74d1f327f351f224e0005b5e5b2e06" # from: builder/scratch
-libs/libaio: "sha256:17e77a59fe100c6019489640d944979a6c74d1f327f351f224e0005b5e5b2e06" # from: builder/scratch
-libs/libcap: "sha256:da50fc89949d49d4b5f793056c7c1ff75d6535ff661fbd12fc02aa8c34ce76d8" # from: builder/scratch
-libs/libcap-v1.2.69: "sha256:417bb204bd3cd4fe255380197f936756e37f880680bdf3afec1b437fd537e957" # from: builder/scratch
-libs/libcap-v1.2.71: "sha256:da50fc89949d49d4b5f793056c7c1ff75d6535ff661fbd12fc02aa8c34ce76d8" # from: builder/scratch
-libs/libedit: "sha256:c6864c7fcaeba3460ea2972ace0918606beee459839220bf7c4dc6932e5186da" # from: builder/scratch
-libs/libedit-v20250104.3.1: "sha256:c6864c7fcaeba3460ea2972ace0918606beee459839220bf7c4dc6932e5186da" # from: builder/scratch
-libs/libevent-release-2.2.1-alpha: "sha256:ee1da05b5738ec287c18bb980aca8c6068e2897a9f2513d3f01177bc0c7aefb5" # from: builder/scratch
-libs/libevent: "sha256:ee1da05b5738ec287c18bb980aca8c6068e2897a9f2513d3f01177bc0c7aefb5" # from: builder/scratch
-libs/libev: "sha256:c310307b44f51900a61c82d43a9dbf81c3c81a7fa03cd3a7bebc1c4c85bc11b8" # from: builder/scratch
-libs/libev-v4.33: "sha256:c310307b44f51900a61c82d43a9dbf81c3c81a7fa03cd3a7bebc1c4c85bc11b8" # from: builder/scratch
-libs/libffi: "sha256:d2ce30a111b5ece63d6feb3f47281d9cf2ab05d14c82ce652f83eaaa58de8fbe" # from: builder/scratch
-libs/libffi-v3.4.8: "sha256:d2ce30a111b5ece63d6feb3f47281d9cf2ab05d14c82ce652f83eaaa58de8fbe" # from: builder/scratch
-libs/libgcrypt-libgcrypt-1.11.1: "sha256:92d0931ce72d365ab49c1ce9162c25702e69ed3927721a2e2737bd260bd34569" # from: builder/scratch
-libs/libgcrypt: "sha256:92d0931ce72d365ab49c1ce9162c25702e69ed3927721a2e2737bd260bd34569" # from: builder/scratch
-libs/libgpg-error-libgpg-error-1.55: "sha256:69e9c0a8d9e978e2a9cea1746e56934862cd092f95ab51533f6235fe8b556a94" # from: builder/scratch
-libs/libgpg-error: "sha256:69e9c0a8d9e978e2a9cea1746e56934862cd092f95ab51533f6235fe8b556a94" # from: builder/scratch
-libs/libidn2: "sha256:ffa23e292a831e769d3268d332624481669ae340a0809e545efbd80359ca58a1" # from: builder/scratch
-libs/libidn2-v2.3.8: "sha256:ffa23e292a831e769d3268d332624481669ae340a0809e545efbd80359ca58a1" # from: builder/scratch
-libs/libidn: "sha256:e48dc0bb6c4477800cad4ec921708f991dde70d17f36ab3c9874014072973490" # from: builder/scratch
-libs/libidn-v1.43: "sha256:e48dc0bb6c4477800cad4ec921708f991dde70d17f36ab3c9874014072973490" # from: builder/scratch
-libs/libinih-r60: "sha256:c02019b2ecf7e0ca872a7a8c12743ff9ae37752a0ec0f9439792cb45a05c1b28" # from: builder/scratch
-libs/libinih: "sha256:c02019b2ecf7e0ca872a7a8c12743ff9ae37752a0ec0f9439792cb45a05c1b28" # from: builder/scratch
-libs/libmaxminddb-1.12.2: "sha256:837e1759c33b4014e149fb0e51e894993fdeea1e73a82547e2edde8137ae9a48" # from: builder/scratch
-libs/libmaxminddb: "sha256:837e1759c33b4014e149fb0e51e894993fdeea1e73a82547e2edde8137ae9a48" # from: builder/scratch
-libs/libmnl-libmnl-1.0.5: "sha256:f18143acb7d72224e23d9e38b432fd94484a641f1570c9d7d8f111de72dcc4ba" # from: builder/scratch
-libs/libmnl: "sha256:f18143acb7d72224e23d9e38b432fd94484a641f1570c9d7d8f111de72dcc4ba" # from: builder/scratch
-libs/libnetfilter_conntrack-libnetfilter_conntrack-1.1.0: "sha256:af517d861cf3cd994474fc7cd6bab2de3162522e340370c590b5842b7014bf01" # from: builder/scratch
-libs/libnetfilter_conntrack: "sha256:af517d861cf3cd994474fc7cd6bab2de3162522e340370c590b5842b7014bf01" # from: builder/scratch
-libs/libnetfilter_cthelper-libnetfilter_cthelper-1.0.1: "sha256:0a8eca735746e86be3a0b191020a016966303f499e5d6dc19479bd57437ecb65" # from: builder/scratch
-libs/libnetfilter_cthelper: "sha256:0a8eca735746e86be3a0b191020a016966303f499e5d6dc19479bd57437ecb65" # from: builder/scratch
-libs/libnetfilter_cttimeout-libnetfilter_cttimeout-1.0.1: "sha256:a3ff7d1856cbbdbc106cc493febb5a4493bef1a7df21fba4da91f8c482c6a677" # from: builder/scratch
-libs/libnetfilter_cttimeout: "sha256:a3ff7d1856cbbdbc106cc493febb5a4493bef1a7df21fba4da91f8c482c6a677" # from: builder/scratch
-libs/libnetfilter_queue-libnetfilter_queue-1.0.5: "sha256:371dfc33c47cc2b86b4fcb1eba0be526d4d4ac42943df8e4c4f6b0cc13fa58b8" # from: builder/scratch
-libs/libnetfilter_queue: "sha256:371dfc33c47cc2b86b4fcb1eba0be526d4d4ac42943df8e4c4f6b0cc13fa58b8" # from: builder/scratch
-libs/libnfnetlink-libnfnetlink-1.0.2: "sha256:f8a0c6b64b91c928a6a87fda41d70ef09ac8bddbe1f59ae0a7c6c227e1dce760" # from: builder/scratch
-libs/libnfnetlink: "sha256:f8a0c6b64b91c928a6a87fda41d70ef09ac8bddbe1f59ae0a7c6c227e1dce760" # from: builder/scratch
-libs/libnftnl-libnftnl-1.2.9: "sha256:187a5338651c895d2ac5f44c609cf051e82bf50fe2fb3526c200839f8c94d5b2" # from: builder/scratch
-libs/libnftnl: "sha256:187a5338651c895d2ac5f44c609cf051e82bf50fe2fb3526c200839f8c94d5b2" # from: builder/scratch
-libs/libnl-libnl3_2_25: "sha256:56351959539530197ec87d77a267a8942873a538d7bc4fb2a233e819407ac626" # from: builder/scratch
-libs/libnl: "sha256:56351959539530197ec87d77a267a8942873a538d7bc4fb2a233e819407ac626" # from: builder/scratch
-libs/libnvme: "sha256:6c38ada3d27a435820cc4cb9aab028d0c41d629df20bfaed4c8043b03ee8e34f" # from: builder/scratch
-libs/libnvme-v1.16.1: "sha256:6c38ada3d27a435820cc4cb9aab028d0c41d629df20bfaed4c8043b03ee8e34f" # from: builder/scratch
-libs/libpcap-pwru: "sha256:4a9e0f2b2bc597b813db37bd5204c51079c1000afe709b125a96867b2a293df1" # from: builder/scratch
-libs/libpcap-pwru-v1.0.11: "sha256:4a9e0f2b2bc597b813db37bd5204c51079c1000afe709b125a96867b2a293df1" # from: builder/scratch
-libs/libpq-REL_17_5: "sha256:0b72309a3edefef84e21dcae89750f9f461338b3c428f8f6929eea5f70f92087" # from: builder/scratch
-libs/libpq: "sha256:0b72309a3edefef84e21dcae89750f9f461338b3c428f8f6929eea5f70f92087" # from: builder/scratch
-libs/libpsl-0.21.5: "sha256:4e7c09ebf498b6dd2ec119e49c04a3e70225c977e989542cc81b69948caee837" # from: builder/scratch
-libs/libpsl: "sha256:4e7c09ebf498b6dd2ec119e49c04a3e70225c977e989542cc81b69948caee837" # from: builder/scratch
-libs/libtirpc-libtirpc-1-3-6: "sha256:214f63b8d42317cb5d6917c428cf7df873b280c4e4bf4392a1e802953dd1a5bc" # from: builder/scratch
-libs/libtirpc: "sha256:214f63b8d42317cb5d6917c428cf7df873b280c4e4bf4392a1e802953dd1a5bc" # from: builder/scratch
-libs/libunistring: "sha256:1cd6c4f5fbbfd21cadf0512cb1c3922247fe62662e1855985f103b9580706e92" # from: builder/scratch
-libs/libunistring-v1.3: "sha256:1cd6c4f5fbbfd21cadf0512cb1c3922247fe62662e1855985f103b9580706e92" # from: builder/scratch
-libs/libuv: "sha256:319ec3223ef776dd4f04e08befd31bbdce02973506c016a25043657659b3aab8" # from: builder/scratch
-libs/libuv-v1.51.0: "sha256:319ec3223ef776dd4f04e08befd31bbdce02973506c016a25043657659b3aab8" # from: builder/scratch
-libs/libxml2: "sha256:c7abced121be1d863691101b9d9e52f276195f87cd7278353b8787e7cfee13a3" # from: builder/scratch
-libs/libxml2-v2.13.8: "sha256:fabd4b45a643fc9f33e987ff8951d164a51dc532c43bbe7e1513b079460fe668" # from: builder/scratch
-libs/libxml2-v2.14.3: "sha256:c7abced121be1d863691101b9d9e52f276195f87cd7278353b8787e7cfee13a3" # from: builder/scratch
-libs/libxslt: "sha256:5e6a7947c4bc059a30116099f3857da568b32f547855023e5475fd33a81f5595" # from: builder/scratch
-libs/libxslt-v1.1.43: "sha256:5e6a7947c4bc059a30116099f3857da568b32f547855023e5475fd33a81f5595" # from: builder/scratch
-libs/libyaml-0.2.5: "sha256:fe77f255b782b322c9443ab414f54434f4f36445c328aad24090bfe439c733eb" # from: builder/scratch
-libs/libyaml: "sha256:fe77f255b782b322c9443ab414f54434f4f36445c328aad24090bfe439c733eb" # from: builder/scratch
-libs/lmdb-LMDB_0.9.31: "sha256:14a8ba7c2d448c744d6a133dff150af7613ac68cbb950eb9c82cf95b28c5cc40" # from: builder/scratch
-libs/lmdb: "sha256:14a8ba7c2d448c744d6a133dff150af7613ac68cbb950eb9c82cf95b28c5cc40" # from: builder/scratch
-libs/lua-iconv-7-3: "sha256:bd13c0010d51505c1f9afc6ec635b0b33d9c0e7bef9f2e97e783f86475cf1a2f" # from: builder/scratch
-libs/lua-iconv: "sha256:bd13c0010d51505c1f9afc6ec635b0b33d9c0e7bef9f2e97e783f86475cf1a2f" # from: builder/scratch
-libs/lua-protobuf-0.5.1: "sha256:4ff023602d3913cc74da56e366e712d54c5016fd4f7c4c7582fcf9c35726eb3b" # from: builder/scratch
-libs/lua-protobuf: "sha256:4ff023602d3913cc74da56e366e712d54c5016fd4f7c4c7582fcf9c35726eb3b" # from: builder/scratch
-libs/mpc1-1.3.1: "sha256:f59bc07704388cb33d10608db3cbab251a1007684567d29cf87476876c69507c" # from: builder/scratch
-libs/mpc1: "sha256:f59bc07704388cb33d10608db3cbab251a1007684567d29cf87476876c69507c" # from: builder/scratch
-libs/mpfr4-4.2.1: "sha256:bf4d9d9be911786e711cfd18fc3e13cb0f2a88e5394c784d8f30b8af6b40be4f" # from: builder/scratch
-libs/mpfr4: "sha256:bf4d9d9be911786e711cfd18fc3e13cb0f2a88e5394c784d8f30b8af6b40be4f" # from: builder/scratch
-libs/musl-fts: "sha256:dce6d2e8571dc8a06b7e9f9ac63715815dd82af0c261cbb4b063f5d530f1dc3b" # from: builder/scratch
-libs/musl-fts-v1.2.7: "sha256:dce6d2e8571dc8a06b7e9f9ac63715815dd82af0c261cbb4b063f5d530f1dc3b" # from: builder/scratch
-libs/musl-obstack: "sha256:bfe129c9e86d9bffaa36a4d632a61d06a87494bd6b185266a813f4bbb8353102" # from: builder/scratch
-libs/musl-obstack-v1.2.3: "sha256:bfe129c9e86d9bffaa36a4d632a61d06a87494bd6b185266a813f4bbb8353102" # from: builder/scratch
-libs/musl: "sha256:193759f542450cdfc7eb843a81b15eeed86690b242061bd0b58d50c15c2ebf61" # from: builder/scratch
-libs/musl-v1.2.5: "sha256:193759f542450cdfc7eb843a81b15eeed86690b242061bd0b58d50c15c2ebf61" # from: builder/scratch
-libs/ncurses: "sha256:df799a7fb0f699ffcb71414cf9c058657ec47107c0b09b04e2ff1647215a4ba3" # from: builder/scratch
-libs/ncurses-v6_5_20250920: "sha256:df799a7fb0f699ffcb71414cf9c058657ec47107c0b09b04e2ff1647215a4ba3" # from: builder/scratch
-libs/nghttp2: "sha256:e57ce4538323ad1843053cd9d2e47ac494147a1880a32cb62044066cb3bc110c" # from: builder/scratch
-libs/nghttp2-v1.66.0: "sha256:e57ce4538323ad1843053cd9d2e47ac494147a1880a32cb62044066cb3bc110c" # from: builder/scratch
-libs/oniguruma: "sha256:0f3e65615e67fee40f62d6635c61980271968909cf8c77eb42a49383f561fab9" # from: builder/scratch
-libs/oniguruma-v6.9.10: "sha256:0f3e65615e67fee40f62d6635c61980271968909cf8c77eb42a49383f561fab9" # from: builder/scratch
-libs/pcre2-pcre2-10.45: "sha256:ed7fb406c989dc4013a611c437c4757a24759c167f2bb34da539f1256285e7a4" # from: builder/scratch
-libs/pcre2: "sha256:ed7fb406c989dc4013a611c437c4757a24759c167f2bb34da539f1256285e7a4" # from: builder/scratch
-libs/pcre-8.45: "sha256:69c6bdc0f0e4ad7e4e8707035abf4022baf72cce7062998498d401d6fcafab84" # from: builder/scratch
-libs/pcre: "sha256:69c6bdc0f0e4ad7e4e8707035abf4022baf72cce7062998498d401d6fcafab84" # from: builder/scratch
-libs/popt-popt-1.19-release: "sha256:fae2a8d6aff1332b07c7d9a45900bbf0fb1d510100fba73dc1f945f21e47d53b" # from: builder/scratch
-libs/popt: "sha256:fae2a8d6aff1332b07c7d9a45900bbf0fb1d510100fba73dc1f945f21e47d53b" # from: builder/scratch
-libs/protobuf: "sha256:ee5f94f91954d237e2ab63881eb524fe398d9e918ca67ae8ae23380ca48470d5" # from: builder/scratch
-libs/protobuf-v29.4: "sha256:ee5f94f91954d237e2ab63881eb524fe398d9e918ca67ae8ae23380ca48470d5" # from: builder/scratch
-libs/python-wheel: "sha256:7ab442307d3562c5736f80cb843f93127a45a245aa3e391b8442a9cdff3ff223" # from: builder/scratch
-libs/python-wheel-v0.1: "sha256:7ab442307d3562c5736f80cb843f93127a45a245aa3e391b8442a9cdff3ff223" # from: builder/scratch
-libs/re2-2024-07-02: "sha256:7870353de0b03f3564113e6f0038e69bfd0bd89d0ff8e1fea99cc430e3345f1e" # from: builder/scratch
-libs/re2: "sha256:7870353de0b03f3564113e6f0038e69bfd0bd89d0ff8e1fea99cc430e3345f1e" # from: builder/scratch
-libs/readline-readline-8.2: "sha256:70d4ca765596004987728dd021c66dffb1f7d37029c0e0609f308ea8b3e67ce0" # from: builder/scratch
-libs/readline: "sha256:70d4ca765596004987728dd021c66dffb1f7d37029c0e0609f308ea8b3e67ce0" # from: builder/scratch
-libs/skalibs: "sha256:318f7aeeb193ffa5cd276299ae5b15041665a421bc554f872eed682587cbac9e" # from: builder/scratch
-libs/skalibs-v2.14.3.0: "sha256:318f7aeeb193ffa5cd276299ae5b15041665a421bc554f872eed682587cbac9e" # from: builder/scratch
-libs/sqlite: "sha256:205bf441b4246a20fa4ae90034e66300a7ee3b683757c3bf2524e46cf7c0e94f" # from: builder/scratch
-libs/sqlite-version-3.49.1: "sha256:205bf441b4246a20fa4ae90034e66300a7ee3b683757c3bf2524e46cf7c0e94f" # from: builder/scratch
-libs/userspace-rcu: "sha256:099d6a060bbd275302b0d47a565dab800006a24cfd0defabdf610488fa0c6ee7" # from: builder/scratch
-libs/userspace-rcu-v0.15.2: "sha256:099d6a060bbd275302b0d47a565dab800006a24cfd0defabdf610488fa0c6ee7" # from: builder/scratch
-libs/utmps: "sha256:abf78f87ab76497dd86f36f2359033d0887f3c670ec8d296e99ce99fc348d656" # from: builder/scratch
-libs/utmps-v0.1.2.3: "sha256:abf78f87ab76497dd86f36f2359033d0887f3c670ec8d296e99ce99fc348d656" # from: builder/scratch
-libs/xz: "sha256:157ca60417f94ba24f9991c7267d4444624dcae6c4681bc6578e80e80f0d6c2f" # from: builder/scratch
-libs/xz-v5.8.1: "sha256:157ca60417f94ba24f9991c7267d4444624dcae6c4681bc6578e80e80f0d6c2f" # from: builder/scratch
-libs/yajl-2.1.0: "sha256:03adc4b4e9f1d3157d643e9d6b36cfd5600e0ce6b99af94e65c21dc8be6f5c7c" # from: builder/scratch
-libs/yajl: "sha256:03adc4b4e9f1d3157d643e9d6b36cfd5600e0ce6b99af94e65c21dc8be6f5c7c" # from: builder/scratch
-libs/zlib: "sha256:791dc98a7eae97eee70911c9ccc6a21012c16fdded471fdb0e1016ad24518948" # from: builder/scratch
-libs/zlib-v1.3.1: "sha256:791dc98a7eae97eee70911c9ccc6a21012c16fdded471fdb0e1016ad24518948" # from: builder/scratch
-libs/zstd: "sha256:36c17e2f46f3ee2417ecbda1e980b379ad8376bea294dfa6f196d3e09d745817" # from: builder/scratch
-libs/zstd-v1.5.7: "sha256:36c17e2f46f3ee2417ecbda1e980b379ad8376bea294dfa6f196d3e09d745817" # from: builder/scratch
-tools/bash-completion-2.16.0: "sha256:b355b78c032b237168b65de3e13f85c8a60d0a757635f5fe6126a19489e02994" # from: builder/scratch
-tools/bash-completion: "sha256:b355b78c032b237168b65de3e13f85c8a60d0a757635f5fe6126a19489e02994" # from: builder/scratch
-tools/bash: "sha256:6a52242a7da6784b8d4e933525d46e86946439c5c914b433747937a2ce70d652" # from: builder/scratch
-tools/bash-v5.2.37: "sha256:6a52242a7da6784b8d4e933525d46e86946439c5c914b433747937a2ce70d652" # from: builder/scratch
-tools/conntrack-tools-conntrack-tools-1.4.8: "sha256:11e237efb807c3f159eceb08a8e7dab0061fabfd883c0b311d2613c44ddfec6a" # from: builder/scratch
-tools/conntrack-tools: "sha256:11e237efb807c3f159eceb08a8e7dab0061fabfd883c0b311d2613c44ddfec6a" # from: builder/scratch
-tools/coreutils: "sha256:cbd3f50c99620b13090182d0545aa9b8d4b0b0c8284ab04fd6d7382ed98d5768" # from: builder/scratch
-tools/coreutils-v9.7: "sha256:cbd3f50c99620b13090182d0545aa9b8d4b0b0c8284ab04fd6d7382ed98d5768" # from: builder/scratch
-tools/cosign: "sha256:5098f957c8f8af0936665364aee273e70b18fde3182888a9d91dcd4b5d5afa57" # from: builder/scratch
-tools/cosign-v2.4.3: "sha256:5098f957c8f8af0936665364aee273e70b18fde3182888a9d91dcd4b5d5afa57" # from: builder/scratch
-tools/cryptsetup: "sha256:d54f492076dece2bc594652d433d7dd5d059b96ba40ebabb32f4c3a6a3c4e16f" # from: builder/scratch
-tools/cryptsetup-v2.7.5: "sha256:d54f492076dece2bc594652d433d7dd5d059b96ba40ebabb32f4c3a6a3c4e16f" # from: builder/scratch
-tools/curl-curl-8_18_0: "sha256:978f8e040d2f6892bf807d0c7ce3880fb7150b11caebc1161e554960494a40bd" # from: builder/scratch
-tools/curl: "sha256:978f8e040d2f6892bf807d0c7ce3880fb7150b11caebc1161e554960494a40bd" # from: builder/scratch
-tools/diffutils: "sha256:3047673cdf7f89bd2ff90b1058bb4f87d50ef1069ede9da09712487dbb66167e" # from: builder/scratch
-tools/diffutils-v3.12: "sha256:3047673cdf7f89bd2ff90b1058bb4f87d50ef1069ede9da09712487dbb66167e" # from: builder/scratch
-tools/dumb-init: "sha256:9443b758b746034e8004f6331cbf09e719e0ecef69dca9802ced84f34f4cd749" # from: builder/scratch
-tools/dumb-init-v1.2.5: "sha256:9443b758b746034e8004f6331cbf09e719e0ecef69dca9802ced84f34f4cd749" # from: builder/scratch
-tools/e2fsprogs: "sha256:8d279bc8460f06a3ae692e9954e5b55129c97ba8aa18007cb4dfc2b63654a5b8" # from: builder/scratch
-tools/e2fsprogs-v1.47.2: "sha256:8d279bc8460f06a3ae692e9954e5b55129c97ba8aa18007cb4dfc2b63654a5b8" # from: builder/scratch
-tools/elfutils-elfutils-0.193: "sha256:4ba5700c44b0c5cb7f1ad1a44db1edfcb218a3eed2962749925f15cfc4987e47" # from: builder/scratch
-tools/elfutils: "sha256:4ba5700c44b0c5cb7f1ad1a44db1edfcb218a3eed2962749925f15cfc4987e47" # from: builder/scratch
-tools/erofs-utils: "sha256:09bfd36dcef186366af29b1f77eaf799c76284a19f7d34073d4a85bd3b84bf32" # from: builder/scratch
-tools/erofs-utils-v1.8.10: "sha256:09bfd36dcef186366af29b1f77eaf799c76284a19f7d34073d4a85bd3b84bf32" # from: builder/scratch
-tools/ethtool: "sha256:a3f7aa6769b11a420cfa26bd651e27fe37f169274f28e6698f0e3bfe0e672900" # from: builder/scratch
-tools/ethtool-v6.15: "sha256:a3f7aa6769b11a420cfa26bd651e27fe37f169274f28e6698f0e3bfe0e672900" # from: builder/scratch
-tools/findutils: "sha256:6a94880331248a92df39ec66cbdcc82da5b64b3da94601b0a542f9a54f4ae901" # from: builder/scratch
-tools/findutils-v4.10.0: "sha256:6a94880331248a92df39ec66cbdcc82da5b64b3da94601b0a542f9a54f4ae901" # from: builder/scratch
-tools/gawk: "sha256:3463eeded279cc3ba0938e30c16d80253fde628b21a4218f51722e0c16adc137" # from: builder/scratch
-tools/gawk-v5.3.2: "sha256:3463eeded279cc3ba0938e30c16d80253fde628b21a4218f51722e0c16adc137" # from: builder/scratch
-tools/gcc-12.1.0: "sha256:805c5a6eb87a2a1d8767c332d08842ef45e99bd0477097bfe3b7de31dcbbb729" # from: builder/scratch
-tools/gcc-gnu-releases/gcc-14.2.0: "sha256:728c0e43c1262cab3e2ec1d547f5e1bae38ec1fed5de3636e2f6637813792bc9" # from: builder/scratch
-tools/gcc-gnu: "sha256:728c0e43c1262cab3e2ec1d547f5e1bae38ec1fed5de3636e2f6637813792bc9" # from: builder/scratch
-tools/gcc: "sha256:805c5a6eb87a2a1d8767c332d08842ef45e99bd0477097bfe3b7de31dcbbb729" # from: builder/scratch
-tools/git: "sha256:f30c6b2de6749ae0877c42815f20cff2c02ef18b0cb1c552fb87064bf265d0d5" # from: builder/scratch
-tools/git-v2.50.1: "sha256:f30c6b2de6749ae0877c42815f20cff2c02ef18b0cb1c552fb87064bf265d0d5" # from: builder/scratch
-tools/golang-1.24.13: "sha256:e4de3908ad5213e97d3493f9680e4cbfac886921533841b746d19f504974d2e8" # from: builder/scratch
-tools/golang-1.25.7: "sha256:4e0f89f81a8c791b9a0dda125d30d5f21c3cde23993747cd93d3709ea1f16311" # from: builder/scratch
-tools/golang: "sha256:4e0f89f81a8c791b9a0dda125d30d5f21c3cde23993747cd93d3709ea1f16311" # from: builder/scratch
-tools/grep-grep-3.11: "sha256:ba6f4b3d6b2c9ad059f692cca18eec220b77f71320f6020465580dad7a97f400" # from: builder/scratch
-tools/grep: "sha256:ba6f4b3d6b2c9ad059f692cca18eec220b77f71320f6020465580dad7a97f400" # from: builder/scratch
-tools/iproute2: "sha256:baf1154a10ce204130eb43d3e023623ed84cea566cdd56d53f51d8028a881176" # from: builder/scratch
-tools/iproute2-v6.12.0: "sha256:baf1154a10ce204130eb43d3e023623ed84cea566cdd56d53f51d8028a881176" # from: builder/scratch
-tools/ipset: "sha256:448a31651a054753f13d0fee63ba7d070a96eaa597b7da3c24594735eaa1404f" # from: builder/scratch
-tools/ipset-v7.22: "sha256:448a31651a054753f13d0fee63ba7d070a96eaa597b7da3c24594735eaa1404f" # from: builder/scratch
-tools/iptables: "sha256:45f9d820b77061faa49eb4a95b961efb221640d1ae7333d06abd9e2756839d7f" # from: builder/scratch
-tools/iptables-v1.8.9: "sha256:45f9d820b77061faa49eb4a95b961efb221640d1ae7333d06abd9e2756839d7f" # from: builder/scratch
-tools/jq-1.7.1: "sha256:82b0878a3f843a9153b80399b2e814b8c41ef0325ad9a915a7bb84ef744179a5" # from: builder/scratch
-tools/jq: "sha256:82b0878a3f843a9153b80399b2e814b8c41ef0325ad9a915a7bb84ef744179a5" # from: builder/scratch
-tools/kmod: "sha256:cd3c4358da1a3584003002785351d800160ab7057bf8fceb43bbaed5dd7c3059" # from: builder/scratch
-tools/kmod-v33: "sha256:cd3c4358da1a3584003002785351d800160ab7057bf8fceb43bbaed5dd7c3059" # from: builder/scratch
-tools/less-less-668: "sha256:f1ca7e699740d1f00dea5a24c8b483bf0ab234d24d06bbd8535ad5d380f159ee" # from: builder/scratch
-tools/less: "sha256:f1ca7e699740d1f00dea5a24c8b483bf0ab234d24d06bbd8535ad5d380f159ee" # from: builder/scratch
-tools/libcap: "sha256:7bf2b3feabb1538721423a077b928264bc8be249275d95a85b16596bf90090ef" # from: builder/scratch
-tools/libcap-v1.2.76: "sha256:7bf2b3feabb1538721423a077b928264bc8be249275d95a85b16596bf90090ef" # from: builder/scratch
-tools/lsscsi: "sha256:8bc1556ad322c1aaefee6c4803184547cf712c93d864a29d04e38f1ba703c381" # from: builder/scratch
-tools/lsscsi-v0.28: "sha256:8bc1556ad322c1aaefee6c4803184547cf712c93d864a29d04e38f1ba703c381" # from: builder/scratch
-tools/lua5-1: "sha256:9f45cedc9c4ce973d59f3849b984ec10f34f3ff82bda2b47e6b522da620c46d7" # from: builder/scratch
-tools/lua5-1-v5.1.5: "sha256:9f45cedc9c4ce973d59f3849b984ec10f34f3ff82bda2b47e6b522da620c46d7" # from: builder/scratch
-tools/luarocks5-1: "sha256:0741c4a26bf48ea3486456614f6195630dfbc49314abfb28ceb85a01299fcd75" # from: builder/scratch
-tools/luarocks5-1-v3.12.2: "sha256:0741c4a26bf48ea3486456614f6195630dfbc49314abfb28ceb85a01299fcd75" # from: builder/scratch
-tools/lvm2: "sha256:16b6522a79c7d12eba9764fd0792030c16286160b72682db950a666a5e67cb0d" # from: builder/scratch
-tools/lvm2-v2_03_31: "sha256:16b6522a79c7d12eba9764fd0792030c16286160b72682db950a666a5e67cb0d" # from: builder/scratch
-tools/memcached-1.6.39: "sha256:0a1ef74a61d5fcc7763e00293046abe7261a7e5a5cfdfac84b0e5ec87f08f468" # from: builder/scratch
-tools/memcached: "sha256:0a1ef74a61d5fcc7763e00293046abe7261a7e5a5cfdfac84b0e5ec87f08f468" # from: builder/scratch
-tools/multipath-tools-0.13.0: "sha256:0589d6713cab859f7de977ba76a3850c45ff3600e5180b9136b2a8577fd864d3" # from: builder/scratch
-tools/multipath-tools: "sha256:0589d6713cab859f7de977ba76a3850c45ff3600e5180b9136b2a8577fd864d3" # from: builder/scratch
-tools/nfs-utils-nfs-utils-2-8-2: "sha256:d77a3b6c2082f72f50d69be32369882b0082e4deacdf137a99f14aa1bad1f714" # from: builder/scratch
-tools/nfs-utils: "sha256:d77a3b6c2082f72f50d69be32369882b0082e4deacdf137a99f14aa1bad1f714" # from: builder/scratch
-tools/nginx-njs-release-1.28.0: "sha256:7ea5fabbc2f53d9bd5a79d8a7c55252a64b34de3a328fb8fdd2953a18b17ea52" # from: builder/scratch
-tools/nginx-njs: "sha256:7ea5fabbc2f53d9bd5a79d8a7c55252a64b34de3a328fb8fdd2953a18b17ea52" # from: builder/scratch
-tools/nginx-release-1.28.0: "sha256:bfd27e762a489f93eecb810edd795bccf10216c67b2168bc74790d2659a035ec" # from: builder/scratch
-tools/nginx: "sha256:bfd27e762a489f93eecb810edd795bccf10216c67b2168bc74790d2659a035ec" # from: builder/scratch
-tools/nvme-cli: "sha256:0c61c527d95b4b167485941cf5aaadaa699b2ed8b166c1be3635b53f585c992e" # from: builder/scratch
-tools/nvme-cli-v2.16: "sha256:0c61c527d95b4b167485941cf5aaadaa699b2ed8b166c1be3635b53f585c992e" # from: builder/scratch
-tools/open-iscsi-2.1.11: "sha256:55c225c2f98606db843acf9fefae5ec3f734f74075b2dc1f039065a1c701b65e" # from: builder/scratch
-tools/open-iscsi: "sha256:55c225c2f98606db843acf9fefae5ec3f734f74075b2dc1f039065a1c701b65e" # from: builder/scratch
-tools/openssl-3.6.0: "sha256:8524bd646728081b076632d8ec7534af76330e84a1e7c329a55eea00c4fbd21e" # from: builder/scratch
-tools/openssl: "sha256:8524bd646728081b076632d8ec7534af76330e84a1e7c329a55eea00c4fbd21e" # from: builder/scratch
-tools/procps: "sha256:f03dc318231ae3a2ce91ab40a6320a4093e34dfb4429f0927ad5acac932f8029" # from: builder/scratch
-tools/procps-v4.0.5: "sha256:f03dc318231ae3a2ce91ab40a6320a4093e34dfb4429f0927ad5acac932f8029" # from: builder/scratch
-tools/pwru: "sha256:753348bdc1653faed2a6353794b8cfba0c5e3feb77d9cb25bdb2fe793ec7df89" # from: builder/scratch
-tools/pwru-v1.0.11: "sha256:753348bdc1653faed2a6353794b8cfba0c5e3feb77d9cb25bdb2fe793ec7df89" # from: builder/scratch
-tools/rpcbind-rpcbind-1_2_8: "sha256:940db74ad0edd7504eeda52b1301c27f64f3c0f9a20cf4898883a33515d48be8" # from: builder/scratch
-tools/rpcbind: "sha256:940db74ad0edd7504eeda52b1301c27f64f3c0f9a20cf4898883a33515d48be8" # from: builder/scratch
-tools/sed: "sha256:006e2516088697a7f3c66797cd3c4adde55cf30cd20aaefef365987e776d21e7" # from: builder/scratch
-tools/sed-v4.9: "sha256:006e2516088697a7f3c66797cd3c4adde55cf30cd20aaefef365987e776d21e7" # from: builder/scratch
-tools/semver-3.4.0: "sha256:53473651d5fa2789f166fb0ad0a508dd818a5ef6786a856e83becf3759316659" # from: builder/scratch
-tools/semver: "sha256:53473651d5fa2789f166fb0ad0a508dd818a5ef6786a856e83becf3759316659" # from: builder/scratch
-tools/shell-operator: "sha256:7faacbe2b4ee70aabe5547aac6d3feb38f87f410b67f784515540f576ef3eb02" # from: builder/scratch
-tools/shell-operator-v1.9.3: "sha256:7faacbe2b4ee70aabe5547aac6d3feb38f87f410b67f784515540f576ef3eb02" # from: builder/scratch
-tools/ssh: "sha256:9867fe542107ef907b1453262017ea2ff9e726796eda27f143c2c608aab5e6ac" # from: builder/scratch
-tools/ssh-V_10_0_P2: "sha256:9867fe542107ef907b1453262017ea2ff9e726796eda27f143c2c608aab5e6ac" # from: builder/scratch
-tools/tar: "sha256:f96224c6ebfd4db27c56e00f0c9a3918cf7b1973010f1d94994d80613510f626" # from: builder/scratch
-tools/tar-v1.35: "sha256:f96224c6ebfd4db27c56e00f0c9a3918cf7b1973010f1d94994d80613510f626" # from: builder/scratch
-tools/tini: "sha256:a784f91c16d9b3db54a6b85a39b2c79efbeb997899de612f7e583f7d4cf2bfe4" # from: builder/scratch
-tools/tini-v0.19.0: "sha256:a784f91c16d9b3db54a6b85a39b2c79efbeb997899de612f7e583f7d4cf2bfe4" # from: builder/scratch
-tools/util-linux: "sha256:018129a738e33f5c2ab05a49ab62af796dcbf425452a610875283ba27dc82f68" # from: builder/scratch
-tools/util-linux-v2.41: "sha256:018129a738e33f5c2ab05a49ab62af796dcbf425452a610875283ba27dc82f68" # from: builder/scratch
-tools/vim: "sha256:63509db5281fd1b567cccb0b49eeedde2a62502b514d5b195a2a4e21228d3e69" # from: builder/scratch
-tools/vim-v9.1.1236: "sha256:63509db5281fd1b567cccb0b49eeedde2a62502b514d5b195a2a4e21228d3e69" # from: builder/scratch
-tools/xfsprogs: "sha256:07b1d6aa58402c758d7bfdc2729e83fc9ffd36b1441a9f0a14d3c89d77326986" # from: builder/scratch
-tools/xfsprogs-v6.16.0: "sha256:07b1d6aa58402c758d7bfdc2729e83fc9ffd36b1441a9f0a14d3c89d77326986" # from: builder/scratch
-tools/yq: "sha256:7c15245429e602d87af7f63324602098ee3fa383a90a1d6c166dc0eb47c0adef" # from: builder/scratch
-tools/yq-v4.45.1: "sha256:ed1c1f802df5114a86398016a274ff2fe4502d78e84af6c915b532303a9552f6" # from: builder/scratch
-tools/yq-v4.47.1: "sha256:7c15245429e602d87af7f63324602098ee3fa383a90a1d6c166dc0eb47c0adef" # from: builder/scratch
+builder/src: "sha256:64a20329676de3e32f403f0a746e43cdcbc804eb3b6ba3af9e7d134d9b836783" # from: builder/alt
+libs/abseil-cpp-20240722.1: "sha256:02dc4fb80966c487c827d3e5064573e31b46074b8b3b4d8ed979bba2f15cf6c0" # from: builder/scratch
+libs/abseil-cpp: "sha256:02dc4fb80966c487c827d3e5064573e31b46074b8b3b4d8ed979bba2f15cf6c0" # from: builder/scratch
+libs/argp-standalone-1.5.0: "sha256:f84f02815af76a5dff076077853d0626b1622c04b00d221042ae8af8e75eccbf" # from: builder/scratch
+libs/argp-standalone: "sha256:f84f02815af76a5dff076077853d0626b1622c04b00d221042ae8af8e75eccbf" # from: builder/scratch
+libs/brotli: "sha256:1575c2ec6fd9bb5ddc5adb66f31f8381bff08ec24016da5aa52a1c95c49b89f7" # from: builder/scratch
+libs/brotli-v1.1.0: "sha256:1575c2ec6fd9bb5ddc5adb66f31f8381bff08ec24016da5aa52a1c95c49b89f7" # from: builder/scratch
+libs/bzip2-bzip2-1.0.8: "sha256:f0fc0373743322145b5f52582490fa49c1d8c51dd0f70287f0d2e294106ab263" # from: builder/scratch
+libs/bzip2: "sha256:f0fc0373743322145b5f52582490fa49c1d8c51dd0f70287f0d2e294106ab263" # from: builder/scratch
+libs/c-ares: "sha256:5738a4a5029c38ca358b307356f90f33de9b778abca1592483809b1c4f32d8aa" # from: builder/scratch
+libs/c-ares-v1.34.5: "sha256:5738a4a5029c38ca358b307356f90f33de9b778abca1592483809b1c4f32d8aa" # from: builder/scratch
+libs/gdbm: "sha256:b079a09ee6753dac317b7e8ec97c3cb4e392a2641315babb53acf4bf7391a0e1" # from: builder/scratch
+libs/gdbm-v1.24: "sha256:b079a09ee6753dac317b7e8ec97c3cb4e392a2641315babb53acf4bf7391a0e1" # from: builder/scratch
+libs/glibc: "sha256:c73a69aa3669683eaa86d41d7dc5155687d5ebba4d4ee8230f28aebf0cd0d6d5" # from: builder/scratch
+libs/glibc-v2.41: "sha256:c73a69aa3669683eaa86d41d7dc5155687d5ebba4d4ee8230f28aebf0cd0d6d5" # from: builder/scratch
+libs/gmp-6.3.0: "sha256:0acb0d524ea27309ded2a7cf0bccf648c23e8772edfcdbcb1b5028ec7e52e313" # from: builder/scratch
+libs/gmp: "sha256:0acb0d524ea27309ded2a7cf0bccf648c23e8772edfcdbcb1b5028ec7e52e313" # from: builder/scratch
+libs/grpc: "sha256:5636167caeb8c6763c3546b3c80bbed4ab7992cbb729324f721d4c0807aeabc1" # from: builder/scratch
+libs/grpc-v1.62.1: "sha256:5636167caeb8c6763c3546b3c80bbed4ab7992cbb729324f721d4c0807aeabc1" # from: builder/scratch
+libs/icu-release-77-1: "sha256:7492eafe179024573232246572309b162750e83164aaa0908ac7842cf930c381" # from: builder/scratch
+libs/icu: "sha256:7492eafe179024573232246572309b162750e83164aaa0908ac7842cf930c381" # from: builder/scratch
+libs/json-c-json-c-0.18-20240915: "sha256:fc572acaee800df5cb188795c65abc291a663d05a9f5d191c60586abf0105b8d" # from: builder/scratch
+libs/json-c: "sha256:fc572acaee800df5cb188795c65abc291a663d05a9f5d191c60586abf0105b8d" # from: builder/scratch
+libs/keyutils: "sha256:7bf6dbd6cbf44273bad12b9a0519a18838bfae054244ba0aa977a9dc47559143" # from: builder/scratch
+libs/keyutils-v1.6.1: "sha256:7bf6dbd6cbf44273bad12b9a0519a18838bfae054244ba0aa977a9dc47559143" # from: builder/scratch
+libs/krb5-krb5-1.21.3-final: "sha256:052d67e78831afb3f53486846053275d2d0d8f0c5b96f0f76bb3ca842532a5f2" # from: builder/scratch
+libs/krb5: "sha256:052d67e78831afb3f53486846053275d2d0d8f0c5b96f0f76bb3ca842532a5f2" # from: builder/scratch
+libs/libaio-libaio-0.3.113: "sha256:a59c62550c4cd6c63a8110b7d73f37b32f0d18e38f17f4bb62bf628fdfcc87e3" # from: builder/scratch
+libs/libaio: "sha256:a59c62550c4cd6c63a8110b7d73f37b32f0d18e38f17f4bb62bf628fdfcc87e3" # from: builder/scratch
+libs/libcap: "sha256:83ee7446640c5ce94dae0f4b2fac4648962a1b9d835a9dd5710fa8239b15cd68" # from: builder/scratch
+libs/libcap-v1.2.69: "sha256:b82febcf55fda51d2d22c1bf38cf3c69da019a8f056522d19fdbfeae9c9b0d35" # from: builder/scratch
+libs/libcap-v1.2.71: "sha256:83ee7446640c5ce94dae0f4b2fac4648962a1b9d835a9dd5710fa8239b15cd68" # from: builder/scratch
