This PR contains the following updates:

| Package | Change | Age | Confidence |
|---|---|---|---|
| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `v5.13.1` -> `v5.16.2` | [![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fgo-git%2fgo-git%2fv5/v5.16.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fgo-git%2fgo-git%2fv5/v5.13.1/v5.16.2?slim=true)](https://docs.renovatebot.com/merge-confidence/) |

---

### Release Notes

<details>
<summary>go-git/go-git (github.com/go-git/go-git/v5)</summary>

### [`v5.16.2`](https://github.com/go-git/go-git/releases/tag/v5.16.2)

[Compare Source](go-git/go-git@v5.16.1...v5.16.2)

#### What's Changed

- utils: fix diff so subpaths work for sparse checkouts, fixes 1455 to releases/v5.x by [@&#8203;kane8n](https://github.com/kane8n) in go-git/go-git#1567

**Full Changelog**: go-git/go-git@v5.16.1...v5.16.2

### [`v5.16.1`](https://github.com/go-git/go-git/releases/tag/v5.16.1)

[Compare Source](go-git/go-git@v5.16.0...v5.16.1)

#### What's Changed

- utils: merkletrie, Fix diff on sparse-checkout index. Fixes [#&#8203;1406](go-git/go-git#1406) to releases/v5.x by [@&#8203;kane8n](https://github.com/kane8n) in go-git/go-git#1561

#### New Contributors

- [@&#8203;kane8n](https://github.com/kane8n) made their first contribution in go-git/go-git#1561

**Full Changelog**: go-git/go-git@v5.16.0...v5.16.1

### [`v5.16.0`](https://github.com/go-git/go-git/releases/tag/v5.16.0)

[Compare Source](go-git/go-git@v5.15.0...v5.16.0)

#### What's Changed

- \[v5] plumbing: support mTLS for HTTPS protocol by [@&#8203;hiddeco](https://github.com/hiddeco) in go-git/go-git#1510
- v5: plumbing: transport, Reintroduce SetHostKeyCallback. Fix [#&#8203;1514](go-git/go-git#1514) by [@&#8203;pjbgf](https://github.com/pjbgf) in go-git/go-git#1515

**Full Changelog**: go-git/go-git@v5.15.0...v5.16.0

### [`v5.15.0`](https://github.com/go-git/go-git/releases/tag/v5.15.0)

[Compare Source](go-git/go-git@v5.14.0...v5.15.0)

#### What's Changed

- plumbing: add cert auth support to `releases/v5.x` by [@&#8203;Javier-varez](https://github.com/Javier-varez) in go-git/go-git#1482
- v5: Bump dependencies by [@&#8203;pjbgf](https://github.com/pjbgf) in go-git/go-git#1505

**Full Changelog**: go-git/go-git@v5.14.0...v5.15.0

### [`v5.14.0`](https://github.com/go-git/go-git/releases/tag/v5.14.0)

[Compare Source](go-git/go-git@v5.13.2...v5.14.0)

#### What's Changed

- v5: Bump Go and dependencies to mitigate [GO-2025-3487](https://pkg.go.dev/vuln/GO-2025-3487) by [@&#8203;pjbgf](https://github.com/pjbgf) in go-git/go-git#1436

⚠️ Note that this version requires Go 1.23, due to the bump to `golang.org/x/crypto@v0.35.0` which mitigates the CVE above. User's that can't bump to Go 1.23 will need to remain on the previous v5.13.x release.

**Full Changelog**: go-git/go-git@v5.13.2...v5.14.0

### [`v5.13.2`](https://github.com/go-git/go-git/releases/tag/v5.13.2)

[Compare Source](go-git/go-git@v5.13.1...v5.13.2)

#### What's Changed

- plumbing: use the correct user agent string. Fixes [#&#8203;883](go-git/go-git#883) by [@&#8203;uragirii](https://github.com/uragirii) in go-git/go-git#1364
- build: bump golang.org/x/sys from 0.28.0 to 0.29.0 in the golang-org group by [@&#8203;dependabot](https://github.com/dependabot) in go-git/go-git#1365
- build: bump the golang-org group with 2 updates by [@&#8203;dependabot](https://github.com/dependabot) in go-git/go-git#1367
- build: bump github.com/ProtonMail/go-crypto from 1.1.3 to 1.1.4 by [@&#8203;dependabot](https://github.com/dependabot) in go-git/go-git#1368
- build: bump github.com/go-git/go-billy/v5 from 5.6.1 to 5.6.2 by [@&#8203;dependabot](https://github.com/dependabot) in go-git/go-git#1378
- build: bump github/codeql-action from 3.28.0 to 3.28.1 by [@&#8203;dependabot](https://github.com/dependabot) in go-git/go-git#1376
- build: bump github.com/elazarl/goproxy from 1.2.3 to 1.4.0 by [@&#8203;dependabot](https://github.com/dependabot) in go-git/go-git#1377
- git: worktree, fix restoring dot slash files (backported to v5). Fixes [#&#8203;1176](go-git/go-git#1176) by [@&#8203;BeChris](https://github.com/BeChris) in go-git/go-git#1361
- build: bump github.com/pjbgf/sha1cd from 0.3.0 to 0.3.2 by [@&#8203;dependabot](https://github.com/dependabot) in go-git/go-git#1392
- git: worktree\_status, fix adding dot slash files to working tree (backported to v5). Fixes [#&#8203;1150](go-git/go-git#1150) by [@&#8203;BeChris](https://github.com/BeChris) in go-git/go-git#1359
- build: bump github.com/ProtonMail/go-crypto from 1.1.4 to 1.1.5 by [@&#8203;dependabot](https://github.com/dependabot) in go-git/go-git#1383

**Full Changelog**: go-git/go-git@v5.13.1...v5.13.2

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS40My41IiwidXBkYXRlZEluVmVyIjoiNDEuNDMuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->

Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/800
Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>