From 01492e0e7b9fc4cdb35a8280aba59eb96c7619b3 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 19 May 2026 16:20:21 +0000
Subject: [PATCH] chore: bump github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1
 (#25494)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git)
from 5.19.0 to 5.19.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/go-git/go-git/releases">github.com/go-git/go-git/v5's
releases</a>.</em></p>
<blockquote>
<h2>v5.19.1</h2>
<h2>What's Changed</h2>
<ul>
<li>v5: plumbing: transport/ssh, Shell-quote path by <a
href="https://github.com/hiddeco"><code>@​hiddeco</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/2068">go-git/go-git#2068</a></li>
<li>v5: git: submodule, Fix relative URL resolution by <a
href="https://github.com/hiddeco"><code>@​hiddeco</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/2070">go-git/go-git#2070</a></li>
<li>v5: git: submodule, canonical remote for relative URLs by <a
href="https://github.com/hiddeco"><code>@​hiddeco</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/2074">go-git/go-git#2074</a></li>
<li>v5: git: submodule, error on remote without URLs by <a
href="https://github.com/hiddeco"><code>@​hiddeco</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/2078">go-git/go-git#2078</a></li>
<li>v5: plumbing: format/idxfile, Validate offset64 indices by <a
href="https://github.com/hiddeco"><code>@​hiddeco</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/2084">go-git/go-git#2084</a></li>
<li>v5: *: Reject malformed variable-length integers by <a
href="https://github.com/hiddeco"><code>@​hiddeco</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/2092">go-git/go-git#2092</a></li>
<li>v5: plumbing: format/packfile, Tighten delta validation by <a
href="https://github.com/hiddeco"><code>@​hiddeco</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/2091">go-git/go-git#2091</a></li>
<li>v5: Add <code>worktreeFilesystem</code> wrapper for worktree and
hardening by <a
href="https://github.com/hiddeco"><code>@​hiddeco</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/2100">go-git/go-git#2100</a></li>
<li>v5: config: validate submodule names by <a
href="https://github.com/hiddeco"><code>@​hiddeco</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/2082">go-git/go-git#2082</a></li>
<li>build: Update module github.com/go-git/go-git/v5 to v5.19.0
[SECURITY] (releases/v5.x) by <a
href="https://github.com/go-git-renovate"><code>@​go-git-renovate</code></a>[bot]
in <a
href="https://redirect.github.com/go-git/go-git/pull/2111">go-git/go-git#2111</a></li>
<li>v5: git: Allow MkdirAll on worktree-root paths by <a
href="https://github.com/hiddeco"><code>@​hiddeco</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/2117">go-git/go-git#2117</a></li>
<li>v5: git: Stop validating symlink target paths by <a
href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/2116">go-git/go-git#2116</a></li>
<li>v5: plumbing: format decoder input bounds and contracts by <a
href="https://github.com/hiddeco"><code>@​hiddeco</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/2125">go-git/go-git#2125</a></li>
<li>plumbing: format/packfile, cap delta chain depth in parser by <a
href="https://github.com/pjbgf"><code>@​pjbgf</code></a> in <a
href="https://redirect.github.com/go-git/go-git/pull/2137">go-git/go-git#2137</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/go-git/go-git/compare/v5.19.0...v5.19.1">https://github.com/go-git/go-git/compare/v5.19.0...v5.19.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/go-git/go-git/commit/3c3be601aa6c0fd0d536c0d1e4f898b4c60e65fe"><code>3c3be60</code></a>
Merge pull request <a