+libs/libedit: "sha256:d091e27028de067f74e9cf5b7f21533774048ec7739ba295a5e2886c41aec94c" # from: builder/scratch
+libs/libedit-v20250104.3.1: "sha256:d091e27028de067f74e9cf5b7f21533774048ec7739ba295a5e2886c41aec94c" # from: builder/scratch
+libs/libevent-release-2.2.1-alpha: "sha256:e2abf4f47f616a36ceb2f601f63297eb56f0f4b60ab024b464c4a968cc8ada50" # from: builder/scratch
+libs/libevent: "sha256:e2abf4f47f616a36ceb2f601f63297eb56f0f4b60ab024b464c4a968cc8ada50" # from: builder/scratch
+libs/libev: "sha256:58d32c60b7fb59d55c39e4cec4c5a5d41c22d14a2aaf5077e1d4ee6e549de336" # from: builder/scratch
+libs/libev-v4.33: "sha256:58d32c60b7fb59d55c39e4cec4c5a5d41c22d14a2aaf5077e1d4ee6e549de336" # from: builder/scratch
+libs/libffi: "sha256:61f6df57ba7c7d8e36b291f6f3d00a9ab9894cca46f28497e7f4a4ca5e1306db" # from: builder/scratch
+libs/libffi-v3.4.8: "sha256:61f6df57ba7c7d8e36b291f6f3d00a9ab9894cca46f28497e7f4a4ca5e1306db" # from: builder/scratch
+libs/libfuse-3.18.1: "sha256:f687ff27d72565d7124e75b26a39b57fe428fcc5ccb43cc80d1ea9ccab998740" # from: builder/scratch
+libs/libfuse: "sha256:f687ff27d72565d7124e75b26a39b57fe428fcc5ccb43cc80d1ea9ccab998740" # from: builder/scratch
+libs/libgcrypt-libgcrypt-1.11.1: "sha256:dbf2ff5297ab254d56853e021a0258c02476e5bccde44622dabb54fdd6b261ab" # from: builder/scratch
+libs/libgcrypt: "sha256:dbf2ff5297ab254d56853e021a0258c02476e5bccde44622dabb54fdd6b261ab" # from: builder/scratch
+libs/libgpg-error-libgpg-error-1.55: "sha256:b1c242ec7a464c9f0c23b9bba0a11d678c0b10f0c730cd5d22913056d5f328c0" # from: builder/scratch
+libs/libgpg-error: "sha256:b1c242ec7a464c9f0c23b9bba0a11d678c0b10f0c730cd5d22913056d5f328c0" # from: builder/scratch
+libs/libidn2: "sha256:5889849c290405d7ce46ccc9e08c2eace6178020ef36dd555d983284eece7cde" # from: builder/scratch
+libs/libidn2-v2.3.8: "sha256:5889849c290405d7ce46ccc9e08c2eace6178020ef36dd555d983284eece7cde" # from: builder/scratch
+libs/libidn: "sha256:453e6a35d826af8fe1610c8bb1906a2ead7cb3a009ab655c765a4f838e462e7c" # from: builder/scratch
+libs/libidn-v1.43: "sha256:453e6a35d826af8fe1610c8bb1906a2ead7cb3a009ab655c765a4f838e462e7c" # from: builder/scratch
+libs/libinih-r60: "sha256:c6720a56eb95d4f5fe3a6db7c017bc8c7e0105e7ae3e2e73de74a2165e770a80" # from: builder/scratch
+libs/libinih: "sha256:c6720a56eb95d4f5fe3a6db7c017bc8c7e0105e7ae3e2e73de74a2165e770a80" # from: builder/scratch
+libs/libmaxminddb-1.12.2: "sha256:5277c5cf0aeb4e9cc68048a371a72328d8af6115f04d63c44baf4406e102c601" # from: builder/scratch
+libs/libmaxminddb: "sha256:5277c5cf0aeb4e9cc68048a371a72328d8af6115f04d63c44baf4406e102c601" # from: builder/scratch
+libs/libmnl-libmnl-1.0.5: "sha256:4ca0f3efd753bc32325918a8ed1180e1ef2b0960fac6d3024c734c3e2431dc4c" # from: builder/scratch
+libs/libmnl: "sha256:4ca0f3efd753bc32325918a8ed1180e1ef2b0960fac6d3024c734c3e2431dc4c" # from: builder/scratch
+libs/libnetfilter_conntrack-libnetfilter_conntrack-1.1.0: "sha256:8941fa70dade946e29aa153eb032e7be0c3fda438bc3fd813e8eefbdacb2f532" # from: builder/scratch
+libs/libnetfilter_conntrack: "sha256:8941fa70dade946e29aa153eb032e7be0c3fda438bc3fd813e8eefbdacb2f532" # from: builder/scratch
+libs/libnetfilter_cthelper-libnetfilter_cthelper-1.0.1: "sha256:d71db0ed984c24a9f0d2a98e53ce2507de928bfb6dba7e69f4c92e2f8cb1a2c6" # from: builder/scratch
+libs/libnetfilter_cthelper: "sha256:d71db0ed984c24a9f0d2a98e53ce2507de928bfb6dba7e69f4c92e2f8cb1a2c6" # from: builder/scratch
+libs/libnetfilter_cttimeout-libnetfilter_cttimeout-1.0.1: "sha256:c414832d087d210f40ed0a9b49b3c89bd93dcad37e1b232ceb6efbcba9b34e04" # from: builder/scratch
+libs/libnetfilter_cttimeout: "sha256:c414832d087d210f40ed0a9b49b3c89bd93dcad37e1b232ceb6efbcba9b34e04" # from: builder/scratch
+libs/libnetfilter_queue-libnetfilter_queue-1.0.5: "sha256:bcc55fdd7d127d486d43f34098f860afb4ff10df1ff98cfcd767e7213d4dc518" # from: builder/scratch
+libs/libnetfilter_queue: "sha256:bcc55fdd7d127d486d43f34098f860afb4ff10df1ff98cfcd767e7213d4dc518" # from: builder/scratch
+libs/libnfnetlink-libnfnetlink-1.0.2: "sha256:ed4f46d82ebbb227c649c10eb89306178de7f3362b0a1dcd06e413778abec07c" # from: builder/scratch
+libs/libnfnetlink: "sha256:ed4f46d82ebbb227c649c10eb89306178de7f3362b0a1dcd06e413778abec07c" # from: builder/scratch
+libs/libnftnl-libnftnl-1.2.9: "sha256:129a8731a73a0530612b9e3036c617f39f38626d4a849705911d25ce699a2ac2" # from: builder/scratch
+libs/libnftnl: "sha256:129a8731a73a0530612b9e3036c617f39f38626d4a849705911d25ce699a2ac2" # from: builder/scratch
+libs/libnl-libnl3_2_25: "sha256:a92becbbc2ea2d2e1ec78f762ce480a351685228d6490404a5a225d5aac17a82" # from: builder/scratch
+libs/libnl: "sha256:a92becbbc2ea2d2e1ec78f762ce480a351685228d6490404a5a225d5aac17a82" # from: builder/scratch
+libs/libnvme: "sha256:b457700ecb5d4af1a5919089cf80a137db015a3700307402dff0989c15c11e07" # from: builder/scratch
+libs/libnvme-v1.16.1: "sha256:b457700ecb5d4af1a5919089cf80a137db015a3700307402dff0989c15c11e07" # from: builder/scratch
+libs/libpcap-pwru: "sha256:b98b71b1751b62631fef20fab234a73ef2888e72ca7bbae21b106d0fe2a3ebb0" # from: builder/scratch
+libs/libpcap-pwru-v1.0.11: "sha256:b98b71b1751b62631fef20fab234a73ef2888e72ca7bbae21b106d0fe2a3ebb0" # from: builder/scratch
+libs/libpq-REL_17_5: "sha256:14aecb3b6bb7b2c0e77856bb2c1816e880e02b554d1c6d73d53ff547c6a3d584" # from: builder/scratch
+libs/libpq: "sha256:14aecb3b6bb7b2c0e77856bb2c1816e880e02b554d1c6d73d53ff547c6a3d584" # from: builder/scratch
+libs/libpsl-0.21.5: "sha256:6531c7df56c8f8657edfdc88239461c3e991a0b3567d2eb0fe11ddce8b330b51" # from: builder/scratch
+libs/libpsl: "sha256:6531c7df56c8f8657edfdc88239461c3e991a0b3567d2eb0fe11ddce8b330b51" # from: builder/scratch
+libs/libtirpc-libtirpc-1-3-6: "sha256:1be16aae0e8326a938b3dc7107b535860a15148517aafe32ef371a9de14cfcf6" # from: builder/scratch
+libs/libtirpc: "sha256:1be16aae0e8326a938b3dc7107b535860a15148517aafe32ef371a9de14cfcf6" # from: builder/scratch
+libs/libunistring: "sha256:ffa35e8aebbe09d128a6b71b952ca319a5ace66232c54e0c56e89b689d511daa" # from: builder/scratch
+libs/libunistring-v1.3: "sha256:ffa35e8aebbe09d128a6b71b952ca319a5ace66232c54e0c56e89b689d511daa" # from: builder/scratch
+libs/libuv: "sha256:f4eb2316678a807096541c70e5f310c5d5f261706e14afae98787e1fba141156" # from: builder/scratch
+libs/libuv-v1.51.0: "sha256:f4eb2316678a807096541c70e5f310c5d5f261706e14afae98787e1fba141156" # from: builder/scratch
+libs/libxml2: "sha256:79b72362a960c417d1a3dbe0ae3970058037aa37c14c18eed02f7a522d2b6042" # from: builder/scratch
+libs/libxml2-v2.13.8: "sha256:d8692c1e3fbf22080f092bd2c11b2fa624547d8875602cb6fb9558c0a03c46b7" # from: builder/scratch
+libs/libxml2-v2.14.3: "sha256:79b72362a960c417d1a3dbe0ae3970058037aa37c14c18eed02f7a522d2b6042" # from: builder/scratch
+libs/libxslt: "sha256:fb7120d4f5ff0745a89a63542cab4b8fe4eb9cc0bc4a3b958400ddd439c37dc4" # from: builder/scratch
+libs/libxslt-v1.1.43: "sha256:fb7120d4f5ff0745a89a63542cab4b8fe4eb9cc0bc4a3b958400ddd439c37dc4" # from: builder/scratch
+libs/libyaml-0.2.5: "sha256:4cafe940534db3a00b9b6c23ec13fa57f690a73db051e0ba6e82ed2885aa7659" # from: builder/scratch
+libs/libyaml: "sha256:4cafe940534db3a00b9b6c23ec13fa57f690a73db051e0ba6e82ed2885aa7659" # from: builder/scratch
+libs/lmdb-LMDB_0.9.31: "sha256:af0991d7e5d90315550689845cac20cde87adf0e9ec956acfabccc546cb03cba" # from: builder/scratch
+libs/lmdb: "sha256:af0991d7e5d90315550689845cac20cde87adf0e9ec956acfabccc546cb03cba" # from: builder/scratch
+libs/lua-iconv-7-3: "sha256:39c1fe22979ddebb0c1338bbf461fba0f5db8c96d93232e9a75e773cca5b8d35" # from: builder/scratch
+libs/lua-iconv: "sha256:39c1fe22979ddebb0c1338bbf461fba0f5db8c96d93232e9a75e773cca5b8d35" # from: builder/scratch
+libs/lua-protobuf-0.5.1: "sha256:c29fd9302da1bf7ba5feed985f4a101defc7161e1514406f0d3372814c1aff29" # from: builder/scratch
+libs/lua-protobuf: "sha256:c29fd9302da1bf7ba5feed985f4a101defc7161e1514406f0d3372814c1aff29" # from: builder/scratch
+libs/mpc1-1.3.1: "sha256:189ff0af066c27912c63b0f27732956674f68fc85648888c00015639f3e416b4" # from: builder/scratch
+libs/mpc1: "sha256:189ff0af066c27912c63b0f27732956674f68fc85648888c00015639f3e416b4" # from: builder/scratch
+libs/mpfr4-4.2.1: "sha256:ee60e326581c4ab00617888abe96ed0134ffc25e1014eb89c36482c324b43c52" # from: builder/scratch
+libs/mpfr4: "sha256:ee60e326581c4ab00617888abe96ed0134ffc25e1014eb89c36482c324b43c52" # from: builder/scratch
+libs/musl-fts: "sha256:65c129802a29097542097959326dd8ca23bc33752f64c7a0cbfa9a4aab348bde" # from: builder/scratch
+libs/musl-fts-v1.2.7: "sha256:65c129802a29097542097959326dd8ca23bc33752f64c7a0cbfa9a4aab348bde" # from: builder/scratch
+libs/musl-obstack: "sha256:63f6addd06f0c9bec1df5aef86fb14e89611981ccb2cc14a653e1a930936241a" # from: builder/scratch
+libs/musl-obstack-v1.2.3: "sha256:63f6addd06f0c9bec1df5aef86fb14e89611981ccb2cc14a653e1a930936241a" # from: builder/scratch
+libs/musl: "sha256:c9ef83ee607117ebea6e44f0a293dc00e28f8874e35bc5f5c8799bdfe6881124" # from: builder/scratch
+libs/musl-v1.2.5: "sha256:c9ef83ee607117ebea6e44f0a293dc00e28f8874e35bc5f5c8799bdfe6881124" # from: builder/scratch
+libs/ncurses: "sha256:3f1dd67c0485103b362d53efd09538be493c3ef45721bd90b00317cfa765ad84" # from: builder/scratch
+libs/ncurses-v6_5_20250920: "sha256:3f1dd67c0485103b362d53efd09538be493c3ef45721bd90b00317cfa765ad84" # from: builder/scratch
+libs/nghttp2: "sha256:1c1ce37c5a1279dba7568163f9422b6808e25cc3e485e7ad5da6093be723515b" # from: builder/scratch
+libs/nghttp2-v1.66.0: "sha256:1c1ce37c5a1279dba7568163f9422b6808e25cc3e485e7ad5da6093be723515b" # from: builder/scratch
+libs/oniguruma: "sha256:38798120c6c776f403c890275bc1174e204c937dc534232fdda7be2c232b0179" # from: builder/scratch
+libs/oniguruma-v6.9.10: "sha256:38798120c6c776f403c890275bc1174e204c937dc534232fdda7be2c232b0179" # from: builder/scratch
+libs/pcre2-pcre2-10.45: "sha256:147e47f82d85cd807fea40512da59613fbe103fe4d1d809bbdb756d96081a688" # from: builder/scratch
+libs/pcre2: "sha256:147e47f82d85cd807fea40512da59613fbe103fe4d1d809bbdb756d96081a688" # from: builder/scratch
+libs/pcre-8.45: "sha256:fcb06371a5727a41a54dd144802e8ee55fabaf4f87f701476cd3ad6291c7a0ee" # from: builder/scratch
+libs/pcre: "sha256:fcb06371a5727a41a54dd144802e8ee55fabaf4f87f701476cd3ad6291c7a0ee" # from: builder/scratch
+libs/popt-popt-1.19-release: "sha256:646f3bc77b9cd8712573bb1b130be8d5c6ff4706ab747330e8ef35b06036a33d" # from: builder/scratch
+libs/popt: "sha256:646f3bc77b9cd8712573bb1b130be8d5c6ff4706ab747330e8ef35b06036a33d" # from: builder/scratch
+libs/protobuf: "sha256:3f7657aa841f3ee42f09c98d3b5f59a829400d11fa2817221910a3e4ec9856a8" # from: builder/scratch
+libs/protobuf-v29.4: "sha256:3f7657aa841f3ee42f09c98d3b5f59a829400d11fa2817221910a3e4ec9856a8" # from: builder/scratch
+libs/python-wheel: "sha256:094062e84a06571c0cefc9fe960f9a6d6e02d86a2a990aefc1a82ac2975d0519" # from: builder/scratch
+libs/python-wheel-v0.1: "sha256:094062e84a06571c0cefc9fe960f9a6d6e02d86a2a990aefc1a82ac2975d0519" # from: builder/scratch
+libs/re2-2024-07-02: "sha256:1bef956f3244a8f5fe87816a4bfa3470b1d3e46b874cfe04bbc5133e5b6ecb0f" # from: builder/scratch
+libs/re2: "sha256:1bef956f3244a8f5fe87816a4bfa3470b1d3e46b874cfe04bbc5133e5b6ecb0f" # from: builder/scratch
+libs/readline-readline-8.2: "sha256:2ce60af1b63de3f2f1853f0356277803cd20ab3004b3eff0987d1b97b95d2438" # from: builder/scratch
+libs/readline: "sha256:2ce60af1b63de3f2f1853f0356277803cd20ab3004b3eff0987d1b97b95d2438" # from: builder/scratch
+libs/skalibs: "sha256:8e212f565cdba51603b33b542d47b196222bc8910544846e2e655d38eb4b3721" # from: builder/scratch
+libs/skalibs-v2.14.3.0: "sha256:8e212f565cdba51603b33b542d47b196222bc8910544846e2e655d38eb4b3721" # from: builder/scratch
+libs/sqlite: "sha256:6b513c1ea6579e8b540ba16462f0880a0d40cb316fbd6e092e0fc115d6514b9e" # from: builder/scratch
+libs/sqlite-version-3.49.1: "sha256:6b513c1ea6579e8b540ba16462f0880a0d40cb316fbd6e092e0fc115d6514b9e" # from: builder/scratch
+libs/userspace-rcu: "sha256:c686739972451041f083132c56ae9e8a7c1866d42674b390120f6fe2df01b359" # from: builder/scratch
+libs/userspace-rcu-v0.15.2: "sha256:c686739972451041f083132c56ae9e8a7c1866d42674b390120f6fe2df01b359" # from: builder/scratch
+libs/utmps: "sha256:184604b50f674e2e8519291bc93fa3f1ac680ec8e9bdcd736ec7f8a797910436" # from: builder/scratch
+libs/utmps-v0.1.2.3: "sha256:184604b50f674e2e8519291bc93fa3f1ac680ec8e9bdcd736ec7f8a797910436" # from: builder/scratch
+libs/xz: "sha256:2595ff40d992891f76782ff4e1fd7cc062af7222644db70f483072d8e35c0a62" # from: builder/scratch
+libs/xz-v5.8.1: "sha256:2595ff40d992891f76782ff4e1fd7cc062af7222644db70f483072d8e35c0a62" # from: builder/scratch
+libs/yajl-2.1.0: "sha256:bdc50bf5257558debcb66d1859d338355c4f15c62c4c6faa9381085b61852cee" # from: builder/scratch
+libs/yajl: "sha256:bdc50bf5257558debcb66d1859d338355c4f15c62c4c6faa9381085b61852cee" # from: builder/scratch
+libs/zlib: "sha256:99610f35462f5a1f04d764fef3e149e486d4b6895aa2edda5f5e72ebca8b0492" # from: builder/scratch
+libs/zlib-v1.3.1: "sha256:99610f35462f5a1f04d764fef3e149e486d4b6895aa2edda5f5e72ebca8b0492" # from: builder/scratch
+libs/zstd: "sha256:6bd8208ef57fdf9e0095f386f614e7377174d5ef7526e9b992dfc6fe5aa22b60" # from: builder/scratch
+libs/zstd-v1.5.7: "sha256:6bd8208ef57fdf9e0095f386f614e7377174d5ef7526e9b992dfc6fe5aa22b60" # from: builder/scratch
+tools/bash-completion-2.16.0: "sha256:9ad1615e0428a7074f2e8026189f9a8d04b8804a64f94314b160ed9767ce053c" # from: builder/scratch
+tools/bash-completion: "sha256:9ad1615e0428a7074f2e8026189f9a8d04b8804a64f94314b160ed9767ce053c" # from: builder/scratch
+tools/bash: "sha256:02b08330b1e73ce40568b84c1d128f640b0a71faffaa3703e56aa02bbb47608a" # from: builder/scratch
+tools/bash-v5.2.37: "sha256:02b08330b1e73ce40568b84c1d128f640b0a71faffaa3703e56aa02bbb47608a" # from: builder/scratch
+tools/conntrack-tools-conntrack-tools-1.4.8: "sha256:c6151bf048e37b9a85ccdd038805d756e2b1295a0172bf3af462a48c4afdd857" # from: builder/scratch
+tools/conntrack-tools: "sha256:c6151bf048e37b9a85ccdd038805d756e2b1295a0172bf3af462a48c4afdd857" # from: builder/scratch
+tools/coreutils: "sha256:974629f4702f1b483a65496ab17eaf1a195adbc0d2bdc6325d7aca63f2a24b4b" # from: builder/scratch
+tools/coreutils-v9.7: "sha256:974629f4702f1b483a65496ab17eaf1a195adbc0d2bdc6325d7aca63f2a24b4b" # from: builder/scratch
+tools/cosign: "sha256:deb898338758c7f0501ff094c75f040b37bdfc079f158dcf1bcee4abc821ed62" # from: builder/scratch
+tools/cosign-v2.4.3: "sha256:deb898338758c7f0501ff094c75f040b37bdfc079f158dcf1bcee4abc821ed62" # from: builder/scratch
+tools/cryptsetup: "sha256:6a446532c85a631cf078a9879622d334c2e4f6480e40d5a2a931274c59ecbc06" # from: builder/scratch
+tools/cryptsetup-v2.7.5: "sha256:6a446532c85a631cf078a9879622d334c2e4f6480e40d5a2a931274c59ecbc06" # from: builder/scratch
+tools/curl-curl-8_18_0: "sha256:8f31f5dd039e250355a3192882a230e76c85139d25bd138d8aa35622882353d0" # from: builder/scratch
+tools/curl: "sha256:8f31f5dd039e250355a3192882a230e76c85139d25bd138d8aa35622882353d0" # from: builder/scratch
+tools/diffutils: "sha256:d79beec5e5cca886e4d965f944ceccf9397bda30fe777fae0cc50538bdc7e120" # from: builder/scratch
+tools/diffutils-v3.12: "sha256:d79beec5e5cca886e4d965f944ceccf9397bda30fe777fae0cc50538bdc7e120" # from: builder/scratch
+tools/dumb-init: "sha256:40e63e56f08c23e7789fd06f78e71bafbbc5c909e08894ffc420a44a0a9c1c0e" # from: builder/scratch
+tools/dumb-init-v1.2.5: "sha256:40e63e56f08c23e7789fd06f78e71bafbbc5c909e08894ffc420a44a0a9c1c0e" # from: builder/scratch
+tools/e2fsprogs: "sha256:bd585e05e5fd4b540ba187333d03aa76da4b764e103bc99cc53957a00da6c5d7" # from: builder/scratch
+tools/e2fsprogs-v1.47.2: "sha256:bd585e05e5fd4b540ba187333d03aa76da4b764e103bc99cc53957a00da6c5d7" # from: builder/scratch
+tools/elfutils-elfutils-0.193: "sha256:297e48a2cf60c85382aa823f493350b516052857092b7991aa8e9d579307dc02" # from: builder/scratch
+tools/elfutils: "sha256:297e48a2cf60c85382aa823f493350b516052857092b7991aa8e9d579307dc02" # from: builder/scratch
+tools/erofs-utils: "sha256:cfa419dfb4eadc5eb6e93f389b49a31bc932cbbee1954dc0e9fc8148d30effd2" # from: builder/scratch
+tools/erofs-utils-v1.8.10: "sha256:cfa419dfb4eadc5eb6e93f389b49a31bc932cbbee1954dc0e9fc8148d30effd2" # from: builder/scratch
+tools/ethtool: "sha256:c23b2ea3c65b7e348743161291b9e3101470134d7b569e041d2a8585a3af7056" # from: builder/scratch
+tools/ethtool-v6.15: "sha256:c23b2ea3c65b7e348743161291b9e3101470134d7b569e041d2a8585a3af7056" # from: builder/scratch
+tools/findutils: "sha256:fc3771fff46713451c76b7bfe0511d947aa3e2f92d6e02da28de611822d50d45" # from: builder/scratch
+tools/findutils-v4.10.0: "sha256:fc3771fff46713451c76b7bfe0511d947aa3e2f92d6e02da28de611822d50d45" # from: builder/scratch
+tools/gawk: "sha256:127cd0deec95da956fa80cc642a328b030961cda40d957acb9a12cdc96841417" # from: builder/scratch
+tools/gawk-v5.3.2: "sha256:127cd0deec95da956fa80cc642a328b030961cda40d957acb9a12cdc96841417" # from: builder/scratch
+tools/gcc-12.1.0: "sha256:c51f177ee84227ed9d767ae9e808792f732d7431aca1e486ba3deca5ec0c2339" # from: builder/scratch
+tools/gcc-gnu-releases/gcc-14.2.0: "sha256:1e4d4aacc16488153fd638ff92cedc7c6f89b1a2cb004dc9fdca0998e23f19d8" # from: builder/scratch
+tools/gcc-gnu: "sha256:1e4d4aacc16488153fd638ff92cedc7c6f89b1a2cb004dc9fdca0998e23f19d8" # from: builder/scratch
+tools/gcc: "sha256:c51f177ee84227ed9d767ae9e808792f732d7431aca1e486ba3deca5ec0c2339" # from: builder/scratch
+tools/git: "sha256:639c27908e5f11c2ed09052ef3f2eb722b79fdd578e092b1415ef9f38b398f2c" # from: builder/scratch
+tools/git-v2.50.1: "sha256:639c27908e5f11c2ed09052ef3f2eb722b79fdd578e092b1415ef9f38b398f2c" # from: builder/scratch
+tools/golang-1.24.13: "sha256:8433c4d59e23cdb2e10b1910c5fb3b6a92c3b012f8bc84c8314e0001a8a4add2" # from: builder/scratch
+tools/golang-1.25.8: "sha256:b3ce049b40b54a43551715f76511d6bf9df3895b5af6f3e4979d962128c4d902" # from: builder/scratch
+tools/golang: "sha256:b3ce049b40b54a43551715f76511d6bf9df3895b5af6f3e4979d962128c4d902" # from: builder/scratch
+tools/grep-grep-3.11: "sha256:c83c35bd1321103162d6e12030f6b49e9220eae00870eee2cea32e60b2eb1949" # from: builder/scratch
+tools/grep: "sha256:c83c35bd1321103162d6e12030f6b49e9220eae00870eee2cea32e60b2eb1949" # from: builder/scratch
+tools/iproute2: "sha256:1802839b7eb6c80b2e0c8c6527d1030ca5b77eb974b9e2e7f7dd81f4b35e59b9" # from: builder/scratch
+tools/iproute2-v6.12.0: "sha256:1802839b7eb6c80b2e0c8c6527d1030ca5b77eb974b9e2e7f7dd81f4b35e59b9" # from: builder/scratch
+tools/ipset: "sha256:ccbf19497f939baf8a3bce2d723db946b4bbe31d57ce727db064dc71feabf2b7" # from: builder/scratch
+tools/ipset-v7.22: "sha256:ccbf19497f939baf8a3bce2d723db946b4bbe31d57ce727db064dc71feabf2b7" # from: builder/scratch
+tools/iptables: "sha256:7bba522179a4fb511ae2d905f7ba9c1741d67052d0c8fd5037ab58b93f3f8a88" # from: builder/scratch
+tools/iptables-v1.8.9: "sha256:7bba522179a4fb511ae2d905f7ba9c1741d67052d0c8fd5037ab58b93f3f8a88" # from: builder/scratch
+tools/iputils-20250605: "sha256:95babdf3ec18fc51a7970df78131ce8b0d267153e057350610a69e5015f66943" # from: builder/scratch
+tools/iputils: "sha256:95babdf3ec18fc51a7970df78131ce8b0d267153e057350610a69e5015f66943" # from: builder/scratch
+tools/jq-1.7.1: "sha256:7218b86b49a12d03911cc745cfcc7720e6b2803a97db2b7a30c3d70753c6ad77" # from: builder/scratch
+tools/jq: "sha256:7218b86b49a12d03911cc745cfcc7720e6b2803a97db2b7a30c3d70753c6ad77" # from: builder/scratch
+tools/kmod: "sha256:b7056c3071d9adf63035fc689f16e5ef14d7920959d4839653605c99fe96606e" # from: builder/scratch
+tools/kmod-v33: "sha256:b7056c3071d9adf63035fc689f16e5ef14d7920959d4839653605c99fe96606e" # from: builder/scratch
+tools/less-less-668: "sha256:752e8bfd8a6a8112fd28d5aab0c98b4d798c2696f30888aa6677e199e368ac37" # from: builder/scratch
+tools/less: "sha256:752e8bfd8a6a8112fd28d5aab0c98b4d798c2696f30888aa6677e199e368ac37" # from: builder/scratch
+tools/libcap: "sha256:95cddf1738d5a4ee9291fffb91e909dcfd32370b11aa5297bcbfcc94184aa6ec" # from: builder/scratch
+tools/libcap-v1.2.76: "sha256:95cddf1738d5a4ee9291fffb91e909dcfd32370b11aa5297bcbfcc94184aa6ec" # from: builder/scratch
+tools/lsscsi: "sha256:ba8301b91d07c277ff350cad160215a3903f36650b5c09980b4c379fbcd79cc1" # from: builder/scratch
+tools/lsscsi-v0.28: "sha256:ba8301b91d07c277ff350cad160215a3903f36650b5c09980b4c379fbcd79cc1" # from: builder/scratch
+tools/lua5-1: "sha256:1792ffe9782a946a79a293487e9b58c112b8688e84fab340e115740c7ea0e3ff" # from: builder/scratch
+tools/lua5-1-v5.1.5: "sha256:1792ffe9782a946a79a293487e9b58c112b8688e84fab340e115740c7ea0e3ff" # from: builder/scratch
+tools/luarocks5-1: "sha256:632b8a92ecb2da645b8771f205b4c341d39cae6f684e0ee603262e8b33ae000d" # from: builder/scratch
+tools/luarocks5-1-v3.12.2: "sha256:632b8a92ecb2da645b8771f205b4c341d39cae6f684e0ee603262e8b33ae000d" # from: builder/scratch
+tools/lvm2: "sha256:d8e0f806cc340426a3d9c2e3c5a8368869d564516f9604522666b4beee1f6686" # from: builder/scratch
+tools/lvm2-v2_03_31: "sha256:d8e0f806cc340426a3d9c2e3c5a8368869d564516f9604522666b4beee1f6686" # from: builder/scratch
+tools/memcached-1.6.39: "sha256:60d587804a50892c5f0c61a64fbb2c28f1b01d99a4aa47e2dd92996f8de166a2" # from: builder/scratch
+tools/memcached: "sha256:60d587804a50892c5f0c61a64fbb2c28f1b01d99a4aa47e2dd92996f8de166a2" # from: builder/scratch
+tools/multipath-tools-0.13.0: "sha256:860adeacd5181a7a4b50297b67fa001f3542325fad791f47b1bba6b40e0a3aa7" # from: builder/scratch
+tools/multipath-tools: "sha256:860adeacd5181a7a4b50297b67fa001f3542325fad791f47b1bba6b40e0a3aa7" # from: builder/scratch
+tools/nfs-utils-nfs-utils-2-8-2: "sha256:fef5f7d74d439ccb7786656297114e8c293d41e2bf5c0b8ecba5bfc98f1020ce" # from: builder/scratch
+tools/nfs-utils: "sha256:fef5f7d74d439ccb7786656297114e8c293d41e2bf5c0b8ecba5bfc98f1020ce" # from: builder/scratch
+tools/nginx-njs-release-1.28.0: "sha256:d60179dc0b1ec40c7a90589756dae29c99831bc6a8a890a0684f47b9ea475ffe" # from: builder/scratch
+tools/nginx-njs: "sha256:d60179dc0b1ec40c7a90589756dae29c99831bc6a8a890a0684f47b9ea475ffe" # from: builder/scratch
+tools/nginx-release-1.28.0: "sha256:601e5a92b84e08b958a65b901c02b2321d5c31b220466e802af6cc2e347a6afb" # from: builder/scratch
+tools/nginx: "sha256:601e5a92b84e08b958a65b901c02b2321d5c31b220466e802af6cc2e347a6afb" # from: builder/scratch
+tools/nvme-cli: "sha256:5a0a627687e4dd997a66897f9df3482adea9f117ca23c41b5520f724fad2b125" # from: builder/scratch
+tools/nvme-cli-v2.16: "sha256:5a0a627687e4dd997a66897f9df3482adea9f117ca23c41b5520f724fad2b125" # from: builder/scratch
+tools/open-iscsi-2.1.11: "sha256:7cf4967824a6ae74bba69532a69aa5329fae55aef287bcb5b3dfa317cfe16def" # from: builder/scratch
+tools/open-iscsi: "sha256:7cf4967824a6ae74bba69532a69aa5329fae55aef287bcb5b3dfa317cfe16def" # from: builder/scratch
+tools/openssl-3.6.0: "sha256:27a6f59849d06b81c07936b15518549592782ce62aa23926f14507de57ae8905" # from: builder/scratch
+tools/openssl: "sha256:27a6f59849d06b81c07936b15518549592782ce62aa23926f14507de57ae8905" # from: builder/scratch
+tools/procps: "sha256:4d01d9f751c707f07d74ab0c7db1102a059abb4e5f3bde9bfe4a2666608dc4f7" # from: builder/scratch
+tools/procps-v4.0.5: "sha256:4d01d9f751c707f07d74ab0c7db1102a059abb4e5f3bde9bfe4a2666608dc4f7" # from: builder/scratch
+tools/pwru: "sha256:4cd43fd02d065d4770b86e87cc46cae46d4731c0e1249b3194934cf2f5f09b82" # from: builder/scratch
+tools/pwru-v1.0.11: "sha256:4cd43fd02d065d4770b86e87cc46cae46d4731c0e1249b3194934cf2f5f09b82" # from: builder/scratch
+tools/rclone-1.73.1: "sha256:9d77b4fee2f66dbd8ffab025550aebc856da5c69ca8daf1798cc78f11943c6d4" # from: builder/scratch
+tools/rclone: "sha256:9d77b4fee2f66dbd8ffab025550aebc856da5c69ca8daf1798cc78f11943c6d4" # from: builder/scratch
+tools/rpcbind-rpcbind-1_2_8: "sha256:6a0b585505b38a0f2251c4e229d69fe94b021820948c83c8bd24dfb873f68ed7" # from: builder/scratch
+tools/rpcbind: "sha256:6a0b585505b38a0f2251c4e229d69fe94b021820948c83c8bd24dfb873f68ed7" # from: builder/scratch
+tools/s3fs-fuse-1.97: "sha256:1f3d0d991a1dbe94d8fe6a4a392d063c0857668677cd507a77f43d1425fcf7c3" # from: builder/scratch
+tools/s3fs-fuse: "sha256:1f3d0d991a1dbe94d8fe6a4a392d063c0857668677cd507a77f43d1425fcf7c3" # from: builder/scratch
+tools/sed: "sha256:03139bab0878f523e1d8256faea9d63f31325efa65f4330de19a91cc18032b8c" # from: builder/scratch
+tools/sed-v4.9: "sha256:03139bab0878f523e1d8256faea9d63f31325efa65f4330de19a91cc18032b8c" # from: builder/scratch
+tools/semver-3.4.0: "sha256:1820728a5bc6d57ec962b075461a679034d965ad7521a11fcf73dec29d85e739" # from: builder/scratch
+tools/semver: "sha256:1820728a5bc6d57ec962b075461a679034d965ad7521a11fcf73dec29d85e739" # from: builder/scratch
+tools/shell-operator: "sha256:876c00a7194918b869b723ae3289c3883cdf9d30222f6419af6ea93cc898297d" # from: builder/scratch
+tools/shell-operator-v1.14.3: "sha256:876c00a7194918b869b723ae3289c3883cdf9d30222f6419af6ea93cc898297d" # from: builder/scratch
+tools/ssh: "sha256:25fbf77913f932f27973049480826b8dc30de17d2bbbf11ba6ac154f1735e0ae" # from: builder/scratch
+tools/ssh-V_10_0_P2: "sha256:25fbf77913f932f27973049480826b8dc30de17d2bbbf11ba6ac154f1735e0ae" # from: builder/scratch
+tools/tar: "sha256:89060034cd11076104af31fa9d613100149227c64890d10ad683fd3e475ce5c2" # from: builder/scratch
+tools/tar-v1.35: "sha256:89060034cd11076104af31fa9d613100149227c64890d10ad683fd3e475ce5c2" # from: builder/scratch
+tools/tini: "sha256:fe793f5ef388a143c71b085222591c9dc1e7a19d675aeacb3e889878b700dc9e" # from: builder/scratch
+tools/tini-v0.19.0: "sha256:fe793f5ef388a143c71b085222591c9dc1e7a19d675aeacb3e889878b700dc9e" # from: builder/scratch
+tools/udev-2.59.1: "sha256:4d9af46ad9694d270acce78c7701b582611d43be7662bf66cadceafcbb28141e" # from: builder/scratch
+tools/udev: "sha256:4d9af46ad9694d270acce78c7701b582611d43be7662bf66cadceafcbb28141e" # from: builder/scratch
+tools/util-linux: "sha256:cdfc92bd8bd683bd8308f9ba29bfd2c4d41f17e1267a1d6c0dfcc0a01c561371" # from: builder/scratch
+tools/util-linux-v2.41: "sha256:cdfc92bd8bd683bd8308f9ba29bfd2c4d41f17e1267a1d6c0dfcc0a01c561371" # from: builder/scratch
+tools/vim: "sha256:a7a8fd17135befeaf2565c18fc888a504e5076803649fba776f5c6b8b24382f7" # from: builder/scratch
+tools/vim-v9.1.1236: "sha256:a7a8fd17135befeaf2565c18fc888a504e5076803649fba776f5c6b8b24382f7" # from: builder/scratch
+tools/xfsprogs: "sha256:30170f2cf5a9f9b34cc1abf028a2f6bfa3572ed95f78110f5c2f0f4f9281d028" # from: builder/scratch
+tools/xfsprogs-v6.16.0: "sha256:30170f2cf5a9f9b34cc1abf028a2f6bfa3572ed95f78110f5c2f0f4f9281d028" # from: builder/scratch
+tools/yq: "sha256:39ee130450e25d7aa4476fa52710a8ca4af482d8e9c678dcdebf9ea35b53f9bb" # from: builder/scratch
+tools/yq-v4.45.1: "sha256:dd6ab5f8e98402ea05d6c741eb0414aa09f161ce7960e99723eecc1250dd10bf" # from: builder/scratch
+tools/yq-v4.47.1: "sha256:39ee130450e25d7aa4476fa52710a8ca4af482d8e9c678dcdebf9ea35b53f9bb" # from: builder/scratch
diff --git a/build/components/versions.yml b/build/components/versions.yml
index 1a204d27ce..255abe3fa4 100644
--- a/build/components/versions.yml
+++ b/build/components/versions.yml
@@ -3,8 +3,8 @@ firmware:
   libvirt: v10.9.0
   edk2: stable202411
 core:
-  3p-kubevirt: v1.3.1-v12n.12-cse.4
-  3p-containerized-data-importer: v1.60.3-v12n.10-cse.4
+  3p-kubevirt: v1.3.1-v12n.12-cse.5
+  3p-containerized-data-importer: v1.60.3-v12n.10-cse.5
   distribution: 2.8.3
 package:
   acl: v2.3.1
diff --git a/images/base-alt-p11-binaries/werf.inc.yaml b/images/base-alt-p11-binaries/werf.inc.yaml
index dad44e1f3e..0f41d587dc 100644
--- a/images/base-alt-p11-binaries/werf.inc.yaml
+++ b/images/base-alt-p11-binaries/werf.inc.yaml
@@ -34,3 +34,6 @@ shell:
       cp -af /$pkg/. /
       rm -rf /$pkg
     done
+
+    rm -f /var/lib/rpm/__db*
+    rpm -v --rebuilddb
diff --git a/images/bounder/werf.inc.yaml b/images/bounder/werf.inc.yaml
index 86b1dfa77c..35a3f60fd9 100644
--- a/images/bounder/werf.inc.yaml
+++ b/images/bounder/werf.inc.yaml
@@ -12,7 +12,7 @@ imageSpec:
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-cbuilder
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.25" "builder/golang-alt-svace-1.25" }}
 git:
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}/static_binaries
     to: /static_binaries
diff --git a/images/cdi-artifact/werf.inc.yaml b/images/cdi-artifact/werf.inc.yaml
index f313f934b4..03faa3b44f 100644
--- a/images/cdi-artifact/werf.inc.yaml
+++ b/images/cdi-artifact/werf.inc.yaml
@@ -39,7 +39,7 @@ shell:
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.25" "builder/golang-alt-svace-1.25" }}
 mount:
 - fromPath: ~/go-pkg-cache
   to: /go/pkg
@@ -138,7 +138,7 @@ shell:
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-cbuilder
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.25" "builder/golang-alt-svace-1.25" }}
 git:
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}
     to: /
diff --git a/images/cdi-cloner/werf.inc.yaml b/images/cdi-cloner/werf.inc.yaml
index 58a21af3ef..d0da52d99b 100644
--- a/images/cdi-cloner/werf.inc.yaml
+++ b/images/cdi-cloner/werf.inc.yaml
@@ -53,7 +53,7 @@ shell:
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-gobuild
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.25" "builder/golang-alt-svace-1.25" }}
 git:
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}/cloner-startup
     to: /app
diff --git a/images/debuger/werf.inc.yaml b/images/debuger/werf.inc.yaml
index 6cbe544914..26dfd2559c 100644
--- a/images/debuger/werf.inc.yaml
+++ b/images/debuger/werf.inc.yaml
@@ -10,16 +10,16 @@ import:
 ---
 image: {{ $.ImageName }}-builder
 final: false
-fromImage: base-alt-p11-binaries
+fromImage: builder/alt
 shell:
   install:
   - |
     apt-get update && apt-get install --yes \
-      musl-devel-static gcc golang git 
-    
+      musl-devel-static gcc golang git
+
     export CGO_ENABLED=0
     export GOOS=linux
-    export GOARCH=amd64 
+    export GOARCH=amd64
 
