Bump the go group across 1 directory with 5 updates

[dependabot]

Bumps the go group with 4 updates in the / directory: github.com/CycloneDX/cyclonedx-go, github.com/go-git/go-git/v5, github.com/jfrog/archiver/v3 and golang.org/x/crypto.

Updates github.com/CycloneDX/cyclonedx-go from 0.9.3 to 0.10.0

Release notes

Sourced from github.com/CycloneDX/cyclonedx-go's releases.

v0.10.0

Changelog

Fixes

• f724c55d9c13a6e79980cd4cc6a39f2696bc6c97: fix: add missing fields for v1.6 spec (#249) (@​alistair-mclean)
• 48a212c7c5cd015cac8df92de3696e3d7e3531ef: fix: migrate golangci-lint config and address issues (@​nscuro)
• 75662981bebea02c122b44d31fa65f134d6abd28: fix: unset component tags for spec version less than 1.6 (#253) (@​alistair-mclean)

Building and Packaging

• ff55798700d8298a41813be8bf2dfbacd3179ea1: build(deps): bump actions/checkout from 4.2.2 to 5.0.0 (@​dependabot[bot])
• 3781c74cf069aac093ca69feb0ede6b97eccc1ae: build(deps): bump actions/checkout from 5.0.0 to 6.0.2 (@​dependabot[bot])
• 4a3ab35be2ded2e654818a3f9ea45a8cd19788e2: build(deps): bump actions/setup-go from 5.5.0 to 6.0.0 (@​dependabot[bot])
• 49ee4a34713d50c1ec26b08e515eeca4b6226bd2: build(deps): bump actions/setup-go from 6.0.0 to 6.2.0 (@​dependabot[bot])
• 521976f2f97e4690d75b0042374ed44dcf01e373: build(deps): bump apache/skywalking-eyes from 0.7.0 to 0.8.0 (@​dependabot[bot])
• 11497919754dd4238eb10f357ed68800c617a233: build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1 (@​dependabot[bot])
• 9fa7dc11aaf321c06eef3f86dc5ae2be694be33c: build(deps): bump gitpod/workspace-go from 8985eb7 to 08a7c68 (@​dependabot[bot])
• af64af3762779ec64a6e77904524480ec4a60a44: build(deps): bump golangci/golangci-lint-action from 6.2.0 to 9.2.0 (@​dependabot[bot])
• 8c642b2c7902e6473e9994656cdf078e24bd75f5: build(deps): bump goreleaser/goreleaser-action from 6.3.0 to 6.4.0 (@​dependabot[bot])

Others

• 082681c2438c89ed961c4ad0a89d80b798d8e7f2: chore: bump minimum go version to 1.23 (@​nscuro)

Commits

• 2270566 Merge pull request #254 from CycloneDX/bump-go-versions
• 082681c chore: bump minimum go version to 1.23
• 291671e Merge pull request #252 from CycloneDX/dependabot/github_actions/golangci/gol...
• 48a212c fix: migrate golangci-lint config and address issues
• f724c55 fix: add missing fields for v1.6 spec (#249)
• 7566298 fix: unset component tags for spec version less than 1.6 (#253)
• bc030ba Merge pull request #235 from CycloneDX/dependabot/docker/gitpod/workspace-go-...
• b198226 Merge pull request #251 from CycloneDX/dependabot/github_actions/actions/setu...
• e11807d Merge pull request #250 from CycloneDX/dependabot/github_actions/actions/chec...
• af64af3 build(deps): bump golangci/golangci-lint-action from 6.2.0 to 9.2.0
• Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.16.3 to 5.16.4

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.16.4

What's Changed

• backport plumbing: format/idxfile, prevent panic by @​swills in go-git/go-git#1732
• [backport] build: test, Fix build on Windows. by @​pjbgf in go-git/go-git#1734
• build: Update module golang.org/x/net to v0.38.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1742
• build: Update module github.com/cloudflare/circl to v1.6.1 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1741
• build: Update module github.com/go-git/go-git/v5 to v5.13.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-git#1743

Full Changelog: go-git/go-git@v5.16.3...v5.16.4

Commits

• de8ecc3 Merge pull request #1743 from go-git/renovate/releases/v5.x-go-github.com-go-...
• 3e752f0 build: Update module github.com/go-git/go-git/v5 to v5.13.0 [SECURITY]
• 3a31754 Merge pull request #1741 from go-git/renovate/releases/v5.x-go-github.com-clo...
• acc28f1 build: Update module github.com/cloudflare/circl to v1.6.1 [SECURITY]
• 95f3880 Merge pull request #1742 from go-git/renovate/releases/v5.x-go-golang.org-x-n...
• 329f926 build: Update module golang.org/x/net to v0.38.0 [SECURITY]
• 399e04b Merge pull request #1734 from pjbgf/fix-ci
• 2025eae build: test, Fix build on Windows.
• fb6806f Merge pull request #1732 from swills/find-hash-panic-fix-backport
• 382530f plumbing: format/idxfile, prevent panic
• See full diff in compare view

Updates github.com/jfrog/archiver/v3 from 3.6.1 to 3.6.3

Release notes

Sourced from github.com/jfrog/archiver/v3's releases.

v3.6.3

What's Changed

• META-2220 - Downgrade minimal go version to 1.21 to allow UBI9 clients to compile by @​idoz-jfrog in jfrog/archiver#8

Full Changelog: jfrog/archiver@v3.6.2...v3.6.3

v3.6.2

What's Changed

• Bump rardecode to github.com/nwaples/rardecode/v2 v2.2.2 by @​idoz-jfrog in jfrog/archiver#7
• Bump go to 1.25.5

New Contributors

• @​idoz-jfrog made their first contribution in jfrog/archiver#7

Full Changelog: jfrog/archiver@v3.6.1...v3.6.2

Commits

• 0e77879 META-2220 - Downgrade minimal go version to 1.21 to allow UBI9 clients to com...
• 57250f9 META-2220 - Bump rardecode to github.com/nwaples/rardecode/v2 v2.2.2 (#7)
• See full diff in compare view

Updates golang.org/x/crypto from 0.43.0 to 0.47.0

Commits

• 506e022 go.mod: update golang.org/x dependencies
• 7dacc38 chacha20poly1305: error out in fips140=only mode
• 19acf81 go.mod: update golang.org/x dependencies
• 3a1c6b4 x509roots/fallback: update bundle
• f4602e4 ssh/agent: fix flaky test by ensuring a writeable home directory
• 4e0068c go.mod: update golang.org/x dependencies
• e79546e ssh: curb GSSAPI DoS risk by limiting number of specified OIDs
• f91f7a7 ssh/agent: prevent panic on malformed constraint
• 2df4153 acme/autocert: let automatic renewal work with short lifetime certs
• bcf6a84 acme: pass context to request
• Additional commits viewable in compare view

Updates golang.org/x/term from 0.37.0 to 0.39.0

Commits

• a7e5b04 go.mod: update golang.org/x dependencies
• 943f25d x/term: handle transpose
• 9b991dd x/term: handle delete key
• 3863673 go.mod: update golang.org/x dependencies
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions