chore(deps): bump the go group across 1 directory with 3 updates (#689)

Bumps the go group with 3 updates in the / directory:
[github.com/fluxcd/kustomize-controller/api](https://github.com/fluxcd/kustomize-controller),
[github.com/fluxcd/pkg/runtime](https://github.com/fluxcd/pkg) and
[ocm.software/ocm](https://github.com/open-component-model/ocm).

Updates `github.com/fluxcd/kustomize-controller/api` from 1.6.0 to 1.6.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/fluxcd/kustomize-controller/releases">github.com/fluxcd/kustomize-controller/api's
releases</a>.</em></p>
<blockquote>
<h2>v1.6.1</h2>
<h2>Changelog</h2>
<p><a
href="https://github.com/fluxcd/kustomize-controller/blob/v1.6.1/CHANGELOG.md">v1.6.1
changelog</a></p>
<h2>Container images</h2>
<ul>
<li><code>docker.io/fluxcd/kustomize-controller:v1.6.1</code></li>
<li><code>ghcr.io/fluxcd/kustomize-controller:v1.6.1</code></li>
</ul>
<p>Supported architectures: <code>linux/amd64</code>,
<code>linux/arm64</code> and <code>linux/arm/v7</code>.</p>
<p>The container images are built on GitHub hosted runners and are
signed with cosign and GitHub OIDC.
To verify the images and their provenance (SLSA level 3), please see the
<a href="https://fluxcd.io/flux/security/">security
documentation</a>.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/fluxcd/kustomize-controller/blob/main/CHANGELOG.md">github.com/fluxcd/kustomize-controller/api's
changelog</a>.</em></p>
<blockquote>
<h2>1.6.1</h2>
<p><strong>Release date:</strong> 2025-07-08</p>
<p>This patch release fixes a bug introduced in v1.6.0
that causes SOPS decryption with US Government KMS
keys to fail with the error:</p>
<pre><code>STS: AssumeRoleWithWebIdentity, https response error\n
StatusCode: 0, RequestID: ,
request send failed, Post\n
\&quot;https://sts.arn.amazonaws.com/\&quot;: dial tcp:
lookupts.arn.amazonaws.com on 10.100.0.10:53: no such host
</code></pre>
<p>Fixes:</p>
<ul>
<li>Fix regression in STS endpoint for SOPS decryption with AWS KMS in
US Gov partition
<a
href="https://redirect.github.com/fluxcd/kustomize-controller/pull/1478">#1478</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/fluxcd/kustomize-controller/commit/8ec4a6e91f5bb7c0e2faaee4eafde2e25e8c4778"><code>8ec4a6e</code></a>
Merge pull request <a
href="https://redirect.github.com/fluxcd/kustomize-controller/issues/1482">#1482</a>
from fluxcd/release-v1.6.1</li>
<li><a
href="https://github.com/fluxcd/kustomize-controller/commit/84115f6516e6046b8ccaaa5614d0794a50270f61"><code>84115f6</code></a>
Release v1.6.1</li>
<li><a
href="https://github.com/fluxcd/kustomize-controller/commit/2333a7413c6748ed6a9c70abe2e46f7f4e798864"><code>2333a74</code></a>
Add changelog entry for v1.6.1</li>
<li><a
href="https://github.com/fluxcd/kustomize-controller/commit/9a203c87755c6561144517eda07721af890f4729"><code>9a203c8</code></a>
Merge pull request <a
href="https://redirect.github.com/fluxcd/kustomize-controller/issues/1480">#1480</a>
from fluxcd/backport-1478-to-release/v1.6.x</li>
<li><a
href="https://github.com/fluxcd/kustomize-controller/commit/127d696d336b2b1dfdfe7177eb3d2033c1d8ba91"><code>127d696</code></a>
Fix regression in STS endpoint for SOPS decryption with AWS KMS in US
Gov par...</li>
<li>See full diff in <a
href="https://github.com/fluxcd/kustomize-controller/compare/v1.6.0...v1.6.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `github.com/fluxcd/pkg/runtime` from 0.62.0 to 0.63.0
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/fluxcd/pkg/commit/d07717ff225741ef8164097fe88d9192e71731f0"><code>d07717f</code></a>
Merge pull request <a
href="https://redirect.github.com/fluxcd/pkg/issues/961">#961</a> from
cappyzawa/fix/runtime-secrets-logger-from-context</li>
<li><a
href="https://github.com/fluxcd/pkg/commit/ec70e5a4514ffd0edb0cadf4ba16fc358fef5ec8"><code>ec70e5a</code></a>
runtime/secrets: use context-based logger retrieval</li>
<li><a
href="https://github.com/fluxcd/pkg/commit/3671c3a960328917e1e1fb678671058d38953b9d"><code>3671c3a</code></a>
Merge pull request <a
href="https://redirect.github.com/fluxcd/pkg/issues/958">#958</a> from
cappyzawa/update-kustomize-v5.7.0</li>
<li><a
href="https://github.com/fluxcd/pkg/commit/692aef15c185b7513135436cfd57d77b985968ef"><code>692aef1</code></a>
kustomize: Update kustomize to v5.7.0</li>
<li><a
href="https://github.com/fluxcd/pkg/commit/21cbf19670ac61decc3a1ad7b3361cf14ec49845"><code>21cbf19</code></a>
Merge pull request <a
href="https://redirect.github.com/fluxcd/pkg/issues/952">#952</a> from
dgunzy/fix-invalid-cabundle-crd-reconciliation</li>
<li><a
href="https://github.com/fluxcd/pkg/commit/703cbcae7c3ba479e9576d049958f3aa66cd0c05"><code>703cbca</code></a>
fix(ssa): remove invalid CABundle from CRD patches</li>
<li>See full diff in <a
href="https://github.com/fluxcd/pkg/compare/runtime/v0.62.0...runtime/v0.63.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `ocm.software/ocm` from 0.25.0 to 0.26.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/open-component-model/ocm/releases">ocm.software/ocm's
releases</a>.</em></p>
<blockquote>
<h2>v0.26.0</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<h3>‼️ Breaking Changes</h3>
<ul>
<li>chore!: migrate to native cobra library by <a
href="https://github.com/Skarlso"><code>@​Skarlso</code></a> in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1504">open-component-model/ocm#1504</a></li>
</ul>
<h3>🐛 Bug Fixes</h3>
<!-- raw HTML omitted -->
<ul>
<li>fix: git access tar methods by <a
href="https://github.com/frewilhelm"><code>@​frewilhelm</code></a> in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1454">open-component-model/ocm#1454</a></li>
<li>fix(revert): make sure that ref is an option in the gitHub
AccessMethod (<a
href="https://redirect.github.com/open-component-model/ocm/issues/1406">#1406</a>)
by <a
href="https://github.com/jakobmoellerdev"><code>@​jakobmoellerdev</code></a>
in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1460">open-component-model/ocm#1460</a></li>
<li>fix: allow spec compliant, but unusually ordered HELM Chart OCI
Artifacts in HELM OCI Artifact downloader by <a
href="https://github.com/jakobmoellerdev"><code>@​jakobmoellerdev</code></a>
in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1470">open-component-model/ocm#1470</a></li>
<li>fix: allow pre-v3.7.0 HELM Charts in HELM OCI Artifact downloader by
<a
href="https://github.com/jakobmoellerdev"><code>@​jakobmoellerdev</code></a>
in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1476">open-component-model/ocm#1476</a></li>
<li>fix: use the updated link checker fork by <a
href="https://github.com/Skarlso"><code>@​Skarlso</code></a> in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1475">open-component-model/ocm#1475</a></li>
<li>fix: make sure that helm downloader does not overwrite chart with
provenance data by <a
href="https://github.com/jakobmoellerdev"><code>@​jakobmoellerdev</code></a>
in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1481">open-component-model/ocm#1481</a></li>
<li>chore: fix correct filename for provenance file by <a
href="https://github.com/frewilhelm"><code>@​frewilhelm</code></a> in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1492">open-component-model/ocm#1492</a></li>
</ul>
<!-- raw HTML omitted -->
<h3>⬆️ Dependencies</h3>
<!-- raw HTML omitted -->
<ul>
<li>chore(deps): bump the go group with 7 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1452">open-component-model/ocm#1452</a></li>
<li>chore: pin cosign to commit to make sure we are security compliant
by <a href="https://github.com/frewilhelm"><code>@​frewilhelm</code></a>