     mkdir -p /out
     git clone --depth=1 --branch v1.25.1 https://github.com/go-delve/delve.git /src
diff --git a/images/distroless/werf.inc.yaml b/images/distroless/werf.inc.yaml
index da9e12b236..28e924eab2 100644
--- a/images/distroless/werf.inc.yaml
+++ b/images/distroless/werf.inc.yaml
@@ -16,7 +16,7 @@ imageSpec:
     user: 64535
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-artifact
-fromImage: {{ .ModuleNamePrefix }}base-alt-p11-binaries
+fromImage: builder/alt
 final: false
 shell:
   beforeInstall:
diff --git a/images/dvcr-artifact/Taskfile.dist.yaml b/images/dvcr-artifact/Taskfile.dist.yaml
index d6e4e6a51a..67fbf1c2e4 100644
--- a/images/dvcr-artifact/Taskfile.dist.yaml
+++ b/images/dvcr-artifact/Taskfile.dist.yaml
@@ -80,7 +80,7 @@ tasks:
       - _ensure:golangci-lint
     cmds:
       - |
-        golangci-lint run --sort-results
+        golangci-lint run
 
   _ensure:golangci-lint:
     desc: "Ensure golangci-lint is available"
diff --git a/images/dvcr-artifact/go.mod b/images/dvcr-artifact/go.mod
index 49ecc20856..7932fd13ea 100644
--- a/images/dvcr-artifact/go.mod
+++ b/images/dvcr-artifact/go.mod
@@ -1,12 +1,12 @@
 module github.com/deckhouse/virtualization-controller/dvcr-importers
 
-go 1.24.13
+go 1.25.8
 
 require (
 	github.com/containers/image/v5 v5.32.0
 	github.com/deckhouse/virtualization/api v0.0.0-20241220154636-ce1f73499998
 	github.com/distribution/reference v0.6.0
-	github.com/docker/cli v27.1.1+incompatible
+	github.com/docker/cli v29.2.0+incompatible
 	github.com/golang/snappy v0.0.4
 	github.com/google/go-containerregistry v0.20.0
 	github.com/google/uuid v1.6.0
@@ -17,22 +17,28 @@ require (
 	github.com/prometheus/client_golang v1.19.0
 	github.com/prometheus/client_model v0.6.0
 	github.com/spf13/cobra v1.8.1
-	golang.org/x/sync v0.18.0
+	golang.org/x/sync v0.19.0
 	k8s.io/klog/v2 v2.120.1
 	kubevirt.io/containerized-data-importer v0.0.0-00010101000000-000000000000
 	kubevirt.io/containerized-data-importer-api v1.60.3
 )
 
+require (
+	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
+	go.opentelemetry.io/otel/sdk v1.40.0 // indirect
+	go.opentelemetry.io/otel/sdk/metric v1.40.0 // indirect
+)
+
 require (
 	cloud.google.com/go v0.112.0 // indirect
-	cloud.google.com/go/compute/metadata v0.3.0 // indirect
+	cloud.google.com/go/compute/metadata v0.9.0 // indirect
 	cloud.google.com/go/iam v1.1.5 // indirect
 	cloud.google.com/go/storage v1.36.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6
 	github.com/BurntSushi/toml v1.4.0 // indirect
 	github.com/aws/aws-sdk-go v1.44.302 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chzyer/readline v1.5.1 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
 	github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect
@@ -49,7 +55,7 @@ require (
 	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/go-jose/go-jose/v3 v3.0.3 // indirect
-	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
@@ -58,7 +64,7 @@ require (
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
-	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
@@ -103,23 +109,23 @@ require (
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
-	go.opentelemetry.io/otel v1.24.0 // indirect
-	go.opentelemetry.io/otel/metric v1.24.0 // indirect
-	go.opentelemetry.io/otel/trace v1.24.0 // indirect
-	golang.org/x/crypto v0.45.0 // indirect
+	go.opentelemetry.io/otel v1.40.0 // indirect
+	go.opentelemetry.io/otel/metric v1.40.0 // indirect
+	go.opentelemetry.io/otel/trace v1.40.0 // indirect
+	golang.org/x/crypto v0.46.0 // indirect
 	golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 // indirect
-	golang.org/x/net v0.47.0 // indirect
-	golang.org/x/oauth2 v0.27.0 // indirect
-	golang.org/x/sys v0.38.0 // indirect
-	golang.org/x/term v0.37.0 // indirect
-	golang.org/x/text v0.31.0 // indirect
+	golang.org/x/net v0.48.0 // indirect
+	golang.org/x/oauth2 v0.34.0 // indirect
+	golang.org/x/sys v0.40.0 // indirect
+	golang.org/x/term v0.38.0 // indirect
+	golang.org/x/text v0.32.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
 	google.golang.org/api v0.155.0 // indirect
 	google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect
-	google.golang.org/grpc v1.64.1 // indirect
-	google.golang.org/protobuf v1.34.2 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect
+	google.golang.org/grpc v1.79.3 // indirect
+	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
@@ -188,6 +194,6 @@ replace (
 // CVE Replaces
 replace (
 	golang.org/x/crypto => golang.org/x/crypto v0.45.0 // CVE-2024-45337,CVE-2025-22869
-	golang.org/x/net => golang.org/x/net v0.40.0 // CVE-2025-22870, CVE-2025-22872
-	golang.org/x/oauth2 => golang.org/x/oauth2 v0.27.0 // CVE-2025-22868
+	golang.org/x/net => golang.org/x/net v0.48.0 // CVE-2025-22870, CVE-2025-22872
+	golang.org/x/oauth2 => golang.org/x/oauth2 v0.34.0 // CVE-2025-22868
 )
diff --git a/images/dvcr-artifact/go.sum b/images/dvcr-artifact/go.sum
index 37285140b1..0fff2ee628 100644
--- a/images/dvcr-artifact/go.sum
+++ b/images/dvcr-artifact/go.sum
@@ -1,8 +1,9 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.112.0 h1:tpFCD7hpHFlQ8yPwT3x+QeXqc2T6+n6T+hmABHfDUSM=
 cloud.google.com/go v0.112.0/go.mod h1:3jEEVwZ/MHU4djK5t5RHuKOA/GbLddgTdVubX1qnPD4=
-cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
 cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
+cloud.google.com/go/compute/metadata v0.9.0 h1:pDUj4QMoPejqq20dK0Pg2N4yG9zIkYGdBtwLoEkH9Zs=
+cloud.google.com/go/compute/metadata v0.9.0/go.mod h1:E0bWwX5wTnLPedCKqk3pJmVgCBSM6qQI1yTBdEb3C10=
 cloud.google.com/go/iam v1.1.5 h1:1jTsCu4bcsNsE4iiqNT5SHwrDRCfRmIaaaVFhRveTJI=
 cloud.google.com/go/iam v1.1.5/go.mod h1:rB6P/Ic3mykPbFio+vo7403drjlgvoWfYpJhMXEbzv8=
 cloud.google.com/go/storage v1.36.0 h1:P0mOkAcaJxhCTvAkMhxMfrTKiNcub4YmmPBtlhAyTr8=
@@ -22,8 +23,8 @@ github.com/aws/aws-sdk-go v1.34.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chzyer/logex v1.2.1 h1:XHDu3E6q+gdHgsdTPH6ImJMIp436vR6MPtH8gP05QzM=
 github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
@@ -34,8 +35,8 @@ github.com/chzyer/test v1.0.0 h1:p3BQDXSxOhOG0P9z6/hGnII4LGiEPOYBhs8asl/fC04=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/xds/go v0.0.0-20240318125728-8a4994d93e50 h1:DBmgJDC9dTfkVyGgipamEh2BpGYxScCH1TOF1LL1cXc=
-github.com/cncf/xds/go v0.0.0-20240318125728-8a4994d93e50/go.mod h1:5e1+Vvlzido69INQaVO6d87Qn543Xr6nooe9Kz7oBFM=
+github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 h1:6xNmx7iTtyBRev0+D/Tv1FZd4SCg8axKApyNyRsAt/w=
+github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5/go.mod h1:KdCmV+x/BuvyMxRnYBlmVaq4OLiKW6iRQfvC62cvdkI=
 github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
 github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
 github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU=
@@ -61,8 +62,8 @@ github.com/deckhouse/virtualization/api v0.0.0-20241220154636-ce1f73499998 h1:qE
 github.com/deckhouse/virtualization/api v0.0.0-20241220154636-ce1f73499998/go.mod h1:t+6i4NC43RfNLqcZqkEc5vxY1ypKceqmOOKlVEq0cYA=
 github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
 github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/docker/cli v27.1.1+incompatible h1:goaZxOqs4QKxznZjjBWKONQci/MywhtRv2oNn0GkeZE=
-github.com/docker/cli v27.1.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v29.2.0+incompatible h1:9oBd9+YM7rxjZLfyMGxjraKBKE4/nVyvVfN4qNl9XRM=
+github.com/docker/cli v29.2.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker v28.0.0+incompatible h1:Olh0KS820sJ7nPsBKChVhk5pzqcwDR15fumfAd/p9hM=
@@ -84,9 +85,12 @@ github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRr
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/go-control-plane v0.14.0 h1:hbG2kr4RuFj222B6+7T83thSPqLjwBIfQawTkC++2HA=
+github.com/envoyproxy/go-control-plane/envoy v1.36.0 h1:yg/JjO5E7ubRyKX3m07GF3reDNEnfOboJ0QySbH736g=
+github.com/envoyproxy/go-control-plane/envoy v1.36.0/go.mod h1:ty89S1YCCVruQAm9OtKeEkQLTb+Lkz0k8v9W0Oxsv98=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A=
-github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew=
+github.com/envoyproxy/protoc-gen-validate v1.3.0 h1:TvGH1wof4H33rezVKWSpqKz5NXWg5VPuZ0uONDT6eb4=
+github.com/envoyproxy/protoc-gen-validate v1.3.0/go.mod h1:HvYl7zwPa5mffgyeTUHA9zHIH36nmrm7oCbo4YKoSWA=
 github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
 github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
@@ -111,8 +115,9 @@ github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV
 github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
-github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
 github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
+github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
@@ -172,8 +177,9 @@ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/go-containerregistry v0.20.0 h1:wRqHpOeVh3DnenOrPy9xDOLdnLatiGuuNRVelR2gSbg=
 github.com/google/go-containerregistry v0.20.0/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -350,6 +356,8 @@ github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtP
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgmp0tecUJ0sJuv4pzYCqS9+RGSn52M3FUwPs+uo=
+github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
@@ -364,8 +372,8 @@ github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0leargg
 github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
-github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
-github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
+github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
+github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
@@ -386,8 +394,8 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
-github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI=
 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY=
@@ -405,18 +413,22 @@ github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
+go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
+go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 h1:SpGay3w+nEwMpfVnbqOLH5gY52/foP8RE8UzTZ1pdSE=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1/go.mod h1:4UoMYEZOC0yN/sPGH76KPkkU7zgiEWYWL9vwmbnTJPE=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 h1:jq9TW8u3so/bN+JPT166wjOI6/vQPF6Xe7nMNIltagk=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw=
-go.opentelemetry.io/otel v1.24.0 h1:0LAOdjNmQeSTzGBzduGe/rU4tZhMwL5rWgtp9Ku5Jfo=
-go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo=
-go.opentelemetry.io/otel/metric v1.24.0 h1:6EhoGWWK28x1fbpA4tYTOWBkPefTDQnb8WSGXlc88kI=
-go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco=
-go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8=
-go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E=
-go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y1YELI=
-go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU=
+go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms=
+go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g=
+go.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g=
+go.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc=
+go.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8=
+go.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE=
+go.opentelemetry.io/otel/sdk/metric v1.40.0 h1:mtmdVqgQkeRxHgRv4qhyJduP3fYJRMX4AtAlbuWdCYw=
+go.opentelemetry.io/otel/sdk/metric v1.40.0/go.mod h1:4Z2bGMf0KSK3uRjlczMOeMhKU2rhUqdWNoKcYrtcBPg=
+go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw=
+go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
@@ -450,10 +462,11 @@ golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ=
 golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc=
 golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI=
 golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w=
-golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
-golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
-golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
-golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
+golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=
+golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
+golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
+golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=
+golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -468,12 +481,12 @@ golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
-golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
 golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -515,18 +528,20 @@ golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
 golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
+golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/telemetry v0.0.0-20240208230135-b75ee8823808/go.mod h1:KG1lNk5ZFNssSZLrpVb4sMXKMpGwGXOxSG3rnu2gZQQ=
-golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0=
 golang.org/x/telemetry v0.0.0-20250710130107-8d8967aff50b/go.mod h1:4ZwOYna0/zsOKwuR5X/m0QFOJpSZvAxFfkQT+Erd9D4=
 golang.org/x/telemetry v0.0.0-20250807160809-1a19826ec488/go.mod h1:fGb/2+tgXXjhjHsTNdVEEMZNWA0quBnfrO+AfoDSAKw=
 golang.org/x/telemetry v0.0.0-20250908211612-aef8a434d053/go.mod h1:+nZKN+XVh4LCiA9DV3ywrzN4gumyCnKjau3NGb9SGoE=
 golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8/go.mod h1:Pi4ztBfryZoJEkyFTI5/Ocsu2jXyDr6iSdgJiYE/uwE=
-golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
-golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
+golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54/go.mod h1:hKdjCMrbv9skySur+Nek8Hd0uJ0GuxJIoIX2payrIdQ=
 golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=
+golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
+golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -541,9 +556,9 @@ golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
-golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
 golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
+golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
+golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
 golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
 golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
@@ -572,13 +587,13 @@ golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58
 golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=
 golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
 golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg=
-golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
 golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
 golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
 golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
 golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w=
-golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
 golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
+golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
+golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -587,6 +602,8 @@ golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3j
 golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
 gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
+gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
+gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
 google.golang.org/api v0.155.0 h1:vBmGhCYs0djJttDNynWo44zosHlPvHmA0XiN2zP2DtA=
 google.golang.org/api v0.155.0/go.mod h1:GI5qK5f40kCpHfPn6+YzGAByIKWv8ujFnmoWm7Igduk=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
@@ -596,17 +613,17 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ=
 google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro=
-google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237 h1:RFiFrvy37/mpSpdySBDrUdipW/dHwsRwh3J3+A9VgT4=
-google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237/go.mod h1:Z5Iiy3jtmioajWHDGFk7CeugTyHtPvMHA4UTmUkyalE=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 h1:NnYq6UN9ReLM9/Y01KWNOWyI5xQ9kbIms5GGJVwS/Yc=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
+google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls=
+google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA=
-google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0=
+google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE=
+google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -621,8 +638,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
-google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
-google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
+google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
diff --git a/images/dvcr-artifact/werf.inc.yaml b/images/dvcr-artifact/werf.inc.yaml
index 360db2033d..8f95c1f4e7 100644
--- a/images/dvcr-artifact/werf.inc.yaml
+++ b/images/dvcr-artifact/werf.inc.yaml
@@ -23,7 +23,7 @@ packages:
 
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-builder
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.25" "builder/golang-alt-svace-1.25" }}
 secrets:
 - id: GOPROXY
   value: {{ .GOPROXY }}
diff --git a/images/dvcr/werf.inc.yaml b/images/dvcr/werf.inc.yaml
index 2ba27abd35..156a5d1ad4 100644
--- a/images/dvcr/werf.inc.yaml
+++ b/images/dvcr/werf.inc.yaml
@@ -41,7 +41,7 @@ imageSpec:
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-builder
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.25" "builder/golang-alt-svace-1.25" }}
 mount:
   - fromPath: ~/go-pkg-cache
     to: /go/pkg
diff --git a/images/hooks/go.mod b/images/hooks/go.mod
index feb173bfc6..45c75e159f 100644
--- a/images/hooks/go.mod
+++ b/images/hooks/go.mod
@@ -1,6 +1,6 @@
 module hooks
 
