We've gotten some questions from our compliance team, would it be possible to bump golang.org/x/crypto to v0.35.0 to fix CVE-2025-22869 and cut a patch release? If we could get golang.org/x/oauth2 to v0.27.0 for CVE-2025-22868 as well that would be awesome.