chore: bump go-application-framework and cli-extension-secrets

[danskmt]

Pull Request Submission Checklist

• Follows CONTRIBUTING guidelines
• Commit messages are release-note ready, emphasizing what was changed, not how.
• Includes detailed description of changes
• Contains risk assessment (Low | Medium | High)
• Highlights breaking API changes (if applicable)
• Links to automated tests covering new functionality
• Includes manual testing instructions (if necessary)
• Updates relevant GitBook documentation (PR link: ___)
• Includes product update to be announced in the next stable release notes

What does this PR do?

Bumps go-application-framework to pick up the UFM presenter changes that render the WebUI project page link when running snyk secrets test --report.

The updated GAF commit adds:

• A conditional properties.uploadResult block in the SARIF template with reportUrl, emitted when metadata["project-page-link"] is present.
• A "Report" footer in the human-readable template showing the project page URL.

Where should the reviewer start?

cliv2/go.mod — the GAF version bump is the only change.

How should this be manually tested?

Run: snyk secrets test . --report --sarif-file-output=results.sarif.json
However sarif output won't work at the current version as cli-extension-secrets is currently not allowing sarif flag: https://github.com/snyk/cli-extension-secrets/blob/2f8f499d3e73f870d6f11a0208f2dd5aae23162a/internal/commands/secretstest/validate.go#L85
Comment those lines and build a custom CLI, you'll see the generated SARIF contains the reportUrl field.

What are the relevant tickets?

CLI-1429

[snyk-io]

⚠️ Snyk checks are incomplete.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
⚠️	Open Source Security	0	0	0	0	See details
⚠️	Licenses	0	0	0	0	See details
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[snyk-pr-review-bot]

PR Reviewer Guide 🔍

🧪 No relevant tests

🔒 No security concerns identified

⚡ No major issues detected

📚 Repository Context Analyzed This review considered 5 relevant code sections from 4 files (average relevance: 0.85) scripts/upgrade-snyk-go-dependencies.go (lines 1-135) package.json (lines 1-224) package-lock.json (2 segments, lines 6-275) CONTRIBUTING.md (lines 387-464)