-go 1.24.13
+go 1.25.8
 
 tool github.com/onsi/ginkgo/v2/ginkgo
 
@@ -12,7 +12,7 @@ require (
 	github.com/onsi/ginkgo/v2 v2.22.0
 	github.com/onsi/gomega v1.36.1
 	github.com/tidwall/gjson v1.18.0
-	golang.org/x/crypto v0.45.0
+	golang.org/x/crypto v0.46.0
 	k8s.io/api v0.33.3
 	k8s.io/apimachinery v0.33.3
 	k8s.io/utils v0.0.0-20250604170112-4c0f3b243397
@@ -27,7 +27,7 @@ require (
 	github.com/cloudflare/cfssl v1.6.5 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/docker/cli v27.1.1+incompatible // indirect
+	github.com/docker/cli v29.2.0+incompatible // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
@@ -35,7 +35,7 @@ require (
 	github.com/evanphx/json-patch/v5 v5.9.11 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
-	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
@@ -82,20 +82,20 @@ require (
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/zmap/zcrypto v0.0.0-20230310154051-c8b263fd8300 // indirect
 	github.com/zmap/zlint/v3 v3.5.0 // indirect
-	go.opentelemetry.io/otel v1.33.0 // indirect
-	go.opentelemetry.io/otel/trace v1.33.0 // indirect
+	go.opentelemetry.io/otel v1.40.0 // indirect
+	go.opentelemetry.io/otel/trace v1.40.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
 	go.yaml.in/yaml/v3 v3.0.3 // indirect
-	golang.org/x/net v0.47.0 // indirect
-	golang.org/x/oauth2 v0.27.0 // indirect
-	golang.org/x/sync v0.18.0 // indirect
-	golang.org/x/sys v0.38.0 // indirect
-	golang.org/x/term v0.37.0 // indirect
-	golang.org/x/text v0.31.0 // indirect
+	golang.org/x/net v0.48.0 // indirect
+	golang.org/x/oauth2 v0.34.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sys v0.40.0 // indirect
+	golang.org/x/term v0.38.0 // indirect
+	golang.org/x/text v0.32.0 // indirect
 	golang.org/x/time v0.9.0 // indirect
-	golang.org/x/tools v0.38.0 // indirect
+	golang.org/x/tools v0.39.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/protobuf v1.36.5 // indirect
+	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
diff --git a/images/hooks/go.sum b/images/hooks/go.sum
index 10a1c8f422..b2b0e2ebdc 100644
--- a/images/hooks/go.sum
+++ b/images/hooks/go.sum
@@ -42,8 +42,8 @@ github.com/deckhouse/deckhouse/pkg/log v0.0.0-20250424095005-9ab587d01d7a h1:c4C
 github.com/deckhouse/deckhouse/pkg/log v0.0.0-20250424095005-9ab587d01d7a/go.mod h1:pbAxTSDcPmwyl3wwKDcEB3qdxHnRxqTV+J0K+sha8bw=
 github.com/deckhouse/module-sdk v0.3.3 h1:wyrLZekD2qLCRXUQtbs7mSVRXmSDIQCfS5Uk1zk3eZg=
 github.com/deckhouse/module-sdk v0.3.3/go.mod h1:kM/K2z1muGkCmCNVSpxALiXvsKJHuLAFTF4wswVrGFE=
-github.com/docker/cli v27.1.1+incompatible h1:goaZxOqs4QKxznZjjBWKONQci/MywhtRv2oNn0GkeZE=
-github.com/docker/cli v27.1.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/cli v29.2.0+incompatible h1:9oBd9+YM7rxjZLfyMGxjraKBKE4/nVyvVfN4qNl9XRM=
+github.com/docker/cli v29.2.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8=
@@ -73,8 +73,9 @@ github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV
 github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
-github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
+github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
 github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
@@ -329,8 +330,9 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/sylabs/oci-tools v0.7.0 h1:SIisUvcEL+Vpa9/kmQDy1W3AwV2XVGad83sgZmXLlb0=
 github.com/sylabs/oci-tools v0.7.0/go.mod h1:Ry6ngChflh20WPq6mLvCKSw2OTd9iDB5aR8OQzeq4hM=
 github.com/sylabs/sif/v2 v2.15.0 h1:Nv0tzksFnoQiQ2eUwpAis9nVqEu4c3RcNSxX8P3Cecw=
@@ -367,10 +369,10 @@ github.com/zmap/zcrypto v0.0.0-20230310154051-c8b263fd8300/go.mod h1:mOd4yUMgn2f
 github.com/zmap/zlint/v3 v3.0.0/go.mod h1:paGwFySdHIBEMJ61YjoqT4h7Ge+fdYG4sUQhnTb1lJ8=
 github.com/zmap/zlint/v3 v3.5.0 h1:Eh2B5t6VKgVH0DFmTwOqE50POvyDhUaU9T2mJOe1vfQ=
 github.com/zmap/zlint/v3 v3.5.0/go.mod h1:JkNSrsDJ8F4VRtBZcYUQSvnWFL7utcjDIn+FE64mlBI=
-go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw=
-go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I=
-go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s=
-go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck=
+go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms=
+go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g=
+go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw=
+go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
@@ -435,8 +437,9 @@ golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
-golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
 golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -488,8 +491,9 @@ golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
 golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
+golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0=
 golang.org/x/telemetry v0.0.0-20250710130107-8d8967aff50b/go.mod h1:4ZwOYna0/zsOKwuR5X/m0QFOJpSZvAxFfkQT+Erd9D4=
@@ -497,8 +501,9 @@ golang.org/x/telemetry v0.0.0-20250807160809-1a19826ec488/go.mod h1:fGb/2+tgXXjh
 golang.org/x/telemetry v0.0.0-20250908211612-aef8a434d053/go.mod h1:+nZKN+XVh4LCiA9DV3ywrzN4gumyCnKjau3NGb9SGoE=
 golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8/go.mod h1:Pi4ztBfryZoJEkyFTI5/Ocsu2jXyDr6iSdgJiYE/uwE=
 golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
-golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
 golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=
+golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
+golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -520,8 +525,9 @@ golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
 golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
-golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
 golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
+golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
+golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
 golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
 golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -559,8 +565,9 @@ golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg
 golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
 golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
 golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w=
-golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
 golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
+golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
+golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -591,8 +598,9 @@ google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw
 google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
-google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
 google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
+google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
diff --git a/images/hooks/werf.inc.yaml b/images/hooks/werf.inc.yaml
index 8407506de8..f816d46ca9 100644
--- a/images/hooks/werf.inc.yaml
+++ b/images/hooks/werf.inc.yaml
@@ -24,7 +24,7 @@ shell:
 ---
 image: {{ .ModuleNamePrefix }}go-hooks-artifact
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.25" "builder/golang-alt-svace-1.25" }}
 import:
   - image: {{ .ModuleNamePrefix }}{{ .ImageName }}-src-artifact
     add: /src
diff --git a/images/kube-api-rewriter/go.mod b/images/kube-api-rewriter/go.mod
index 6385af8b78..6d50551f10 100644
--- a/images/kube-api-rewriter/go.mod
+++ b/images/kube-api-rewriter/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/kube-api-rewriter
 
-go 1.24.13
+go 1.25.8
 
 require (
 	github.com/fsnotify/fsnotify v1.9.0
diff --git a/images/kube-api-rewriter/werf.inc.yaml b/images/kube-api-rewriter/werf.inc.yaml
index 3ff9afb8e2..3593026903 100644
--- a/images/kube-api-rewriter/werf.inc.yaml
+++ b/images/kube-api-rewriter/werf.inc.yaml
@@ -13,7 +13,7 @@ git:
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-builder
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.25" "builder/golang-alt-svace-1.25" }}
 import:
   - image: {{ .ModuleNamePrefix }}{{ .ImageName }}-src-artifact
     add: /src
diff --git a/images/libvirt/werf.inc.yaml b/images/libvirt/werf.inc.yaml
index 1165e274ed..ff8dcc1a29 100644
--- a/images/libvirt/werf.inc.yaml
+++ b/images/libvirt/werf.inc.yaml
@@ -98,7 +98,7 @@ packages:
 {{ $builderDependencies := include "$name" . | fromYaml }}
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/alt" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/alt" "builder/golang-alt-svace-1.25" }}
 import:
 - image: {{ .ModuleNamePrefix }}{{ .ImageName }}-src-artifact
   add: /src/{{ $gitRepoName }}-{{ $version }}
diff --git a/images/packages/swtpm/werf.inc.yaml b/images/packages/swtpm/werf.inc.yaml
index 9a6544fd68..192fbf992e 100644
--- a/images/packages/swtpm/werf.inc.yaml
+++ b/images/packages/swtpm/werf.inc.yaml
@@ -47,7 +47,7 @@ packages:
 
 image: {{ .ModuleNamePrefix }}{{ .PackagePath }}/{{ .ImageName }}-builder
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/alt" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/alt" "builder/golang-alt-svace-1.25" }}
 import:
 - image: {{ .ModuleNamePrefix }}{{ .PackagePath }}/{{ .ImageName }}-src-artifact
   add: /src
diff --git a/images/pre-delete-hook/go.mod b/images/pre-delete-hook/go.mod
index 1ff97b8627..c4440a8094 100644
--- a/images/pre-delete-hook/go.mod
+++ b/images/pre-delete-hook/go.mod
@@ -1,6 +1,6 @@
 module pre-delete-hook
 
-go 1.24.13
+go 1.25.8
 
 require (
 	github.com/ilyakaznacheev/cleanenv v1.5.0
diff --git a/images/pre-delete-hook/werf.inc.yaml b/images/pre-delete-hook/werf.inc.yaml
index 8a647cca53..5b7b345b26 100644
--- a/images/pre-delete-hook/werf.inc.yaml
+++ b/images/pre-delete-hook/werf.inc.yaml
@@ -13,7 +13,7 @@ git:
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-builder
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.25" "builder/golang-alt-svace-1.25" }}
 import:
 - image: {{ .ModuleNamePrefix }}{{ .ImageName }}-src-artifact
   add: /src
diff --git a/images/qemu/werf.inc.yaml b/images/qemu/werf.inc.yaml
index 392a4541a4..1b9f0e293e 100644
--- a/images/qemu/werf.inc.yaml
+++ b/images/qemu/werf.inc.yaml
@@ -135,7 +135,7 @@ packages:
 
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/alt" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/alt" "builder/golang-alt-svace-1.25" }}
 import:
 - image: {{ .ModuleNamePrefix }}{{ .ImageName }}-src-artifact
   add: /src/{{ $gitRepoName }}-{{ $version }}
diff --git a/images/virt-artifact/werf.inc.yaml b/images/virt-artifact/werf.inc.yaml
index 8ddceacc01..13a903c8b1 100644
--- a/images/virt-artifact/werf.inc.yaml
+++ b/images/virt-artifact/werf.inc.yaml
@@ -44,7 +44,7 @@ packages:
 
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.25" "builder/golang-alt-svace-1.25" }}
 mount:
 - fromPath: ~/go-pkg-cache
   to: /go/pkg
diff --git a/images/virt-launcher/node-labeller/go.mod b/images/virt-launcher/node-labeller/go.mod
index 964070d579..12a4978992 100644
--- a/images/virt-launcher/node-labeller/go.mod
+++ b/images/virt-launcher/node-labeller/go.mod
@@ -1,6 +1,6 @@
 module node-labeller
 
-go 1.24.13
+go 1.25.8
 
 require (
 	golang.org/x/sys v0.25.0
diff --git a/images/virt-launcher/vlctl/go.mod b/images/virt-launcher/vlctl/go.mod
index ee05c4826b..dca57c234f 100644
--- a/images/virt-launcher/vlctl/go.mod
+++ b/images/virt-launcher/vlctl/go.mod
@@ -1,12 +1,12 @@
 module vlctl
 
-go 1.24.13
+go 1.25.8
 
 require (
 	github.com/spf13/cobra v1.9.1
 	github.com/spf13/pflag v1.0.6
-	google.golang.org/grpc v1.65.0
-	google.golang.org/protobuf v1.36.1
+	google.golang.org/grpc v1.79.3
+	google.golang.org/protobuf v1.36.10
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/apimachinery v0.32.5
 	kubevirt.io/api v0.0.0-20250930144221-aaa67e9803df
@@ -14,7 +14,7 @@ require (
 
 require (
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
-	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
@@ -24,10 +24,10 @@ require (
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/openshift/custom-resource-status v1.1.2 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	golang.org/x/net v0.38.0 // indirect
-	golang.org/x/sys v0.33.0 // indirect
-	golang.org/x/text v0.25.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7 // indirect
+	golang.org/x/net v0.51.0 // indirect
+	golang.org/x/sys v0.42.0 // indirect
+	golang.org/x/text v0.35.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	k8s.io/api v0.32.5 // indirect
 	k8s.io/apiextensions-apiserver v0.32.5 // indirect
@@ -80,5 +80,5 @@ replace (
 // CVE Replaces
 replace (
 	github.com/golang/glog => github.com/golang/glog v1.2.4 // CVE-2024-45339
-	golang.org/x/net => golang.org/x/net v0.40.0 // CVE-2025-22870, CVE-2025-22872
+	golang.org/x/net => golang.org/x/net v0.52.0 // CVE-2025-22870, CVE-2025-22872
 )
diff --git a/images/virt-launcher/vlctl/go.sum b/images/virt-launcher/vlctl/go.sum
index fec8cafa44..bf2eeeb9a3 100644
--- a/images/virt-launcher/vlctl/go.sum
+++ b/images/virt-launcher/vlctl/go.sum
@@ -3,6 +3,8 @@ github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbt
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chromedp/cdproto v0.0.0-20230802225258-3cf4e6d46a89/go.mod h1:GKljq0VrfU4D5yc+2qA6OVr8pmO/MBbPEWqWQ/oqGEs=
 github.com/chromedp/chromedp v0.9.2/go.mod h1:LkSXJKONWTCHAfQasKFUZI+mxqS4tZqhmtGzzhLsnLs=
 github.com/chromedp/sysutil v1.0.0/go.mod h1:kgWmDdq8fTzXYcKIBqIYvRRTnYb9aNS9moAV0xufSww=
@@ -31,8 +33,11 @@ github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV
 github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
-github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
+github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
 github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns=
@@ -60,6 +65,7 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
 github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
 github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -68,8 +74,9 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
@@ -193,10 +200,22 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
+go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
+go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48=
+go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8=
+go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0=
+go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs=
+go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18=
+go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE=
+go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8=
+go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew=
+go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI=
+go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
-golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw=
+golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
@@ -211,8 +230,17 @@ golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
-golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
+golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
+golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ=
+golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc=
+golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI=
+golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w=
+golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=
+golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg=
+golang.org/x/mod v0.32.0/go.mod h1:SgipZ/3h2Ci89DlEtEXWUk/HteuRin+HHhN+WbNhguU=
+golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
+golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0=
+golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -225,7 +253,12 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -260,12 +293,30 @@ golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
 golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=
+golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
+golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0=
+golang.org/x/telemetry v0.0.0-20250710130107-8d8967aff50b/go.mod h1:4ZwOYna0/zsOKwuR5X/m0QFOJpSZvAxFfkQT+Erd9D4=
+golang.org/x/telemetry v0.0.0-20250807160809-1a19826ec488/go.mod h1:fGb/2+tgXXjhjHsTNdVEEMZNWA0quBnfrO+AfoDSAKw=
+golang.org/x/telemetry v0.0.0-20250908211612-aef8a434d053/go.mod h1:+nZKN+XVh4LCiA9DV3ywrzN4gumyCnKjau3NGb9SGoE=
+golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8/go.mod h1:Pi4ztBfryZoJEkyFTI5/Ocsu2jXyDr6iSdgJiYE/uwE=
+golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54/go.mod h1:hKdjCMrbv9skySur+Nek8Hd0uJ0GuxJIoIX2payrIdQ=
+golang.org/x/telemetry v0.0.0-20251203150158-8fff8a5912fc/go.mod h1:hKdjCMrbv9skySur+Nek8Hd0uJ0GuxJIoIX2payrIdQ=
+golang.org/x/telemetry v0.0.0-20260109210033-bd525da824e2/go.mod h1:b7fPSJ0pKZ3ccUh8gnTONJxhn3c/PS6tyzQvyqw4iA8=
+golang.org/x/telemetry v0.0.0-20260209163413-e7419c687ee4/go.mod h1:g5NllXBEermZrmR51cJDQxmJUHUOfRAaNyWBM+R+548=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
+golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
@@ -281,8 +332,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
-golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4=
-golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
+golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8=
+golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA=
 golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -306,14 +357,25 @@ golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps
 golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg=
 golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
+golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
+golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
+golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
+golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w=
+golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
+golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
+golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc=
+golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg=
+golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7 h1:2035KHhUv+EpyB+hWgJnaWKJOdX1E95w2S8Rr4uWKTs=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
-google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc=
-google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ=
+gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
+gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
+google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE=
+google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -326,8 +388,8 @@ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
-google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk=
-google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
+google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
diff --git a/images/virt-launcher/werf.inc.yaml b/images/virt-launcher/werf.inc.yaml
index 6cd2ed0462..8f1f91e4e2 100644
--- a/images/virt-launcher/werf.inc.yaml
+++ b/images/virt-launcher/werf.inc.yaml
@@ -391,7 +391,7 @@ shell:
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-gobuilder
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.25" "builder/golang-alt-svace-1.25" }}
 git:
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}/node-labeller
     to: /node-labeller
@@ -452,7 +452,7 @@ shell:
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-cbuilder
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.25" "builder/golang-alt-svace-1.25" }}
 git:
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}/static_binaries
     to: /static_binaries
diff --git a/images/virtualization-artifact/Taskfile.init.yaml b/images/virtualization-artifact/Taskfile.init.yaml
index fe6458322d..73cbf043b4 100644
--- a/images/virtualization-artifact/Taskfile.init.yaml
+++ b/images/virtualization-artifact/Taskfile.init.yaml
@@ -17,9 +17,7 @@ tasks:
 
   moq:
     cmds:
-      # Use 0.4.0 to not install Go 1.23 during installation.
-      # TODO Update version after migrating to Go 1.23 in the root go.mod.
-      - go install github.com/matryer/moq@v0.4.0
+      - go install github.com/matryer/moq@v0.5.3
 
   default:
     cmds:
diff --git a/images/virtualization-artifact/go.mod b/images/virtualization-artifact/go.mod
index e44e15a463..2215823c2d 100644
--- a/images/virtualization-artifact/go.mod
+++ b/images/virtualization-artifact/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/virtualization-controller
 
-go 1.24.13
+go 1.25.8
 
 tool (
 	github.com/matryer/moq
@@ -11,16 +11,16 @@ require (
 	github.com/deckhouse/deckhouse/pkg/log v0.0.0-20250226105106-176cd3afcdd5
 	github.com/deckhouse/virtualization/api v0.0.0-00010101000000-000000000000
 	github.com/distribution/reference v0.5.0
-	github.com/docker/cli v23.0.5+incompatible
+	github.com/docker/cli v29.2.0+incompatible
 	github.com/fsnotify/fsnotify v1.7.0
-	github.com/go-logr/logr v1.4.2
+	github.com/go-logr/logr v1.4.3
 	github.com/kubernetes-csi/external-snapshotter/client/v6 v6.3.0
 	github.com/onsi/ginkgo/v2 v2.22.0
 	github.com/onsi/gomega v1.36.1
 	github.com/prometheus/client_golang v1.22.0
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/spf13/cobra v1.9.1
-	github.com/stretchr/testify v1.10.0
+	github.com/stretchr/testify v1.11.1
 	go.uber.org/zap v1.27.0
 	k8s.io/api v0.33.3
 	k8s.io/apiextensions-apiserver v0.33.3
@@ -39,7 +39,7 @@ require (
 )
 
 require (
-	cel.dev/expr v0.19.1 // indirect
+	cel.dev/expr v0.25.1 // indirect
 	github.com/DataDog/gostackparse v0.7.0 // indirect
 	github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
@@ -48,10 +48,10 @@ require (
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/matryer/moq v0.5.3 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
+	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
 	go.yaml.in/yaml/v3 v3.0.3 // indirect
-	golang.org/x/mod v0.29.0 // indirect
+	golang.org/x/mod v0.30.0 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	sigs.k8s.io/randfill v1.0.0 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.6.0 // indirect
@@ -67,7 +67,6 @@ require (
 	github.com/coreos/go-semver v0.3.1 // indirect
 	github.com/coreos/go-systemd/v22 v22.5.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/docker/docker v28.0.0+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
@@ -112,29 +111,29 @@ require (
 	go.etcd.io/etcd/client/v3 v3.5.21 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect
-	go.opentelemetry.io/otel v1.33.0 // indirect
+	go.opentelemetry.io/otel v1.40.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0 // indirect
-	go.opentelemetry.io/otel/metric v1.33.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.33.0 // indirect
-	go.opentelemetry.io/otel/trace v1.33.0 // indirect
+	go.opentelemetry.io/otel/metric v1.40.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.40.0 // indirect
+	go.opentelemetry.io/otel/trace v1.40.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.4.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	golang.org/x/crypto v0.45.0 // indirect
+	golang.org/x/crypto v0.46.0 // indirect
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
-	golang.org/x/net v0.47.0 // indirect
-	golang.org/x/oauth2 v0.27.0 // indirect
-	golang.org/x/sync v0.18.0 // indirect
-	golang.org/x/sys v0.38.0 // indirect
-	golang.org/x/term v0.37.0 // indirect
-	golang.org/x/text v0.31.0 // indirect
+	golang.org/x/net v0.48.0 // indirect
+	golang.org/x/oauth2 v0.34.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sys v0.40.0 // indirect
+	golang.org/x/term v0.38.0 // indirect
+	golang.org/x/text v0.32.0 // indirect
 	golang.org/x/time v0.9.0 // indirect
-	golang.org/x/tools v0.38.0 // indirect
+	golang.org/x/tools v0.39.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect
-	google.golang.org/grpc v1.68.1 // indirect
-	google.golang.org/protobuf v1.36.5
+	google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect
+	google.golang.org/grpc v1.79.3 // indirect
+	google.golang.org/protobuf v1.36.10
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
@@ -160,6 +159,6 @@ replace (
 // CVE Replaces
 replace (
 	golang.org/x/crypto => golang.org/x/crypto v0.45.0 // CVE-2024-45337,CVE-2025-22869
-	golang.org/x/net => golang.org/x/net v0.40.0 // CVE-2025-22870, CVE-2025-22872
+	golang.org/x/net => golang.org/x/net v0.48.0 // CVE-2025-22870, CVE-2025-22872
 	golang.org/x/oauth2 => golang.org/x/oauth2 v0.27.0 // CVE-2025-22868
 )
diff --git a/images/virtualization-artifact/go.sum b/images/virtualization-artifact/go.sum
index 6394c47d80..bb2186406f 100644
--- a/images/virtualization-artifact/go.sum
+++ b/images/virtualization-artifact/go.sum
@@ -1,5 +1,5 @@
-cel.dev/expr v0.19.1 h1:NciYrtDRIR0lNCnH1LFJegdjspNx9fI59O7TWcua/W4=
-cel.dev/expr v0.19.1/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw=
+cel.dev/expr v0.25.1 h1:1KrZg61W6TWSxuNZ37Xy49ps13NUovb66QLprthtwi4=
+cel.dev/expr v0.25.1/go.mod h1:hrXvqGP6G6gyx8UAHSHJ5RGk//1Oj5nXQ2NI02Nrsg4=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k=
 github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
@@ -49,10 +49,8 @@ github.com/deckhouse/deckhouse/pkg/log v0.0.0-20250226105106-176cd3afcdd5 h1:PsN
 github.com/deckhouse/deckhouse/pkg/log v0.0.0-20250226105106-176cd3afcdd5/go.mod h1:Mk5HRzkc5pIcDIZ2JJ6DPuuqnwhXVkb3you8M8Mg+4w=
 github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0=
 github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
-github.com/docker/cli v23.0.5+incompatible h1:ufWmAOuD3Vmr7JP2G5K3cyuNC4YZWiAsuDEvFVVDafE=
-github.com/docker/cli v23.0.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/docker v28.0.0+incompatible h1:Olh0KS820sJ7nPsBKChVhk5pzqcwDR15fumfAd/p9hM=
-github.com/docker/docker v28.0.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/cli v29.2.0+incompatible h1:9oBd9+YM7rxjZLfyMGxjraKBKE4/nVyvVfN4qNl9XRM=
+github.com/docker/cli v29.2.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8=
 github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
@@ -82,8 +80,9 @@ github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV
 github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
-github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
+github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
@@ -300,8 +299,9 @@ github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
 github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
-github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
 github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
+github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
+github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
@@ -330,8 +330,9 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
@@ -359,24 +360,26 @@ go.etcd.io/etcd/raft/v3 v3.5.21 h1:dOmE0mT55dIUsX77TKBLq+RgyumsQuYeiRQnW/ylugk=
 go.etcd.io/etcd/raft/v3 v3.5.21/go.mod h1:fmcuY5R2SNkklU4+fKVBQi2biVp5vafMrWUEj4TJ4Cs=
 go.etcd.io/etcd/server/v3 v3.5.21 h1:9w0/k12majtgarGmlMVuhwXRI2ob3/d1Ik3X5TKo0yU=
 go.etcd.io/etcd/server/v3 v3.5.21/go.mod h1:G1mOzdwuzKT1VRL7SqRchli/qcFrtLBTAQ4lV20sXXo=
-go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
-go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
+go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
+go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 h1:PS8wXpbyaDJQ2VDHHncMe9Vct0Zn1fEjpsjrLxGJoSc=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0/go.mod h1:HDBUsEjOuRC0EzKZ1bSaRGZWUBAzo+MhAcUUORSr4D0=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q=
-go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw=
-go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I=
+go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms=
+go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0 h1:Vh5HayB/0HHfOQA7Ctx69E/Y/DcQSMPpKANYVMQ7fBA=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0/go.mod h1:cpgtDBaqD/6ok/UG0jT15/uKjAY8mRA53diogHBg3UI=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0 h1:5pojmb1U1AogINhN3SurB+zm/nIcusopeBNp42f45QM=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0/go.mod h1:57gTHJSE5S1tqg+EKsLPlTWhpHMsWlVmer+LA926XiA=
-go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ=
-go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M=
-go.opentelemetry.io/otel/sdk v1.33.0 h1:iax7M131HuAm9QkZotNHEfstof92xM+N8sr3uHXc2IM=
-go.opentelemetry.io/otel/sdk v1.33.0/go.mod h1:A1Q5oi7/9XaMlIWzPSxLRWOI8nG3FnzHJNbiENQuihM=
-go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s=
-go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck=
+go.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g=
+go.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc=
+go.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8=
+go.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE=
+go.opentelemetry.io/otel/sdk/metric v1.40.0 h1:mtmdVqgQkeRxHgRv4qhyJduP3fYJRMX4AtAlbuWdCYw=
+go.opentelemetry.io/otel/sdk/metric v1.40.0/go.mod h1:4Z2bGMf0KSK3uRjlczMOeMhKU2rhUqdWNoKcYrtcBPg=
+go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw=
+go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA=
 go.opentelemetry.io/proto/otlp v1.4.0 h1:TA9WRvW6zMwP+Ssb6fLoUIuirti1gGbP28GcKG1jgeg=
 go.opentelemetry.io/proto/otlp v1.4.0/go.mod h1:PPBWZIP98o2ElSqI35IHfu7hIhSwvc5N38Jw8pXuGFY=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
@@ -420,10 +423,11 @@ golang.org/x/mod v0.25.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
 golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ=
 golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc=
 golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI=
-golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA=
 golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w=
-golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
-golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
+golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk=
+golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=
+golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
+golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
 golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
 golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -441,12 +445,12 @@ golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
-golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
-golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
 golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -495,17 +499,20 @@ golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
-golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
 golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
+golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0=
 golang.org/x/telemetry v0.0.0-20250710130107-8d8967aff50b/go.mod h1:4ZwOYna0/zsOKwuR5X/m0QFOJpSZvAxFfkQT+Erd9D4=
 golang.org/x/telemetry v0.0.0-20250807160809-1a19826ec488/go.mod h1:fGb/2+tgXXjhjHsTNdVEEMZNWA0quBnfrO+AfoDSAKw=
 golang.org/x/telemetry v0.0.0-20250908211612-aef8a434d053/go.mod h1:+nZKN+XVh4LCiA9DV3ywrzN4gumyCnKjau3NGb9SGoE=
 golang.org/x/telemetry v0.0.0-20251008203120-078029d740a8/go.mod h1:Pi4ztBfryZoJEkyFTI5/Ocsu2jXyDr6iSdgJiYE/uwE=
-golang.org/x/term v0.32.0/go.mod h1:uZG1FhGx848Sqfsq4/DlJr3xGGsYMu/L5GW4abiaEPQ=
-golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
+golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54/go.mod h1:hKdjCMrbv9skySur+Nek8Hd0uJ0GuxJIoIX2payrIdQ=
 golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=
+golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
+golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -525,9 +532,9 @@ golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
-golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
-golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
 golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
+golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
+golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
 golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
 golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -565,14 +572,17 @@ golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg
 golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
 golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
 golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w=
-golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
 golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
+golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
+golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw=
 gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY=
+gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
+gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
@@ -581,15 +591,15 @@ google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEY
 google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ=
 google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro=
-google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 h1:CkkIfIt50+lT6NHAVoRYEyAvQGFM7xEwXUUywFvEb3Q=
-google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576/go.mod h1:1R3kvZ1dtP3+4p4d3G8uJ8rFk/fWlScl38vanWACI08=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 h1:8ZmaLZE4XWrtU3MyClkYqqtl6Oegr3235h7jxsDyqCY=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU=
+google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls=
+google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.68.1 h1:oI5oTa11+ng8r8XMMN7jAOmWfPZWbYpCFaMUTACxkM0=
-google.golang.org/grpc v1.68.1/go.mod h1:+q1XYFJjShcqn0QZHvCyeR4CXPA+llXIeUIfIe00waw=
+google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE=
+google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -605,8 +615,9 @@ google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw
 google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
-google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
 google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
+google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
diff --git a/images/virtualization-artifact/werf.inc.yaml b/images/virtualization-artifact/werf.inc.yaml
index 4405f76b4b..fc6f1448c3 100644
--- a/images/virtualization-artifact/werf.inc.yaml
+++ b/images/virtualization-artifact/werf.inc.yaml
@@ -22,7 +22,7 @@ git:
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.25" "builder/golang-alt-svace-1.25" }}
 import:
 - image: {{ .ModuleNamePrefix }}{{ .ImageName }}-src-artifact
   add: /src
diff --git a/images/vm-route-forge/Taskfile.yaml b/images/vm-route-forge/Taskfile.yaml
index 3b8764dc44..8749160939 100644
--- a/images/vm-route-forge/Taskfile.yaml
+++ b/images/vm-route-forge/Taskfile.yaml
@@ -9,7 +9,7 @@ vars:
 tasks:
   lint:
     cmds:
-      - golangci-lint run --sort-results
+      - golangci-lint run
 
   gen:
     desc: "Generate"
diff --git a/images/vm-route-forge/go.mod b/images/vm-route-forge/go.mod
index a557382337..f204abfacc 100644
--- a/images/vm-route-forge/go.mod
+++ b/images/vm-route-forge/go.mod
@@ -1,6 +1,6 @@
 module vm-route-forge
 
-go 1.24.13
+go 1.25.8
 
 tool github.com/cilium/ebpf/cmd/bpf2go
 
@@ -13,7 +13,7 @@ require (
 	github.com/spf13/pflag v1.0.7
 	github.com/vishvananda/netlink v1.3.1-0.20241022031324-976bd8de7d81
 	go.uber.org/zap v1.27.0
-	golang.org/x/sys v0.34.0
+	golang.org/x/sys v0.40.0
 	k8s.io/apimachinery v0.33.3
 	k8s.io/client-go v0.33.3
 	sigs.k8s.io/controller-runtime v0.21.0
@@ -77,7 +77,7 @@ require (
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/common v0.62.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
-	github.com/rogpeppe/go-internal v1.13.1 // indirect
+	github.com/rogpeppe/go-internal v1.14.1 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/sasha-s/go-deadlock v0.3.5 // indirect
@@ -90,10 +90,10 @@ require (
 	github.com/vishvananda/netns v0.0.4 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	go.mongodb.org/mongo-driver v1.14.0 // indirect
-	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
-	go.opentelemetry.io/otel v1.34.0 // indirect
-	go.opentelemetry.io/otel/metric v1.34.0 // indirect
-	go.opentelemetry.io/otel/trace v1.34.0 // indirect
+	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
+	go.opentelemetry.io/otel v1.40.0 // indirect
+	go.opentelemetry.io/otel/metric v1.40.0 // indirect
+	go.opentelemetry.io/otel/trace v1.40.0 // indirect
 	go.uber.org/dig v1.17.1 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
diff --git a/images/vm-route-forge/go.sum b/images/vm-route-forge/go.sum
index b0ec361037..d631eb7fe9 100644
--- a/images/vm-route-forge/go.sum
+++ b/images/vm-route-forge/go.sum
@@ -312,8 +312,8 @@ github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0leargg
 github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
 github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
-github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
-github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
+github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
+github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=
 github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4=
@@ -353,8 +353,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
-github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
 github.com/vishvananda/netlink v1.3.1-0.20241022031324-976bd8de7d81 h1:9fkQcQYvtTr9ayFXuMfDMVuDt4+BYG9FwsGLnrBde0M=
@@ -370,16 +370,16 @@ github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80=
 go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c=
-go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
-go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
-go.opentelemetry.io/otel v1.34.0 h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY=
-go.opentelemetry.io/otel v1.34.0/go.mod h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI=
-go.opentelemetry.io/otel/metric v1.34.0 h1:+eTR3U0MyfWjRDhmFMxe2SsW64QrZ84AOhvqS7Y+PoQ=
-go.opentelemetry.io/otel/metric v1.34.0/go.mod h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE=
+go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
+go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
+go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms=
+go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g=
+go.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g=
+go.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc=
 go.opentelemetry.io/otel/sdk v1.33.0 h1:iax7M131HuAm9QkZotNHEfstof92xM+N8sr3uHXc2IM=
 go.opentelemetry.io/otel/sdk v1.33.0/go.mod h1:A1Q5oi7/9XaMlIWzPSxLRWOI8nG3FnzHJNbiENQuihM=
-go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k=
-go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE=
+go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw=
+go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA=
 go.uber.org/dig v1.17.1 h1:Tga8Lz8PcYNsWsyHMZ1Vm0OQOUaJNDyvPImgbAu9YSc=
 go.uber.org/dig v1.17.1/go.mod h1:Us0rSJiThwCv2GteUN0Q7OKvU7n5J4dxZ9JKUXozFdE=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
@@ -485,8 +485,8 @@ golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA=
-golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
+golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
diff --git a/images/vm-route-forge/werf.inc.yaml b/images/vm-route-forge/werf.inc.yaml
index 4778db33a0..c5b86c148d 100644
--- a/images/vm-route-forge/werf.inc.yaml
+++ b/images/vm-route-forge/werf.inc.yaml
@@ -18,7 +18,7 @@ git:
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-builder
 final: false
-fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.24" "builder/golang-alt-svace-1.24" }}
+fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.25" "builder/golang-alt-svace-1.25" }}
 import:
 - image: {{ .ModuleNamePrefix }}{{ .ImageName }}-src-artifact
   add: /src
diff --git a/src/cli/go.mod b/src/cli/go.mod
index 3678e28f51..dcc8f9475a 100644
--- a/src/cli/go.mod
+++ b/src/cli/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/virtualization/src/cli
 
-go 1.24.13
+go 1.25.8
 
 require (
 	github.com/deckhouse/virtualization/api v0.15.0
diff --git a/tests/e2e/Taskfile.yaml b/tests/e2e/Taskfile.yaml
index d96cd9ca68..ba505c3c63 100644
--- a/tests/e2e/Taskfile.yaml
+++ b/tests/e2e/Taskfile.yaml
@@ -224,4 +224,4 @@ tasks:
       - _ensure:golangci-lint
     cmds:
       - |
-        golangci-lint run --sort-results
+        golangci-lint run
diff --git a/tests/e2e/go.mod b/tests/e2e/go.mod
index fe65fe71e5..4b07964923 100644
--- a/tests/e2e/go.mod
+++ b/tests/e2e/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/virtualization/tests/e2e
 
