build(deps): bump github.com/go-git/go-git/v6 from 6.0.0-20260328145551-a93bccd59f82 to 6.0.0-alpha.1

[dependabot]

Bumps github.com/go-git/go-git/v6 from 6.0.0-20260328145551-a93bccd59f82 to 6.0.0-alpha.1.

Release notes

Sourced from github.com/go-git/go-git/v6's releases.

v6.0.0-alpha.1

🚀 Release Summary

⚠️ v6 Alpha Release

This is the first alpha release of go-git v6.

We encourage users to test this version in real-world scenarios and help us validate the new transport layer and features.

👉 Please report any issues, bugs, or unexpected behavior via GitHub issues.

This release brings major improvements across transport, performance, and Git feature support, along with significant internal modernization.

👤 What Changed for Users

🌐 Better Git Compatibility

• Improved support for modern Git protocol features:
  • multi-ack, filters (partial clone), sideband
  • better HTTP and SSH transport handling
• More reliable push/fetch behavior, especially for:
  • shallow clones
  • large repositories
  • edge-case server interactions

🆕 Support for Git Features

• Cherry-pick support
• Reflog support
• git reset --keep equivalent
• Autocrlf support
• Improved linked worktree support (git worktree)
• Support for **relative submodule URLs

🔐 SHA-256 Repository Support

• Open, initialize, and clone SHA-256 repositories

⚙️ Config & Feature Parity

• Support for Git features:
  • core.hooksPath
  • index.skipHash
  • worktreeConfig

⚡ Performance Improvements

• Faster operations on large repositories:
  • improved status calculation
  • optimized packfile handling
  • reduced memory usage

🧹 Stability & Reliability

• Fixed many issues around:
  • push/fetch correctness

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codeant-ai]

Your free trial PR review limit of 100 PRs has been reached. Please upgrade your plan to continue using CodeAnt AI.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	golang/​github.com/​go-git/​go-git/​v6@​v6.0.0-20260328145551-a93bccd59f82 ⏵ v6.0.0-alpha.1	+1

View full report

[kilo-code-bot]

Code Review Summary

Status: 1 Issue Found | Recommendation: Request changes before merge

Overview

Severity	Count
CRITICAL	1
WARNING	0
SUGGESTION	0

Issue Details (click to expand)

CRITICAL

File	Line	Issue
go.mod	16	Upgrading to ALPHA release - High risk for production use

Details

CRITICAL: Upgrading to an alpha release

The PR bumps github.com/go-git/go-git/v6 from a commit-based version (6.0.0-20260328145551-a93bccd59f82) to v6.0.0-alpha.1, which is an alpha release.

Risks:

• Alpha releases are unstable and may contain bugs, breaking changes, or API incompatibilities
• The codebase uses go-git extensively (pkg/llmproxy/store/gitstore.go) for git operations
• No code adaptations were made to account for potential API changes in v6
• No CI/test verification that the upgrade works with the existing codebase

Recommendation:

• Consider using a stable release instead of alpha (e.g., v5.x or waiting for stable v6)
• If alpha is required for specific features, add a comment explaining why and add a follow-up to upgrade to stable once available
• Run go build and go test locally to verify the upgrade works before merging

Files Reviewed (2 files)

• go.mod - dependency version bump
• go.sum - checksum updates

---

_{Reviewed by minimax-m2.5 · 317,252 tokens}