diff --git a/go.mod b/go.mod
index 2ae733843..f1d5e864d 100644
--- a/go.mod
+++ b/go.mod
@@ -15,14 +15,14 @@ replace golang.org/x/vuln => github.com/chainguard-dev/golang-vuln v1.1.3
 
 require (
 	chainguard.dev/apko v0.23.1-0.20250125200830-0b6b8a0543aa
-	chainguard.dev/melange v0.19.2
+	chainguard.dev/melange v0.19.3
 	cloud.google.com/go/storage v1.50.0
 	github.com/adrg/xdg v0.5.3
 	github.com/anchore/grype v0.87.0
 	github.com/anchore/stereoscope v0.0.13
 	github.com/anchore/syft v1.19.0
-	github.com/chainguard-dev/clog v1.5.1
-	github.com/chainguard-dev/yam v0.2.5
+	github.com/chainguard-dev/clog v1.6.1
+	github.com/chainguard-dev/yam v0.2.6
 	github.com/charmbracelet/bubbles v0.20.0
 	github.com/charmbracelet/bubbletea v1.2.4
 	github.com/charmbracelet/lipgloss v1.0.0
diff --git a/go.sum b/go.sum
index 52a300523..0e874cf24 100644
--- a/go.sum
+++ b/go.sum
@@ -4,8 +4,8 @@ chainguard.dev/apko v0.23.1-0.20250125200830-0b6b8a0543aa h1:qGiXR6m1StxXiJr3GiU
 chainguard.dev/apko v0.23.1-0.20250125200830-0b6b8a0543aa/go.mod h1:5/mNllmhqvYcETNQKAaSZm5ZrdXnxsP8f+WqNAGZzzE=
 chainguard.dev/go-grpc-kit v0.17.7 h1:TqHua7er5k8m6WM96y0Tm7IoLLkuZ5vh3+5SR1gruKg=
 chainguard.dev/go-grpc-kit v0.17.7/go.mod h1:JroMzTY9mdhKe/bvtyChgfECaNh80+bMZH3HS+TGXHw=
-chainguard.dev/melange v0.19.2 h1:rPDFaC4scIkfLa+dOzwYquQ9wWMgBV9IfR2K0PWROYo=
-chainguard.dev/melange v0.19.2/go.mod h1:kasVCWxlHZ+2SjMv7UcIh7Yk+TXlb/R5VgPottwLB30=
+chainguard.dev/melange v0.19.3 h1:B5gxHCj5ktPAAJap0y5/p407b/MgzR3TnJYmvSe343Y=
+chainguard.dev/melange v0.19.3/go.mod h1:kasVCWxlHZ+2SjMv7UcIh7Yk+TXlb/R5VgPottwLB30=
 chainguard.dev/sdk v0.1.29 h1:GNcCw5NoyvylhlUbVD8JMmrPaeYyrshaHHjEWnvcCGI=
 chainguard.dev/sdk v0.1.29/go.mod h1:DqywTjZ5glB/gUCKkrecO0LywyfcAd5v7IPo2+d91qA=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
@@ -789,14 +789,14 @@ github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL
 github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/chainguard-dev/clog v1.5.1 h1:LeFeVlxiicswuTevtaXc0MXH1zV1iWkbg+H8iUuBTtQ=
-github.com/chainguard-dev/clog v1.5.1/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs=
+github.com/chainguard-dev/clog v1.6.1 h1:CeOhEqKQsO/QMESgOTqv/miI27P1eNcgGgL7uiofOvU=
+github.com/chainguard-dev/clog v1.6.1/go.mod h1:4+WFhRMsGH79etYXY3plYdp+tCz/KCkU8fAr0HoaPvs=
 github.com/chainguard-dev/go-pkgconfig v0.0.0-20240404163941-6351b37b2a10 h1:XR2vgQC024I9/boh9r1ihVv8Z14+pbvWqXeYMCnZJpc=
 github.com/chainguard-dev/go-pkgconfig v0.0.0-20240404163941-6351b37b2a10/go.mod h1:1p6+MesLcjKeON5BRWa7I87mvAY0QmKjgginIM3w6BI=
 github.com/chainguard-dev/golang-vuln v1.1.3 h1:ZzphiI3QXL0Z6ozsqK4BOz6zlWu6KYDKyyfpwDC0cbE=
 github.com/chainguard-dev/golang-vuln v1.1.3/go.mod h1:bb2hMwln/tqxg32BNY4CcxHWtHXuYa3SbIBmtsyjxtM=
-github.com/chainguard-dev/yam v0.2.5 h1:KEQ6GvIVP3xK4dnKJRdmeS1065PF0gLxi+HjlhtNvjI=
-github.com/chainguard-dev/yam v0.2.5/go.mod h1:ON4NuAkA+DKjDul+AleGBxJ9ga04udJhuFLnVXwiyU0=
+github.com/chainguard-dev/yam v0.2.6 h1:u792tr9r+2Z1CCG/eeCmQU4a+bH1+WShJjiW8OWSoLE=
+github.com/chainguard-dev/yam v0.2.6/go.mod h1:ON4NuAkA+DKjDul+AleGBxJ9ga04udJhuFLnVXwiyU0=
 github.com/charmbracelet/bubbles v0.20.0 h1:jSZu6qD8cRQ6k9OMfR1WlM+ruM8fkPWkHvQWD9LIutE=
 github.com/charmbracelet/bubbles v0.20.0/go.mod h1:39slydyswPy+uVOHZ5x/GjwVAFkCsV8IIVy+4MhzwwU=
 github.com/charmbracelet/bubbletea v1.2.4 h1:KN8aCViA0eps9SCOThb2/XPIlea3ANJLUkv3KnQRNCE=