gitlab-kas-18.5/18.5.2-r0: cve remediation (#72879)

gitlab-kas-18.5/18.5.2-r0: fix GHSA-j5w8-q4qc-rx2x
<!--ci-cve-scan:must-fix: GHSA-j5w8-q4qc-rx2x-->


Advisory data:
https://github.com/wolfi-dev/advisories/blob/main/gitlab-kas-18.5.advisories.yaml

---

### "Breadcrumbs" for this automated service

- **Source Code:** https://go/cve-remedy-automation-source
- **Logs:** https://go/cve-remedy-automation-logs
- **Docs:** _(not provided yet)_

Co-authored-by: octo-sts[bot] <[email protected]>

Author: octo-sts[bot]

gitlab-kas-18.5.yaml

@@ -1,7 +1,7 @@
 package:
   name: gitlab-kas-18.5
   version: "18.5.2"
-  epoch: 0 # CVE-2025-47907
+  epoch: 1 # GHSA-j5w8-q4qc-rx2x
   description: GitLab KAS is a component installed together with GitLab. It is required to manage the GitLab agent for Kubernetes.
   copyright:
     - license: MIT
@@ -26,6 +26,11 @@ pipeline:
       tag: v${{package.version}}
       expected-commit: 10e685e1ff60a60c8e1fc32fe76741583fbfaeb0
 
+  - uses: go/bump
+    with:
+      deps: |-
+        golang.org/x/[email protected]
+
   - uses: go/build
     with:
       packages: ./cmd/kas