in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1459">open-component-model/ocm#1459</a></li>
<li>chore(deps): bump the go group with 7 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1465">open-component-model/ocm#1465</a></li>
<li>chore(deps): bump the go group with 5 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1487">open-component-model/ocm#1487</a></li>
<li>chore(deps): bump distroless/static-debian12 from to by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1486">open-component-model/ocm#1486</a></li>
<li>chore(deps): bump the go group with 7 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1493">open-component-model/ocm#1493</a></li>
<li>chore(deps): bump the go group with 10 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1502">open-component-model/ocm#1502</a></li>
<li>chore(deps): bump the go group with 8 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1513">open-component-model/ocm#1513</a></li>
<li>chore(deps): bump distroless/static-debian12 from to by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1512">open-component-model/ocm#1512</a></li>
</ul>
<!-- raw HTML omitted -->
<h3>🧰 Maintenance</h3>
<!-- raw HTML omitted -->
<ul>
<li>chore: bump VERSION to 0.26.0-dev by <a
href="https://github.com/ocmbot"><code>@​ocmbot</code></a> in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1443">open-component-model/ocm#1443</a></li>
<li>chore: GitHub actions add permissions by <a
href="https://github.com/frewilhelm"><code>@​frewilhelm</code></a> in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1449">open-component-model/ocm#1449</a></li>
<li>chore: sanitize log by <a
href="https://github.com/frewilhelm"><code>@​frewilhelm</code></a> in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1450">open-component-model/ocm#1450</a></li>
<li>chore: adjust GHA permissions by <a
href="https://github.com/frewilhelm"><code>@​frewilhelm</code></a> in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1451">open-component-model/ocm#1451</a></li>
<li>chore: remove winget by <a
href="https://github.com/Skarlso"><code>@​Skarlso</code></a> in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1463">open-component-model/ocm#1463</a></li>
<li>chore: use ternary operator to avoid &quot;skipped&quot; integration
test job by <a
href="https://github.com/jakobmoellerdev"><code>@​jakobmoellerdev</code></a>
in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1490">open-component-model/ocm#1490</a></li>
<li>docs: ecrplugin readme by <a
href="https://github.com/ikhandamirov"><code>@​ikhandamirov</code></a>
in <a
href="https://redirect.github.com/open-component-model/ocm/pull/1482">open-component-model/ocm#1482</a></li>
</ul>
<!-- raw HTML omitted -->
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/open-component-model/ocm/commit/4c74991b8b57ecec2908a657a779051d7d620bb9"><code>4c74991</code></a>
chore(deps): bump nosborn/github-action-markdown-cli from 3.4.0 to 3.5.0
in t...</li>
<li><a
href="https://github.com/open-component-model/ocm/commit/7bc621fe448d5664b846320984631f58e8ca344e"><code>7bc621f</code></a>
chore: update 'flake.nix' (<a
href="https://redirect.github.com/open-component-model/ocm/issues/1514">#1514</a>)</li>
<li><a
href="https://github.com/open-component-model/ocm/commit/c27b5e10fa2ca9129f74893a3f60e7db61984fa1"><code>c27b5e1</code></a>
chore(deps): bump distroless/static-debian12 from <code>188ddfb</code>
to <code>627d6c5</code> (<a
href="https://redirect.github.com/open-component-model/ocm/issues/1512">#1512</a>)</li>
<li><a
href="https://github.com/open-component-model/ocm/commit/d74f4c64f3eb4e8d50957c6a0031af11052dfc1e"><code>d74f4c6</code></a>
chore(deps): bump the go group with 8 updates (<a
href="https://redirect.github.com/open-component-model/ocm/issues/1513">#1513</a>)</li>
<li><a
