diff --git a/Dockerfile b/Dockerfile
index aaceefed..b8e47790 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -164,9 +164,8 @@ RUN patch -p1 -d /usr/local/lib/pulp/lib/python${PYTHON_VERSION}/site-packages <
 COPY images/assets/patches/0038-readonly-pypi-endpoints.patch /tmp/
 RUN patch -p1 -d /usr/local/lib/pulp/lib/python${PYTHON_VERSION}/site-packages < /tmp/0038-readonly-pypi-endpoints.patch
 
-COPY images/assets/patches/0047-Improve-repair_metadata-log-with-repo-and-package-na.patch /tmp/
-RUN patch -p1 -d /usr/local/lib/pulp/lib/python${PYTHON_VERSION}/site-packages < /tmp/0047-Improve-repair_metadata-log-with-repo-and-package-na.patch
-
+COPY images/assets/patches/0039-Turn-migration-19-into-a-noop.patch /tmp/
+RUN patch -p1 -d /usr/local/lib/pulp/lib/python${PYTHON_VERSION}/site-packages < /tmp/0039-Turn-migration-19-into-a-noop.patch
 
 COPY images/assets/patches/0044-Move-content-app-heartbeat-to-a-thread.patch /tmp/
 RUN patch -p1 -d /usr/local/lib/pulp/lib/python${PYTHON_VERSION}/site-packages < /tmp/0044-Move-content-app-heartbeat-to-a-thread.patch
@@ -174,10 +173,8 @@ RUN patch -p1 -d /usr/local/lib/pulp/lib/python${PYTHON_VERSION}/site-packages <
 COPY images/assets/patches/0045-Include-DRF-default-auth-classes-when-token-auth-is-disabled.patch /tmp/
 RUN patch -p1 -d /usr/local/lib/pulp/lib/python${PYTHON_VERSION}/site-packages < /tmp/0045-Include-DRF-default-auth-classes-when-token-auth-is-disabled.patch
 
-
-COPY images/assets/keys/SIGSTORE-redhat-release3.pem /etc/pki/sigstore/SIGSTORE-redhat-release3
-COPY images/assets/patches/0048-Re-enable-attestation-verification-with-vendored-key.patch /tmp/
-RUN patch -p1 -d /usr/local/lib/pulp/lib/python${PYTHON_VERSION}/site-packages < /tmp/0048-Re-enable-attestation-verification-with-vendored-key.patch
+COPY images/assets/patches/0047-Improve-repair_metadata-log-with-repo-and-package-na.patch /tmp/
+RUN patch -p1 -d /usr/local/lib/pulp/lib/python${PYTHON_VERSION}/site-packages < /tmp/0047-Improve-repair_metadata-log-with-repo-and-package-na.patch
 
 COPY images/assets/patches/0049-Skip-content-units-validation.patch /tmp/
 RUN patch -p1 -d /usr/local/lib/pulp/lib/python${PYTHON_VERSION}/site-packages < /tmp/0049-Skip-content-units-validation.patch
diff --git a/images/assets/patches/0046-Ignore-attestation-verification.patch b/images/assets/patches/0046-Ignore-attestation-verification.patch
deleted file mode 100644
index ec2eee49..00000000
--- a/images/assets/patches/0046-Ignore-attestation-verification.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 06ec8b1b3bf0207f2f82474634b0b7a908e91530 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Andr=C3=A9=20=22decko=22=20de=20Brito?= <decko@redhat.com>
-Date: Wed, 4 Mar 2026 16:14:26 -0300
-Subject: [PATCH] Ignore attestation verification
-
-Disable sigstore attestation verification for Python package uploads.
-Our environment cannot verify against sigstore trusted publishers.
-
-Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
----
- pulp_python/app/provenance.py | 18 +++++++++---------
- 1 file changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/pulp_python/app/provenance.py b/pulp_python/app/provenance.py
-index 41e1c20..72cd147 100644
---- a/pulp_python/app/provenance.py
-+++ b/pulp_python/app/provenance.py
-@@ -60,12 +60,12 @@ class Provenance(BaseModel):
- 
- def verify_provenance(filename, sha256, provenance, offline=True):
-     """Verify the provenance object is valid for the package."""
--    dist = Distribution(name=filename, digest=sha256)
--    for bundle in provenance.attestation_bundles:
--        publisher = bundle.publisher
--        policy = publisher._as_policy()
--        for attestation in bundle.attestations:
--            sig_bundle = attestation.to_bundle()
--            checkpoint = sig_bundle.log_entry._inner.inclusion_proof.checkpoint
--            staging = "sigstage.dev" in checkpoint.envelope
--            attestation.verify(policy, dist, staging=staging, offline=offline)
-+    #dist = Distribution(name=filename, digest=sha256)
-+    #for bundle in provenance.attestation_bundles:
-+    #    publisher = bundle.publisher
-+    #    policy = publisher._as_policy()
-+    #    for attestation in bundle.attestations:
-+    #        sig_bundle = attestation.to_bundle()
-+    #        checkpoint = sig_bundle.log_entry._inner.inclusion_proof.checkpoint
-+    #        staging = "sigstage.dev" in checkpoint.envelope
-+    #        attestation.verify(policy, dist, staging=staging, offline=offline)
--- 
-2.53.0
-
diff --git a/pulp_service/requirements.txt b/pulp_service/requirements.txt
index 981fa84b..a3614c86 100644
--- a/pulp_service/requirements.txt
+++ b/pulp_service/requirements.txt
@@ -1,8 +1,8 @@
 pulpcore==3.108.0
-pulp-rpm==3.35.2
+pulp-rpm==3.36.0
 pulp-gem==0.7.5
-pulp-python==3.28.2
-pulp-npm==0.7.0
+pulp-python==3.29.0
+pulp-npm==0.7.1
 pulp-container==2.27.6
 pulp-maven==0.12.0
 pulp-hugging-face==0.3.0
@@ -10,11 +10,11 @@ pulp-cli
 pulp-cli-gem
 sentry-sdk
 app-common-python
-oras==0.2.38
-uvloop==0.21.0
+oras==0.2.42
+uvloop==0.22.1
 jsonschema
 memray
 pyinstrument
 clamav-client>=0.7.1,<1.0
-django-hijack==3.7.4
+django-hijack==3.7.8
 pycares>=4.0.0,<5.0