chore(deps): update dependency chainguard-dev/apko to v0.22.5

[uniget-bot]

This PR contains the following updates:

Package	Update	Change
chainguard-dev/apko	patch	0.22.4 -> 0.22.5

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

chainguard-dev/apko (chainguard-dev/apko)

v0.22.5

Compare Source

What's Changed

• build(deps): bump chainguard.dev/sdk from 0.1.28 to 0.1.29 by @​dependabot in https://github.com/chainguard-dev/apko/pull/1428
• build(deps): bump sigs.k8s.io/release-utils from 0.8.5 to 0.9.0 by @​dependabot in https://github.com/chainguard-dev/apko/pull/1459
• build(deps): bump github.com/go-git/go-git/v5 from 5.12.0 to 5.13.0 by @​dependabot in https://github.com/chainguard-dev/apko/pull/1458
• build(deps): bump github.com/invopop/jsonschema from 0.12.0 to 0.13.0 by @​dependabot in https://github.com/chainguard-dev/apko/pull/1460
• build(deps): bump golang.org/x/time from 0.8.0 to 0.9.0 by @​dependabot in https://github.com/chainguard-dev/apko/pull/1462
• build(deps): bump golang.org/x/sys from 0.28.0 to 0.29.0 by @​dependabot in https://github.com/chainguard-dev/apko/pull/1463
• build(deps): bump github.com/go-git/go-git/v5 from 5.13.0 to 5.13.1 by @​dependabot in https://github.com/chainguard-dev/apko/pull/1461
• Return err if locking fails by @​jonjohnsonjr in https://github.com/chainguard-dev/apko/pull/1464

Full Changelog: chainguard-dev/apko@v0.22.4...v0.22.5

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[nicholasdille-bot]

Auto-approved because label type/renovate is present.

[github-actions]

🔍 Vulnerabilities of ghcr.io/uniget-org/tools/apko:0.22.5

📦 Image Reference ghcr.io/uniget-org/tools/apko:0.22.5

digest	sha256:aa2923f2781357de3ca901f25a00bdc8dcb0f54562f71009b15c20c59269bc38
vulnerabilities
platform	linux/amd64
size	22 MB
packages	147

github.com/u-root/u-root 0.14.0 (golang) pkg:golang/github.com/u-root/u-root@0.14.0 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Affected range <=v7.0.0 Fixed version Not Fixed CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Description This affects all versions of package github.com/u-root/u-root/pkg/tarutil. It is vulnerable to both leading and non-leading relative path traversal attacks in tar file extraction. OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities Affected range <=7.0.0 Fixed version Not Fixed CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Description This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction.

github.com/theupdateframework/go-tuf 0.7.0 (golang) pkg:golang/github.com/theupdateframework/go-tuf@0.7.0 Affected range >=0 Fixed version Not Fixed Description Incorrect delegation lookups can make go-tuf download the wrong artifact in github.com/theupdateframework/go-tuf

[github-actions]

Attempting automerge. See https://github.com/uniget-org/tools/actions/runs/12643860504.

[github-actions]

PR is clean and can be merged. See https://github.com/uniget-org/tools/actions/runs/12643860504.