-go 1.24.13
+go 1.25.8
 
 tool github.com/onsi/ginkgo/v2/ginkgo
 
@@ -9,7 +9,7 @@ require (
 	github.com/deckhouse/virtualization/api v0.0.0-20240923080356-bb5809dba578
 	github.com/onsi/ginkgo/v2 v2.22.0
 	github.com/onsi/gomega v1.36.1
-	golang.org/x/sync v0.18.0
+	golang.org/x/sync v0.19.0
 	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/api v0.33.3
 	k8s.io/apimachinery v0.33.3
@@ -29,7 +29,7 @@ require (
 	github.com/evanphx/json-patch/v5 v5.9.11 // indirect
 	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
-	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/logr v1.4.3 // indirect
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
@@ -62,14 +62,14 @@ require (
 	github.com/xlab/treeprint v1.2.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
 	go.yaml.in/yaml/v3 v3.0.3 // indirect
-	golang.org/x/net v0.47.0 // indirect
-	golang.org/x/oauth2 v0.27.0 // indirect
-	golang.org/x/sys v0.38.0 // indirect
-	golang.org/x/term v0.37.0 // indirect
-	golang.org/x/text v0.31.0 // indirect
+	golang.org/x/net v0.48.0 // indirect
+	golang.org/x/oauth2 v0.34.0 // indirect
+	golang.org/x/sys v0.40.0 // indirect
+	golang.org/x/term v0.38.0 // indirect
+	golang.org/x/text v0.32.0 // indirect
 	golang.org/x/time v0.9.0 // indirect
-	golang.org/x/tools v0.38.0 // indirect
-	google.golang.org/protobuf v1.36.5 // indirect
+	golang.org/x/tools v0.39.0 // indirect
+	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	k8s.io/apiextensions-apiserver v0.33.3 // indirect
diff --git a/tests/e2e/go.sum b/tests/e2e/go.sum
index 03eeb2c2e3..3a9bd50acf 100644
--- a/tests/e2e/go.sum
+++ b/tests/e2e/go.sum
@@ -50,8 +50,9 @@ github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV
 github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
-github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
 github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI=
+github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ=
 github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
@@ -258,8 +259,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
-github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ=
@@ -355,11 +356,11 @@ golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
 golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
-golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
-golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
+golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
+golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
-golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
+golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=
+golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -374,8 +375,8 @@ golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
-golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -422,8 +423,8 @@ golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
-golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
+golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
@@ -446,8 +447,8 @@ golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
 golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk=
-golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
-golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=
+golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
+golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -465,8 +466,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
-golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
-golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
+golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
+golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
 golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY=
 golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -497,8 +498,8 @@ golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg
 golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
 golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ=
-golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
-golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
+golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
+golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -526,8 +527,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
-google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=
-google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
+google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
diff --git a/tests/performance/shatal/go.mod b/tests/performance/shatal/go.mod
index 6a9c5729ea..9b7f858bc8 100644
--- a/tests/performance/shatal/go.mod
+++ b/tests/performance/shatal/go.mod
@@ -1,6 +1,6 @@
 module github.com/deckhouse/virtualization/shatal
 
-go 1.24.13
+go 1.25.8
 
 require (
 	github.com/deckhouse/virtualization/api v0.0.0-20240408082728-b892ddd03f9e

From 37eb087139b10db6ce9d4c8fe5c555860b730018 Mon Sep 17 00:00:00 2001
From: Dmitry Lopatin <dmitry.lopatin@flant.com>
Date: Fri, 27 Mar 2026 16:14:58 +0300
Subject: [PATCH 2/3] chore(core): cve mitigation in CSE

Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
---
 .../cdi-cloner/cloner-startup/.golangci.yaml  | 162 ++++++++++++-----
 images/dvcr-artifact/.golangci.yaml           | 131 ++++++++++----
 images/virtualization-artifact/.golangci.yaml | 131 ++++++++++----
 src/cli/.golangci.yaml                        | 131 ++++++++++----
 tests/e2e/.golangci.yaml                      | 136 +++++++++-----
 tests/performance/shatal/.golangci.yaml       | 131 ++++++++++----
 tools/addlicense/.golangci.yaml               | 168 +++++++++++++-----
 7 files changed, 701 insertions(+), 289 deletions(-)

diff --git a/images/cdi-cloner/cloner-startup/.golangci.yaml b/images/cdi-cloner/cloner-startup/.golangci.yaml
index e1e5415199..fdafd0789c 100644
--- a/images/cdi-cloner/cloner-startup/.golangci.yaml
+++ b/images/cdi-cloner/cloner-startup/.golangci.yaml
@@ -1,60 +1,132 @@
+# https://golangci-lint.run/usage/configuration/
+version: "2"
+
 run:
+  concurrency: 4
   timeout: 10m
-#  skip-dirs:
-# this code has been copied from kubectl cli. No need to lint external code.
-#    - go_lib/dependency/k8s/drain
-# this code has been copied from kubernetes vertical-pod-autoscaler. No need to lint external code.
-#   - modules/302-vertical-pod-autoscaler/hooks/internal/vertical-pod-autoscaler/v1
+
 issues:
   # Show all errors.
   max-issues-per-linter: 0
   max-same-issues: 0
   exclude:
-    #  - ST1005.*
     - "don't use an underscore in package name"
-#  - "exported: .*"
 
-linters-settings:
-  gofumpt:
-    extra-rules: true
-  gci:
-    sections:
-      - standard
-      - default
-      - prefix(github.com/deckhouse/)
-  goimports:
-    local-prefixes: github.com/deckhouse/
-  errcheck:
-    exclude-functions: fmt:.*,[rR]ead|[wW]rite|[cC]lose,io:Copy
-  revive:
-    rules:
-      - name: dot-imports
-        disabled: true
+output:
+  sort-results: true
 
-linters:
-  disable-all: true
+exclusions:
+  paths:
+    - "^zz_generated.*"
+
+formatters:
   enable:
-    - asciicheck
-    - bidichk
-    - bodyclose
-    - dogsled
-    - errcheck
-    - errname
-    - errorlint
     - gci
-    - gocritic
     - gofmt
     - gofumpt
     - goimports
-    - gosimple
-    - govet
-    - ineffassign
-    - misspell
-    - nolintlint
-    - revive
-    - staticcheck
-    - typecheck
-    - unconvert
-    - unparam
-    - unused
-    - whitespace
+  settings:
+    gci:
+      sections:
+        - standard
+        - default
+        - prefix(github.com/deckhouse/)
+    gofumpt:
+      extra-rules: true
+    goimports:
+      local-prefixes: github.com/deckhouse/
+
+linters:
+  default: none
+  enable:
+    - asciicheck # checks that your code does not contain non-ASCII identifiers
+    - bidichk # checks for dangerous unicode character sequences
+    - bodyclose # checks whether HTTP response body is closed successfully
+    - contextcheck # [maybe too many false positives] checks the function whether use a non-inherited context
+    - dogsled # checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
+    - errcheck # checking for unchecked errors, these unchecked errors can be critical bugs in some cases
+    - errname # checks that sentinel errors are prefixed with the Err and error types are suffixed with the Error
+    - errorlint # finds code that will cause problems with the error wrapping scheme introduced in Go 1.13
+    - copyloopvar # detects places where loop variables are copied (Go 1.22+)
+    - gocritic # provides diagnostics that check for bugs, performance and style issues
+    - govet # reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
+    - ineffassign # detects when assignments to existing variables are not used
+    - misspell # finds commonly misspelled English words in comments
+    - nolintlint # reports ill-formed or insufficient nolint directives
+    - reassign # checks that package variables are not reassigned
+    - revive # fast, configurable, extensible, flexible, and beautiful linter for Go, drop-in replacement of golint
+    - staticcheck # is a go vet on steroids, applying a ton of static analysis checks
+    - testifylint # checks usage of github.com/stretchr/testify
+    - unconvert # removes unnecessary type conversions
+    - unparam # reports unused function parameters
+    - unused # checks for unused constants, variables, functions and types
+    - usetesting # reports uses of functions with replacement inside the testing package
+    - testableexamples # checks if examples are testable (have an expected output)
+    - thelper # detects golang test helpers without t.Helper() call and checks the consistency of test helpers
+    - tparallel # detects inappropriate usage of t.Parallel() method in your Go test codes
+    - whitespace # detects leading and trailing whitespace
+    - wastedassign # finds wasted assignment statements
+    - importas # checks import aliases against the configured convention
+  settings:
+    errcheck:
+      exclude-functions:
+        - "(*os.File).Close"
+        - "(*net.TCPConn).Close"
+        - "(io.ReadCloser).Close"
+        - "(net.Listener).Close"
+        - "(net.Conn).Close"
+        - "(net.Conn).Close"
+        - "(*golang.org/x/crypto/ssh.Session).Close"
+        - "(*github.com/fsnotify/fsnotify.Watcher).Close"
+    staticcheck:
+      dot-import-whitelist:
+        - github.com/onsi/ginkgo/v2
+        - github.com/onsi/gomega
+    revive:
+      rules:
+        - name: dot-imports
+          disabled: true
+        - name: exported
+          disabled: true
+        - name: package-comments
+          disabled: true
+    nolintlint:
+      # Exclude following linters from requiring an explanation.
+      # Default: []
+      allow-no-explanation: [funlen, gocognit, lll]
+      # Enable to require an explanation of nonzero length after each nolint directive.
+      # Default: false
+      require-explanation: true
+      # Enable to require nolint directives to mention the specific linter being suppressed.
+      # Default: false
+      require-specific: true
+    importas:
+      # Do not allow unaliased imports of aliased packages.
+      # Default: false
+      no-unaliased: true
+      # Do not allow non-required aliases.
+      # Default: false
+      no-extra-aliases: false
+      # List of aliases
+      # Default: []
+      alias:
+        #        - pkg: github.com/deckhouse/virtualization/api/core/v1alpha2
+        #          alias: ""
+        #        - pkg: github.com/deckhouse/virtualization/api/subresources/v1alpha2
+        #          alias: subv1alpha2
+        #        - pkg: kubevirt.io/api/core/v1
+        #          alias: virtv1
+        - pkg: k8s.io/api/core/v1
+          alias: corev1
+        - pkg: k8s.io/api/authentication/v1
+          alias: authnv1
+        #        - pkg: k8s.io/api/storage/v1
+        #          alias: storagev1
+        - pkg: k8s.io/api/networking/v1
+          alias: netv1
+        - pkg: k8s.io/api/policy/v1
+          alias: policyv1
+        - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
+          alias: metav1
+        - pkg: k8s.io/api/resource/v1
+          alias: resourcev1
diff --git a/images/dvcr-artifact/.golangci.yaml b/images/dvcr-artifact/.golangci.yaml
index 0867b18310..fdafd0789c 100644
--- a/images/dvcr-artifact/.golangci.yaml
+++ b/images/dvcr-artifact/.golangci.yaml
@@ -1,72 +1,61 @@
+# https://golangci-lint.run/usage/configuration/
+version: "2"
+
 run:
   concurrency: 4
   timeout: 10m
+
 issues:
   # Show all errors.
   max-issues-per-linter: 0
   max-same-issues: 0
   exclude:
     - "don't use an underscore in package name"
+
 output:
   sort-results: true
 
-exclude-files:
-  - "^zz_generated.*"
+exclusions:
+  paths:
+    - "^zz_generated.*"
 
-linters-settings:
-  gofumpt:
-    extra-rules: true
-  gci:
-    sections:
-      - standard
-      - default
-      - prefix(github.com/deckhouse/)
-  goimports:
-    local-prefixes: github.com/deckhouse/
-  errcheck:
-    exclude-functions: fmt:.*,[rR]ead|[wW]rite|[cC]lose,io:Copy
-  revive:
-    rules:
-      - name: dot-imports
-        disabled: true
-  nolintlint:
-    # Exclude following linters from requiring an explanation.
-    # Default: []
-    allow-no-explanation: [funlen, gocognit, lll]
-    # Enable to require an explanation of nonzero length after each nolint directive.
-    # Default: false
-    require-explanation: true
-    # Enable to require nolint directives to mention the specific linter being suppressed.
-    # Default: false
-    require-specific: true
+formatters:
+  enable:
+    - gci
+    - gofmt
+    - gofumpt
+    - goimports
+  settings:
+    gci:
+      sections:
+        - standard
+        - default
+        - prefix(github.com/deckhouse/)
+    gofumpt:
+      extra-rules: true
+    goimports:
+      local-prefixes: github.com/deckhouse/
 
 linters:
-  disable-all: true
+  default: none
   enable:
     - asciicheck # checks that your code does not contain non-ASCII identifiers
     - bidichk # checks for dangerous unicode character sequences
     - bodyclose # checks whether HTTP response body is closed successfully
-    - contextcheck # [maby too many false positives] checks the function whether use a non-inherited context
+    - contextcheck # [maybe too many false positives] checks the function whether use a non-inherited context
     - dogsled # checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
     - errcheck # checking for unchecked errors, these unchecked errors can be critical bugs in some cases
     - errname # checks that sentinel errors are prefixed with the Err and error types are suffixed with the Error
     - errorlint # finds code that will cause problems with the error wrapping scheme introduced in Go 1.13
     - copyloopvar # detects places where loop variables are copied (Go 1.22+)
-    - gci # controls golang package import order and makes it always deterministic
     - gocritic # provides diagnostics that check for bugs, performance and style issues
-    - gofmt # [replaced by goimports] checks whether code was gofmt-ed
-    - gofumpt # [replaced by goimports, gofumports is not available yet] checks whether code was gofumpt-ed
-    - goimports # in addition to fixing imports, goimports also formats your code in the same style as gofmt
-    - gosimple # specializes in simplifying a code
     - govet # reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
     - ineffassign # detects when assignments to existing variables are not used
     - misspell # finds commonly misspelled English words in comments
     - nolintlint # reports ill-formed or insufficient nolint directives
-    - reassign # Checks that package variables are not reassigned.
+    - reassign # checks that package variables are not reassigned
     - revive # fast, configurable, extensible, flexible, and beautiful linter for Go, drop-in replacement of golint
-    - stylecheck # is a replacement for golint
     - staticcheck # is a go vet on steroids, applying a ton of static analysis checks
-    - typecheck # like the front-end of a Go compiler, parses and type-checks Go code
     - testifylint # checks usage of github.com/stretchr/testify
     - unconvert # removes unnecessary type conversions
     - unparam # reports unused function parameters
@@ -76,4 +65,68 @@ linters:
     - thelper # detects golang test helpers without t.Helper() call and checks the consistency of test helpers
     - tparallel # detects inappropriate usage of t.Parallel() method in your Go test codes
     - whitespace # detects leading and trailing whitespace
-    - wastedassign # Finds wasted assignment statements.
+    - wastedassign # finds wasted assignment statements
+    - importas # checks import aliases against the configured convention
+  settings:
+    errcheck:
+      exclude-functions:
+        - "(*os.File).Close"
+        - "(*net.TCPConn).Close"
+        - "(io.ReadCloser).Close"
+        - "(net.Listener).Close"
+        - "(net.Conn).Close"
+        - "(net.Conn).Close"
+        - "(*golang.org/x/crypto/ssh.Session).Close"
+        - "(*github.com/fsnotify/fsnotify.Watcher).Close"
+    staticcheck:
+      dot-import-whitelist:
+        - github.com/onsi/ginkgo/v2
+        - github.com/onsi/gomega
+    revive:
+      rules:
+        - name: dot-imports
+          disabled: true
+        - name: exported
+          disabled: true
+        - name: package-comments
+          disabled: true
+    nolintlint:
+      # Exclude following linters from requiring an explanation.
+      # Default: []
+      allow-no-explanation: [funlen, gocognit, lll]
+      # Enable to require an explanation of nonzero length after each nolint directive.
+      # Default: false
+      require-explanation: true
+      # Enable to require nolint directives to mention the specific linter being suppressed.
+      # Default: false
+      require-specific: true
+    importas:
+      # Do not allow unaliased imports of aliased packages.
+      # Default: false
+      no-unaliased: true
+      # Do not allow non-required aliases.
+      # Default: false
+      no-extra-aliases: false
+      # List of aliases
+      # Default: []
+      alias:
+        #        - pkg: github.com/deckhouse/virtualization/api/core/v1alpha2
+        #          alias: ""
+        #        - pkg: github.com/deckhouse/virtualization/api/subresources/v1alpha2
+        #          alias: subv1alpha2
+        #        - pkg: kubevirt.io/api/core/v1
+        #          alias: virtv1
+        - pkg: k8s.io/api/core/v1
+          alias: corev1
+        - pkg: k8s.io/api/authentication/v1
+          alias: authnv1
+        #        - pkg: k8s.io/api/storage/v1
+        #          alias: storagev1
+        - pkg: k8s.io/api/networking/v1
+          alias: netv1
+        - pkg: k8s.io/api/policy/v1
+          alias: policyv1
+        - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
+          alias: metav1
+        - pkg: k8s.io/api/resource/v1
+          alias: resourcev1
diff --git a/images/virtualization-artifact/.golangci.yaml b/images/virtualization-artifact/.golangci.yaml
index 0867b18310..fdafd0789c 100644
--- a/images/virtualization-artifact/.golangci.yaml
+++ b/images/virtualization-artifact/.golangci.yaml
@@ -1,72 +1,61 @@
+# https://golangci-lint.run/usage/configuration/
+version: "2"
+
 run:
   concurrency: 4
   timeout: 10m
+
 issues:
   # Show all errors.
   max-issues-per-linter: 0
   max-same-issues: 0
   exclude:
     - "don't use an underscore in package name"
+
 output:
   sort-results: true
 
-exclude-files:
-  - "^zz_generated.*"
+exclusions:
+  paths:
+    - "^zz_generated.*"
 
-linters-settings:
-  gofumpt:
-    extra-rules: true
-  gci:
-    sections:
-      - standard
-      - default
-      - prefix(github.com/deckhouse/)
-  goimports:
-    local-prefixes: github.com/deckhouse/
-  errcheck:
-    exclude-functions: fmt:.*,[rR]ead|[wW]rite|[cC]lose,io:Copy
-  revive:
-    rules:
-      - name: dot-imports
-        disabled: true
-  nolintlint:
-    # Exclude following linters from requiring an explanation.
-    # Default: []
-    allow-no-explanation: [funlen, gocognit, lll]
-    # Enable to require an explanation of nonzero length after each nolint directive.
-    # Default: false
-    require-explanation: true
-    # Enable to require nolint directives to mention the specific linter being suppressed.
-    # Default: false
-    require-specific: true
+formatters:
+  enable:
+    - gci
+    - gofmt
+    - gofumpt
+    - goimports
+  settings:
+    gci:
+      sections:
+        - standard
+        - default
+        - prefix(github.com/deckhouse/)
+    gofumpt:
+      extra-rules: true
+    goimports:
+      local-prefixes: github.com/deckhouse/
 
 linters:
-  disable-all: true
+  default: none
   enable:
     - asciicheck # checks that your code does not contain non-ASCII identifiers
     - bidichk # checks for dangerous unicode character sequences
     - bodyclose # checks whether HTTP response body is closed successfully
-    - contextcheck # [maby too many false positives] checks the function whether use a non-inherited context
+    - contextcheck # [maybe too many false positives] checks the function whether use a non-inherited context
     - dogsled # checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
     - errcheck # checking for unchecked errors, these unchecked errors can be critical bugs in some cases
     - errname # checks that sentinel errors are prefixed with the Err and error types are suffixed with the Error
     - errorlint # finds code that will cause problems with the error wrapping scheme introduced in Go 1.13
     - copyloopvar # detects places where loop variables are copied (Go 1.22+)
-    - gci # controls golang package import order and makes it always deterministic
     - gocritic # provides diagnostics that check for bugs, performance and style issues
-    - gofmt # [replaced by goimports] checks whether code was gofmt-ed
-    - gofumpt # [replaced by goimports, gofumports is not available yet] checks whether code was gofumpt-ed
-    - goimports # in addition to fixing imports, goimports also formats your code in the same style as gofmt
-    - gosimple # specializes in simplifying a code
     - govet # reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
     - ineffassign # detects when assignments to existing variables are not used
     - misspell # finds commonly misspelled English words in comments
     - nolintlint # reports ill-formed or insufficient nolint directives
-    - reassign # Checks that package variables are not reassigned.
+    - reassign # checks that package variables are not reassigned
     - revive # fast, configurable, extensible, flexible, and beautiful linter for Go, drop-in replacement of golint
-    - stylecheck # is a replacement for golint
     - staticcheck # is a go vet on steroids, applying a ton of static analysis checks
-    - typecheck # like the front-end of a Go compiler, parses and type-checks Go code
     - testifylint # checks usage of github.com/stretchr/testify
     - unconvert # removes unnecessary type conversions
     - unparam # reports unused function parameters
@@ -76,4 +65,68 @@ linters:
     - thelper # detects golang test helpers without t.Helper() call and checks the consistency of test helpers
     - tparallel # detects inappropriate usage of t.Parallel() method in your Go test codes
     - whitespace # detects leading and trailing whitespace
-    - wastedassign # Finds wasted assignment statements.
+    - wastedassign # finds wasted assignment statements
+    - importas # checks import aliases against the configured convention
+  settings:
+    errcheck:
+      exclude-functions:
+        - "(*os.File).Close"
+        - "(*net.TCPConn).Close"
+        - "(io.ReadCloser).Close"
+        - "(net.Listener).Close"
+        - "(net.Conn).Close"
+        - "(net.Conn).Close"
+        - "(*golang.org/x/crypto/ssh.Session).Close"
+        - "(*github.com/fsnotify/fsnotify.Watcher).Close"
+    staticcheck:
+      dot-import-whitelist:
+        - github.com/onsi/ginkgo/v2
+        - github.com/onsi/gomega
+    revive:
+      rules:
+        - name: dot-imports
+          disabled: true
+        - name: exported
+          disabled: true
+        - name: package-comments
+          disabled: true
+    nolintlint:
+      # Exclude following linters from requiring an explanation.
+      # Default: []
+      allow-no-explanation: [funlen, gocognit, lll]
+      # Enable to require an explanation of nonzero length after each nolint directive.
+      # Default: false
+      require-explanation: true
+      # Enable to require nolint directives to mention the specific linter being suppressed.
+      # Default: false
+      require-specific: true
+    importas:
+      # Do not allow unaliased imports of aliased packages.
+      # Default: false
+      no-unaliased: true
+      # Do not allow non-required aliases.
+      # Default: false
+      no-extra-aliases: false
+      # List of aliases
+      # Default: []
+      alias:
+        #        - pkg: github.com/deckhouse/virtualization/api/core/v1alpha2
+        #          alias: ""
+        #        - pkg: github.com/deckhouse/virtualization/api/subresources/v1alpha2
+        #          alias: subv1alpha2
+        #        - pkg: kubevirt.io/api/core/v1
+        #          alias: virtv1
+        - pkg: k8s.io/api/core/v1
+          alias: corev1
+        - pkg: k8s.io/api/authentication/v1
+          alias: authnv1
+        #        - pkg: k8s.io/api/storage/v1
+        #          alias: storagev1
+        - pkg: k8s.io/api/networking/v1
+          alias: netv1
+        - pkg: k8s.io/api/policy/v1
+          alias: policyv1
+        - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
+          alias: metav1
+        - pkg: k8s.io/api/resource/v1
+          alias: resourcev1
diff --git a/src/cli/.golangci.yaml b/src/cli/.golangci.yaml
index 0867b18310..fdafd0789c 100644
--- a/src/cli/.golangci.yaml
+++ b/src/cli/.golangci.yaml
@@ -1,72 +1,61 @@
+# https://golangci-lint.run/usage/configuration/
+version: "2"
+
 run:
   concurrency: 4
   timeout: 10m
+
 issues:
   # Show all errors.
   max-issues-per-linter: 0
   max-same-issues: 0
   exclude:
     - "don't use an underscore in package name"
+
 output:
   sort-results: true
 
-exclude-files:
-  - "^zz_generated.*"
+exclusions:
+  paths:
+    - "^zz_generated.*"
 
-linters-settings:
-  gofumpt:
-    extra-rules: true
-  gci:
-    sections:
-      - standard
-      - default
-      - prefix(github.com/deckhouse/)
-  goimports:
-    local-prefixes: github.com/deckhouse/
-  errcheck:
-    exclude-functions: fmt:.*,[rR]ead|[wW]rite|[cC]lose,io:Copy
-  revive:
-    rules:
-      - name: dot-imports
-        disabled: true
-  nolintlint:
-    # Exclude following linters from requiring an explanation.
-    # Default: []
-    allow-no-explanation: [funlen, gocognit, lll]
-    # Enable to require an explanation of nonzero length after each nolint directive.
-    # Default: false
-    require-explanation: true
-    # Enable to require nolint directives to mention the specific linter being suppressed.
-    # Default: false
-    require-specific: true
+formatters:
+  enable:
+    - gci
+    - gofmt
+    - gofumpt
+    - goimports
+  settings:
+    gci:
+      sections:
+        - standard
+        - default
+        - prefix(github.com/deckhouse/)
+    gofumpt:
+      extra-rules: true
+    goimports:
+      local-prefixes: github.com/deckhouse/
 
 linters:
-  disable-all: true
+  default: none
   enable:
     - asciicheck # checks that your code does not contain non-ASCII identifiers
     - bidichk # checks for dangerous unicode character sequences
     - bodyclose # checks whether HTTP response body is closed successfully
-    - contextcheck # [maby too many false positives] checks the function whether use a non-inherited context
+    - contextcheck # [maybe too many false positives] checks the function whether use a non-inherited context
     - dogsled # checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
     - errcheck # checking for unchecked errors, these unchecked errors can be critical bugs in some cases
     - errname # checks that sentinel errors are prefixed with the Err and error types are suffixed with the Error
     - errorlint # finds code that will cause problems with the error wrapping scheme introduced in Go 1.13
     - copyloopvar # detects places where loop variables are copied (Go 1.22+)
-    - gci # controls golang package import order and makes it always deterministic
     - gocritic # provides diagnostics that check for bugs, performance and style issues
-    - gofmt # [replaced by goimports] checks whether code was gofmt-ed
-    - gofumpt # [replaced by goimports, gofumports is not available yet] checks whether code was gofumpt-ed
-    - goimports # in addition to fixing imports, goimports also formats your code in the same style as gofmt
-    - gosimple # specializes in simplifying a code
     - govet # reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
     - ineffassign # detects when assignments to existing variables are not used
     - misspell # finds commonly misspelled English words in comments
     - nolintlint # reports ill-formed or insufficient nolint directives
-    - reassign # Checks that package variables are not reassigned.
+    - reassign # checks that package variables are not reassigned
     - revive # fast, configurable, extensible, flexible, and beautiful linter for Go, drop-in replacement of golint
-    - stylecheck # is a replacement for golint
     - staticcheck # is a go vet on steroids, applying a ton of static analysis checks
-    - typecheck # like the front-end of a Go compiler, parses and type-checks Go code
     - testifylint # checks usage of github.com/stretchr/testify
     - unconvert # removes unnecessary type conversions
     - unparam # reports unused function parameters
@@ -76,4 +65,68 @@ linters:
     - thelper # detects golang test helpers without t.Helper() call and checks the consistency of test helpers
     - tparallel # detects inappropriate usage of t.Parallel() method in your Go test codes
     - whitespace # detects leading and trailing whitespace
-    - wastedassign # Finds wasted assignment statements.
+    - wastedassign # finds wasted assignment statements
+    - importas # checks import aliases against the configured convention
+  settings:
+    errcheck:
+      exclude-functions:
+        - "(*os.File).Close"
+        - "(*net.TCPConn).Close"
+        - "(io.ReadCloser).Close"
+        - "(net.Listener).Close"
+        - "(net.Conn).Close"
+        - "(net.Conn).Close"
+        - "(*golang.org/x/crypto/ssh.Session).Close"
+        - "(*github.com/fsnotify/fsnotify.Watcher).Close"
+    staticcheck:
+      dot-import-whitelist:
+        - github.com/onsi/ginkgo/v2
+        - github.com/onsi/gomega
+    revive:
+      rules:
+        - name: dot-imports
+          disabled: true
+        - name: exported
+          disabled: true
+        - name: package-comments
+          disabled: true
+    nolintlint:
+      # Exclude following linters from requiring an explanation.
+      # Default: []
+      allow-no-explanation: [funlen, gocognit, lll]
+      # Enable to require an explanation of nonzero length after each nolint directive.
+      # Default: false
+      require-explanation: true
+      # Enable to require nolint directives to mention the specific linter being suppressed.
+      # Default: false
+      require-specific: true
+    importas:
+      # Do not allow unaliased imports of aliased packages.
+      # Default: false
+      no-unaliased: true
+      # Do not allow non-required aliases.
+      # Default: false
+      no-extra-aliases: false
+      # List of aliases
+      # Default: []
+      alias:
+        #        - pkg: github.com/deckhouse/virtualization/api/core/v1alpha2
+        #          alias: ""
+        #        - pkg: github.com/deckhouse/virtualization/api/subresources/v1alpha2
+        #          alias: subv1alpha2
+        #        - pkg: kubevirt.io/api/core/v1
+        #          alias: virtv1
+        - pkg: k8s.io/api/core/v1
+          alias: corev1
+        - pkg: k8s.io/api/authentication/v1
+          alias: authnv1
+        #        - pkg: k8s.io/api/storage/v1
+        #          alias: storagev1
+        - pkg: k8s.io/api/networking/v1
+          alias: netv1
+        - pkg: k8s.io/api/policy/v1
+          alias: policyv1
+        - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
+          alias: metav1
+        - pkg: k8s.io/api/resource/v1
+          alias: resourcev1
diff --git a/tests/e2e/.golangci.yaml b/tests/e2e/.golangci.yaml
index 6a3506df90..fdafd0789c 100644
--- a/tests/e2e/.golangci.yaml
+++ b/tests/e2e/.golangci.yaml
@@ -1,77 +1,61 @@
+# https://golangci-lint.run/usage/configuration/
+version: "2"
+
 run:
   concurrency: 4
   timeout: 10m
+
 issues:
   # Show all errors.
   max-issues-per-linter: 0
   max-same-issues: 0
   exclude:
     - "don't use an underscore in package name"
+
 output:
   sort-results: true
 
-exclude-files:
-  - "^zz_generated.*"
+exclusions:
+  paths:
+    - "^zz_generated.*"
 
-linters-settings:
-  gofumpt:
-    extra-rules: true
-  gci:
-    sections:
-      - standard
-      - default
-      - prefix(github.com/deckhouse/)
-  goimports:
-    local-prefixes: github.com/deckhouse/
-  errcheck:
-    exclude-functions: fmt:.*,[rR]ead|[wW]rite|[cC]lose,io:Copy
-  revive:
-    rules:
-      - name: dot-imports
-        disabled: true
-  stylecheck:
-    dot-import-whitelist:
-      - github.com/onsi/gomega
-      - github.com/onsi/ginkgo/v2
-      - github.com/deckhouse/virtualization/tests/e2e/helper
-  nolintlint:
-    # Exclude following linters from requiring an explanation.
-    # Default: []
-    allow-no-explanation: [funlen, gocognit, lll]
-    # Enable to require an explanation of nonzero length after each nolint directive.
-    # Default: false
-    require-explanation: true
-    # Enable to require nolint directives to mention the specific linter being suppressed.
-    # Default: false
-    require-specific: true
+formatters:
+  enable:
+    - gci
+    - gofmt
+    - gofumpt
+    - goimports
+  settings:
+    gci:
+      sections:
+        - standard
+        - default
+        - prefix(github.com/deckhouse/)
+    gofumpt:
+      extra-rules: true
+    goimports:
+      local-prefixes: github.com/deckhouse/
 
 linters:
-  disable-all: true
+  default: none
   enable:
     - asciicheck # checks that your code does not contain non-ASCII identifiers
     - bidichk # checks for dangerous unicode character sequences
     - bodyclose # checks whether HTTP response body is closed successfully
-    - contextcheck # [maby too many false positives] checks the function whether use a non-inherited context
+    - contextcheck # [maybe too many false positives] checks the function whether use a non-inherited context
     - dogsled # checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
     - errcheck # checking for unchecked errors, these unchecked errors can be critical bugs in some cases
     - errname # checks that sentinel errors are prefixed with the Err and error types are suffixed with the Error
     - errorlint # finds code that will cause problems with the error wrapping scheme introduced in Go 1.13
     - copyloopvar # detects places where loop variables are copied (Go 1.22+)
-    - gci # controls golang package import order and makes it always deterministic
     - gocritic # provides diagnostics that check for bugs, performance and style issues
-    - gofmt # [replaced by goimports] checks whether code was gofmt-ed
-    - gofumpt # [replaced by goimports, gofumports is not available yet] checks whether code was gofumpt-ed
-    - goimports # in addition to fixing imports, goimports also formats your code in the same style as gofmt
-    - gosimple # specializes in simplifying a code
     - govet # reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
     - ineffassign # detects when assignments to existing variables are not used
     - misspell # finds commonly misspelled English words in comments
     - nolintlint # reports ill-formed or insufficient nolint directives
-    - reassign # Checks that package variables are not reassigned.
+    - reassign # checks that package variables are not reassigned
     - revive # fast, configurable, extensible, flexible, and beautiful linter for Go, drop-in replacement of golint
-    - stylecheck # is a replacement for golint
     - staticcheck # is a go vet on steroids, applying a ton of static analysis checks
-    - typecheck # like the front-end of a Go compiler, parses and type-checks Go code
     - testifylint # checks usage of github.com/stretchr/testify
     - unconvert # removes unnecessary type conversions
     - unparam # reports unused function parameters
@@ -81,4 +65,68 @@ linters:
     - thelper # detects golang test helpers without t.Helper() call and checks the consistency of test helpers
     - tparallel # detects inappropriate usage of t.Parallel() method in your Go test codes
     - whitespace # detects leading and trailing whitespace
-    - wastedassign # Finds wasted assignment statements.
+    - wastedassign # finds wasted assignment statements
+    - importas # checks import aliases against the configured convention
+  settings:
+    errcheck:
+      exclude-functions:
+        - "(*os.File).Close"
+        - "(*net.TCPConn).Close"
+        - "(io.ReadCloser).Close"
+        - "(net.Listener).Close"
+        - "(net.Conn).Close"
+        - "(net.Conn).Close"
+        - "(*golang.org/x/crypto/ssh.Session).Close"
+        - "(*github.com/fsnotify/fsnotify.Watcher).Close"
+    staticcheck:
+      dot-import-whitelist:
+        - github.com/onsi/ginkgo/v2
+        - github.com/onsi/gomega
+    revive:
+      rules:
+        - name: dot-imports
+          disabled: true
+        - name: exported
+          disabled: true
+        - name: package-comments
+          disabled: true
+    nolintlint:
+      # Exclude following linters from requiring an explanation.
+      # Default: []
+      allow-no-explanation: [funlen, gocognit, lll]
+      # Enable to require an explanation of nonzero length after each nolint directive.
+      # Default: false
+      require-explanation: true
+      # Enable to require nolint directives to mention the specific linter being suppressed.
+      # Default: false
+      require-specific: true
+    importas:
+      # Do not allow unaliased imports of aliased packages.
+      # Default: false
+      no-unaliased: true
+      # Do not allow non-required aliases.
+      # Default: false
+      no-extra-aliases: false
+      # List of aliases
+      # Default: []
+      alias:
+        #        - pkg: github.com/deckhouse/virtualization/api/core/v1alpha2
+        #          alias: ""
+        #        - pkg: github.com/deckhouse/virtualization/api/subresources/v1alpha2
+        #          alias: subv1alpha2
+        #        - pkg: kubevirt.io/api/core/v1
+        #          alias: virtv1
+        - pkg: k8s.io/api/core/v1
+          alias: corev1
+        - pkg: k8s.io/api/authentication/v1
+          alias: authnv1
+        #        - pkg: k8s.io/api/storage/v1
+        #          alias: storagev1
+        - pkg: k8s.io/api/networking/v1
+          alias: netv1
+        - pkg: k8s.io/api/policy/v1
+          alias: policyv1
+        - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
+          alias: metav1
+        - pkg: k8s.io/api/resource/v1
+          alias: resourcev1
diff --git a/tests/performance/shatal/.golangci.yaml b/tests/performance/shatal/.golangci.yaml
index 0867b18310..fdafd0789c 100644
--- a/tests/performance/shatal/.golangci.yaml
+++ b/tests/performance/shatal/.golangci.yaml
@@ -1,72 +1,61 @@
+# https://golangci-lint.run/usage/configuration/
+version: "2"
+
 run:
   concurrency: 4
   timeout: 10m
+
 issues:
   # Show all errors.
   max-issues-per-linter: 0
   max-same-issues: 0
   exclude:
     - "don't use an underscore in package name"
+
 output:
   sort-results: true
 
