chore: fix dependabot alerts

[rchincha]

What type of PR is this?

Which issue does this PR fix:

What does this PR do / Why do we need it:

If an issue # is not available please add repro steps and logs showing the issue:

Testing done on this change:

Automation added to e2e:

Will this break upgrades or downgrades?

Does this PR introduce any user-facing change?:

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[andaaron]

Maybe we could include the update for github.com/go-git/go-git/v5 v5.13.1?
Seems they fixed CVE-2025-21613 / GHSA-v725-9546-7q7m which is ranked as a HIGH severity issue.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91.88%. Comparing base (e410f39) to head (051f180).
Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2869   +/-   ##
=======================================
  Coverage   91.88%   91.88%           
=======================================
  Files         170      170           
  Lines       30282    30282           
=======================================
  Hits        27824    27824           
  Misses       1829     1829           
  Partials      629      629           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.