build(deps): bump github.com/distribution/distribution/v3 from 3.0.0-rc.2 to 3.0.0 in /native

[dependabot]

Bumps github.com/distribution/distribution/v3 from 3.0.0-rc.2 to 3.0.0.

Release notes

Sourced from github.com/distribution/distribution/v3's releases.

v3.0.0-rc.4

Welcome to the v3.0.0-rc.4 release of registry!

This is the fourth stable release candidate!

See the changelog below for a full list of changes.

Notable changes

• Enable MD5 check on GCS driver by @​milosgajdos in distribution/distribution#4586
• Azure driver [retry] fix by @​milosgajdos in distribution/distribution#4576, thanks @​vespian for reporting!

What's Changed

• registry/storage: add an option to silence GC output. by @​r4f4 in distribution/distribution#4560
• Fix broken signing algorithm configuration for token authentication by @​evanebb in distribution/distribution#4578
• build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.5 in the go_modules group by @​dependabot in distribution/distribution#4582
• build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @​dependabot in distribution/distribution#4579
• build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 by @​dependabot in distribution/distribution#4580
• Enable MD5 check on GCS driver by @​milosgajdos in distribution/distribution#4586
• Update osx-setup-guide.md and com.docker.registry.plist by @​andy-cooper in distribution/distribution#4592
• fix: remove nested structs from configuration by @​shanduur in distribution/distribution#4523
• use cached blob statter in ManifestService if available by @​Ollegio in distribution/distribution#4595
• Azure driver retry fix and refactor by @​milosgajdos in distribution/distribution#4576
• Rename cloud make targets to s3 by @​milosgajdos in distribution/distribution#4600
• Bump Go version in prep for a release by @​milosgajdos in distribution/distribution#4601
• build(deps): bump golang.org/x/net from 0.33.0 to 0.36.0 in the go_modules group across 1 directory by @​dependabot in distribution/distribution#4597
• build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 by @​dependabot in distribution/distribution#4603
• Fix potential resource leak by ensuring the response body is closed in HTTPReadSeeker by @​Vad1mo in distribution/distribution#4605
• Prep for v3-rc.4 release by @​milosgajdos in distribution/distribution#4606

New Contributors

• @​r4f4 made their first contribution in distribution/distribution#4560
• @​evanebb made their first contribution in distribution/distribution#4578
• @​andy-cooper made their first contribution in distribution/distribution#4592
• @​shanduur made their first contribution in distribution/distribution#4523
• @​Ollegio made their first contribution in distribution/distribution#4595
• @​Vad1mo made their first contribution in distribution/distribution#4605

Full Changelog: distribution/distribution@v3.0.0-rc.3...v3.0.0-rc.4

v3.0.0-rc.3

Welcome to the v3.0.0-rc.3 release of registry!

This is the third stable release candidate!

See the changelog below for a full list of changes.

Notable changes

• Fixes CVE-2025-24976, thanks @​evanebb for reporting!

... (truncated)

Commits

• 9ed95e7 Prep for v3 release (#4613)
• ceafb04 Update releases/v3.0.0.toml
• 6266ada Prep for v3 release
• 2e63da9 Fix golangci-lint config (#4612)
• fd14cf1 Vrify the linter config first before running it
• 3a33ba1 Fix golangci-lint config
• 75f3219 Bump Azure deps (#4611)
• 52f0f6c Bump Azure deps
• ef21149 build(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 in the go_...
• af04772 Prep for v3-rc.4 release (#4606)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[manusa]

@dependabot recreate

[manusa]

@dependabot recreate

[manusa]

@dependabot recreate