-exclude-files:
-  - "^zz_generated.*"
+exclusions:
+  paths:
+    - "^zz_generated.*"
 
-linters-settings:
-  gofumpt:
-    extra-rules: true
-  gci:
-    sections:
-      - standard
-      - default
-      - prefix(github.com/deckhouse/)
-  goimports:
-    local-prefixes: github.com/deckhouse/
-  errcheck:
-    exclude-functions: fmt:.*,[rR]ead|[wW]rite|[cC]lose,io:Copy
-  revive:
-    rules:
-      - name: dot-imports
-        disabled: true
-  nolintlint:
-    # Exclude following linters from requiring an explanation.
-    # Default: []
-    allow-no-explanation: [funlen, gocognit, lll]
-    # Enable to require an explanation of nonzero length after each nolint directive.
-    # Default: false
-    require-explanation: true
-    # Enable to require nolint directives to mention the specific linter being suppressed.
-    # Default: false
-    require-specific: true
+formatters:
+  enable:
+    - gci
+    - gofmt
+    - gofumpt
+    - goimports
+  settings:
+    gci:
+      sections:
+        - standard
+        - default
+        - prefix(github.com/deckhouse/)
+    gofumpt:
+      extra-rules: true
+    goimports:
+      local-prefixes: github.com/deckhouse/
 
 linters:
-  disable-all: true
+  default: none
   enable:
     - asciicheck # checks that your code does not contain non-ASCII identifiers
     - bidichk # checks for dangerous unicode character sequences
     - bodyclose # checks whether HTTP response body is closed successfully
-    - contextcheck # [maby too many false positives] checks the function whether use a non-inherited context
+    - contextcheck # [maybe too many false positives] checks the function whether use a non-inherited context
     - dogsled # checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
     - errcheck # checking for unchecked errors, these unchecked errors can be critical bugs in some cases
     - errname # checks that sentinel errors are prefixed with the Err and error types are suffixed with the Error
     - errorlint # finds code that will cause problems with the error wrapping scheme introduced in Go 1.13
     - copyloopvar # detects places where loop variables are copied (Go 1.22+)
-    - gci # controls golang package import order and makes it always deterministic
     - gocritic # provides diagnostics that check for bugs, performance and style issues
-    - gofmt # [replaced by goimports] checks whether code was gofmt-ed
-    - gofumpt # [replaced by goimports, gofumports is not available yet] checks whether code was gofumpt-ed
-    - goimports # in addition to fixing imports, goimports also formats your code in the same style as gofmt
-    - gosimple # specializes in simplifying a code
     - govet # reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
     - ineffassign # detects when assignments to existing variables are not used
     - misspell # finds commonly misspelled English words in comments
     - nolintlint # reports ill-formed or insufficient nolint directives
-    - reassign # Checks that package variables are not reassigned.
+    - reassign # checks that package variables are not reassigned
     - revive # fast, configurable, extensible, flexible, and beautiful linter for Go, drop-in replacement of golint
-    - stylecheck # is a replacement for golint
     - staticcheck # is a go vet on steroids, applying a ton of static analysis checks
-    - typecheck # like the front-end of a Go compiler, parses and type-checks Go code
     - testifylint # checks usage of github.com/stretchr/testify
     - unconvert # removes unnecessary type conversions
     - unparam # reports unused function parameters
@@ -76,4 +65,68 @@ linters:
     - thelper # detects golang test helpers without t.Helper() call and checks the consistency of test helpers
     - tparallel # detects inappropriate usage of t.Parallel() method in your Go test codes
     - whitespace # detects leading and trailing whitespace
-    - wastedassign # Finds wasted assignment statements.
+    - wastedassign # finds wasted assignment statements
+    - importas # checks import aliases against the configured convention
+  settings:
+    errcheck:
+      exclude-functions:
+        - "(*os.File).Close"
+        - "(*net.TCPConn).Close"
+        - "(io.ReadCloser).Close"
+        - "(net.Listener).Close"
+        - "(net.Conn).Close"
+        - "(net.Conn).Close"
+        - "(*golang.org/x/crypto/ssh.Session).Close"
+        - "(*github.com/fsnotify/fsnotify.Watcher).Close"
+    staticcheck:
+      dot-import-whitelist:
+        - github.com/onsi/ginkgo/v2
+        - github.com/onsi/gomega
+    revive:
+      rules:
+        - name: dot-imports
+          disabled: true
+        - name: exported
+          disabled: true
+        - name: package-comments
+          disabled: true
+    nolintlint:
+      # Exclude following linters from requiring an explanation.
+      # Default: []
+      allow-no-explanation: [funlen, gocognit, lll]
+      # Enable to require an explanation of nonzero length after each nolint directive.
+      # Default: false
+      require-explanation: true
+      # Enable to require nolint directives to mention the specific linter being suppressed.
+      # Default: false
+      require-specific: true
+    importas:
+      # Do not allow unaliased imports of aliased packages.
+      # Default: false
+      no-unaliased: true
+      # Do not allow non-required aliases.
+      # Default: false
+      no-extra-aliases: false
+      # List of aliases
+      # Default: []
+      alias:
+        #        - pkg: github.com/deckhouse/virtualization/api/core/v1alpha2
+        #          alias: ""
+        #        - pkg: github.com/deckhouse/virtualization/api/subresources/v1alpha2
+        #          alias: subv1alpha2
+        #        - pkg: kubevirt.io/api/core/v1
+        #          alias: virtv1
+        - pkg: k8s.io/api/core/v1
+          alias: corev1
+        - pkg: k8s.io/api/authentication/v1
+          alias: authnv1
+        #        - pkg: k8s.io/api/storage/v1
+        #          alias: storagev1
+        - pkg: k8s.io/api/networking/v1
+          alias: netv1
+        - pkg: k8s.io/api/policy/v1
+          alias: policyv1
+        - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
+          alias: metav1
+        - pkg: k8s.io/api/resource/v1
+          alias: resourcev1
diff --git a/tools/addlicense/.golangci.yaml b/tools/addlicense/.golangci.yaml
index f3105263a9..fdafd0789c 100644
--- a/tools/addlicense/.golangci.yaml
+++ b/tools/addlicense/.golangci.yaml
@@ -1,52 +1,132 @@
+# https://golangci-lint.run/usage/configuration/
+version: "2"
+
 run:
   concurrency: 4
-  timeout: 2m
-  exclude-dirs:
-    - docs
-    - scripts
-
-linters-settings:
-  gofumpt:
-    extra-rules: true
-  gci:
-    sections:
-      - standard
-      - default
-  gocritic:
-    disabled-checks:
-      - ifElseChain
-  errorlint:
-    comparison: false
-    asserts: false
-  errcheck:
-    igexclude-functions: fmt:.*,[rR]ead|[wW]rite|[cC]lose,io:Copy
-
-linters:
-  disable-all: true
-  enable:
-    # Default linters.
-    - ineffassign
-    - typecheck
-    - unused
-
-    # Extra linters.
-    - asciicheck
-    - bidichk
-    - bodyclose
-    - errname
-    - errorlint
-    - copyloopvar
-    - gci
-    - gocritic
-    - gofumpt
-    - misspell
-    - nolintlint
+  timeout: 10m
 
 issues:
   # Show all errors.
   max-issues-per-linter: 0
   max-same-issues: 0
-
   exclude:
-    # TODO use %w in the future.
-    - "non-wrapping format verb for fmt.Errorf" # errorlint
+    - "don't use an underscore in package name"
+
+output:
+  sort-results: true
+
+exclusions:
+  paths:
+    - "^zz_generated.*"
+
+formatters:
+  enable:
+    - gci
+    - gofmt
+    - gofumpt
+    - goimports
+  settings:
+    gci:
+      sections:
+        - standard
+        - default
+        - prefix(github.com/deckhouse/)
+    gofumpt:
+      extra-rules: true
+    goimports:
+      local-prefixes: github.com/deckhouse/
+
+linters:
+  default: none
+  enable:
+    - asciicheck # checks that your code does not contain non-ASCII identifiers
+    - bidichk # checks for dangerous unicode character sequences
+    - bodyclose # checks whether HTTP response body is closed successfully
+    - contextcheck # [maybe too many false positives] checks the function whether use a non-inherited context
+    - dogsled # checks assignments with too many blank identifiers (e.g. x, _, _, _, := f())
+    - errcheck # checking for unchecked errors, these unchecked errors can be critical bugs in some cases
+    - errname # checks that sentinel errors are prefixed with the Err and error types are suffixed with the Error
+    - errorlint # finds code that will cause problems with the error wrapping scheme introduced in Go 1.13
+    - copyloopvar # detects places where loop variables are copied (Go 1.22+)
+    - gocritic # provides diagnostics that check for bugs, performance and style issues
+    - govet # reports suspicious constructs, such as Printf calls whose arguments do not align with the format string
+    - ineffassign # detects when assignments to existing variables are not used
+    - misspell # finds commonly misspelled English words in comments
+    - nolintlint # reports ill-formed or insufficient nolint directives
+    - reassign # checks that package variables are not reassigned
+    - revive # fast, configurable, extensible, flexible, and beautiful linter for Go, drop-in replacement of golint
+    - staticcheck # is a go vet on steroids, applying a ton of static analysis checks
+    - testifylint # checks usage of github.com/stretchr/testify
+    - unconvert # removes unnecessary type conversions
+    - unparam # reports unused function parameters
+    - unused # checks for unused constants, variables, functions and types
+    - usetesting # reports uses of functions with replacement inside the testing package
+    - testableexamples # checks if examples are testable (have an expected output)
+    - thelper # detects golang test helpers without t.Helper() call and checks the consistency of test helpers
+    - tparallel # detects inappropriate usage of t.Parallel() method in your Go test codes
+    - whitespace # detects leading and trailing whitespace
+    - wastedassign # finds wasted assignment statements
+    - importas # checks import aliases against the configured convention
+  settings:
+    errcheck:
+      exclude-functions:
+        - "(*os.File).Close"
+        - "(*net.TCPConn).Close"
+        - "(io.ReadCloser).Close"
+        - "(net.Listener).Close"
+        - "(net.Conn).Close"
+        - "(net.Conn).Close"
+        - "(*golang.org/x/crypto/ssh.Session).Close"
+        - "(*github.com/fsnotify/fsnotify.Watcher).Close"
+    staticcheck:
+      dot-import-whitelist:
+        - github.com/onsi/ginkgo/v2
+        - github.com/onsi/gomega
+    revive:
+      rules:
+        - name: dot-imports
+          disabled: true
+        - name: exported
+          disabled: true
+        - name: package-comments
+          disabled: true
+    nolintlint:
+      # Exclude following linters from requiring an explanation.
+      # Default: []
+      allow-no-explanation: [funlen, gocognit, lll]
+      # Enable to require an explanation of nonzero length after each nolint directive.
+      # Default: false
+      require-explanation: true
+      # Enable to require nolint directives to mention the specific linter being suppressed.
+      # Default: false
+      require-specific: true
+    importas:
+      # Do not allow unaliased imports of aliased packages.
+      # Default: false
+      no-unaliased: true
+      # Do not allow non-required aliases.
+      # Default: false
+      no-extra-aliases: false
+      # List of aliases
+      # Default: []
+      alias:
+        #        - pkg: github.com/deckhouse/virtualization/api/core/v1alpha2
+        #          alias: ""
+        #        - pkg: github.com/deckhouse/virtualization/api/subresources/v1alpha2
+        #          alias: subv1alpha2
+        #        - pkg: kubevirt.io/api/core/v1
+        #          alias: virtv1
+        - pkg: k8s.io/api/core/v1
+          alias: corev1
+        - pkg: k8s.io/api/authentication/v1
+          alias: authnv1
+        #        - pkg: k8s.io/api/storage/v1
+        #          alias: storagev1
+        - pkg: k8s.io/api/networking/v1
+          alias: netv1
+        - pkg: k8s.io/api/policy/v1
+          alias: policyv1
+        - pkg: k8s.io/apimachinery/pkg/apis/meta/v1
+          alias: metav1
+        - pkg: k8s.io/api/resource/v1
+          alias: resourcev1

From dc5944cfd8378324cefaab205396972f6e4e0c6a Mon Sep 17 00:00:00 2001
From: Dmitry Lopatin <dmitry.lopatin@flant.com>
Date: Fri, 27 Mar 2026 16:25:45 +0300
Subject: [PATCH 3/3] chore(core): cve mitigation in CSE

Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
---
 .../apiserver/registry/vm/storage/storage.go  |  2 +-
 .../pkg/audit/events/forbid/forbid_test.go    |  2 +-
 .../pkg/common/array/array.go                 |  2 +-
 .../pkg/common/pointer/pointer.go             |  2 +-
 .../controller/cvi/internal/source/http.go    |  2 +-
 .../cvi/internal/source/object_ref.go         |  2 +-
 .../cvi/internal/source/registry.go           |  2 +-
 .../controller/cvi/internal/source/upload.go  |  2 +-
 .../internal/watcher/vdsnapshot_watcher.go    |  4 +--
 .../internal/watcher/virtualdisk_watcher.go   |  4 +--
 .../pkg/controller/gc/fake.go                 |  4 +--
 .../pkg/controller/kvbuilder/kvvm.go          |  2 +-
 .../pkg/controller/reconciler/resource.go     |  2 +-
 .../controller/service/attachment_service.go  |  2 +-
 .../pkg/controller/service/disk_service.go    |  2 +-
 .../controller/service/size_policy_service.go | 20 +++++++-------
 .../controller/supplements/copier/secret.go   |  2 +-
 .../vd/internal/watcher/pvc_watcher.go        |  2 +-
 .../watcher/resource_quota_watcher.go         |  4 +--
 .../vd/internal/watcher/vdsnapshot_watcher.go |  6 ++---
 .../vdsnapshot/internal/watcher/vd_watcher.go |  4 +--
 .../vdsnapshot/internal/watcher/vm_watcher.go |  6 ++---
 .../service/vi_storage_class_service_test.go  | 26 +++++++++----------
 .../controller/vi/internal/source/sources.go  |  4 +--
 .../vi/internal/watcher/vdsnapshot_watcher.go |  4 +--
 .../internal/watcher/virdualdisk_watcher.go   |  4 +--
 .../vi/internal/watcher/vm_watcher.go         |  2 +-
 .../pkg/controller/vm/internal/util.go        |  2 +-
 .../vmbda/internal/watcher/cvi_watcher.go     |  4 +--
 .../vmbda/internal/watcher/vd_watcher.go      |  4 +--
 .../vmbda/internal/watcher/vi_watcher.go      |  4 +--
 .../vmbda/internal/watcher/vm_watcher.go      |  4 +--
 .../pkg/controller/vmclass/internal/util.go   |  2 +-
 .../internal/watcher/vmiplease_watcher.go     |  4 +--
 .../vmiplease/internal/retention_handler.go   |  2 +-
 .../internal/watcher/vmip_watcher.go          |  2 +-
 .../internal/watcher/vmmaclease_watcher.go    |  2 +-
 .../internal/watcher/kvvm_watcher.go          |  6 ++---
 .../vmrestore/internal/watcher/vd_watcher.go  |  8 +++---
 .../vmrestore/internal/watcher/vm_watcher.go  |  6 ++---
 .../internal/watcher/vmbda_watcher.go         | 12 ++++-----
 .../internal/watcher/vmsnapshot_watcher.go    |  4 +--
 .../vmsnapshot/internal/watcher/vd_watcher.go |  4 +--
 .../internal/watcher/vdsnapshot_watcher.go    |  4 +--
 .../vmsnapshot/internal/watcher/vm_watcher.go |  4 +--
 .../pkg/controller/watchers/cvi_enqueuer.go   |  4 +--
 .../pkg/controller/watchers/vd_enqueuer.go    | 12 ++++-----
 .../pkg/controller/watchers/vi_enqueuer.go    |  4 +--
 .../pkg/livemigration/policy.go               |  2 +-
 .../pkg/monitoring/metrics/cvi/collector.go   |  2 +-
 .../pkg/monitoring/metrics/vd/collector.go    |  2 +-
 .../metrics/vdsnapshot/collector.go           |  2 +-
 .../pkg/monitoring/metrics/vi/collector.go    |  2 +-
 .../metrics/virtualmachine/collector.go       |  2 +-
 .../pkg/monitoring/metrics/vmbda/collector.go |  2 +-
 .../pkg/monitoring/metrics/vmop/collector.go  |  2 +-
 .../metrics/vmsnapshot/collector.go           |  2 +-
 src/cli/internal/cmd/lifecycle/vmop/vmop.go   |  8 +++---
 .../internal/cmd/portforward/portforward.go   |  6 ++---
 src/cli/internal/cmd/scp/scp.go               |  4 +--
 src/cli/internal/cmd/scp/wrapped.go           |  2 +-
 src/cli/internal/cmd/ssh/ssh.go               |  4 +--
 src/cli/internal/cmd/ssh/wrapped.go           |  9 +++----
 src/cli/internal/cmd/vnc/vnc.go               | 12 +++++----
 src/cli/internal/templates/target.go          |  8 +++---
 tests/e2e/errlogger/errlogger.go              |  6 ++---
 tests/e2e/tests_suite_test.go                 |  9 ++++---
 tests/e2e/util_test.go                        |  4 +--
 tests/e2e/vd_snapshots_test.go                |  8 +++---
 tests/e2e/vm_disk_attachment_test.go          |  6 ++---
 tests/e2e/vm_label_annotation_test.go         | 10 +++----
 tests/e2e/vm_restore_force_test.go            | 10 +++----
 tools/addlicense/addlicense_test.go           |  2 +-
 73 files changed, 173 insertions(+), 171 deletions(-)

diff --git a/images/virtualization-artifact/pkg/apiserver/registry/vm/storage/storage.go b/images/virtualization-artifact/pkg/apiserver/registry/vm/storage/storage.go
index fe13f2887d..7e7e93dbe3 100644
--- a/images/virtualization-artifact/pkg/apiserver/registry/vm/storage/storage.go
+++ b/images/virtualization-artifact/pkg/apiserver/registry/vm/storage/storage.go
@@ -185,7 +185,7 @@ func (store VirtualMachineStorage) List(ctx context.Context, options *internalve
 	if options != nil {
 		opts = *options
 	}
-	if !(opts.LabelSelector == nil || opts.LabelSelector.Empty()) {
+	if opts.LabelSelector != nil && !opts.LabelSelector.Empty() {
 		labelSelector = opts.LabelSelector
 	}
 
diff --git a/images/virtualization-artifact/pkg/audit/events/forbid/forbid_test.go b/images/virtualization-artifact/pkg/audit/events/forbid/forbid_test.go
index 94d0906873..b23e4f0d1b 100644
--- a/images/virtualization-artifact/pkg/audit/events/forbid/forbid_test.go
+++ b/images/virtualization-artifact/pkg/audit/events/forbid/forbid_test.go
@@ -93,7 +93,7 @@ var _ = Describe("Forbid Events", func() {
 			}
 
 			fakeClient := fake.NewSimpleClientset()
-			fakeClient.Fake.PrependReactor("create", "subjectaccessreviews", func(action kubetesting.Action) (
+			fakeClient.PrependReactor("create", "subjectaccessreviews", func(action kubetesting.Action) (
 				handled bool,
 				ret runtime.Object,
 				err error,
diff --git a/images/virtualization-artifact/pkg/common/array/array.go b/images/virtualization-artifact/pkg/common/array/array.go
index 4a4b05075d..249670a207 100644
--- a/images/virtualization-artifact/pkg/common/array/array.go
+++ b/images/virtualization-artifact/pkg/common/array/array.go
@@ -36,7 +36,7 @@ func SetArrayElem[T any](elems []T, newElem T, matchFunc func(v1, v2 T) bool, re
 	if !isFound {
 		res = append(res, newElem)
 	}
-	return
+	return res
 }
 
 type FilterFunc[T any] func(obj *T) (keep bool)
diff --git a/images/virtualization-artifact/pkg/common/pointer/pointer.go b/images/virtualization-artifact/pkg/common/pointer/pointer.go
index 07280eb87a..18ac88c6f0 100644
--- a/images/virtualization-artifact/pkg/common/pointer/pointer.go
+++ b/images/virtualization-artifact/pkg/common/pointer/pointer.go
@@ -25,7 +25,7 @@ func ToPointersArray[T any](items []T) (res []*T) {
 	for _, item := range items {
 		res = append(res, GetPointer(item))
 	}
-	return
+	return res
 }
 
 func GetPointer[T any](obj T) *T {
diff --git a/images/virtualization-artifact/pkg/controller/cvi/internal/source/http.go b/images/virtualization-artifact/pkg/controller/cvi/internal/source/http.go
index 225b537791..2876ac7fb3 100644
--- a/images/virtualization-artifact/pkg/controller/cvi/internal/source/http.go
+++ b/images/virtualization-artifact/pkg/controller/cvi/internal/source/http.go
@@ -73,7 +73,7 @@ func (ds HTTPDataSource) Sync(ctx context.Context, cvi *virtv2.ClusterVirtualIma
 	cb := conditions.NewConditionBuilder(cvicondition.ReadyType).Generation(cvi.Generation)
 	defer func() {
 		// It is necessary to avoid setting unknown for the ready condition if it was already set to true.
-		if !(cb.Condition().Status == metav1.ConditionUnknown && condition.Status == metav1.ConditionTrue) {
+		if cb.Condition().Status != metav1.ConditionUnknown || condition.Status != metav1.ConditionTrue {
 			conditions.SetCondition(cb, &cvi.Status.Conditions)
 		}
 	}()
diff --git a/images/virtualization-artifact/pkg/controller/cvi/internal/source/object_ref.go b/images/virtualization-artifact/pkg/controller/cvi/internal/source/object_ref.go
index 983b8c074a..aab29937f1 100644
--- a/images/virtualization-artifact/pkg/controller/cvi/internal/source/object_ref.go
+++ b/images/virtualization-artifact/pkg/controller/cvi/internal/source/object_ref.go
@@ -90,7 +90,7 @@ func (ds ObjectRefDataSource) Sync(ctx context.Context, cvi *virtv2.ClusterVirtu
 	cb := conditions.NewConditionBuilder(cvicondition.ReadyType).Generation(cvi.Generation)
 	defer func() {
 		// It is necessary to avoid setting unknown for the ready condition if it was already set to true.
-		if !(cb.Condition().Status == metav1.ConditionUnknown && condition.Status == metav1.ConditionTrue) {
+		if cb.Condition().Status != metav1.ConditionUnknown || condition.Status != metav1.ConditionTrue {
 			conditions.SetCondition(cb, &cvi.Status.Conditions)
 		}
 	}()
diff --git a/images/virtualization-artifact/pkg/controller/cvi/internal/source/registry.go b/images/virtualization-artifact/pkg/controller/cvi/internal/source/registry.go
index c576786c1a..7c7c30ee3c 100644
--- a/images/virtualization-artifact/pkg/controller/cvi/internal/source/registry.go
+++ b/images/virtualization-artifact/pkg/controller/cvi/internal/source/registry.go
@@ -78,7 +78,7 @@ func (ds RegistryDataSource) Sync(ctx context.Context, cvi *virtv2.ClusterVirtua
 	cb := conditions.NewConditionBuilder(cvicondition.ReadyType).Generation(cvi.Generation)
 	defer func() {
 		// It is necessary to avoid setting unknown for the ready condition if it was already set to true.
-		if !(cb.Condition().Status == metav1.ConditionUnknown && condition.Status == metav1.ConditionTrue) {
+		if cb.Condition().Status != metav1.ConditionUnknown || condition.Status != metav1.ConditionTrue {
 			conditions.SetCondition(cb, &cvi.Status.Conditions)
 		}
 	}()
diff --git a/images/virtualization-artifact/pkg/controller/cvi/internal/source/upload.go b/images/virtualization-artifact/pkg/controller/cvi/internal/source/upload.go
index 639a0ed956..bd9251bed7 100644
--- a/images/virtualization-artifact/pkg/controller/cvi/internal/source/upload.go
+++ b/images/virtualization-artifact/pkg/controller/cvi/internal/source/upload.go
@@ -73,7 +73,7 @@ func (ds UploadDataSource) Sync(ctx context.Context, cvi *virtv2.ClusterVirtualI
 	cb := conditions.NewConditionBuilder(cvicondition.ReadyType).Generation(cvi.Generation)
 	defer func() {
 		// It is necessary to avoid setting unknown for the ready condition if it was already set to true.
-		if !(cb.Condition().Status == metav1.ConditionUnknown && condition.Status == metav1.ConditionTrue) {
+		if cb.Condition().Status != metav1.ConditionUnknown || condition.Status != metav1.ConditionTrue {
 			conditions.SetCondition(cb, &cvi.Status.Conditions)
 		}
 	}()
diff --git a/images/virtualization-artifact/pkg/controller/cvi/internal/watcher/vdsnapshot_watcher.go b/images/virtualization-artifact/pkg/controller/cvi/internal/watcher/vdsnapshot_watcher.go
index f026d4af2a..576d476f94 100644
--- a/images/virtualization-artifact/pkg/controller/cvi/internal/watcher/vdsnapshot_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/cvi/internal/watcher/vdsnapshot_watcher.go
@@ -76,7 +76,7 @@ func (w VirtualDiskSnapshotWatcher) enqueueRequests(ctx context.Context, vdSnaps
 	})
 	if err != nil {
 		w.logger.Error(fmt.Sprintf("failed to list cluster virtual images: %s", err))
-		return
+		return requests
 	}
 
 	for _, cvi := range cvis.Items {
@@ -92,7 +92,7 @@ func (w VirtualDiskSnapshotWatcher) enqueueRequests(ctx context.Context, vdSnaps
 		})
 	}
 
-	return
+	return requests
 }
 
 func isSnapshotDataSource(ds virtv2.ClusterVirtualImageDataSource, vdSnapshot metav1.Object) bool {
diff --git a/images/virtualization-artifact/pkg/controller/cvi/internal/watcher/virtualdisk_watcher.go b/images/virtualization-artifact/pkg/controller/cvi/internal/watcher/virtualdisk_watcher.go
index 13f543ed37..88165a737f 100644
--- a/images/virtualization-artifact/pkg/controller/cvi/internal/watcher/virtualdisk_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/cvi/internal/watcher/virtualdisk_watcher.go
@@ -76,7 +76,7 @@ func (w *VirtualDiskWatcher) enqueueRequestsFromVDs(ctx context.Context, vd *vir
 	err := w.client.List(ctx, &cviList, &client.ListOptions{})
 	if err != nil {
 		slog.Default().Error(fmt.Sprintf("failed to list cvi: %s", err))
-		return
+		return requests
 	}
 
 	for _, cvi := range cviList.Items {
@@ -95,5 +95,5 @@ func (w *VirtualDiskWatcher) enqueueRequestsFromVDs(ctx context.Context, vd *vir
 		})
 	}
 
-	return
+	return requests
 }
diff --git a/images/virtualization-artifact/pkg/controller/gc/fake.go b/images/virtualization-artifact/pkg/controller/gc/fake.go
index 162f62e691..2f841cf19f 100644
--- a/images/virtualization-artifact/pkg/controller/gc/fake.go
+++ b/images/virtualization-artifact/pkg/controller/gc/fake.go
@@ -67,7 +67,7 @@ type FakeObject struct {
 func (f FakeObject) DeepCopyObject() runtime.Object {
 	return &FakeObject{
 		TypeMeta:   f.TypeMeta,
-		ObjectMeta: *f.ObjectMeta.DeepCopy(),
+		ObjectMeta: *f.DeepCopy(),
 		RefObject:  f.RefObject,
 		Phase:      f.Phase,
 	}
@@ -91,7 +91,7 @@ func (f *FakeObjectList) DeepCopyObject() runtime.Object {
 
 	return &FakeObjectList{
 		TypeMeta: f.TypeMeta,
-		ListMeta: *f.ListMeta.DeepCopy(),
+		ListMeta: *f.DeepCopy(),
 		Items:    items,
 	}
 }
diff --git a/images/virtualization-artifact/pkg/controller/kvbuilder/kvvm.go b/images/virtualization-artifact/pkg/controller/kvbuilder/kvvm.go
index 0de4203508..c9d91338b1 100644
--- a/images/virtualization-artifact/pkg/controller/kvbuilder/kvvm.go
+++ b/images/virtualization-artifact/pkg/controller/kvbuilder/kvvm.go
@@ -556,7 +556,7 @@ func (b *KVVM) SetNetworkInterface(name, macAddress string) {
 		Name:  name,
 		Model: devPreset.InterfaceModel,
 	}
-	iface.InterfaceBindingMethod.Bridge = &virtv1.InterfaceBridge{}
+	iface.Bridge = &virtv1.InterfaceBridge{}
 	if macAddress != "" {
 		iface.MacAddress = macAddress
 	}
diff --git a/images/virtualization-artifact/pkg/controller/reconciler/resource.go b/images/virtualization-artifact/pkg/controller/reconciler/resource.go
index 4529797772..b280e6c2d5 100644
--- a/images/virtualization-artifact/pkg/controller/reconciler/resource.go
+++ b/images/virtualization-artifact/pkg/controller/reconciler/resource.go
@@ -70,7 +70,7 @@ func (r *Resource[T, ST]) getObjStatus(obj T) (ret ST) {
 	if obj != r.emptyObj {
 		ret = r.objStatusGetter(obj)
 	}
-	return
+	return ret
 }
 
 func (r *Resource[T, ST]) Name() types.NamespacedName {
diff --git a/images/virtualization-artifact/pkg/controller/service/attachment_service.go b/images/virtualization-artifact/pkg/controller/service/attachment_service.go
index f4bbc1aaf7..9b35ee6ddd 100644
--- a/images/virtualization-artifact/pkg/controller/service/attachment_service.go
+++ b/images/virtualization-artifact/pkg/controller/service/attachment_service.go
@@ -218,7 +218,7 @@ func (s AttachmentService) IsConflictedAttachment(ctx context.Context, vmbda *vi
 			return true, vmbdas.Items[i].Name, nil
 		}
 
-		switch vmbdas.Items[i].CreationTimestamp.Time.Compare(vmbda.CreationTimestamp.Time) {
+		switch vmbdas.Items[i].CreationTimestamp.Compare(vmbda.CreationTimestamp.Time) {
 		case -1:
 			// The current VMBDA undergoing reconciliation conflicts with another previously created VMBDA.
 			return true, vmbdas.Items[i].Name, nil
diff --git a/images/virtualization-artifact/pkg/controller/service/disk_service.go b/images/virtualization-artifact/pkg/controller/service/disk_service.go
index 19be9b3b39..564c8aaba7 100644
--- a/images/virtualization-artifact/pkg/controller/service/disk_service.go
+++ b/images/virtualization-artifact/pkg/controller/service/disk_service.go
@@ -273,7 +273,7 @@ func (s DiskService) CleanUpSupplements(ctx context.Context, sup *supplements.Ge
 		})
 
 		if len(pvc.OwnerReferences) != len(ownerReferences) {
-			pvc.ObjectMeta.OwnerReferences = ownerReferences
+			pvc.OwnerReferences = ownerReferences
 			err = s.client.Update(ctx, pvc)
 			if err != nil && !k8serrors.IsNotFound(err) {
 				return false, fmt.Errorf("update owner ref of pvc: %w", err)
diff --git a/images/virtualization-artifact/pkg/controller/service/size_policy_service.go b/images/virtualization-artifact/pkg/controller/service/size_policy_service.go
index b2d1540f92..ae3937eb2d 100644
--- a/images/virtualization-artifact/pkg/controller/service/size_policy_service.go
+++ b/images/virtualization-artifact/pkg/controller/service/size_policy_service.go
@@ -74,14 +74,14 @@ func getVMSizePolicy(vm *virtv2.VirtualMachine, vmClass *virtv2.VirtualMachineCl
 
 func validateCoreFraction(vm *virtv2.VirtualMachine, sp *virtv2.SizingPolicy) (errorsArray []error) {
 	if len(sp.CoreFractions) == 0 {
-		return
+		return errorsArray
 	}
 
 	fractionStr := strings.ReplaceAll(vm.Spec.CPU.CoreFraction, "%", "")
 	fraction, err := strconv.Atoi(fractionStr)
 	if err != nil {
 		errorsArray = append(errorsArray, fmt.Errorf("unable to parse CPU core fraction: %w", err))
-		return
+		return errorsArray
 	}
 
 	hasFractionValueInPolicy := false
@@ -95,12 +95,12 @@ func validateCoreFraction(vm *virtv2.VirtualMachine, sp *virtv2.SizingPolicy) (e
 		errorsArray = append(errorsArray, fmt.Errorf("VM core fraction value %d is not within the allowed values", fraction))
 	}
 
