[🐸 Frogbot] Update version of github.com/go-git/go-git/v5 to 5.17.1

[github-actions]

📦 Vulnerable Dependencies

Severity	ID	Contextual Analysis	Direct Dependencies	Impacted Dependency	Fixed Versions
Medium	CVE-2026-34165	Not Covered	github.com/go-git/go-git/v5:v5.16.5 github.com/jfrog/jfrog-cli-security:v1.26.6 github.com/jfrog/froggit-go:v1.21.1 github.com/jfrog/jfrog-cli-core/v2:v2.60.1-0.20260324124720-40db37833f61 github.com/jfrog/jfrog-cli-artifactory:v0.8.1-0.20260324142725-abee4f72970c	github.com/go-git/go-git/v5 v5.16.5	[5.17.1]

🔖 Details

Vulnerability Details

Contextual Analysis:	Not Covered
Direct Dependencies:	github.com/go-git/go-git/v5:v5.16.5, github.com/jfrog/jfrog-cli-security:v1.26.6, github.com/jfrog/froggit-go:v1.21.1, github.com/jfrog/jfrog-cli-core/v2:v2.60.1-0.20260324124720-40db37833f61, github.com/jfrog/jfrog-cli-artifactory:v0.8.1-0.20260324142725-abee4f72970c
Impacted Dependency:	github.com/go-git/go-git/v5:v5.16.5
Fixed Versions:	[5.17.1]
CVSS V3:	5.0

go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a denial-of-service (DoS) condition. Exploitation requires write access to the local repository's .git directory, it order to create or alter existing .idx files. This issue has been patched in version 5.17.1.

---

🐸 JFrog Frogbot