build: Update Keboola SDK

[jachym-tousek-keboola]

Release Notes

Updated more libraries to fix reported vulnerabilities.

Plans for customer communication

None.

Impact analysis

minimal

Change type

maintenance

Justification

Dependabot reported vulnerabilities in some of the libraries we're using.

Deployment

Merge & automatic deploy.

Rollback plan

Revert of this PR.

Post release support plan

None.

[jachym-tousek-keboola]

Can't fix https://github.com/keboola/keboola-as-code/security/dependabot/51 because updating hugo also triggers an update of github.com/olekukonko/tablewriter. Which is a problem because etcd 3.6 depends on the old version. I send a pull request to etcd to address this but not sure when or if they'll merge it.

[Copilot]

Pull request overview

Maintenance PR that updates Go dependencies (including the Keboola SDK) to address reported vulnerabilities, and adds release automation to trigger an image tag update workflow in keboola/kbc-stacks.

Changes:

• Bump github.com/keboola/keboola-sdk-go/v2 to v2.19.0 and .../transfer to v1.1.0.
• Update multiple indirect Go dependencies (AWS/Azure/GCP/OpenTelemetry, etc.) reflected in go.mod/go.sum.
• Add a composite GitHub Action to trigger update-image-tag.yaml in keboola/kbc-stacks, including passing base64-encoded metadata.

Reviewed changes

Copilot reviewed 1 out of 3 changed files in this pull request and generated no comments.

File	Description
go.mod	Updates direct + indirect Go module versions (incl. Keboola SDK/transfer) to remediate vulnerabilities.
go.sum	Syncs checksum entries with updated module versions.
.github/actions/trigger-image-tag-update/action.yml	Introduces a composite action that generates a GitHub App token and triggers an external workflow with metadata.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.