chore(deps): bump the all group with 5 updates

[dependabot]

Bumps the all group with 5 updates:

Package	From	To
github.com/aws/aws-sdk-go-v2/service/kms	1.50.2	1.50.3
github.com/aws/aws-sdk-go-v2/service/secretsmanager	1.41.3	1.41.4
github.com/bradleyfalzon/ghinstallation/v2	2.17.0	2.18.0
github.com/gittuf/gittuf	0.13.0	0.13.1
golang.org/x/crypto	0.48.0	0.49.0

Updates github.com/aws/aws-sdk-go-v2/service/kms from 1.50.2 to 1.50.3

Commits

• 7888f0e Release 2024-02-21
• 4a9cd1d Regenerated Clients
• bebcd8c Update SDK's smithy-go dependency to v1.20.1
• 374e0b9 Update API model
• 98b0dc8 dep: drop dependency on go-cmp in protocol tests (#2506)
• See full diff in compare view

Updates github.com/aws/aws-sdk-go-v2/service/secretsmanager from 1.41.3 to 1.41.4

Commits

• b84293d Release 2026-03-13
• 6f28694 Regenerated Clients
• f0f2436 Update endpoints model
• 042a1ea Update API model
• f3d4207 test sigv4 stream signer (#3347)
• 56f2f26 Add polly SynthesizeSpeech presign missing fields serd (#3344)
• a330a45 add changelog for #3283
• 58b98f6 Remove X-Amz-Security-Token header on redirect to different host (#3283)
• 238eead add changelog for #3238
• 65e8aea docs: fix typo (#3238)
• Additional commits viewable in compare view

Updates github.com/bradleyfalzon/ghinstallation/v2 from 2.17.0 to 2.18.0

Release notes

Sourced from github.com/bradleyfalzon/ghinstallation/v2's releases.

v2.18.0

What's Changed

• Bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in bradleyfalzon/ghinstallation#165
• bump github.com/google/go-github to v83 and ci updates by @​cpanato in bradleyfalzon/ghinstallation#184
• Update google/go-github to v84 by @​asvoboda in bradleyfalzon/ghinstallation#185
• Bump actions/checkout from 5.0.0 to 6.0.2 by @​dependabot[bot] in bradleyfalzon/ghinstallation#180
• Bump golangci/golangci-lint-action from 8.0.0 to 9.2.0 by @​dependabot[bot] in bradleyfalzon/ghinstallation#176

Full Changelog: bradleyfalzon/ghinstallation@v2.17.0...v2.18.0

Commits

• 1237274 Bump golangci/golangci-lint-action from 8.0.0 to 9.2.0
• c9c5e67 Bump actions/checkout from 5.0.0 to 6.0.2
• f5640e5 Update google/go-github to v84
• 6e26acb drop deprecated go versions
• 0e0f2d4 fix lints
• bc61e9f apply best practices to ci
• ee71ad0 bump golangci-lint to v2.10
• 4ec07cc add go 1.25 and 1.26 to tests
• 8f035f2 bump github.com/google/go-github to v83
• a2705da Bump actions/checkout from 4.2.2 to 5.0.0
• See full diff in compare view

Updates github.com/gittuf/gittuf from 0.13.0 to 0.13.1

Release notes

Sourced from github.com/gittuf/gittuf's releases.

v0.13.1

This release is a follow-up to v0.13.0, with artifacts now being built properly. Starting from this release, we now ship both attested SBOMs and build provenance. See https://github.com/gittuf/gittuf/attestations/.

Functionally, this release is identical to v0.13.0, with a few small internal updates.

Changelog

Updated

• Updated a test for invalid RSL recovery
• Updated various dependencies and CI workflows

Contributors

This release includes work by @​adityasaky and @​patzielinski. Dependency updates brought to you by @​dependabot.

Changelog

Sourced from github.com/gittuf/gittuf's changelog.

v0.13.1

This release is a follow-up to v0.13.0 to fix our releasing pipeline. Starting with this release, gittuf releases now ship with attested SBOMs and build provenance.

Updated

• Updated a test for invalid RSL recovery
• Updated various dependencies and CI workflows

Commits

• 8c670d1 Merge pull request #1213 from gittuf/prepare-v0.13.1
• e75d9c3 Prepare v0.13.1
• 71fc573 Merge pull request #1212 from gittuf/dependabot/github_actions/all-ef62cdc1b9
• d741ff4 chore(deps): bump the all group with 2 updates
• af537a6 Merge pull request #1211 from gittuf/release-nits
• 5082d59 ci: Remove snapshot flag from release
• 136e473 Merge pull request #1208 from gittuf/gpg-getting-started
• 856550f Merge pull request #1157 from gittuf/sbom
• 5af98f2 ci: Generate SBOMs for releases and skip Winget
• 5cc77c3 Merge pull request #1209 from gittuf/update-security-policy
• Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.48.0 to 0.49.0

Commits

• 982eaa6 go.mod: update golang.org/x dependencies
• 159944f ssh,acme: clean up tautological/impossible nil conditions
• a408498 acme: only require prompt if server has terms of service
• cab0f71 all: upgrade go directive to at least 1.25.0 [generated]
• 2f26647 x509roots/fallback: update bundle
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions