Release v0.28.3

[toolhive-release-app]

Release v0.28.3

Version Bump

patch release

Files Updated

• VERSION
• deploy/charts/operator-crds/Chart.yaml (path: version)
• deploy/charts/operator-crds/Chart.yaml (path: appVersion)
• deploy/charts/operator/Chart.yaml (path: version)
• deploy/charts/operator/Chart.yaml (path: appVersion)
• deploy/charts/operator/values.yaml (path: operator.image)
• deploy/charts/operator/values.yaml (path: operator.toolhiveRunnerImage)
• deploy/charts/operator/values.yaml (path: operator.vmcpImage)
• Helm chart docs (via helm-docs)

Additional Changes

• Bumped golang.org/x/net to v0.55.0 to address newly-published vulnerabilities
  (GO-2026-5025 through GO-2026-5030) that were blocking the govulncheck job on
  this PR. All are XSS/DoS/privilege-escalation issues in x/net/html and
  x/net/idna, fixed in v0.55.0.

Next Steps

1. Review this PR
2. Merge to main
3. Release automation will handle the rest

Checklist

• Version bump is correct
• All CI checks pass

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 68.72%. Comparing base (e37e336) to head (467038f).

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #5370   +/-   ##
=======================================
  Coverage   68.72%   68.72%           
=======================================
  Files         626      626           
  Lines       63495    63495           
=======================================
+ Hits        43637    43639    +2     
- Misses      16610    16612    +2     
+ Partials     3248     3244    -4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.