vendor: bump github.com/operator-framework/operator-sdk from 1.37.0 to 1.38.0 in /tools in the github-dependencies group

[dependabot]

Bumps the github-dependencies group in /tools with 1 update: github.com/operator-framework/operator-sdk.

Updates github.com/operator-framework/operator-sdk from 1.37.0 to 1.38.0

Release notes

Sourced from github.com/operator-framework/operator-sdk's releases.

v1.38.0

Changes

• For Go-based, Helm-based and Ansible-based operators this release moves to Kubernetes 1.30 API's and Kubebuilder v4 Scaffolding, specifically utilizing the v4.1.1 version. The update to Kubebuiler results in some scaffolding changes which more information can be found below:
  • Discontinue usage of kube-rbac-proxy in the default scaffolding of new projects. For further information, see: Action Required: Ensure that you no longer use gcr.io/kubebuilder images
  • The go/v2 or go/v3 layouts have been removed, you must upgrade to go/v4 to be compatible with this release and future updates. To know how to upgrade,check the migration documentation.
  • Re-introduces authn/authz protection for the metrics endpoint using WithAuthenticationAndAuthorization provided by controller-runtime instead of kube-rbac-proxy; which usage was discontinued in the project. Please, ensure that you no longer use the image gcr.io/kubebuilder/kube-rbac-proxy. Images provided under gcr.io/kubebuilder/ will be unavailable from March 18, 2025. To learn more about any of the metrics changes please look at the Kubebuilder book metrics page. For Helm-based and Ansible-based operators, a new flag called metrics-require-rbac was introduced into the runtime/binary, to control adding WithAuthenticationAndAuthorization to Metrics.FilterProvider of controller-runtime. This was done to ensure forwards and backwards compatibility of the binary and images with any scaffolded content. (#6862)

Bug Fixes

• An additional condition is included for matching apiVersion of example CRs with CRD version when searching for the CRD in the CSV. Previously, The olm-spec-descriptors scorecard test failed when multiple versions of CRD is included in the CSV. The CR specified in alm-examples annotations are validated only against the first matched CRD (by name), which is incorrect. This ensures the correct CRD version is selected for validations. (#6784)
• Fix naive YAML split in run bundle command. (#6829)

Commits

• 0735b20 Release v1.38.0 (#6866)
• de70c59 move v1.21 from netlify to gh like in toml file (#6865)
• b049c1c removing kube-rbac-proxy from website docs (#6864)
• c6fef29 adding changelog and migrations for k8s 1.30 and kubebuilderv4 work (#6862)
• 28c1bcb updating ansible plugin to 1.36.1 (#6861)
• 95b3f89 rebasing from main (#6837)
• 9a639f2 updating to k8s 1.30 dependencies and kubebuilder v4 (#6848)
• 625fccd Update actions to latest (#6852)
• 4c30e49 move away from latest tag for olm installs (#6849)
• 94f7db3 fixing doc links so ci passes (#6850)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[black-dragon74]

1.38.0 mandates go/v4 layout for kubebuilder, which we already have migrated to. Apart from this requirement the release has no breaking changes.