openbao-k8s/1.4.0-r40: cve remediation (#72871)

openbao-k8s/1.4.0-r40: fix GHSA-j5w8-q4qc-rx2x
<!--ci-cve-scan:must-fix: GHSA-j5w8-q4qc-rx2x-->


Advisory data:
https://github.com/wolfi-dev/advisories/blob/main/openbao-k8s.advisories.yaml

---

### "Breadcrumbs" for this automated service

- **Source Code:** https://go/cve-remedy-automation-source
- **Logs:** https://go/cve-remedy-automation-logs
- **Docs:** _(not provided yet)_

Co-authored-by: octo-sts[bot] <[email protected]>

Author: octo-sts[bot]

openbao-k8s.yaml

@@ -1,7 +1,7 @@
 package:
   name: openbao-k8s
   version: 1.4.0
-  epoch: 40 # CVE-2025-61725
+  epoch: 41 # GHSA-j5w8-q4qc-rx2x
   description: First-class support for OpenBao and Kubernetes.
   copyright:
     - license: MPL-2.0
@@ -22,8 +22,8 @@ pipeline:
       deps: |-
         google.golang.org/[email protected]
         golang.org/x/[email protected]
-        golang.org/x/[email protected]
         golang.org/x/[email protected]
+        golang.org/x/[email protected]
 
   - uses: go/build
     with: