Switch to the maintained official JMESPath Go library

[RainbowMango]

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

• Replace github.com/jmespath/go-jmespath with the actively maintained github.com/jmespath-community/go-jmespath.
• Update imports across Alicloud/Volcengine SDK integrations;
• Preserve the same API jmespath.Search, so no behavior change expected.

This helps supply chain health:

• The prior module has been effectively unmaintained for years; the jmespath-community module is the officially maintained JMESPath Go library with ongoing releases, CI, linting, and dependency/security updates.
  ` Staying on an actively maintained upstream reduces exposure to latent CVEs, stale transitive deps, and future proxy or archival risks.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?

NONE

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: RainbowMango
Once this PR has been reviewed and has the lgtm label, please assign gjtempleton for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Copilot]

Pull request overview

This PR replaces the unmaintained github.com/jmespath/go-jmespath library with the actively maintained github.com/jmespath-community/go-jmespath library to improve supply chain health and reduce security risks from stale dependencies.

• Updated Go module dependencies to use the community-maintained JMESPath library
• Updated all import statements across Alicloud and Volcengine SDK integrations
• Updated Dependabot configuration to track the new library

Reviewed changes

Copilot reviewed 10 out of 11 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
cluster-autoscaler/go.mod	Replaced direct dependency with new maintained library; old library remains as indirect dependency
cluster-autoscaler/go.sum	Added checksums for new library version v1.1.1; kept old library entries for transitive dependencies
cluster-autoscaler/cloudprovider/volcengine/volcengine-go-sdk/volcengine/volcengineutil/path_value.go	Updated import to use new JMESPath library
cluster-autoscaler/cloudprovider/alicloud/alibaba-cloud-sdk-go/sdk/errors/server_error.go	Updated import to use new JMESPath library
cluster-autoscaler/cloudprovider/alicloud/alibaba-cloud-sdk-go/sdk/endpoints/local_regional_resolver.go	Updated import to use new JMESPath library
cluster-autoscaler/cloudprovider/alicloud/alibaba-cloud-sdk-go/sdk/endpoints/local_global_resolver.go	Updated import to use new JMESPath library
cluster-autoscaler/cloudprovider/alicloud/alibaba-cloud-sdk-go/sdk/auth/signers/signer_ram_role_arn.go	Updated import to use new JMESPath library
cluster-autoscaler/cloudprovider/alicloud/alibaba-cloud-sdk-go/sdk/auth/signers/signer_oidc.go	Updated import to use new JMESPath library
cluster-autoscaler/cloudprovider/alicloud/alibaba-cloud-sdk-go/sdk/auth/signers/signer_key_pair.go	Updated import to use new JMESPath library
cluster-autoscaler/cloudprovider/alicloud/alibaba-cloud-sdk-go/sdk/auth/signers/signer_ecs_ram_role.go	Updated import to use new JMESPath library
.github/dependabot.yml	Updated to ignore the new library name in dependency updates

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[RainbowMango]

cc
@ringtail for the changes in path ringtail
@dougsong for the changes in path volcengine
Thanks.