chore(deps): update Go security dependencies

[Sepush]

Summary

• Update Go security dependencies flagged by Dependabot: go-git, go-billy, pgx, and circl
• Adapt go-git v6 alpha authentication options to the new ClientOptions API
• Sync remote refs before force-pushing token-store commits and run git GC after push to keep go-git v6 alpha push working with all remote haves
• Fix sdk/exec imports from /v6 to /v7 so the package resolves under the current module

Verification

• go build -o test-output ./cmd/server && rm -f test-output
• go test ./sdk/exec ./internal/store
• git diff --check
• go test ./... (fails on existing tests: internal/registry TestCodexFreeModelsExcludeGPT55 and internal/runtime/executor Antigravity credits tests)

Summary by CodeRabbit

发布说明

• Chores

  • 更新了多项依赖库的版本，包括数据库驱动、加密库等核心依赖组件。

• Refactor

  • 优化了内部认证处理机制。
  • 完成内部模块版本更新至最新版。

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

PR 更新 go.mod 中的依赖版本（go-git、pgx、redis、加密库等），并将 internal/store/gitstore.go 的认证方案从 transport.AuthMethod 替换为 plumbing/client 的 ClientOptions。同时升级 SDK 执行器内部依赖从 v6 到 v7。

Changes

go-git 认证方案升级

Layer / File(s)	Summary
依赖版本更新 go.mod	更新直接依赖（go-git v6.0.0-alpha.2、pgx v5.9.2、redis v9.19.0、golang.org/x/crypto/net/sync）和间接依赖（ProtonMail/go-crypto v1.4.1、cloudflare/circl v1.6.3、go-billy v6.0.0-alpha.1、ssh_config v1.6.0），并移除 protobuf 间接标注。
go-git ClientOptions 认证实现 internal/store/gitstore.go	新增 gitclient 导入和 gitClientOptions() 私有方法，将 EnsureRepository、分支检查、远程引用同步、推送操作从 transport.AuthMethod 切换到 ClientOptions；更新 checkoutConfiguredBranch、checkoutRemoteDefaultBranch、syncRemoteReferences、resolveRemoteDefaultBranch 的签名和实现；推送前同步远程引用，GC 调用重新排序到推送后。

SDK 执行器 v7 升级

Layer / File(s)	Summary
AntigravityExecutor 与 CodexExecutor 版本升级 sdk/exec/antigravity.go, sdk/exec/codex.go	将执行器内部依赖从 CLIProxyAPI/v6 升级到 CLIProxyAPI/v7，更新 internal/config 和 internal/runtime/executor 导入路径，保持导出 API 和 type alias 不变。

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 版本升级向前跳，
go-git 认证换新道，
ClientOptions 轻盈妙，
SDK v7 一步高，
依赖整合蹦蹦跳！

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the main objective of updating Go security dependencies (go-git, go-billy, pgx, circl) as stated in the PR summary, making it clear and specific.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/go-security-deps

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}