Refresh RPM lockfiles

[red-hat-konflux]

This PR contains the following updates:

Update	Change
lockFileMaintenance	All locks refreshed

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 04:59 AM ( * 0-4 * * * ) in timezone UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR updates lockfile entries in rpms.lock.yaml to pin both aarch64 and x86_64 architectures to newer Red Hat UBI9 errata builds. Packages including nginx, expat, util-linux libraries, openssl, pam, and systemd are bumped with refreshed URLs, checksums, EVR values, and source RPM references applied uniformly across both architectures.

Changes

RPM Lock Dependency Updates

Layer / File(s)	Summary
aarch64 RPM lock updates rpms.lock.yaml	aarch64 lockfile entries refresh to match newer UBI9 errata builds: nginx moves from el9_7.3 to el9_8.2; redhat-logos-httpd, cracklib/cracklib-dicts, expat, util-linux-family libraries (libblkid, libdb, libeconf, libfdisk, libmount), and core system packages (openssl, openssl-libs, pam, systemd variants, util-linux, util-linux-core) all receive updated URLs, checksums, EVR, and sourcerpm values.
x86_64 RPM lock updates rpms.lock.yaml	x86_64 lockfile entries receive the same version bumps as aarch64 with architecture-specific URLs and checksums: nginx el9_7.3 → el9_8.2, expat, util-linux-family libraries, and core system packages all updated with corresponding EVR, sourcerpm, size, and checksum refreshes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• openshift/lightspeed-console#1956: Both PRs modify rpms.lock.yaml's nginx RPM entries for aarch64 and x86_64, updating nginx build versions via changed URL/evr/checksum.
• openshift/lightspeed-console#1906: Both PRs update systemd* and related systemd-family RPM entries in rpms.lock.yaml for the same architectures.
• openshift/lightspeed-console#1768: Both PRs modify rpms.lock.yaml package metadata for systemd and related entries (EVR/version bumps and URL/size/checksum/sourcerpm field updates).

Suggested reviewers

• joshuawilson
• xrajesh

Poem

🐰 Dependencies dance, errata by errata found,
nginx hops to el9_8, system-wide all around,
x86 and aarch64 now march in sync,
Red Hat's updates lock in with a wink. ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title "Refresh RPM lockfiles" clearly and concisely summarizes the main change in the pull request, which updates RPM dependency versions in the lockfile.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch konflux/mintmaker/main/lock-file-maintenance

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment