chore(CR-26970): upd go-git/v5 (#767)

## What
CVE-2025-21613, CVE-2025-21614 fixed by updating
github.com/go-git/go-git/v5

## Why
<!-- Why are these changes being made? -->

## Notes
<!-- Add any additional notes here -->

Author: vitalii-codefresh

Makefile

@@ -1,4 +1,4 @@
-VERSION=v0.1.69
+VERSION=v0.1.70
 
 OUT_DIR=dist
 YEAR?=$(shell date +"%Y")

cmd/commands/cluster.go

@@ -1,4 +1,4 @@
-// Copyright 2024 The Codefresh Authors.
+// Copyright 2025 The Codefresh Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

cmd/commands/cluster_test.go

@@ -1,4 +1,4 @@
-// Copyright 2024 The Codefresh Authors.
+// Copyright 2025 The Codefresh Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

cmd/commands/common.go

@@ -1,4 +1,4 @@
-// Copyright 2024 The Codefresh Authors.
+// Copyright 2025 The Codefresh Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

cmd/commands/completion.go

@@ -1,4 +1,4 @@
-// Copyright 2024 The Codefresh Authors.
+// Copyright 2025 The Codefresh Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

cmd/commands/component.go

@@ -1,4 +1,4 @@
-// Copyright 2024 The Codefresh Authors.
+// Copyright 2025 The Codefresh Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

cmd/commands/config.go

@@ -1,4 +1,4 @@
-// Copyright 2024 The Codefresh Authors.
+// Copyright 2025 The Codefresh Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

cmd/commands/config_test.go

@@ -1,4 +1,4 @@
-// Copyright 2024 The Codefresh Authors.
+// Copyright 2025 The Codefresh Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

cmd/commands/git-source.go

@@ -1,4 +1,4 @@
-// Copyright 2024 The Codefresh Authors.
+// Copyright 2025 The Codefresh Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

cmd/commands/helm.go

@@ -1,4 +1,4 @@
-// Copyright 2024 The Codefresh Authors.
+// Copyright 2025 The Codefresh Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

cmd/commands/helm_test.go

@@ -1,4 +1,4 @@
-// Copyright 2024 The Codefresh Authors.
+// Copyright 2025 The Codefresh Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

cmd/commands/integrations.go

@@ -1,4 +1,4 @@
-// Copyright 2024 The Codefresh Authors.
+// Copyright 2025 The Codefresh Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

cmd/commands/migrate.go

@@ -1,4 +1,4 @@
-// Copyright 2024 The Codefresh Authors.
+// Copyright 2025 The Codefresh Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

cmd/commands/pipeline.go

@@ -1,4 +1,4 @@
-// Copyright 2024 The Codefresh Authors.
+// Copyright 2025 The Codefresh Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

cmd/commands/product-release.go

@@ -1,4 +1,4 @@
-// Copyright 2024 The Codefresh Authors.
+// Copyright 2025 The Codefresh Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

cmd/commands/product-release_test.go

@@ -1,4 +1,4 @@
-// Copyright 2024 The Codefresh Authors.
+// Copyright 2025 The Codefresh Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

cmd/commands/root.go

@@ -1,4 +1,4 @@
-// Copyright 2024 The Codefresh Authors.
+// Copyright 2025 The Codefresh Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

cmd/commands/runtime.go

@@ -1,4 +1,4 @@
-// Copyright 2024 The Codefresh Authors.
+// Copyright 2025 The Codefresh Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

cmd/commands/runtime_install.go

@@ -1,4 +1,4 @@
-// Copyright 2024 The Codefresh Authors.
+// Copyright 2025 The Codefresh Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -168,7 +168,7 @@ func NewRuntimeInstallCommand() *cobra.Command {
 	)
 
 	cmd := &cobra.Command{
-		Use: "install [runtime_name]",
+		Use:        "install [runtime_name]",
 		Deprecated: "We have transitioned our GitOps Runtimes from CLI-based to Helm-based installation.",
 		RunE: func(cmd *cobra.Command, _ []string) error {
 			return errors.New(`We have transitioned our GitOps Runtimes from CLI-based to Helm-based installation.

cmd/commands/upgrade.go

@@ -1,4 +1,4 @@
-// Copyright 2024 The Codefresh Authors.
+// Copyright 2025 The Codefresh Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

cmd/commands/version.go

@@ -1,4 +1,4 @@
-// Copyright 2024 The Codefresh Authors.
+// Copyright 2025 The Codefresh Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

cmd/commands/workflow.go

@@ -1,4 +1,4 @@
-// Copyright 2024 The Codefresh Authors.
+// Copyright 2025 The Codefresh Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

cmd/main.go

@@ -1,4 +1,4 @@
-// Copyright 2024 The Codefresh Authors.
+// Copyright 2025 The Codefresh Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.

go.mod

@@ -14,8 +14,8 @@ require (
 	github.com/codefresh-io/go-sdk v1.3.1
 	github.com/fatih/color v1.16.0
 	github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32
-	github.com/go-git/go-billy/v5 v5.5.0
-	github.com/go-git/go-git/v5 v5.12.0
+	github.com/go-git/go-billy/v5 v5.6.1
+	github.com/go-git/go-git/v5 v5.13.1
 	github.com/gobuffalo/packr v1.30.1
 	github.com/golang/mock v1.6.0
 	github.com/google/uuid v1.6.0
@@ -31,7 +31,7 @@ require (
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.19.0
 	github.com/stretchr/testify v1.10.0
-	golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f
+	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
 	golang.org/x/text v0.21.0
 	gopkg.in/segmentio/analytics-go.v3 v3.1.0
 	helm.sh/helm/v3 v3.14.2
@@ -57,7 +57,7 @@ require (
 	github.com/Masterminds/squirrel v1.5.4 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/PagerDuty/go-pagerduty v1.7.0 // indirect
-	github.com/ProtonMail/go-crypto v1.0.0 // indirect
+	github.com/ProtonMail/go-crypto v1.1.3 // indirect
 	github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20210112200207-10ab4d695d60 // indirect
 	github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d // indirect
 	github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a // indirect
@@ -101,7 +101,7 @@ require (
 	github.com/containerd/platforms v0.2.1 // indirect
 	github.com/coreos/go-oidc/v3 v3.11.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
-	github.com/cyphar/filepath-securejoin v0.3.2 // indirect
+	github.com/cyphar/filepath-securejoin v0.3.6 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/davidmz/go-pageant v1.0.2 // indirect
 	github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f // indirect
@@ -254,7 +254,7 @@ require (
 	github.com/segmentio/backo-go v1.1.0 // indirect
 	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
 	github.com/shopspring/decimal v1.4.0 // indirect
-	github.com/skeema/knownhosts v1.2.2 // indirect
+	github.com/skeema/knownhosts v1.3.0 // indirect
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
 	github.com/slack-go/slack v0.13.0 // indirect
 	github.com/soheilhy/cmux v0.1.5 // indirect
@@ -287,7 +287,7 @@ require (
 	go.uber.org/automaxprocs v1.5.3 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/crypto v0.31.0 // indirect
-	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/mod v0.19.0 // indirect
 	golang.org/x/net v0.33.0 // indirect
 	golang.org/x/oauth2 v0.23.0 // indirect
 	golang.org/x/sync v0.10.0 // indirect