* fix: mondoo-tls-security-cert-domain-name-match

Signed-off-by: Manuel Weber <manuel@mondoo.com>

* fix: mondoo-kubernetes-security-deployment-imagepull

Signed-off-by: Manuel Weber <manuel@mondoo.com>

---------

Signed-off-by: Manuel Weber <manuel@mondoo.com>

We don't want to try to run `tls.params` if the platform is not as
expected. Without the and, we will definetly do that as both results
will be computed in the block. The block will be true if all items
inside are truthy

Cleanup the remediations to follow a more standard pattern

Signed-off-by: Tim Smith <tsmith84@gmail.com>

Add some missing bash remediations

Signed-off-by: Tim Smith <tsmith84@gmail.com>

* ⭐ valid until

Introduces the `valid` keyword in policies, which supports setting an
`until` value. This allows us to create human-readable policy groups
that are configured for a limited time.

This is particularly useful when defining temporary exceptions:

```
policies:
  - uid: example1
    name: Example policy 1
    groups:
      - filters:
          - mql: asset.family.contains('unix')
        checks:
          - uid: check-05
            title: SSHd should only use very secure ciphers
            mql: |
              sshd.config.ciphers.all( _ == /ctr/ )
            impact: 95

      - type: override
        title: Exception for strong ciphers until September
        valid:
          until: 2025-09-01
        checks:
          - uid: check-05
            action: preview
```

Depends on mondoohq/cnquery#5817

* 🧹 fix genai mistakes

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>

* 🧹 linter suggestion

* jays changes

* update recalculateAt

* update cnquery

* update policy checksums

* fix tests

---------

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
Co-authored-by: Jay Mundrawala <jay@mondoo.com>

This turns out to be a breaking change. There's also no need to really
do this. Its not going to be counted against any policy and it looked
like this was only done for printing reasons

Broke in #1754

Bumps the gomodupdates group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github.com/Azure/azure-sdk-for-go/sdk/azidentity](https://github.com/Azure/azure-sdk-for-go) | `1.10.1` | `1.11.0` |
| [github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus](https://github.com/Azure/azure-sdk-for-go) | `1.9.1` | `1.10.0` |
| [github.com/abiosoft/colima](https://github.com/abiosoft/colima) | `0.8.2` | `0.8.4` |
| [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) | `1.30.2` | `1.30.3` |
| [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) | `1.85.1` | `1.86.0` |
| google.golang.org/protobuf | `1.36.6` | `1.36.7` |



Updates `github.com/Azure/azure-sdk-for-go/sdk/azidentity` from 1.10.1 to 1.11.0
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/go-mgmt-sdk-release-guideline.md)
- [Commits](Azure/azure-sdk-for-go@sdk/azidentity/v1.10.1...sdk/azcore/v1.11.0)

Updates `github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus` from 1.9.1 to 1.10.0
- [Release notes](https://github.com/Azure/azure-sdk-for-go/releases)
- [Changelog](https://github.com/Azure/azure-sdk-for-go/blob/main/documentation/go-mgmt-sdk-release-guideline.md)
- [Commits](Azure/azure-sdk-for-go@sdk/azcore/v1.9.1...sdk/azcore/v1.10.0)

Updates `github.com/abiosoft/colima` from 0.8.2 to 0.8.4
- [Release notes](https://github.com/abiosoft/colima/releases)
- [Commits](abiosoft/colima@v0.8.2...v0.8.4)

Updates `github.com/aws/aws-sdk-go-v2/config` from 1.30.2 to 1.30.3
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](aws/aws-sdk-go-v2@v1.30.2...v1.30.3)

Updates `github.com/aws/aws-sdk-go-v2/service/s3` from 1.85.1 to 1.86.0
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.85.1...service/s3/v1.86.0)

Updates `google.golang.org/protobuf` from 1.36.6 to 1.36.7

---
updated-dependencies:
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/azidentity
  dependency-version: 1.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomodupdates
- dependency-name: github.com/Azure/azure-sdk-for-go/sdk/messaging/azservicebus
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomodupdates
- dependency-name: github.com/abiosoft/colima
  dependency-version: 0.8.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomodupdates
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.30.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomodupdates
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-version: 1.86.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gomodupdates
- dependency-name: google.golang.org/protobuf
  dependency-version: 1.36.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gomodupdates
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Co-authored-by: Mondoo Tools <tools@mondoo.com>