build(deps): bump github.com/go-git/go-billy/v5 from 5.6.2 to 5.9.0

[dependabot]

Bumps github.com/go-git/go-billy/v5 from 5.6.2 to 5.9.0.

Release notes

Sourced from github.com/go-git/go-billy/v5's releases.

v5.9.0

What's Changed

• Use path.Clean instead of filepath.Clean in iofs.Open by @​puerco in go-git/go-billy#197
• Deprecate ChrootOS in favour of BoundOS by @​pjbgf in go-git/go-billy#201
• General Improvements by @​pjbgf in go-git/go-billy#203
• osfs: ChrootOS eval baseDir on creation by @​pjbgf in go-git/go-billy#205
• Run go-git tests as part of integration tests by @​pjbgf in go-git/go-billy#206

Full Changelog: go-git/go-billy@v5.8.0...v5.9.0

v5.8.0

What's Changed

• build: Update module golang.org/x/net to v0.45.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-billy#183
• v5: Ensure Chmod behaviour across BoundOS and ChrootOS by @​pjbgf in go-git/go-billy#187

Full Changelog: go-git/go-billy@v5.7.0...v5.8.0

v5.7.0

What's Changed

• Add support for Chmod on billy.Filesystem by @​bitfehler in go-git/go-billy#171
• build: Update module golang.org/x/net to v0.38.0 [SECURITY] (releases/v5.x) by @​go-git-renovate[bot] in go-git/go-billy#177

Full Changelog: go-git/go-billy@v5.6.2...v5.7.0

Commits

• 237e529 Merge pull request #206 from pjbgf/v5-improvements
• 04edb39 build: Add go-git integration test
• d8efefd osfs: preserve empty ChrootOS base
• 07f2a0b Merge pull request #205 from pjbgf/v5-improvements
• 25207c8 build: Bump Go versions in workflows
• 2fda229 osfs: ChrootOS eval baseDir on creation
• 427b27f Merge pull request #203 from pjbgf/v5-improvements
• 7d5a23e chroot: Reject symlink loops
• 2c2287a util: avoid following symlinks in RemoveAll fallback
• cbd88e9 Fix mount path handling
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Summary by CodeRabbit

• Chores
  • Updated multiple indirect Go module dependencies to their latest stable versions across the project. Changes include version updates for libraries providing cryptography, networking, file system operations, and terminal handling functionality.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: abfa3677-6be0-4136-9412-08cdad88a62f

📥 Commits

Reviewing files that changed from the base of the PR and between 5e64e82 and 766aacd.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod

📜 Recent review details

🧰 Additional context used

📓 Path-based instructions (1)

**

⚙️ CodeRabbit configuration file

-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.

Files:

• go.mod

🔇 Additional comments (1)

go.mod (1)

47-47: LGTM!

Also applies to: 60-60, 134-140

---

Walkthrough

Updated indirect Go module dependencies in go.mod, including github.com/cyphar/filepath-securejoin (v0.4.1 → v0.6.1), github.com/go-git/go-billy/v5 (v5.6.2 → v5.9.0), and multiple golang.org/x/* standard library modules to newer patch/minor versions.

Changes

Dependency Version Bumps

Layer / File(s)	Summary
Indirect module updates go.mod	Multiple indirect dependencies updated: filepath-securejoin to v0.6.1, go-billy/v5 to v5.9.0, and six golang.org/x/* modules (crypto, net, sync, sys, term, text) to newer patch/minor versions.

Estimated Code Review Effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Possibly Related PRs

• codeready-toolchain/argocd-mcp-server#54: Updates go.mod for Go toolchain or module versions, similar manifest-level changes.
• codeready-toolchain/argocd-mcp-server#57: Updates go.mod versions for Go toolchain or indirect dependencies, related manifest changes.
• codeready-toolchain/argocd-mcp-server#62: Updates go.mod dependencies including golang.org/x/net, overlapping module scope.

Suggested Reviewers

• alexeykazakov

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately identifies the main dependency update from the changeset, though it omits other significant bumps (github.com/cyphar/filepath-securejoin and multiple golang.org/x/* modules).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/go_modules/github.com/go-git/go-billy/v5-5.9.0

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}