[🐸 Frogbot] Update Go dependencies

[github-actions]

📦 Vulnerable Dependencies

Severity	ID	Contextual Analysis	Direct Dependencies	Impacted Dependency	Fixed Versions
High	CVE-2026-45022	Not Covered	github.com/go-git/go-git/v5:v5.18.0 github.com/jfrog/jfrog-cli-artifactory:v0.8.1-0.20260508123058-25d218a0eca9 github.com/jfrog/jfrog-cli-core/v2:v2.60.1-0.20260504054219-ba16d20c7b0f github.com/jfrog/jfrog-cli-security:v1.29.0	github.com/go-git/go-git/v5 v5.18.0	[5.19.0]
High	CVE-2026-33814	Not Covered	github.com/grokify/mogo:v0.74.0 github.com/jfrog/jfrog-cli-artifactory:v0.8.1-0.20260508123058-25d218a0eca9 github.com/jfrog/jfrog-cli-security:v1.29.0 golang.org/x/net:v0.52.0	golang.org/x/net v0.52.0	[0.53.0]

🔖 Details

[ CVE-2026-45022 ] github.com/go-git/go-git/v5 v5.18.0

Vulnerability Details

Contextual Analysis:	Not Covered
Direct Dependencies:	github.com/go-git/go-git/v5:v5.18.0, github.com/jfrog/jfrog-cli-artifactory:v0.8.1-0.20260508123058-25d218a0eca9, github.com/jfrog/jfrog-cli-core/v2:v2.60.1-0.20260504054219-ba16d20c7b0f, github.com/jfrog/jfrog-cli-security:v1.29.0
Impacted Dependency:	github.com/go-git/go-git/v5:v5.18.0
Fixed Versions:	[5.19.0]
CVSS V3:	-

go-git's improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git

[ CVE-2026-33814 ] golang.org/x/net v0.52.0

Vulnerability Details

Contextual Analysis:	Not Covered
Direct Dependencies:	github.com/grokify/mogo:v0.74.0, github.com/jfrog/jfrog-cli-artifactory:v0.8.1-0.20260508123058-25d218a0eca9, github.com/jfrog/jfrog-cli-security:v1.29.0, golang.org/x/net:v0.52.0
Impacted Dependency:	golang.org/x/net:v0.52.0
Fixed Versions:	[0.53.0]
CVSS V3:	7.5

When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.

---

🐸 JFrog Frogbot