href="https://github.com/open-component-model/ocm/commit/d2f8fdca4067f3469668b513486d88edff57278c"><code>d2f8fdc</code></a>
chore: update 'flake.nix' (<a
href="https://redirect.github.com/open-component-model/ocm/issues/1510">#1510</a>)</li>
<li><a
href="https://github.com/open-component-model/ocm/commit/ceea43377a381101ecf75e5b2420b7d263f53523"><code>ceea433</code></a>
chore!: migrate to native cobra library (<a
href="https://redirect.github.com/open-component-model/ocm/issues/1504">#1504</a>)</li>
<li><a
href="https://github.com/open-component-model/ocm/commit/073a4edc1452a9ebd3922085cec843cbe1bbc270"><code>073a4ed</code></a>
chore(deps): bump github/codeql-action from 3.28.19 to 3.29.0 in the ci
group...</li>
<li><a
href="https://github.com/open-component-model/ocm/commit/3360f7978650d7a04bb52b7358fffab1f7329876"><code>3360f79</code></a>
chore: update 'flake.nix' (<a
href="https://redirect.github.com/open-component-model/ocm/issues/1503">#1503</a>)</li>
<li><a
href="https://github.com/open-component-model/ocm/commit/ca24589a12bd92e4a861a2afc6596db46fc497f4"><code>ca24589</code></a>
chore(deps): bump the go group with 10 updates (<a
href="https://redirect.github.com/open-component-model/ocm/issues/1502">#1502</a>)</li>
<li><a
href="https://github.com/open-component-model/ocm/commit/c2006477ffd078787d488b4bdea870a015df5d4b"><code>c200647</code></a>
chore: update 'flake.nix' (<a
href="https://redirect.github.com/open-component-model/ocm/issues/1499">#1499</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/open-component-model/ocm/compare/v0.25...v0.26">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: dependabot[bot]

go.mod

@@ -19,15 +19,15 @@ require (
 	github.com/cyphar/filepath-securejoin v0.4.1
 	github.com/distribution/distribution/v3 v3.0.0
 	github.com/fluxcd/helm-controller/api v1.3.0
-	github.com/fluxcd/kustomize-controller/api v1.6.0
+	github.com/fluxcd/kustomize-controller/api v1.6.1
 	github.com/fluxcd/pkg/apis/event v0.17.0
 	github.com/fluxcd/pkg/apis/meta v1.13.0
 	github.com/fluxcd/pkg/http/fetch v0.16.0
 	github.com/fluxcd/pkg/kustomize v1.18.0
-	github.com/fluxcd/pkg/runtime v0.62.0
+	github.com/fluxcd/pkg/runtime v0.63.0
 	github.com/fluxcd/pkg/tar v0.12.0
 	github.com/fluxcd/source-controller/api v1.6.2
-	github.com/google/go-containerregistry v0.20.3
+	github.com/google/go-containerregistry v0.20.4-0.20250225234217-098045d5e61f
 	github.com/mandelsoft/logging v0.0.0-20240618075559-fdca28a87b0a
 	github.com/mandelsoft/spiff v1.7.0-beta-7
 	github.com/mandelsoft/vfs v0.4.4
@@ -46,18 +46,18 @@ require (
 	helm.sh/helm/v3 v3.18.4
 	k8s.io/apimachinery v0.33.2
 	k8s.io/client-go v0.33.2
-	ocm.software/ocm v0.25.0
+	ocm.software/ocm v0.26.0
 	sigs.k8s.io/controller-runtime v0.21.0
 	sigs.k8s.io/e2e-framework v0.6.0
 	sigs.k8s.io/kustomize/api v0.20.0
 )
 
 require (
-	cloud.google.com/go/auth v0.15.0 // indirect
+	cloud.google.com/go/auth v0.16.0 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect
 	cloud.google.com/go/compute/metadata v0.6.0 // indirect
 	code.gitea.io/sdk/gitea v0.21.0 // indirect
-	dario.cat/mergo v1.0.1 // indirect
+	dario.cat/mergo v1.0.2 // indirect
 	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/42wim/httpsig v1.2.2 // indirect
 	github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/provider v0.15.2 // indirect
@@ -91,31 +91,31 @@ require (
 	github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
 	github.com/aliyun/credentials-go v1.3.10 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.36.3 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.36.4 // indirect
