build: Update Go version and dependencies

[alishah730]

Bumped the Go version to 1.24.2 in go.mod and updated several dependencies, including github.com/Masterminds/semver, github.com/spf13/cast, and golang.org/x/crypto, to their latest versions. These updates ensure compatibility and include the latest fixes and improvements.

What this PR does / why we need it: Updating deps to fix CVE CVE-2025-22869

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #1701

Please check the following list:

• Does the affected code have corresponding tests, e.g. unit test, E2E test?
• Does this change require a documentation update?
• Does this introduce breaking changes that would require an announcement or bumping the major version?
• Do all new files have an appropriate license header?

[FeynmanZhou]

Thanks @AliVerses for contributing to ORAS. @oras-project/oras-cli This link seems not available to me. Can you access this link? https://github.com/oras-project/oras/security/advisories/GHSA-6fh6-vfc8-q52m

[alishah730]

Thanks @AliVerses for contributing to ORAS. @oras-project/oras-cli This link seems not available to me. Can you access this link? https://github.com/oras-project/oras/security/advisories/GHSA-6fh6-vfc8-q52m

yes I can access the link.

[Wwwsylvia]

LGTM

[Wwwsylvia]

Need to update go mod in the e2e directory as well. See #1703

[Wwwsylvia]

@AliVerses Thanks for the PR! I had another PR #1703 that handled go version update but missed the indirect dependency updates. I just updated the PR to include the missing parts. We might go ahead to merge #1703 since it covers more.

[TerryHowe]

Close as done maybe

Broken at least