-	return
+	return errorsArray
 }
 
 func validateMemory(vm *virtv2.VirtualMachine, sp *virtv2.SizingPolicy) (errorsArray []error) {
 	if sp.Memory == nil || sp.Memory.Max.IsZero() {
-		return
+		return errorsArray
 	}
 
 	if vm.Spec.Memory.Size.Cmp(sp.Memory.Min) == common.CmpLesser {
@@ -128,12 +128,12 @@ func validateMemory(vm *virtv2.VirtualMachine, sp *virtv2.SizingPolicy) (errorsA
 		}
 	}
 
-	return
+	return errorsArray
 }
 
 func validatePerCoreMemory(vm *virtv2.VirtualMachine, sp *virtv2.SizingPolicy) (errorsArray []error) {
 	if sp.Memory == nil || sp.Memory.PerCore.Max.IsZero() {
-		return
+		return errorsArray
 	}
 
 	// Calculate memory portion per CPU core
@@ -167,7 +167,7 @@ func validatePerCoreMemory(vm *virtv2.VirtualMachine, sp *virtv2.SizingPolicy) (
 		}
 	}
 
-	return
+	return errorsArray
 }
 
 func validateIsQuantized(value, min, max, step resource.Quantity, source string) (err error) {
@@ -178,7 +178,7 @@ func validateIsQuantized(value, min, max, step resource.Quantity, source string)
 		cmpRightResult := value.Cmp(grid[i+1])
 
 		if cmpLeftResult == common.CmpEqual || cmpRightResult == common.CmpEqual {
-			return
+			return err
 		} else if cmpLeftResult == common.CmpGreater && cmpRightResult == common.CmpLesser {
 			err = fmt.Errorf(
 				"requested %s does not match any available values, nearest valid values are [%s, %s]",
@@ -186,11 +186,11 @@ func validateIsQuantized(value, min, max, step resource.Quantity, source string)
 				grid[i].String(),
 				grid[i+1].String(),
 			)
-			return
+			return err
 		}
 	}
 
-	return
+	return err
 }
 
 func generateValidGrid(min, max, step resource.Quantity) []resource.Quantity {
diff --git a/images/virtualization-artifact/pkg/controller/supplements/copier/secret.go b/images/virtualization-artifact/pkg/controller/supplements/copier/secret.go
index 1b35c014aa..89257dfb3c 100644
--- a/images/virtualization-artifact/pkg/controller/supplements/copier/secret.go
+++ b/images/virtualization-artifact/pkg/controller/supplements/copier/secret.go
@@ -81,7 +81,7 @@ func (s Secret) makeSecret(data map[string][]byte, secretType corev1.SecretType)
 	}
 
 	if s.OwnerReference.Name != "" {
-		secret.ObjectMeta.OwnerReferences = []metav1.OwnerReference{
+		secret.OwnerReferences = []metav1.OwnerReference{
 			s.OwnerReference,
 		}
 	}
diff --git a/images/virtualization-artifact/pkg/controller/vd/internal/watcher/pvc_watcher.go b/images/virtualization-artifact/pkg/controller/vd/internal/watcher/pvc_watcher.go
index 2fee36c3ed..b2900d6b41 100644
--- a/images/virtualization-artifact/pkg/controller/vd/internal/watcher/pvc_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vd/internal/watcher/pvc_watcher.go
@@ -97,7 +97,7 @@ func (w PersistentVolumeClaimWatcher) enqueueRequestsFromOwnerRefsRecursively(ct
 		}
 	}
 
-	return
+	return requests
 }
 
 func (w PersistentVolumeClaimWatcher) filterUpdateEvents(e event.TypedUpdateEvent[*corev1.PersistentVolumeClaim]) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vd/internal/watcher/resource_quota_watcher.go b/images/virtualization-artifact/pkg/controller/vd/internal/watcher/resource_quota_watcher.go
index 4b40c0ede6..e36a666852 100644
--- a/images/virtualization-artifact/pkg/controller/vd/internal/watcher/resource_quota_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vd/internal/watcher/resource_quota_watcher.go
@@ -73,7 +73,7 @@ func (w ResourceQuotaWatcher) enqueueRequests(ctx context.Context, obj client.Ob
 	err := w.client.List(ctx, &vds, client.InNamespace(obj.GetNamespace()))
 	if err != nil {
 		w.logger.Error(fmt.Sprintf("failed to get virtual disks: %s", err))
-		return
+		return requests
 	}
 
 	for _, vd := range vds.Items {
@@ -86,5 +86,5 @@ func (w ResourceQuotaWatcher) enqueueRequests(ctx context.Context, obj client.Ob
 		}
 	}
 
-	return
+	return requests
 }
diff --git a/images/virtualization-artifact/pkg/controller/vd/internal/watcher/vdsnapshot_watcher.go b/images/virtualization-artifact/pkg/controller/vd/internal/watcher/vdsnapshot_watcher.go
index c7f8d65764..713dd479f6 100644
--- a/images/virtualization-artifact/pkg/controller/vd/internal/watcher/vdsnapshot_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vd/internal/watcher/vdsnapshot_watcher.go
@@ -74,7 +74,7 @@ func (w VirtualDiskSnapshotWatcher) enqueueRequests(ctx context.Context, vdSnaps
 	}, w.client, &virtv2.VirtualDisk{})
 	if err != nil {
 		w.logger.Error(fmt.Sprintf("failed to get virtual disk: %s", err))
-		return
+		return requests
 	}
 
 	if vd != nil {
@@ -96,7 +96,7 @@ func (w VirtualDiskSnapshotWatcher) enqueueRequests(ctx context.Context, vdSnaps
 	})
 	if err != nil {
 		w.logger.Error(fmt.Sprintf("failed to list virtual disks: %s", err))
-		return
+		return requests
 	}
 
 	for _, vd := range vds.Items {
@@ -113,7 +113,7 @@ func (w VirtualDiskSnapshotWatcher) enqueueRequests(ctx context.Context, vdSnaps
 		})
 	}
 
-	return
+	return requests
 }
 
 func isSnapshotDataSource(ds *virtv2.VirtualDiskDataSource, vdSnapshotName string) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vdsnapshot/internal/watcher/vd_watcher.go b/images/virtualization-artifact/pkg/controller/vdsnapshot/internal/watcher/vd_watcher.go
index ddaf29dde5..fe58ecf34f 100644
--- a/images/virtualization-artifact/pkg/controller/vdsnapshot/internal/watcher/vd_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vdsnapshot/internal/watcher/vd_watcher.go
@@ -67,7 +67,7 @@ func (w VirtualDiskWatcher) enqueueRequests(ctx context.Context, vd *virtv2.Virt
 	})
 	if err != nil {
 		slog.Default().Error(fmt.Sprintf("failed to list vdsnapshots: %s", err))
-		return
+		return requests
 	}
 
 	for _, vdSnapshot := range vdSnapshots.Items {
@@ -83,7 +83,7 @@ func (w VirtualDiskWatcher) enqueueRequests(ctx context.Context, vd *virtv2.Virt
 		})
 	}
 
-	return
+	return requests
 }
 
 func (w VirtualDiskWatcher) filterUpdateEvents(e event.TypedUpdateEvent[*virtv2.VirtualDisk]) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vdsnapshot/internal/watcher/vm_watcher.go b/images/virtualization-artifact/pkg/controller/vdsnapshot/internal/watcher/vm_watcher.go
index 6f32b8df96..b96607573d 100644
--- a/images/virtualization-artifact/pkg/controller/vdsnapshot/internal/watcher/vm_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vdsnapshot/internal/watcher/vm_watcher.go
@@ -71,7 +71,7 @@ func (w VirtualMachineWatcher) enqueueRequests(ctx context.Context, vm *virtv2.V
 	}
 
 	if len(vdByName) == 0 {
-		return
+		return requests
 	}
 
 	var vdSnapshots virtv2.VirtualDiskSnapshotList
@@ -80,7 +80,7 @@ func (w VirtualMachineWatcher) enqueueRequests(ctx context.Context, vm *virtv2.V
 	})
 	if err != nil {
 		slog.Default().Error(fmt.Sprintf("failed to list virtual disk snapshots: %s", err))
-		return
+		return requests
 	}
 
 	for _, vdSnapshot := range vdSnapshots.Items {
@@ -97,7 +97,7 @@ func (w VirtualMachineWatcher) enqueueRequests(ctx context.Context, vm *virtv2.V
 		})
 	}
 
-	return
+	return requests
 }
 
 func (w VirtualMachineWatcher) filterUpdateEvents(e event.TypedUpdateEvent[*virtv2.VirtualMachine]) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vi/internal/service/vi_storage_class_service_test.go b/images/virtualization-artifact/pkg/controller/vi/internal/service/vi_storage_class_service_test.go
index e6020ba7d1..a4146734f7 100644
--- a/images/virtualization-artifact/pkg/controller/vi/internal/service/vi_storage_class_service_test.go
+++ b/images/virtualization-artifact/pkg/controller/vi/internal/service/vi_storage_class_service_test.go
@@ -21,7 +21,7 @@ import (
 
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
-	v1 "k8s.io/api/core/v1"
+	corev1 "k8s.io/api/core/v1"
 	storagev1 "k8s.io/api/storage/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/utils/ptr"
@@ -215,8 +215,8 @@ var _ = Describe("VirtualImageStorageClassService", func() {
 					Status: cdiv1.StorageProfileStatus{
 						ClaimPropertySets: []cdiv1.ClaimPropertySet{
 							{
-								AccessModes: []v1.PersistentVolumeAccessMode{v1.ReadWriteMany},
-								VolumeMode:  ptr.To(v1.PersistentVolumeFilesystem),
+								AccessModes: []corev1.PersistentVolumeAccessMode{corev1.ReadWriteMany},
+								VolumeMode:  ptr.To(corev1.PersistentVolumeFilesystem),
 							},
 						},
 					},
@@ -235,16 +235,16 @@ var _ = Describe("VirtualImageStorageClassService", func() {
 					Status: cdiv1.StorageProfileStatus{
 						ClaimPropertySets: []cdiv1.ClaimPropertySet{
 							{
-								AccessModes: []v1.PersistentVolumeAccessMode{v1.ReadWriteOnce},
-								VolumeMode:  ptr.To(v1.PersistentVolumeFilesystem),
+								AccessModes: []corev1.PersistentVolumeAccessMode{corev1.ReadWriteOnce},
+								VolumeMode:  ptr.To(corev1.PersistentVolumeFilesystem),
 							},
 							{
-								AccessModes: []v1.PersistentVolumeAccessMode{v1.ReadWriteMany},
-								VolumeMode:  ptr.To(v1.PersistentVolumeBlock),
+								AccessModes: []corev1.PersistentVolumeAccessMode{corev1.ReadWriteMany},
+								VolumeMode:  ptr.To(corev1.PersistentVolumeBlock),
 							},
 							{
-								AccessModes: []v1.PersistentVolumeAccessMode{v1.ReadWriteOnce},
-								VolumeMode:  ptr.To(v1.PersistentVolumeBlock),
+								AccessModes: []corev1.PersistentVolumeAccessMode{corev1.ReadWriteOnce},
+								VolumeMode:  ptr.To(corev1.PersistentVolumeBlock),
 							},
 						},
 					},
@@ -263,12 +263,12 @@ var _ = Describe("VirtualImageStorageClassService", func() {
 					Status: cdiv1.StorageProfileStatus{
 						ClaimPropertySets: []cdiv1.ClaimPropertySet{
 							{
-								AccessModes: []v1.PersistentVolumeAccessMode{v1.ReadWriteOnce},
-								VolumeMode:  ptr.To(v1.PersistentVolumeBlock),
+								AccessModes: []corev1.PersistentVolumeAccessMode{corev1.ReadWriteOnce},
+								VolumeMode:  ptr.To(corev1.PersistentVolumeBlock),
 							},
 							{
-								AccessModes: []v1.PersistentVolumeAccessMode{v1.ReadWriteMany},
-								VolumeMode:  ptr.To(v1.PersistentVolumeFilesystem),
+								AccessModes: []corev1.PersistentVolumeAccessMode{corev1.ReadWriteMany},
+								VolumeMode:  ptr.To(corev1.PersistentVolumeFilesystem),
 							},
 						},
 					},
diff --git a/images/virtualization-artifact/pkg/controller/vi/internal/source/sources.go b/images/virtualization-artifact/pkg/controller/vi/internal/source/sources.go
index 72674d6b00..04e9766789 100644
--- a/images/virtualization-artifact/pkg/controller/vi/internal/source/sources.go
+++ b/images/virtualization-artifact/pkg/controller/vi/internal/source/sources.go
@@ -115,8 +115,8 @@ func setPhaseConditionForFinishedImage(
 	phase *virtv2.ImagePhase,
 	supgen *supplements.Generator,
 ) {
-	switch {
-	case pvc == nil:
+	switch pvc {
+	case nil:
 		*phase = virtv2.ImageLost
 		cb.
 			Status(metav1.ConditionFalse).
diff --git a/images/virtualization-artifact/pkg/controller/vi/internal/watcher/vdsnapshot_watcher.go b/images/virtualization-artifact/pkg/controller/vi/internal/watcher/vdsnapshot_watcher.go
index 3a4d974b83..221b4bfa00 100644
--- a/images/virtualization-artifact/pkg/controller/vi/internal/watcher/vdsnapshot_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vi/internal/watcher/vdsnapshot_watcher.go
@@ -75,7 +75,7 @@ func (w VirtualDiskSnapshotWatcher) enqueueRequests(ctx context.Context, vdSnaps
 	})
 	if err != nil {
 		w.logger.Error(fmt.Sprintf("failed to list virtual images: %s", err))
-		return
+		return requests
 	}
 
 	for _, vi := range vis.Items {
@@ -92,7 +92,7 @@ func (w VirtualDiskSnapshotWatcher) enqueueRequests(ctx context.Context, vdSnaps
 		})
 	}
 
-	return
+	return requests
 }
 
 func isSnapshotDataSource(ds virtv2.VirtualImageDataSource, vdSnapshotName string) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vi/internal/watcher/virdualdisk_watcher.go b/images/virtualization-artifact/pkg/controller/vi/internal/watcher/virdualdisk_watcher.go
index 7d3fad3f8f..bbbbfc08c2 100644
--- a/images/virtualization-artifact/pkg/controller/vi/internal/watcher/virdualdisk_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vi/internal/watcher/virdualdisk_watcher.go
@@ -76,7 +76,7 @@ func (w *VirtualDiskWatcher) enqueueRequestsFromVDs(ctx context.Context, vd *vir
 	})
 	if err != nil {
 		slog.Default().Error(fmt.Sprintf("failed to list vi: %s", err))
-		return
+		return requests
 	}
 
 	for _, vi := range viList.Items {
@@ -96,5 +96,5 @@ func (w *VirtualDiskWatcher) enqueueRequestsFromVDs(ctx context.Context, vd *vir
 		})
 	}
 
-	return
+	return requests
 }
diff --git a/images/virtualization-artifact/pkg/controller/vi/internal/watcher/vm_watcher.go b/images/virtualization-artifact/pkg/controller/vi/internal/watcher/vm_watcher.go
index 66a8055667..f36143526c 100644
--- a/images/virtualization-artifact/pkg/controller/vi/internal/watcher/vm_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vi/internal/watcher/vm_watcher.go
@@ -97,7 +97,7 @@ func (w VirtualMachineWatcher) enqueueRequests(ctx context.Context, vm *virtv2.V
 		})
 	}
 
-	return
+	return requests
 }
 
 func (w VirtualMachineWatcher) hasVirtualImageRef(vm *virtv2.VirtualMachine) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vm/internal/util.go b/images/virtualization-artifact/pkg/controller/vm/internal/util.go
index b30be3ae0b..276396c3e3 100644
--- a/images/virtualization-artifact/pkg/controller/vm/internal/util.go
+++ b/images/virtualization-artifact/pkg/controller/vm/internal/util.go
@@ -51,7 +51,7 @@ func addAllUnknown(vm *virtv2.VirtualMachine, conds ...vmcondition.Type) (update
 		conditions.SetCondition(cb, &vm.Status.Conditions)
 		update = true
 	}
-	return
+	return update
 }
 
 func conditionStatus(status string) metav1.ConditionStatus {
diff --git a/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/cvi_watcher.go b/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/cvi_watcher.go
index bbfa6b2b03..215f4372bd 100644
--- a/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/cvi_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/cvi_watcher.go
@@ -75,7 +75,7 @@ func (w ClusterVirtualImageWatcher) enqueueRequests(ctx context.Context, cvi *vi
 	err := w.client.List(ctx, &vmbdas)
 	if err != nil {
 		slog.Default().Error(fmt.Sprintf("failed to list vmbdas: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmbda := range vmbdas.Items {
@@ -91,5 +91,5 @@ func (w ClusterVirtualImageWatcher) enqueueRequests(ctx context.Context, cvi *vi
 		})
 	}
 
-	return
+	return requests
 }
diff --git a/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/vd_watcher.go b/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/vd_watcher.go
index c8de235a8b..8bcff28425 100644
--- a/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/vd_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/vd_watcher.go
@@ -77,7 +77,7 @@ func (w VirtualDiskWatcher) enqueueRequests(ctx context.Context, vd *virtv2.Virt
 	})
 	if err != nil {
 		slog.Default().Error(fmt.Sprintf("failed to list vmbdas: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmbda := range vmbdas.Items {
@@ -93,5 +93,5 @@ func (w VirtualDiskWatcher) enqueueRequests(ctx context.Context, vd *virtv2.Virt
 		})
 	}
 
-	return
+	return requests
 }
diff --git a/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/vi_watcher.go b/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/vi_watcher.go
index e3991f6f89..60b746ce60 100644
--- a/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/vi_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/vi_watcher.go
@@ -77,7 +77,7 @@ func (w VirtualImageWatcher) enqueueRequests(ctx context.Context, vi *virtv2.Vir
 	})
 	if err != nil {
 		slog.Default().Error(fmt.Sprintf("failed to list vmbdas: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmbda := range vmbdas.Items {
@@ -93,5 +93,5 @@ func (w VirtualImageWatcher) enqueueRequests(ctx context.Context, vi *virtv2.Vir
 		})
 	}
 
-	return
+	return requests
 }
diff --git a/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/vm_watcher.go b/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/vm_watcher.go
index 80ea898e6b..208c59fc93 100644
--- a/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/vm_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmbda/internal/watcher/vm_watcher.go
@@ -78,7 +78,7 @@ func (w VirtualMachineWatcher) enqueueRequests(ctx context.Context, vm *virtv2.V
 	})
 	if err != nil {
 		slog.Default().Error(fmt.Sprintf("failed to list vmbdas: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmbda := range vmbdas.Items {
@@ -94,7 +94,7 @@ func (w VirtualMachineWatcher) enqueueRequests(ctx context.Context, vm *virtv2.V
 		})
 	}
 
-	return
+	return requests
 }
 
 func (w VirtualMachineWatcher) hasBlockDeviceAttachmentChanges(oldVM, newVM *virtv2.VirtualMachine) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vmclass/internal/util.go b/images/virtualization-artifact/pkg/controller/vmclass/internal/util.go
index 7e9f8d91a7..2c5ce7fa9f 100644
--- a/images/virtualization-artifact/pkg/controller/vmclass/internal/util.go
+++ b/images/virtualization-artifact/pkg/controller/vmclass/internal/util.go
@@ -41,5 +41,5 @@ func addAllUnknown(class *virtv2.VirtualMachineClass, conds ...vmclasscondition.
 		}
 	}
 	class.Status.Conditions = mgr.Generate()
-	return
+	return update
 }
diff --git a/images/virtualization-artifact/pkg/controller/vmip/internal/watcher/vmiplease_watcher.go b/images/virtualization-artifact/pkg/controller/vmip/internal/watcher/vmiplease_watcher.go
index 25b0acbb03..20af552110 100644
--- a/images/virtualization-artifact/pkg/controller/vmip/internal/watcher/vmiplease_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmip/internal/watcher/vmiplease_watcher.go
@@ -76,7 +76,7 @@ func (w VirtualMachineIPAddressLeaseWatcher) enqueueRequests(ctx context.Context
 	err := w.client.List(ctx, &vmips, &opts)
 	if err != nil {
 		w.logger.Error(fmt.Sprintf("failed to list vmips: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmip := range vmips.Items {
@@ -88,5 +88,5 @@ func (w VirtualMachineIPAddressLeaseWatcher) enqueueRequests(ctx context.Context
 		})
 	}
 
-	return
+	return requests
 }
diff --git a/images/virtualization-artifact/pkg/controller/vmiplease/internal/retention_handler.go b/images/virtualization-artifact/pkg/controller/vmiplease/internal/retention_handler.go
index 787ba94cce..f092e39226 100644
--- a/images/virtualization-artifact/pkg/controller/vmiplease/internal/retention_handler.go
+++ b/images/virtualization-artifact/pkg/controller/vmiplease/internal/retention_handler.go
@@ -54,7 +54,7 @@ func (h *RetentionHandler) Handle(ctx context.Context, lease *virtv2.VirtualMach
 	if boundCondition.Reason == vmiplcondition.Released.String() && conditions.IsLastUpdated(boundCondition, lease) {
 		currentTime := time.Now().UTC()
 
-		duration := currentTime.Sub(boundCondition.LastTransitionTime.Time.UTC())
+		duration := currentTime.Sub(boundCondition.LastTransitionTime.UTC())
 		if duration >= h.retentionDuration {
 			log.Info(fmt.Sprintf("Released VirtualMachineIPAddressLease has not been used for more than %s. It will be deleted now.", h.retentionDuration.String()))
 
diff --git a/images/virtualization-artifact/pkg/controller/vmiplease/internal/watcher/vmip_watcher.go b/images/virtualization-artifact/pkg/controller/vmiplease/internal/watcher/vmip_watcher.go
index 522002e028..064d9263ed 100644
--- a/images/virtualization-artifact/pkg/controller/vmiplease/internal/watcher/vmip_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmiplease/internal/watcher/vmip_watcher.go
@@ -67,7 +67,7 @@ func (w VirtualMachineIPAddressWatcher) enqueueRequests(ctx context.Context, vmi
 	err := w.client.List(ctx, &leases, &client.ListOptions{})
 	if err != nil {
 		w.logger.Error(fmt.Sprintf("failed to list leases: %s", err))
-		return
+		return requests
 	}
 
 	for _, lease := range leases.Items {
diff --git a/images/virtualization-artifact/pkg/controller/vmmac/internal/watcher/vmmaclease_watcher.go b/images/virtualization-artifact/pkg/controller/vmmac/internal/watcher/vmmaclease_watcher.go
index 97566ffd7d..6d71472163 100644
--- a/images/virtualization-artifact/pkg/controller/vmmac/internal/watcher/vmmaclease_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmmac/internal/watcher/vmmaclease_watcher.go
@@ -67,7 +67,7 @@ func (w VirtualMachineMACAddressLeaseWatcher) Watch(mgr manager.Manager, ctr con
 					}
 				}
 
-				return
+				return requests
 			}),
 			predicate.TypedFuncs[*virtv2.VirtualMachineMACAddressLease]{
 				CreateFunc: func(e event.TypedCreateEvent[*virtv2.VirtualMachineMACAddressLease]) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/kvvm_watcher.go b/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/kvvm_watcher.go
index b85f60b1cf..2fe76acc01 100644
--- a/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/kvvm_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/kvvm_watcher.go
@@ -63,7 +63,7 @@ func (w InternalVirtualMachineWatcher) enqueueRequests(ctx context.Context, kvvm
 	})
 	if err != nil {
 		log.Error(fmt.Sprintf("failed to list vmRestores: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmRestore := range vmRestores.Items {
@@ -72,7 +72,7 @@ func (w InternalVirtualMachineWatcher) enqueueRequests(ctx context.Context, kvvm
 		err := w.client.Get(ctx, types.NamespacedName{Name: vmSnapshotName, Namespace: kvvm.GetNamespace()}, &vmSnapshot)
 		if err != nil {
 			log.Error(fmt.Sprintf("failed to get vmSnapshot: %s", err))
-			return
+			return requests
 		}
 
 		if w.isKvvmNameMatch(kvvm.Name, vmSnapshot.Spec.VirtualMachineName, vmRestore.Spec.NameReplacements) {
@@ -85,7 +85,7 @@ func (w InternalVirtualMachineWatcher) enqueueRequests(ctx context.Context, kvvm
 		}
 	}
 
-	return
+	return requests
 }
 
 func (w InternalVirtualMachineWatcher) isKvvmNameMatch(kvvmName, restoredName string, nameReplacements []virtv2.NameReplacement) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vd_watcher.go b/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vd_watcher.go
index fa35ac0416..6afa2ebe79 100644
--- a/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vd_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vd_watcher.go
@@ -60,7 +60,7 @@ func (w VirtualDiskWatcher) enqueueRequests(ctx context.Context, vd *virtv2.Virt
 	})
 	if err != nil {
 		log.Error(fmt.Sprintf("failed to list vmRestores: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmRestore := range vmRestores.Items {
@@ -69,14 +69,14 @@ func (w VirtualDiskWatcher) enqueueRequests(ctx context.Context, vd *virtv2.Virt
 		err := w.client.Get(ctx, types.NamespacedName{Name: vmSnapshotName, Namespace: vd.GetNamespace()}, &vmSnapshot)
 		if err != nil {
 			log.Error(fmt.Sprintf("failed to get vmSnapshot: %s", err))
-			return
+			return requests
 		}
 		for _, vdsnapshotName := range vmSnapshot.Status.VirtualDiskSnapshotNames {
 			var vdSnapshot virtv2.VirtualDiskSnapshot
 			err := w.client.Get(ctx, types.NamespacedName{Name: vdsnapshotName, Namespace: vd.GetNamespace()}, &vdSnapshot)
 			if err != nil {
 				log.Error(fmt.Sprintf("failed to get vdSnapshot: %s", err))
-				return
+				return requests
 			}
 
 			if w.isVdNameMatch(vd.Name, vdSnapshot.Spec.VirtualDiskName, vmRestore.Spec.NameReplacements) {
@@ -90,7 +90,7 @@ func (w VirtualDiskWatcher) enqueueRequests(ctx context.Context, vd *virtv2.Virt
 		}
 	}
 
-	return
+	return requests
 }
 
 func (w VirtualDiskWatcher) isVdNameMatch(vdName, restoredName string, nameReplacements []virtv2.NameReplacement) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vm_watcher.go b/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vm_watcher.go
index b424ae3358..fa0a760faa 100644
--- a/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vm_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vm_watcher.go
@@ -60,7 +60,7 @@ func (w VirtualMachineWatcher) enqueueRequests(ctx context.Context, vm *virtv2.V
 	})
 	if err != nil {
 		log.Error(fmt.Sprintf("failed to list vmRestores: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmRestore := range vmRestores.Items {
@@ -69,7 +69,7 @@ func (w VirtualMachineWatcher) enqueueRequests(ctx context.Context, vm *virtv2.V
 		err := w.client.Get(ctx, types.NamespacedName{Name: vmSnapshotName, Namespace: vm.GetNamespace()}, &vmSnapshot)
 		if err != nil {
 			log.Error(fmt.Sprintf("failed to get vmSnapshot: %s", err))
-			return
+			return requests
 		}
 
 		if w.isVMNameMatch(vm.Name, vmSnapshot.Spec.VirtualMachineName, vmRestore.Spec.NameReplacements) {
@@ -82,7 +82,7 @@ func (w VirtualMachineWatcher) enqueueRequests(ctx context.Context, vm *virtv2.V
 		}
 	}
 
-	return
+	return requests
 }
 
 func (w VirtualMachineWatcher) isVMNameMatch(vmName, restoredName string, nameReplacements []virtv2.NameReplacement) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vmbda_watcher.go b/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vmbda_watcher.go
index 31c3a975c2..d61bde222e 100644
--- a/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vmbda_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vmbda_watcher.go
@@ -65,7 +65,7 @@ func (w VirtualMachineBlockDeviceAttachmentWatcher) enqueueRequests(ctx context.
 	})
 	if err != nil {
 		log.Error(fmt.Sprintf("failed to list vmRestores: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmRestore := range vmRestores.Items {
@@ -74,25 +74,25 @@ func (w VirtualMachineBlockDeviceAttachmentWatcher) enqueueRequests(ctx context.
 		err := w.client.Get(ctx, types.NamespacedName{Name: vmSnapshotName, Namespace: vmbda.GetNamespace()}, &vmSnapshot)
 		if err != nil {
 			log.Error(fmt.Sprintf("failed to get vmSnapshot: %s", err))
-			return
+			return requests
 		}
 
 		restorerSecretKey := types.NamespacedName{Namespace: vmSnapshot.Namespace, Name: vmSnapshot.Status.VirtualMachineSnapshotSecretName}
 		restorerSecret, err := object.FetchObject(ctx, restorerSecretKey, w.client, &corev1.Secret{})
 		if err != nil {
 			log.Error(fmt.Sprintf("failed to get virtualMachineSnapshotSecret: %s", err))
-			return
+			return requests
 		}
 
 		if restorerSecret == nil {
 			log.Error(fmt.Sprintf("virtualMachineSnapshotSecret %q not found", vmSnapshot.Status.VirtualMachineSnapshotSecretName))
-			return
+			return requests
 		}
 
 		vmbdas, err := w.restorer.RestoreVirtualMachineBlockDeviceAttachments(ctx, restorerSecret)
 		if err != nil {
 			log.Error(fmt.Sprintf("failed to extract vmbda resources from the virtualMachineSnapshotSecret: %s", err))
-			return
+			return requests
 		}
 
 		for _, eVmbda := range vmbdas {
@@ -107,7 +107,7 @@ func (w VirtualMachineBlockDeviceAttachmentWatcher) enqueueRequests(ctx context.
 		}
 	}
 
-	return
+	return requests
 }
 
 func (w VirtualMachineBlockDeviceAttachmentWatcher) isVmbdaNameMatch(vmbdaName, restoredName string, nameReplacements []virtv2.NameReplacement) bool {
diff --git a/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vmsnapshot_watcher.go b/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vmsnapshot_watcher.go
index 5af989c202..aeeb0ff148 100644
--- a/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vmsnapshot_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmrestore/internal/watcher/vmsnapshot_watcher.go
@@ -70,7 +70,7 @@ func (w VirtualMachineSnapshotWatcher) enqueueRequests(ctx context.Context, vmSn
 	})
 	if err != nil {
 		log.Error(fmt.Sprintf("failed to list virtual machine restores: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmRestore := range vmRestores.Items {
@@ -82,5 +82,5 @@ func (w VirtualMachineSnapshotWatcher) enqueueRequests(ctx context.Context, vmSn
 		})
 	}
 
-	return
+	return requests
 }
diff --git a/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/vd_watcher.go b/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/vd_watcher.go
index f113c406e8..f2b278ef5e 100644
--- a/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/vd_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/vd_watcher.go
@@ -86,7 +86,7 @@ func (w VirtualDiskWatcher) enqueueRequests(ctx context.Context, vd *virtv2.Virt
 	})
 	if err != nil {
 		slog.Default().Error(fmt.Sprintf("failed to list virtual machine snapshots: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmSnapshot := range vmSnapshots.Items {
@@ -109,5 +109,5 @@ func (w VirtualDiskWatcher) enqueueRequests(ctx context.Context, vd *virtv2.Virt
 		}
 	}
 
-	return
+	return requests
 }
diff --git a/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/vdsnapshot_watcher.go b/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/vdsnapshot_watcher.go
index 83012af437..ad437cb98f 100644
--- a/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/vdsnapshot_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/vdsnapshot_watcher.go
@@ -71,7 +71,7 @@ func (w VirtualDiskSnapshotWatcher) enqueueRequests(ctx context.Context, vdSnaps
 	})
 	if err != nil {
 		slog.Default().Error(fmt.Sprintf("failed to list virtual machine snapshots: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmSnapshot := range vmSnapshots.Items {
@@ -83,5 +83,5 @@ func (w VirtualDiskSnapshotWatcher) enqueueRequests(ctx context.Context, vdSnaps
 		})
 	}
 
-	return
+	return requests
 }
diff --git a/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/vm_watcher.go b/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/vm_watcher.go
index 0a423aa943..573c05a758 100644
--- a/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/vm_watcher.go
+++ b/images/virtualization-artifact/pkg/controller/vmsnapshot/internal/watcher/vm_watcher.go
@@ -71,7 +71,7 @@ func (w VirtualMachineWatcher) enqueueRequests(ctx context.Context, vm *virtv2.V
 	})
 	if err != nil {
 		slog.Default().Error(fmt.Sprintf("failed to list virtual machine snapshots: %s", err))
-		return
+		return requests
 	}
 
 	for _, vmSnapshot := range vmSnapshots.Items {
@@ -85,7 +85,7 @@ func (w VirtualMachineWatcher) enqueueRequests(ctx context.Context, vm *virtv2.V
 		}
 	}
 
-	return
+	return requests
 }
 
 func (w VirtualMachineWatcher) filterUpdateEvents(e event.TypedUpdateEvent[*virtv2.VirtualMachine]) bool {
diff --git a/images/virtualization-artifact/pkg/controller/watchers/cvi_enqueuer.go b/images/virtualization-artifact/pkg/controller/watchers/cvi_enqueuer.go
index e8824b5bae..370e00aeb8 100644
--- a/images/virtualization-artifact/pkg/controller/watchers/cvi_enqueuer.go
+++ b/images/virtualization-artifact/pkg/controller/watchers/cvi_enqueuer.go
@@ -56,7 +56,7 @@ func (w ClusterVirtualImageRequestEnqueuer) EnqueueRequests(ctx context.Context,
 	err := w.client.List(ctx, &cvis)
 	if err != nil {
 		w.logger.Error(fmt.Sprintf("failed to list cvi: %s", err))
-		return
+		return requests
 	}
 
 	for _, cvi := range cvis.Items {
@@ -84,5 +84,5 @@ func (w ClusterVirtualImageRequestEnqueuer) EnqueueRequests(ctx context.Context,
 		}
 	}
 