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.10 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.29.14 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.17.67 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.74 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.29.16 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.69 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.31 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.17.79 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.35 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.35 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.34 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.44.0 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.35 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.44.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.31.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.7.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.15 // indirect
-	github.com/aws/aws-sdk-go-v2/service/s3 v1.79.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.33.19 // indirect
-	github.com/aws/smithy-go v1.22.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.7.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.16 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.16 // indirect
+	github.com/aws/aws-sdk-go-v2/service/s3 v1.80.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.25.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.33.21 // indirect
+	github.com/aws/smithy-go v1.22.3 // indirect
 	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.9.1 // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/blang/semver/v4 v4.0.0 // indirect
-	github.com/buildkite/agent/v3 v3.95.1 // indirect
+	github.com/buildkite/agent/v3 v3.97.0 // indirect
 	github.com/buildkite/go-pipeline v0.13.3 // indirect
 	github.com/buildkite/interpolate v0.1.5 // indirect
 	github.com/buildkite/roko v1.3.1 // indirect
@@ -131,6 +131,7 @@ require (
 	github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect
 	github.com/containerd/containerd v1.7.27 // indirect
 	github.com/containerd/errdefs v1.0.0 // indirect
+	github.com/containerd/errdefs/pkg v0.3.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/containerd/platforms v0.2.1 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.16.3 // indirect
@@ -145,9 +146,9 @@ require (
 	github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect
 	github.com/dimchansky/utfbom v1.1.1 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
-	github.com/docker/cli v28.1.1+incompatible // indirect
+	github.com/docker/cli v28.2.2+incompatible // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect
-	github.com/docker/docker v28.1.1+incompatible // indirect
+	github.com/docker/docker v28.2.2+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.9.3 // indirect
 	github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c // indirect
 	github.com/docker/go-connections v0.5.0 // indirect
@@ -172,7 +173,7 @@ require (
 	github.com/fluxcd/pkg/apis/kustomize v1.10.0 // indirect
 	github.com/fluxcd/pkg/envsubst v1.4.0 // indirect
 	github.com/fluxcd/pkg/sourceignore v0.12.0 // indirect
-	github.com/fluxcd/pkg/ssa v0.46.0 // indirect
+	github.com/fluxcd/pkg/ssa v0.48.0 // indirect
 	github.com/fluxcd/pkg/version v0.7.0 // indirect
 	github.com/fvbommel/sortorder v1.1.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.8.0 // indirect
@@ -182,7 +183,7 @@ require (
 	github.com/go-fed/httpsig v1.1.0 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.6.2 // indirect
-	github.com/go-git/go-git/v5 v5.16.0 // indirect
+	github.com/go-git/go-git/v5 v5.16.2 // indirect
 	github.com/go-jose/go-jose/v3 v3.0.4 // indirect
 	github.com/go-jose/go-jose/v4 v4.1.0 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
@@ -214,7 +215,7 @@ require (
 	github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
