build(deps): bump github.com/nephio-project/porch from 1.5.1 to 1.5.7

[dependabot]

Bumps github.com/nephio-project/porch from 1.5.1 to 1.5.7.

Release notes

Sourced from github.com/nephio-project/porch's releases.

v1.5.7

This pre-release is done to make the fixes for CVE-2025-61732 and CVE-2025-68121 available.

Highlights

• Logging improvements
• Security fixes to address CVEs, standardize alpine versions, upgraded golang, golangci-lint and mockery to latest.
• Binary files are silently ignored rather than causing errors in DB Cache
• Robustness changes around PANIC handling

What's Changed

• Skip binary files in DB cache sync by @​thc1006 in nephio-project/porch#437
• incrementing porch latest version + README redirect to new documentation by @​Catalin-Stratulat-Ericsson in nephio-project/porch#450
• Address gosec errors by @​efiacor in nephio-project/porch#452
• Standardize Alpine version across all Dockerfiles by @​aravindtga in nephio-project/porch#449
• Refactor Porch to remove all cloned kpt code by @​liamfallon in nephio-project/porch#411
• Run containers as non-root user for improved security by @​aravindtga in nephio-project/porch#451
• Remove unused "package" functions from Porch by @​liamfallon in nephio-project/porch#440
• Fix boilerplate YEAR on generated code by @​liamfallon in nephio-project/porch#391
• Add setup script for disaster-recovery testing environment by @​JamesMcDermott in nephio-project/porch#367
• Add disaster-recovery test suite by @​JamesMcDermott in nephio-project/porch#454
• security: upgrade golang to 1.25.7 to fix CVE-2025-61732 by @​liamfallon in nephio-project/porch#457
• Add OTEL Autoexports to Porch components by @​nagygergo in nephio-project/porch#310
• Standardize Golang version across all Dockerfiles by @​aravindtga in nephio-project/porch#455
• Fix panic when listing packages with missing repository in cache by @​kushnaidu in nephio-project/porch#459
• Fix e2e image build job by @​efiacor in nephio-project/porch#464
• Document disaster-recovery test suite by @​JamesMcDermott in nephio-project/porch#463
• Add OTEL environment variables to launch.json by @​kushnaidu in nephio-project/porch#466
• Logging Improvements by @​Catalin-Stratulat-Ericsson in nephio-project/porch#460
• Bump golangci-lint to v2.10.1, mockery to 3.6.4, and fix whitespace by @​aravindtga in nephio-project/porch#469
• Disaster-recovery suite - if kubeconfig for Porch cluster doesn't exist, run setup script by @​JamesMcDermott in nephio-project/porch#472
• Remove use of porch Clientset by @​efiacor in nephio-project/porch#471
• Cherry pick the contents of PR 465 to main by @​liamfallon in nephio-project/porch#474

Full Changelog: nephio-project/porch@v1.5.6...v1.5.7

v1.5.6

This is the Porch release for Nephio R6. The detailed changes are listed below.

Highlights

• Porch documentation completely rewritten
• Multi porch repo on a single git repo is supported correctly
• Make labels and annotations in the Kptfile accessible on kubernetes queries
• Async notification is issued for latest PR being deleted
• End to End tests completely refactored
• Removal of first tranche duplicated kpt code
• CVE Upgrade go version to v1.25.6 to fix CVE-2025-61729
• Use context-aware database methods for tracing propagation

New Contributors

... (truncated)

Commits

• 43aa70d Cherry pick the contents of PR 465 to main (#474)
• c442c42 Remove use of porch Clientset (#471)
• 128382a Issue #1061 - if kubeconfig for Porch cluster doesn't exist, disaster suite r...
• a01d205 Bump ci lint and mockery version (#469)
• 19f11d0 Logging Improvements (#460)
• 841f6e2 Add OTEL environment variables to disable traces and metrics exporters in lau...
• b7c244c Document disaster-recovery test suite (#463)
• f131a59 Fix e2e image build job (#464)
• 3c490da Fix panic when listing packages with missing repository in cache (#459)
• 7ed0f9c Standardize Golang version across all Dockerfiles (#455)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)