fix: upgrade cli-extension-secrets to strip credentials from repo URLs and normalize for consistent IDs [PS-536]

[alexandru-manea-snyk]

Pull Request Submission Checklist

• Follows CONTRIBUTING guidelines
• Commit messages
  are release-note ready, emphasizing
  what was changed, not how.
• Includes detailed description of changes
• Contains risk assessment (Low | Medium | High)
• Highlights breaking API changes (if applicable)
• Links to automated tests covering new functionality
• Includes manual testing instructions (if necessary)
• Updates relevant GitBook documentation (PR link: ___)
• Includes product update to be announced in the next stable release notes

What does this PR do?

This PR upgrades cli-extension-secrets version to remove credentials from Git URLs and normalize SSH, HTTP/HTTPS, and SCP-style inputs into a standard HTTPS format. This prevents sensitive data leaks and ensures a consistent identifier for each repository.

Where should the reviewer start?

• fix: strip user credentials from repo url PS-536 #58

How should this be manually tested?

1. Build a custom CLI from this branch.
2. Add HTTP basic credentials to the repository's origin URL (http://user:pass@host/repo.git).
3. Scan the repository and note a specific secret's Finding ID.
4. Remove the credentials from the origin URL.
5. Scan again and verify that the second scan generates the exact same Finding ID.

What's the product update that needs to be communicated to CLI users?

N/A

Risk assessment (Low | Medium | High)?

Low

What are the relevant tickets?

• PS-536

Screenshots (if appropriate)

N/A

[github-actions]

	Warnings
⚠️	"[fix: upgrade cli-extension-secrets to strip credentials from repo URLs and normalize for consistent IDs PS-536](https://api.github.com/repos/snyk/cli/git/commits/0befcca6eca3bb65df5feb542fea6eafdbcb5fc8)" is too long. Keep the first line of your commit message under 72 characters.

Generated by 🚫 dangerJS against 0befcca

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[snyk-pr-review-bot]

PR Reviewer Guide 🔍

🧪 No relevant tests

🔒 No security concerns identified

⚡ No major issues detected

📚 Repository Context Analyzed This review considered 3 relevant code sections from 3 files (average relevance: 0.83) scripts/upgrade-snyk-go-dependencies.go (lines 1-135) package-lock.json (lines 6-275) package.json (lines 1-223)