build(deps): bump the dependencies group with 6 updates

[dependabot]

Bumps the dependencies group with 6 updates:

Package	From	To
github.com/docker/cli	28.4.0+incompatible	28.5.1+incompatible
github.com/docker/docker	28.4.0+incompatible	28.5.1+incompatible
github.com/go-git/go-git/v5	5.16.2	5.16.3
golang.org/x/term	0.35.0	0.36.0
golang.org/x/crypto	0.42.0	0.43.0
google.golang.org/protobuf	1.36.9	1.36.10

Updates github.com/docker/cli from 28.4.0+incompatible to 28.5.1+incompatible

Commits

• e180ab8 Merge pull request #6541 from vvoland/6540-28.x
• 0d799c5 update to go1.24.8
• 887030f Merge pull request #6522 from thaJeztah/28.x_bump_moby
• 9c6a0e0 Merge pull request #6531 from thaJeztah/28.x_backport_bump_macos
• f784471 vendor: github.com/docker/docker cd048300a487 (v28.5.0-dev)
• d7afcf9 Merge pull request #6529 from thaJeztah/28.x_backport_deprecate_ResolveDefaul...
• 9d9adf6 gha: add macOS 15, remove macOS 13 (deprecated)
• d4b7734 cli/command: deprecate ResolveDefaultContext
• a106161 Merge pull request #6519 from thaJeztah/28.x_backport_authconfig_no_direct_cast
• 5e42f82 Merge pull request #6518 from thaJeztah/28.x_backport_memstore_notfounderr
• Additional commits viewable in compare view

Updates github.com/docker/docker from 28.4.0+incompatible to 28.5.1+incompatible

Release notes

Sourced from github.com/docker/docker's releases.

v28.5.1

28.5.1

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.5.1 milestone
• moby/moby, 28.5.1 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Bug fixes and enhancements

• Update BuildKit to v0.25.1. moby/moby#51137
• Update Go runtime to 1.24.8. moby/moby#51133, docker/cli#6541

Deprecations

• api/types/image: InspectResponse: deprecate Parent and DockerVersion fields. moby/moby#51105
• api/types/plugin: deprecate Config.DockerVersion field. moby/moby#51110

v28.5.0

28.5.0

For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:

• docker/cli, 28.5.0 milestone
• moby/moby, 28.5.0 milestone
• Deprecated and removed features, see Deprecated Features.
• Changes to the Engine API, see API version history.

Bug fixes and enhancements

• Don't print warnings in docker info for broken symlinks in CLI-plugin directories. docker/cli#6476
• Fix a panic during stats on empty event Actor.ID. docker/cli#6471

Packaging updates

• Remove support for legacy CBC cipher suites. docker/cli#6474
• Update Buildkit to v0.25.0. moby/moby#51075
• Update Dockerfile syntax to v1.19.0. moby/moby#51075

Networking

• Eliminated harmless warning about deletion of endpoint_count from the data store. moby/moby#51064
• Fix a bug causing IPAM plugins to not be loaded on Windows. moby/moby#51035

API

• Deprecate support for kernel memory TCP accounting (KernelMemoryTCP). moby/moby#51067
• Fix GET containers/{name}/checkpoints returning null instead of empty JSON array when there are no checkpoints. moby/moby#51052

... (truncated)

Commits

• f8215cc Merge pull request #51137 from austinvazquez/cherry-pick-vendor-buildkit-0.25...
• 40a856a hack: add patch to buildkit tests
• 5d1c311 vendor: update buildkit to v0.25.1
• 90506c1 Merge pull request #51133 from vvoland/51132-28.x
• 17db0cd Merge pull request #51128 from thaJeztah/28.x_backport_gcpolicy-invalid-calcu...
• f7c40ea update to go1.24.8
• dccf7c8 builder: use proper percentage calculations for default gc policy
• 0f040aa Merge pull request #51126 from vvoland/51124-28.x
• 5b1a039 ci: fix cache for go modules
• 8fa4bd5 Merge pull request #51121 from crazy-max/28.x_ci-caches-fixes
• Additional commits viewable in compare view

Updates github.com/go-git/go-git/v5 from 5.16.2 to 5.16.3

Release notes

Sourced from github.com/go-git/go-git/v5's releases.

v5.16.3

What's Changed

• internal: Expand regex to fix build [5.x] by @​baloo in go-git/go-git#1644
• build: raise timeouts for windows CI tests and disable CIFuzz [5.x] by @​baloo in go-git/go-git#1646
• plumbing: support commits extra headers, support jujutsu signed commit [5.x] by @​baloo in go-git/go-git#1633

Full Changelog: go-git/go-git@v5.16.2...v5.16.3

Commits

• ad9a3a5 Merge pull request #1633 from baloo/baloo/release-5.x/jj-signed-commits
• f2c3467 plumbing: support extra headers, support jujutsu signed commit [5.x]
• c12263d Merge pull request #1646 from baloo/baloo/release-5.x/fixup-windows-ci
• 111f374 build: disable fuzzing on maintenance branch
• 15d46ce build: raise timeouts for windows CI tests
• ce83ba1 Merge pull request #1644 from baloo/baloo/release-5.x/fixup-build
• b486201 internal: Expand regex to fix build
• See full diff in compare view

Updates golang.org/x/term from 0.35.0 to 0.36.0

Commits

• 3a0828a go.mod: update golang.org/x dependencies
• See full diff in compare view

Updates golang.org/x/crypto from 0.42.0 to 0.43.0

Commits

• 627cb89 go.mod: update golang.org/x dependencies
• dca4914 acme: fix autocert TestHTTPHandlerDefaultFallback
• 1336e21 x509roots/fallback: update bundle
• 2beaa59 ssh: add VerifiedPublicKeyCallback
• 66c3d8c ssh: add support for FIPS mode
• ddb4e80 ssh: remove custom contains, use slices.Contains
• f4d47b0 ssh: return clearer error when signature algorithm is used as key format
• 96dc232 x509roots/fallback/bundle: add bundle package to export root certs
• 8c9ba31 all: freeze and deprecate more packages
• 559e062 ssh/agent: return an error for unexpected message types
• See full diff in compare view

Updates google.golang.org/protobuf from 1.36.9 to 1.36.10

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
see 68 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.