Bump devfile gem to 0.5.2

Ashvin Sharmarequested to merge
fix/bump-devfile-gem-to-0.5.2 into master

Bumps the devfile gem from 0.5.1 to 0.5.2, which drops the vulnerable github.com/distribution/distribution/v3 Go dependency containing CVE-2026-35172 and CVE-2026-33540. Fixture files updated to reflect env var ordering change introduced in devfile/library v2.4.0.

References

Closes https://gitlab.com/gitlab-org/ruby/gems/devfile-gem/-/work_items/43

Edited by Ashvin Sharma

Merge request reports