href="https://redirect.github.com/go-git/go-git/issues/2137">#2137</a>
from go-git/validate-v5</li>
<li><a
href="https://github.com/go-git/go-git/commit/3fba897bd9e84b1aec170fa708b80e297b7d6cf6"><code>3fba897</code></a>
plumbing: format/packfile, cap delta chain depth in parser</li>
<li><a
href="https://github.com/go-git/go-git/commit/a97d6601c85e017bb64c2b0f2e3169f6ef6a6709"><code>a97d660</code></a>
Merge pull request <a
href="https://redirect.github.com/go-git/go-git/issues/2125">#2125</a>
from hiddeco/v5/format-input-bounds</li>
<li><a
href="https://github.com/go-git/go-git/commit/aeaa125c8af8e4c4c95b574c22c5633e97fc436e"><code>aeaa125</code></a>
plumbing: format/objfile, require Header before Read</li>
<li><a
href="https://github.com/go-git/go-git/commit/1f38e171218526ea254a73187a52f0648253c1b8"><code>1f38e17</code></a>
plumbing: format/packfile, bound inflate size</li>
<li><a
href="https://github.com/go-git/go-git/commit/f7545a02529e03998d6a7219140dc0e6644ad337"><code>f7545a0</code></a>
plumbing: format/idxfile, bound nr by file size</li>
<li><a
href="https://github.com/go-git/go-git/commit/170b88181f385913a457a08b68c88956fb3f8e4f"><code>170b881</code></a>
Merge pull request <a
href="https://redirect.github.com/go-git/go-git/issues/2116">#2116</a>
from pjbgf/symlink-v5</li>
<li><a
href="https://github.com/go-git/go-git/commit/7b6d994467f06630268904aa3c441b6de7248b31"><code>7b6d994</code></a>
Merge pull request <a
href="https://redirect.github.com/go-git/go-git/issues/2117">#2117</a>
from hiddeco/v5/worktree-fs-mkdirall-root-noop</li>
<li><a
href="https://github.com/go-git/go-git/commit/f0709b32f8fbb87c16cd63c6762d2cd515f36541"><code>f0709b3</code></a>
git: Stop validating symlink target paths</li>
<li><a
href="https://github.com/go-git/go-git/commit/776d00f11d336f26862d0f2bab987b217f3a7844"><code>776d00f</code></a>
git: Allow MkdirAll on worktree-root paths</li>
<li>Additional commits viewable in <a
href="https://github.com/go-git/go-git/compare/v5.19.0...v5.19.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/go-git/go-git/v5&package-manager=go_modules&previous-version=5.19.0&new-version=5.19.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/coder/coder/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index bbbb328fe0..546312d663 100644
--- a/go.mod
+++ b/go.mod
@@ -513,7 +513,7 @@ require (
 	github.com/dgraph-io/ristretto/v2 v2.4.0
 	github.com/elazarl/goproxy v1.8.0
 	github.com/fsnotify/fsnotify v1.10.1
-	github.com/go-git/go-git/v5 v5.19.0
+	github.com/go-git/go-git/v5 v5.19.1
 	github.com/invopop/jsonschema v0.14.0
 	github.com/mark3labs/mcp-go v0.38.0
 	github.com/openai/openai-go/v3 v3.28.0
diff --git a/go.sum b/go.sum
index 512c740ffa..da3d1989c1 100644
--- a/go.sum
+++ b/go.sum
@@ -514,8 +514,8 @@ github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66D
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
 github.com/go-git/go-billy/v5 v5.9.0 h1:jItGXszUDRtR/AlferWPTMN4j38BQ88XnXKbilmmBPA=
 github.com/go-git/go-billy/v5 v5.9.0/go.mod h1:jCnQMLj9eUgGU7+ludSTYoZL/GGmii14RxKFj7ROgHw=
-github.com/go-git/go-git/v5 v5.19.0 h1:+WkVUQZSy/F1Gb13udrMKjIM2PrzsNfDKFSfo5tkMtc=
-github.com/go-git/go-git/v5 v5.19.0/go.mod h1:Pb1v0c7/g8aGQJwx9Us09W85yGoyvSwuhEGMH7zjDKQ=
+github.com/go-git/go-git/v5 v5.19.1 h1:nX27AnaU43/K5bKktKwgBmR9lawoYVe1Ckg0rgzzN00=
+github.com/go-git/go-git/v5 v5.19.1/go.mod h1:Pb1v0c7/g8aGQJwx9Us09W85yGoyvSwuhEGMH7zjDKQ=
 github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=
 github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
 github.com/go-jose/go-jose/v4 v4.1.4 h1:moDMcTHmvE6Groj34emNPLs/qtYXRVcd6S7NHbHz3kA=