-	return
+	return requests
 }
diff --git a/images/virtualization-artifact/pkg/controller/watchers/vd_enqueuer.go b/images/virtualization-artifact/pkg/controller/watchers/vd_enqueuer.go
index 9a9c571057..33e9f395f0 100644
--- a/images/virtualization-artifact/pkg/controller/watchers/vd_enqueuer.go
+++ b/images/virtualization-artifact/pkg/controller/watchers/vd_enqueuer.go
@@ -56,7 +56,7 @@ func (w VirtualDiskRequestEnqueuer) EnqueueRequestsFromVDs(ctx context.Context,
 	err := w.client.List(ctx, &vds)
 	if err != nil {
 		w.logger.Error(fmt.Sprintf("failed to list vd: %s", err))
-		return
+		return requests
 	}
 
 	for _, vd := range vds.Items {
@@ -86,7 +86,7 @@ func (w VirtualDiskRequestEnqueuer) EnqueueRequestsFromVDs(ctx context.Context,
 		}
 	}
 
-	return
+	return requests
 }
 
 func (w VirtualDiskRequestEnqueuer) EnqueueRequestsFromVIs(obj client.Object) (requests []reconcile.Request) {
@@ -94,7 +94,7 @@ func (w VirtualDiskRequestEnqueuer) EnqueueRequestsFromVIs(obj client.Object) (r
 		vi, ok := obj.(*virtv2.VirtualImage)
 		if !ok {
 			w.logger.Error(fmt.Sprintf("expected a VirtualImage but got a %T", obj))
-			return
+			return requests
 		}
 
 		if vi.Spec.DataSource.Type == virtv2.DataSourceTypeObjectRef && vi.Spec.DataSource.ObjectRef != nil && vi.Spec.DataSource.ObjectRef.Kind == virtv2.VirtualDiskKind {
@@ -106,7 +106,7 @@ func (w VirtualDiskRequestEnqueuer) EnqueueRequestsFromVIs(obj client.Object) (r
 			})
 		}
 	}
-	return
+	return requests
 }
 
 func (w VirtualDiskRequestEnqueuer) EnqueueRequestsFromCVIs(obj client.Object) (requests []reconcile.Request) {
@@ -114,7 +114,7 @@ func (w VirtualDiskRequestEnqueuer) EnqueueRequestsFromCVIs(obj client.Object) (
 		cvi, ok := obj.(*virtv2.ClusterVirtualImage)
 		if !ok {
 			w.logger.Error(fmt.Sprintf("expected a ClusterVirtualImage but got a %T", obj))
-			return
+			return requests
 		}
 
 		if cvi.Spec.DataSource.Type == virtv2.DataSourceTypeObjectRef && cvi.Spec.DataSource.ObjectRef != nil && cvi.Spec.DataSource.ObjectRef.Kind == virtv2.VirtualDiskKind {
@@ -126,7 +126,7 @@ func (w VirtualDiskRequestEnqueuer) EnqueueRequestsFromCVIs(obj client.Object) (
 			})
 		}
 	}
-	return
+	return requests
 }
 
 func (w VirtualDiskRequestEnqueuer) EnqueueRequests(ctx context.Context, obj client.Object) (requests []reconcile.Request) {
diff --git a/images/virtualization-artifact/pkg/controller/watchers/vi_enqueuer.go b/images/virtualization-artifact/pkg/controller/watchers/vi_enqueuer.go
index 5d9ae58959..fef46066f3 100644
--- a/images/virtualization-artifact/pkg/controller/watchers/vi_enqueuer.go
+++ b/images/virtualization-artifact/pkg/controller/watchers/vi_enqueuer.go
@@ -56,7 +56,7 @@ func (w VirtualImageRequestEnqueuer) EnqueueRequests(ctx context.Context, obj cl
 	err := w.client.List(ctx, &vis)
 	if err != nil {
 		w.logger.Error(fmt.Sprintf("failed to list vi: %s", err))
-		return
+		return requests
 	}
 
 	for _, vi := range vis.Items {
@@ -85,5 +85,5 @@ func (w VirtualImageRequestEnqueuer) EnqueueRequests(ctx context.Context, obj cl
 		}
 	}
 
-	return
+	return requests
 }
diff --git a/images/virtualization-artifact/pkg/livemigration/policy.go b/images/virtualization-artifact/pkg/livemigration/policy.go
index a0c3acaba1..ccde0ac653 100644
--- a/images/virtualization-artifact/pkg/livemigration/policy.go
+++ b/images/virtualization-artifact/pkg/livemigration/policy.go
@@ -72,5 +72,5 @@ func CalculateEffectivePolicy(vm v1alpha2.VirtualMachine, vmop *v1alpha2.Virtual
 		autoConverge = *autoConvergePtr
 	}
 
-	return
+	return effectivePolicy, autoConverge, err
 }
diff --git a/images/virtualization-artifact/pkg/monitoring/metrics/cvi/collector.go b/images/virtualization-artifact/pkg/monitoring/metrics/cvi/collector.go
index 8ebbad1438..a3e52874df 100644
--- a/images/virtualization-artifact/pkg/monitoring/metrics/cvi/collector.go
+++ b/images/virtualization-artifact/pkg/monitoring/metrics/cvi/collector.go
@@ -64,7 +64,7 @@ func (c Collector) Collect(ch chan<- prometheus.Metric) {
 	defer cancel()
 	if err := c.iterator.Iter(ctx, func(m *dataMetric) (stop bool) {
 		s.Report(m)
-		return
+		return stop
 	}); err != nil {
 		c.log.Error("Failed to iterate over ClusterVirtualImages", logger.SlogErr(err))
 		return
diff --git a/images/virtualization-artifact/pkg/monitoring/metrics/vd/collector.go b/images/virtualization-artifact/pkg/monitoring/metrics/vd/collector.go
index 21c52602e7..7eaf1556b5 100644
--- a/images/virtualization-artifact/pkg/monitoring/metrics/vd/collector.go
+++ b/images/virtualization-artifact/pkg/monitoring/metrics/vd/collector.go
@@ -64,7 +64,7 @@ func (c Collector) Collect(ch chan<- prometheus.Metric) {
 	defer cancel()
 	if err := c.iterator.Iter(ctx, func(m *dataMetric) (stop bool) {
 		s.Report(m)
-		return
+		return stop
 	}); err != nil {
 		c.log.Error("Failed to iterate over VirtualDisks", logger.SlogErr(err))
 		return
diff --git a/images/virtualization-artifact/pkg/monitoring/metrics/vdsnapshot/collector.go b/images/virtualization-artifact/pkg/monitoring/metrics/vdsnapshot/collector.go
index 50fca01279..c06bdaf306 100644
--- a/images/virtualization-artifact/pkg/monitoring/metrics/vdsnapshot/collector.go
+++ b/images/virtualization-artifact/pkg/monitoring/metrics/vdsnapshot/collector.go
@@ -64,7 +64,7 @@ func (c Collector) Collect(ch chan<- prometheus.Metric) {
 	defer cancel()
 	if err := c.iterator.Iter(ctx, func(m *dataMetric) (stop bool) {
 		s.Report(m)
-		return
+		return stop
 	}); err != nil {
 		c.log.Error("Failed to iterate over VirtualDiskSnapshots", logger.SlogErr(err))
 		return
diff --git a/images/virtualization-artifact/pkg/monitoring/metrics/vi/collector.go b/images/virtualization-artifact/pkg/monitoring/metrics/vi/collector.go
index 2ead532dff..5763237f40 100644
--- a/images/virtualization-artifact/pkg/monitoring/metrics/vi/collector.go
+++ b/images/virtualization-artifact/pkg/monitoring/metrics/vi/collector.go
@@ -64,7 +64,7 @@ func (c Collector) Collect(ch chan<- prometheus.Metric) {
 	defer cancel()
 	if err := c.iterator.Iter(ctx, func(m *dataMetric) (stop bool) {
 		s.Report(m)
-		return
+		return stop
 	}); err != nil {
 		c.log.Error("Failed to iterate over VirtualImages", logger.SlogErr(err))
 		return
diff --git a/images/virtualization-artifact/pkg/monitoring/metrics/virtualmachine/collector.go b/images/virtualization-artifact/pkg/monitoring/metrics/virtualmachine/collector.go
index e382ac1870..5404408cc8 100644
--- a/images/virtualization-artifact/pkg/monitoring/metrics/virtualmachine/collector.go
+++ b/images/virtualization-artifact/pkg/monitoring/metrics/virtualmachine/collector.go
@@ -71,7 +71,7 @@ func (c Collector) Collect(ch chan<- prometheus.Metric) {
 	defer cancel()
 	if err := c.iterator.Iter(ctx, func(m *dataMetric) (stop bool) {
 		s.Report(m)
-		return
+		return stop
 	}); err != nil {
 		c.log.Error("Failed to iterate of VirtualMachines", logger.SlogErr(err))
 	}
diff --git a/images/virtualization-artifact/pkg/monitoring/metrics/vmbda/collector.go b/images/virtualization-artifact/pkg/monitoring/metrics/vmbda/collector.go
index 7dc1c63606..665bf7f671 100644
--- a/images/virtualization-artifact/pkg/monitoring/metrics/vmbda/collector.go
+++ b/images/virtualization-artifact/pkg/monitoring/metrics/vmbda/collector.go
@@ -65,7 +65,7 @@ func (c Collector) Collect(ch chan<- prometheus.Metric) {
 	defer cancel()
 	if err := c.iterator.Iter(ctx, func(m *dataMetric) (stop bool) {
 		s.Report(m)
-		return
+		return stop
 	}); err != nil {
 		c.log.Error("Failed to iterate over VMBDAs", logger.SlogErr(err))
 		return
diff --git a/images/virtualization-artifact/pkg/monitoring/metrics/vmop/collector.go b/images/virtualization-artifact/pkg/monitoring/metrics/vmop/collector.go
index 261b4a28fd..c5f5bd4f6a 100644
--- a/images/virtualization-artifact/pkg/monitoring/metrics/vmop/collector.go
+++ b/images/virtualization-artifact/pkg/monitoring/metrics/vmop/collector.go
@@ -64,7 +64,7 @@ func (c Collector) Collect(ch chan<- prometheus.Metric) {
 	defer cancel()
 	if err := c.iterator.Iter(ctx, func(m *dataMetric) (stop bool) {
 		s.Report(m)
-		return
+		return stop
 	}); err != nil {
 		c.log.Error("Failed to iterate over VMOPs", logger.SlogErr(err))
 		return
diff --git a/images/virtualization-artifact/pkg/monitoring/metrics/vmsnapshot/collector.go b/images/virtualization-artifact/pkg/monitoring/metrics/vmsnapshot/collector.go
index acf9754ead..5b7b1b8b3a 100644
--- a/images/virtualization-artifact/pkg/monitoring/metrics/vmsnapshot/collector.go
+++ b/images/virtualization-artifact/pkg/monitoring/metrics/vmsnapshot/collector.go
@@ -64,7 +64,7 @@ func (c Collector) Collect(ch chan<- prometheus.Metric) {
 	defer cancel()
 	if err := c.iterator.Iter(ctx, func(m *dataMetric) (stop bool) {
 		s.Report(m)
-		return
+		return stop
 	}); err != nil {
 		c.log.Error("Failed to iterate over VirtualMachineSnapshots", logger.SlogErr(err))
 		return
diff --git a/src/cli/internal/cmd/lifecycle/vmop/vmop.go b/src/cli/internal/cmd/lifecycle/vmop/vmop.go
index 4ab33d4db5..d83a87ebc5 100644
--- a/src/cli/internal/cmd/lifecycle/vmop/vmop.go
+++ b/src/cli/internal/cmd/lifecycle/vmop/vmop.go
@@ -112,7 +112,7 @@ func (v VirtualMachineOperation) generateMsg(vmop *v1alpha2.VirtualMachineOperat
 	phase := vmop.Status.Phase
 
 	sb := strings.Builder{}
-	sb.WriteString(fmt.Sprintf("VirtualMachine %q ", vmKey.String()))
+	fmt.Fprintf(&sb, "VirtualMachine %q ", vmKey.String())
 
 	if v.isPhaseOrFailed(vmop, v1alpha2.VMOPPhaseCompleted) {
 		if !v.isCompleted(vmop) {
@@ -141,7 +141,7 @@ func (v VirtualMachineOperation) generateMsg(vmop *v1alpha2.VirtualMachineOperat
 		}
 	}
 
-	sb.WriteString(fmt.Sprintf("VirtualMachineOperation %q ", key.String()))
+	fmt.Fprintf(&sb, "VirtualMachineOperation %q ", key.String())
 	switch phase {
 	case v1alpha2.VMOPPhasePending:
 		sb.WriteString("pending.")
@@ -151,11 +151,11 @@ func (v VirtualMachineOperation) generateMsg(vmop *v1alpha2.VirtualMachineOperat
 		sb.WriteString("completed.")
 	case v1alpha2.VMOPPhaseFailed:
 		cond, _ := getCondition(vmopcondition.TypeCompleted.String(), vmop.Status.Conditions)
-		sb.WriteString(fmt.Sprintf("failed. type=%q reason=%q, message=%q.", cond.Type, cond.Reason, cond.Message))
+		fmt.Fprintf(&sb, "failed. type=%q reason=%q, message=%q.", cond.Type, cond.Reason, cond.Message)
 	case "":
 		sb.WriteString("created.")
 	default:
-		sb.WriteString(fmt.Sprintf(" phase=%q.", phase))
+		fmt.Fprintf(&sb, " phase=%q.", phase)
 	}
 	sb.WriteString("\n")
 	return sb.String()
diff --git a/src/cli/internal/cmd/portforward/portforward.go b/src/cli/internal/cmd/portforward/portforward.go
index 01c971b129..f2a26e9c06 100644
--- a/src/cli/internal/cmd/portforward/portforward.go
+++ b/src/cli/internal/cmd/portforward/portforward.go
@@ -121,19 +121,19 @@ func (o *PortForward) Run(cmd *cobra.Command, args []string) error {
 func (o *PortForward) prepareCommand(defaultNamespace string, args []string) (namespace, name string, ports []forwardedPort, err error) {
 	namespace, name, err = templates.ParseTarget(args[0])
 	if err != nil {
-		return
+		return namespace, name, ports, err
 	}
 
 	ports, err = parsePorts(args[1:])
 	if err != nil {
-		return
+		return namespace, name, ports, err
 	}
 
 	if namespace == "" {
 		namespace = defaultNamespace
 	}
 
-	return
+	return namespace, name, ports, err
 }
 
 func (o *PortForward) startStdoutStream(namespace, name string, port forwardedPort) error {
diff --git a/src/cli/internal/cmd/scp/scp.go b/src/cli/internal/cmd/scp/scp.go
index 8368dd6e09..345c648c71 100644
--- a/src/cli/internal/cmd/scp/scp.go
+++ b/src/cli/internal/cmd/scp/scp.go
@@ -83,7 +83,7 @@ func PrepareCommand(cmd *cobra.Command, defaultNamespace string, opts *ssh.SSHOp
 	opts.IdentityFilePathProvided = cmd.Flags().Changed(ssh.IdentityFilePathFlag)
 	local, remote, toRemote, err = templates.ParseSCPArguments(args[0], args[1])
 	if err != nil {
-		return
+		return local, remote, toRemote, err
 	}
 
 	if remote.Namespace == "" {
@@ -93,7 +93,7 @@ func PrepareCommand(cmd *cobra.Command, defaultNamespace string, opts *ssh.SSHOp
 	if len(remote.Username) > 0 {
 		opts.SSHUsername = remote.Username
 	}
-	return
+	return local, remote, toRemote, err
 }
 
 func usage() string {
diff --git a/src/cli/internal/cmd/scp/wrapped.go b/src/cli/internal/cmd/scp/wrapped.go
index f5a7bb56c3..2016528a5f 100644
--- a/src/cli/internal/cmd/scp/wrapped.go
+++ b/src/cli/internal/cmd/scp/wrapped.go
@@ -49,5 +49,5 @@ func (o *SCP) buildSCPTarget(local templates.LocalSCPArgument, remote templates.
 	} else {
 		opts = append(opts, target.String(), local.Path)
 	}
-	return
+	return opts
 }
diff --git a/src/cli/internal/cmd/ssh/ssh.go b/src/cli/internal/cmd/ssh/ssh.go
index 9777afe5fb..d4f2c81d18 100644
--- a/src/cli/internal/cmd/ssh/ssh.go
+++ b/src/cli/internal/cmd/ssh/ssh.go
@@ -154,7 +154,7 @@ func PrepareCommand(cmd *cobra.Command, defaultNamespace string, opts *SSHOption
 	var targetUsername string
 	namespace, name, targetUsername, err = templates.ParseSSHTarget(args[0])
 	if err != nil {
-		return
+		return namespace, name, err
 	}
 
 	if len(namespace) < 1 {
@@ -164,7 +164,7 @@ func PrepareCommand(cmd *cobra.Command, defaultNamespace string, opts *SSHOption
 	if len(targetUsername) > 0 {
 		opts.SSHUsername = targetUsername
 	}
-	return
+	return namespace, name, err
 }
 
 func usage() string {
diff --git a/src/cli/internal/cmd/ssh/wrapped.go b/src/cli/internal/cmd/ssh/wrapped.go
index 01a8171528..846e24a119 100644
--- a/src/cli/internal/cmd/ssh/wrapped.go
+++ b/src/cli/internal/cmd/ssh/wrapped.go
@@ -62,10 +62,7 @@ func RunLocalClient(cmd *cobra.Command, namespace, name string, options *SSHOpti
 
 func buildProxyCommandOption(cmd *cobra.Command, namespace, name string, port int) string {
 	parents := make([]string, 0, 2)
-	for {
-		if !cmd.HasParent() {
-			break
-		}
+	for cmd.HasParent() {
 		cmd = cmd.Parent()
 		parents = append(parents, cmd.Name())
 	}
@@ -81,7 +78,7 @@ func buildProxyCommandOption(cmd *cobra.Command, namespace, name string, port in
 	proxyCommand.WriteString("ProxyCommand=")
 	proxyCommand.WriteString(pcmd.String())
 	proxyCommand.WriteString("port-forward --stdio=true ")
-	proxyCommand.WriteString(fmt.Sprintf("%s.%s", name, namespace))
+	fmt.Fprintf(&proxyCommand, "%s.%s", name, namespace)
 	proxyCommand.WriteString(" ")
 
 	proxyCommand.WriteString(strconv.Itoa(port))
@@ -103,5 +100,5 @@ func (o *SSH) buildSSHTarget(namespace, name string) (opts []string) {
 	if o.command != "" {
 		opts = append(opts, o.command)
 	}
-	return
+	return opts
 }
diff --git a/src/cli/internal/cmd/vnc/vnc.go b/src/cli/internal/cmd/vnc/vnc.go
index 794acfa4c2..24f8d1a9d1 100644
--- a/src/cli/internal/cmd/vnc/vnc.go
+++ b/src/cli/internal/cmd/vnc/vnc.go
@@ -244,7 +244,9 @@ func connect(ctx context.Context, ln *net.TCPListener, virtCli kubeclient.Client
 			if err != nil {
 				viewResErr <- fmt.Errorf("error encountered: %s", err.Error())
 			}
-			fmt.Fprintln(cmd.OutOrStdout(), string(optionString))
+			if _, err = fmt.Fprintln(cmd.OutOrStdout(), string(optionString)); err != nil {
+				viewResErr <- fmt.Errorf("error encountered: %s", err.Error())
+			}
 		} else {
 			// execute VNC Viewer
 			checkAndRunVNCViewer(ctx, doneChan, viewResErr, port)
@@ -342,12 +344,12 @@ func tigerVncArgs(port int) (args []string) {
 	if klog.V(4).Enabled() {
 		args = append(args, "Log=*:stderr:100")
 	}
-	return
+	return args
 }
 
 func chickenVncArgs(port int) (args []string) {
 	args = append(args, fmt.Sprintf(listenAddressFmt, port))
-	return
+	return args
 }
 
 func realVncArgs(port int) (args []string) {
@@ -358,7 +360,7 @@ func realVncArgs(port int) (args []string) {
 	if klog.V(4).Enabled() {
 		args = append(args, "-log=*:stderr:100")
 	}
-	return
+	return args
 }
 
 func remoteViewerArgs(port int) (args []string) {
@@ -366,7 +368,7 @@ func remoteViewerArgs(port int) (args []string) {
 	if klog.V(4).Enabled() {
 		args = append(args, "--debug")
 	}
-	return
+	return args
 }
 
 func usage() string {
diff --git a/src/cli/internal/templates/target.go b/src/cli/internal/templates/target.go
index eed0a91d77..14d6af461b 100644
--- a/src/cli/internal/templates/target.go
+++ b/src/cli/internal/templates/target.go
@@ -87,10 +87,10 @@ func ParseSCPArguments(arg1, arg2 string) (local LocalSCPArgument, remote Remote
 	switch {
 	case strings.Contains(arg1, ":") && strings.Contains(arg2, ":"):
 		err = fmt.Errorf("copying from a remote location to another remote location is not supported: %q to %q", arg1, arg2)
-		return
+		return local, remote, toRemote, err
 	case !strings.Contains(arg1, ":") && !strings.Contains(arg2, ":"):
 		err = fmt.Errorf("none of the two provided locations seems to be a remote location: %q to %q", arg1, arg2)
-		return
+		return local, remote, toRemote, err
 	case strings.Contains(localArg, ":"):
 		remoteArg = arg2
 		localArg = arg1
@@ -100,9 +100,9 @@ func ParseSCPArguments(arg1, arg2 string) (local LocalSCPArgument, remote Remote
 	split := strings.SplitN(remoteArg, ":", 2)
 	remote.Namespace, remote.Name, remote.Username, err = ParseSSHTarget(split[0])
 	if err != nil {
-		return
+		return local, remote, toRemote, err
 	}
 	remote.Path = split[1]
 	local.Path = localArg
-	return
+	return local, remote, toRemote, err
 }
diff --git a/tests/e2e/errlogger/errlogger.go b/tests/e2e/errlogger/errlogger.go
index f955386260..b24af599f7 100644
--- a/tests/e2e/errlogger/errlogger.go
+++ b/tests/e2e/errlogger/errlogger.go
@@ -33,7 +33,7 @@ import (
 
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 const (
@@ -64,7 +64,7 @@ type LogEntry struct {
 
 type LogStream struct {
 	Cancel             context.CancelFunc
-	ContainerStartedAt v1.Time
+	ContainerStartedAt metav1.Time
 	LogStreamCmd       *exec.Cmd
 	LogStreamWaitGroup *sync.WaitGroup
 	PodName            string
@@ -96,7 +96,7 @@ func (l *LogStream) ParseStderr() {
 	scanner.Buffer(buf, maxCapacity)
 
 	for scanner.Scan() {
-		_, writeErr := GinkgoWriter.Write([]byte(fmt.Sprintf("%s%s%s\n", Red, scanner.Text(), Reset)))
+		_, writeErr := fmt.Fprintf(GinkgoWriter, "%s%s%s\n", Red, scanner.Text(), Reset)
 		Expect(writeErr).NotTo(HaveOccurred())
 	}
 	parseScanError(scanner.Err(), "STDERR")
diff --git a/tests/e2e/tests_suite_test.go b/tests/e2e/tests_suite_test.go
index 7c2c53a51a..9f71a4a8b9 100644
--- a/tests/e2e/tests_suite_test.go
+++ b/tests/e2e/tests_suite_test.go
@@ -30,7 +30,7 @@ import (
 	"golang.org/x/sync/errgroup"
 	corev1 "k8s.io/api/core/v1"
 	storagev1 "k8s.io/api/storage/v1"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/cli-runtime/pkg/genericclioptions"
 	"k8s.io/client-go/kubernetes"
@@ -195,7 +195,10 @@ func newRestConfig(transport config.ClusterTransport) (*rest.Config, error) {
 
 func TestTests(t *testing.T) {
 	RegisterFailHandler(Fail)
-	fmt.Fprintf(GinkgoWriter, "Starting test suite\n")
+	_, err := fmt.Fprintf(GinkgoWriter, "Starting test suite\n")
+	if err != nil {
+		panic(err)
+	}
 	RunSpecs(t, "Tests")
 }
 
@@ -298,7 +301,7 @@ func StartV12nControllerLogStream(logStreamByPod map[string]*el.LogStream) {
 			},
 		)
 
-		var containerStartedAt v1.Time
+		var containerStartedAt metav1.Time
 		for _, s := range p.Status.ContainerStatuses {
 			if s.Name == VirtualizationController {
 				containerStartedAt = s.State.Running.StartedAt
diff --git a/tests/e2e/util_test.go b/tests/e2e/util_test.go
index 4df3709bc6..1e71fd8e16 100644
--- a/tests/e2e/util_test.go
+++ b/tests/e2e/util_test.go
@@ -642,7 +642,7 @@ func CreateAndApplyVMOPsWithSuffix(label map[string]string, suffix string, vmopT
 		vmop, err := yaml.Marshal(GenerateVMOPWithSuffix(vmName, suffix, label, vmopType))
 		Expect(err).NotTo(HaveOccurred())
 		var cmd strings.Builder
-		cmd.WriteString(fmt.Sprintf("-n %s create -f - <<EOF\n", vmNamespace))
+		fmt.Fprintf(&cmd, "-n %s create -f - <<EOF\n", vmNamespace)
 		cmd.Write(vmop)
 		cmd.WriteString("EOF\n")
 
@@ -670,7 +670,7 @@ func GenerateVMOP(vmName string, labels map[string]string, vmopType virtv2.VMOPT
 
 func GenerateVMOPWithSuffix(vmName, suffix string, labels map[string]string, vmopType virtv2.VMOPType) *virtv2.VirtualMachineOperation {
 	res := GenerateVMOP(vmName, labels, vmopType)
-	res.ObjectMeta.Name = fmt.Sprintf("%s%s", res.ObjectMeta.Name, suffix)
+	res.Name = fmt.Sprintf("%s%s", res.Name, suffix)
 	return res
 }
 
diff --git a/tests/e2e/vd_snapshots_test.go b/tests/e2e/vd_snapshots_test.go
index 54466b5054..76ef1604f3 100644
--- a/tests/e2e/vd_snapshots_test.go
+++ b/tests/e2e/vd_snapshots_test.go
@@ -26,7 +26,7 @@ import (
 
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	virtv2 "github.com/deckhouse/virtualization/api/core/v1alpha2"
 	"github.com/deckhouse/virtualization/api/core/v1alpha2/vmcondition"
@@ -353,11 +353,11 @@ var _ = Describe("VirtualDiskSnapshots", ginkgoutil.CommonE2ETestDecorators(), f
 func CreateVirtualDiskSnapshot(vdName, snapshotName, namespace string, requiredConsistency bool, labels map[string]string) error {
 	GinkgoHelper()
 	vdSnapshot := virtv2.VirtualDiskSnapshot{
-		TypeMeta: v1.TypeMeta{
+		TypeMeta: metav1.TypeMeta{
 			APIVersion: APIVersion,
 			Kind:       virtv2.VirtualDiskSnapshotKind,
 		},
-		ObjectMeta: v1.ObjectMeta{
+		ObjectMeta: metav1.ObjectMeta{
 			Labels:    labels,
 			Name:      snapshotName,
 			Namespace: namespace,
@@ -393,7 +393,7 @@ func CheckFileSystemFrozen(vmName, vmNamespace string) (bool, error) {
 
 	for _, condition := range vmObj.Status.Conditions {
 		if condition.Type == vmcondition.TypeFilesystemFrozen.String() {
-			return condition.Status == v1.ConditionTrue, nil
+			return condition.Status == metav1.ConditionTrue, nil
 		}
 	}
 
diff --git a/tests/e2e/vm_disk_attachment_test.go b/tests/e2e/vm_disk_attachment_test.go
index 6df3f706ea..4ce51ee11c 100644
--- a/tests/e2e/vm_disk_attachment_test.go
+++ b/tests/e2e/vm_disk_attachment_test.go
@@ -22,7 +22,7 @@ import (
 
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	virtv2 "github.com/deckhouse/virtualization/api/core/v1alpha2"
 	"github.com/deckhouse/virtualization/tests/e2e/config"
@@ -241,11 +241,11 @@ func AttachBlockDevice(vmNamespace, vmName, blockDeviceName string, blockDeviceT
 
 func CreateVMBDAManifest(filePath, vmName, blockDeviceName string, blockDeviceType virtv2.VMBDAObjectRefKind, labels map[string]string) error {
 	vmbda := &virtv2.VirtualMachineBlockDeviceAttachment{
-		TypeMeta: v1.TypeMeta{
+		TypeMeta: metav1.TypeMeta{
 			APIVersion: APIVersion,
 			Kind:       virtv2.VirtualMachineBlockDeviceAttachmentKind,
 		},
-		ObjectMeta: v1.ObjectMeta{
+		ObjectMeta: metav1.ObjectMeta{
 			Name:   blockDeviceName,
 			Labels: labels,
 		},
diff --git a/tests/e2e/vm_label_annotation_test.go b/tests/e2e/vm_label_annotation_test.go
index cc6f53a972..955e7cb02a 100644
--- a/tests/e2e/vm_label_annotation_test.go
+++ b/tests/e2e/vm_label_annotation_test.go
@@ -22,7 +22,7 @@ import (
 
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
-	v1 "k8s.io/api/core/v1"
+	corev1 "k8s.io/api/core/v1"
 
 	virtv2 "github.com/deckhouse/virtualization/api/core/v1alpha2"
 	"github.com/deckhouse/virtualization/tests/e2e/config"
@@ -134,7 +134,7 @@ var _ = Describe("VirtualMachineLabelAndAnnotation", ginkgoutil.CommonE2ETestDec
 					}
 
 					activePodName := GetActiveVirtualMachinePod(&vm)
-					vmPod := v1.Pod{}
+					vmPod := corev1.Pod{}
 					err = GetObject(kc.ResourcePod, activePodName, &vmPod, kc.GetOptions{Namespace: ns})
 					if err != nil {
 						return err
@@ -179,7 +179,7 @@ var _ = Describe("VirtualMachineLabelAndAnnotation", ginkgoutil.CommonE2ETestDec
 					}
 
 					activePodName := GetActiveVirtualMachinePod(&vm)
-					vmPod := v1.Pod{}
+					vmPod := corev1.Pod{}
 					err = GetObject(kc.ResourcePod, activePodName, &vmPod, kc.GetOptions{Namespace: ns})
 					if err != nil {
 						return err
@@ -226,7 +226,7 @@ var _ = Describe("VirtualMachineLabelAndAnnotation", ginkgoutil.CommonE2ETestDec
 					}
 
 					activePodName := GetActiveVirtualMachinePod(&vm)
-					vmPod := v1.Pod{}
+					vmPod := corev1.Pod{}
 					err = GetObject(kc.ResourcePod, activePodName, &vmPod, kc.GetOptions{Namespace: ns})
 					if err != nil {
 						return err
@@ -271,7 +271,7 @@ var _ = Describe("VirtualMachineLabelAndAnnotation", ginkgoutil.CommonE2ETestDec
 					}
 
 					activePodName := GetActiveVirtualMachinePod(&vm)
-					vmPod := v1.Pod{}
+					vmPod := corev1.Pod{}
 					err = GetObject(kc.ResourcePod, activePodName, &vmPod, kc.GetOptions{Namespace: ns})
 					if err != nil {
 						return err
diff --git a/tests/e2e/vm_restore_force_test.go b/tests/e2e/vm_restore_force_test.go
index 37d4886da9..5b3da0782f 100644
--- a/tests/e2e/vm_restore_force_test.go
+++ b/tests/e2e/vm_restore_force_test.go
@@ -24,7 +24,7 @@ import (
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	"k8s.io/apimachinery/pkg/api/resource"
-	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	"github.com/deckhouse/virtualization-controller/pkg/common/annotations"
 	virtv2 "github.com/deckhouse/virtualization/api/core/v1alpha2"
@@ -358,7 +358,7 @@ func NewVirtualMachineSnapshot(
 	labels map[string]string,
 ) *virtv2.VirtualMachineSnapshot {
 	return &virtv2.VirtualMachineSnapshot{
-		ObjectMeta: v1.ObjectMeta{
+		ObjectMeta: metav1.ObjectMeta{
 			Name:      vmName,
 			Namespace: vmNamespace,
 			Labels:    labels,
@@ -373,7 +373,7 @@ func NewVirtualMachineSnapshot(
 
 func NewVirtualMachineRestore(vmsnapshot *virtv2.VirtualMachineSnapshot, restoreMode virtv2.RestoreMode) *virtv2.VirtualMachineRestore {
 	return &virtv2.VirtualMachineRestore{
-		ObjectMeta: v1.ObjectMeta{
+		ObjectMeta: metav1.ObjectMeta{
 			Name:      vmsnapshot.Spec.VirtualMachineName,
 			Namespace: vmsnapshot.Namespace,
 			Labels:    vmsnapshot.Labels,
@@ -387,7 +387,7 @@ func NewVirtualMachineRestore(vmsnapshot *virtv2.VirtualMachineSnapshot, restore
 
 func NewVirtualMachineBlockDeviceAttachment(vmName, vmNamespace, bdName string, bdKind virtv2.VMBDAObjectRefKind, labels map[string]string) *virtv2.VirtualMachineBlockDeviceAttachment {
 	return &virtv2.VirtualMachineBlockDeviceAttachment{
-		ObjectMeta: v1.ObjectMeta{
+		ObjectMeta: metav1.ObjectMeta{
 			Name:      bdName,
 			Namespace: vmNamespace,
 			Labels:    labels,
@@ -404,7 +404,7 @@ func NewVirtualMachineBlockDeviceAttachment(vmName, vmNamespace, bdName string,
 
 func NewVirtualDisk(vdName, vdNamespace string, labels map[string]string, size *resource.Quantity) *virtv2.VirtualDisk {
 	return &virtv2.VirtualDisk{
-		ObjectMeta: v1.ObjectMeta{
+		ObjectMeta: metav1.ObjectMeta{
 			Name:      vdName,
 			Namespace: vdNamespace,
 			Labels:    labels,
diff --git a/tools/addlicense/addlicense_test.go b/tools/addlicense/addlicense_test.go
index 8a29c8eb06..fe17b4d45e 100644
--- a/tools/addlicense/addlicense_test.go
+++ b/tools/addlicense/addlicense_test.go
@@ -214,7 +214,7 @@ print("Hello")
 	for _, c := range validCases {
 		t.Run(c.title, func(t *testing.T) {
 			res := CELicenseRe.MatchString(c.content)
-			require.Equal(t, true, res)
+			require.True(t, res)
 
 			if !res {
 				t.Errorf("should detect license")