chore(deps): refresh rpm lockfiles [SECURITY]

[red-hat-konflux]

This PR contains the following updates:

File rpms.in.yaml:

Package	Change
gnupg2	2.2.20-3.el8_6 -> 2.2.20-4.el8_10
gnupg2-smime	2.2.20-3.el8_6 -> 2.2.20-4.el8_10

---

GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write

CVE-2025-68973

More information

Details

A flaw was found in GnuPG. An attacker can provide crafted input to the armor_filter function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code execution.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-68973
• https://bugzilla.redhat.com/show_bug.cgi?id=2425966
• https://www.cve.org/CVERecord?id=CVE-2025-68973
• https://nvd.nist.gov/vuln/detail/CVE-2025-68973
• https://github.com/gpg/gnupg/blob/ff30683418695f5d2cc9e6cf8c9418e09378ebe4/g10/armor.c#L1305-L1306
• https://github.com/gpg/gnupg/commit/115d138ba599328005c5321c0ef9f00355838ca9
• https://gpg.fail/memcpy
• https://news.ycombinator.com/item?id=46403200
• https://www.openwall.com/lists/oss-security/2025/12/28/5

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Configuration

📅 Schedule: Branch creation - "" in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[rhacs-bot]

Auto-approved by automation.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 27.38%. Comparing base (a3e5036) to head (d9034a2).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #2790   +/-   ##
=======================================
  Coverage   27.38%   27.38%           
=======================================
  Files          95       95           
  Lines        5427     5427           
  Branches     2548     2548           
=======================================
  Hits         1486     1486           
  Misses       3214     3214           
  Partials      727      727           

Flag	Coverage Δ
collector-unit-tests	27.38% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.