Summary

• bump github.com/go-git/go-git/v5 from v5.19.0 to v5.19.1 to remediate CVE-2026-45571 / GHSA-crhj-59gh-8x96 and CVE-2026-45570 / GHSA-m7cr-m3pv-hgrp
• bump indirect github.com/containerd/containerd from v1.7.30 to v1.7.32 to remediate CVE-2026-46680 / GHSA-fqw6-gf59-qr4w
• keep the change focused to the in-scope dependency declarations in go.mod and their checksum updates in go.sum
• service tag / cluster service was not determinable from available context

Labels

• bug-fix
• security

Test Plan

• attempted native Go update/test commands, but the runner environment does not have go or gotestsum installed
• confirmed Docker is available
• attempted docker build -f test.Dockerfile . --progress=plain, but it failed during go mod download because go.mod requires Go 1.26.3 while test.Dockerfile currently uses golang:1.25.7-bookworm
• reviewed the resulting diff to verify only the targeted dependency versions and checksums changed

Checklist

• If required, I have updated the Plural documentation accordingly.
• I have added tests to cover my changes.
• I have added a meaningful title and summary to convey the impact of this PR to a user.
• I have added relevant labels to this PR to help with categorization for release notes.