 	github.com/gowebpki/jcs v1.0.1 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.1 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.26.3 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
@@ -274,7 +275,7 @@ require (
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/redis/go-redis/extra/rediscmd/v9 v9.5.3 // indirect
 	github.com/redis/go-redis/extra/redisotel/v9 v9.5.3 // indirect
-	github.com/redis/go-redis/v9 v9.8.0 // indirect
+	github.com/redis/go-redis/v9 v9.10.0 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
@@ -284,12 +285,12 @@ require (
 	github.com/segmentio/ksuid v1.0.4 // indirect
 	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
 	github.com/shibumi/go-pathspec v1.3.0 // indirect
-	github.com/sigstore/cosign/v2 v2.5.0 // indirect
-	github.com/sigstore/fulcio v1.6.6 // indirect
+	github.com/sigstore/cosign/v2 v2.5.1-0.20250508191124-dfa6abe891e2 // indirect
+	github.com/sigstore/fulcio v1.7.1 // indirect
 	github.com/sigstore/protobuf-specs v0.4.1 // indirect
 	github.com/sigstore/rekor v1.3.10 // indirect
-	github.com/sigstore/sigstore v1.9.4 // indirect
-	github.com/sigstore/timestamp-authority v1.2.5 // indirect
+	github.com/sigstore/sigstore v1.9.5 // indirect
+	github.com/sigstore/timestamp-authority v1.2.6 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/skeema/knownhosts v1.3.1 // indirect
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
@@ -327,7 +328,7 @@ require (
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/contrib/bridges/prometheus v0.57.0 // indirect
 	go.opentelemetry.io/contrib/exporters/autoexport v0.57.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.59.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect
 	go.opentelemetry.io/otel v1.35.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.8.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.8.0 // indirect
@@ -344,19 +345,19 @@ require (
 	go.opentelemetry.io/otel/metric v1.35.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.35.0 // indirect
 	go.opentelemetry.io/otel/sdk/log v0.8.0 // indirect
-	go.opentelemetry.io/otel/sdk/metric v1.34.0 // indirect
+	go.opentelemetry.io/otel/sdk/metric v1.35.0 // indirect
 	go.opentelemetry.io/otel/trace v1.35.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.5.0 // indirect
-	go.step.sm/crypto v0.60.0 // indirect
+	go.step.sm/crypto v0.61.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
 	go.yaml.in/yaml/v3 v3.0.3 // indirect
-	golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 // indirect
+	golang.org/x/exp v0.0.0-20250305212735-054e65f0b394 // indirect
 	golang.org/x/mod v0.25.0 // indirect
 	golang.org/x/sync v0.15.0 // indirect
-	google.golang.org/api v0.228.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250313205543-e70fdf4c4cb4 // indirect
-	google.golang.org/grpc v1.71.0 // indirect
+	google.golang.org/api v0.230.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20250414145226-207652e42e2e // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250414145226-207652e42e2e // indirect
+	google.golang.org/grpc v1.72.0 // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
@@ -391,15 +392,15 @@ require (
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/prometheus/client_golang v1.22.0 // indirect
-	github.com/prometheus/client_model v0.6.1 // indirect
-	github.com/prometheus/common v0.62.0 // indirect
+	github.com/prometheus/client_model v0.6.2 // indirect
+	github.com/prometheus/common v0.63.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/spf13/pflag v1.0.6 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/crypto v0.39.0 // indirect
-	golang.org/x/net v0.40.0 // indirect
-	golang.org/x/oauth2 v0.29.0 // indirect
+	golang.org/x/net v0.41.0 // indirect
+	golang.org/x/oauth2 v0.30.0 // indirect
 	golang.org/x/sys v0.33.0 // indirect
 	golang.org/x/term v0.32.0 // indirect
 	golang.org/x/text v0.26.0 // indirect