[TT-13741] [release-5.3] exp/modcheck: Update go.mod dependencies

[buger]

User description

Triggered by: titpetric
JIRA: https://tyktech.atlassian.net/browse/TT-13741

IMPORT	VERSION	LATEST	WARNINGS	CVES
getkin/kin-openapi	v0.115.0	v0.128.0	Held back from upgrade
golang-jwt/jwt/v4	v4.5.0	v4.5.1		0 of 1
hashicorp/consul/api	v1.29.4	v1.30.0
pires/go-proxyproto	v0.7.0	v0.8.0		0 of 1
robertkrimen/otto	v0.4.0	v0.5.1
stretchr/testify	v1.9.0	v1.10.0
valyala/fasthttp	v1.55.0	v1.58.0		0 of 1
golang.org/x/crypto	v0.27.0	v0.31.0		0 of 11
golang.org/x/net	v0.29.0	v0.33.0		0 of 17
golang.org/x/sync	v0.8.0	v0.10.0
google.golang.org/grpc	v1.66.2	v1.69.2		0 of 2
google.golang.org/protobuf	v1.34.2	v1.36.0		0 of 2
redis/go-redis/v9	v9.6.1	v9.7.0
newrelic/go-agent	v2.13.0 +incompatible	v3.35.1+incompatible	Held back from upgrade
go.opentelemetry.io/otel	v1.32.0	v1.33.0	Held back from upgrade
go.opentelemetry.io/otel/trace	v1.32.0	v1.33.0	Held back from upgrade
go.uber.org/mock	v0.4.0	v0.5.0

Steps performed

+ go get github.com/golang-jwt/jwt/[email protected]
go: upgraded github.com/golang-jwt/jwt/v4 v4.5.0 => v4.5.1
+ go get github.com/hashicorp/consul/[email protected]
go: upgraded github.com/hashicorp/consul/api v1.29.4 => v1.30.0
+ go get github.com/pires/[email protected]
go: upgraded github.com/pires/go-proxyproto v0.7.0 => v0.8.0
+ go get github.com/robertkrimen/[email protected]
go: upgraded github.com/robertkrimen/otto v0.4.0 => v0.5.1
+ go get github.com/stretchr/[email protected]
go: upgraded github.com/stretchr/testify v1.9.0 => v1.10.0
+ go get github.com/valyala/[email protected]
go: upgraded github.com/andybalholm/brotli v1.1.0 => v1.1.1
go: upgraded github.com/klauspost/compress v1.17.9 => v1.17.11
go: upgraded github.com/valyala/fasthttp v1.55.0 => v1.58.0
go: upgraded golang.org/x/crypto v0.27.0 => v0.29.0
go: upgraded golang.org/x/net v0.29.0 => v0.31.0
go: upgraded golang.org/x/sync v0.8.0 => v0.9.0
go: upgraded golang.org/x/text v0.18.0 => v0.20.0
+ go get golang.org/x/[email protected]
go: upgraded golang.org/x/crypto v0.29.0 => v0.31.0
go: upgraded golang.org/x/sync v0.9.0 => v0.10.0
go: upgraded golang.org/x/sys v0.27.0 => v0.28.0
go: upgraded golang.org/x/text v0.20.0 => v0.21.0
+ go get golang.org/x/[email protected]
go: upgraded golang.org/x/net v0.31.0 => v0.33.0
+ go get golang.org/x/[email protected]
+ go get google.golang.org/[email protected]
go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53
go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53
go: upgraded google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 => v0.0.0-20241015192408-796eee8c2d53
go: upgraded google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 => v0.0.0-20241015192408-796eee8c2d53
go: upgraded google.golang.org/grpc v1.66.2 => v1.69.2
go: upgraded google.golang.org/protobuf v1.34.2 => v1.35.1
+ go get google.golang.org/[email protected]
go: upgraded google.golang.org/protobuf v1.35.1 => v1.36.0
+ go get github.com/redis/go-redis/[email protected]
go: upgraded github.com/redis/go-redis/v9 v9.6.1 => v9.7.0
+ go get go.uber.org/[email protected]
go: upgraded go.uber.org/mock v0.4.0 => v0.5.0

go mod tidy output

---

PR Type

dependencies

---

Description

• Updated several dependencies in go.mod to their latest versions, including github.com/golang-jwt/jwt/v4, github.com/hashicorp/consul/api, github.com/pires/go-proxyproto, github.com/robertkrimen/otto, github.com/stretchr/testify, github.com/valyala/fasthttp, golang.org/x/crypto, golang.org/x/net, golang.org/x/sync, google.golang.org/grpc, and google.golang.org/protobuf.
• Addressed potential CVEs and improved security by upgrading vulnerable dependencies.
• Updated go.sum to reflect the changes in go.mod, ensuring integrity and consistency of the dependency graph.
• Enhanced compatibility and performance by using the latest versions of libraries.

---

Changes walkthrough 📝

Relevant files

Dependencies

go.mod Update Go module dependencies to latest versions                  go.mod Updated multiple dependencies to their latest versions. Improved security by addressing potential CVEs in dependencies. Enhanced compatibility and performance with updated libraries. +19/-19  go.sum Update dependency checksums in go.sum                                        go.sum Updated checksums for the newly updated dependencies. Ensured consistency and integrity of dependency versions. +42/-40

---

💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

[github-actions]

API Changes

no api changes detected

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Dependency Updates Ensure that all updated dependencies are compatible with the existing codebase and do not introduce breaking changes. Pay special attention to major version updates or dependencies with known CVEs. Dependency Integrity Verify that the updated go.sum entries correctly match the updated dependencies in go.mod and ensure no unintended changes are present.

[github-actions]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Score
General	Ensure compatibility with the updated JWT library version to avoid runtime issues Verify compatibility and test the application with the updated github.com/golang-jwt/jwt/v4 version (v4.5.1) as it may introduce changes or deprecations from the previous version (v4.5.0). go.mod [34] +github.com/golang-jwt/jwt/v4 v4.5.1 - Suggestion importance[1-10]: 8 Why: Verifying compatibility with the updated github.com/golang-jwt/jwt/v4 library is crucial as it may introduce changes or deprecations that could lead to runtime issues. This suggestion is actionable and addresses a potential risk effectively.	8
	Validate the updated Consul API library to ensure compatibility and stability Test the application with the updated github.com/hashicorp/consul/api version (v1.30.0) to confirm there are no breaking changes or unexpected behavior from the previous version (v1.29.4). go.mod [39] +github.com/hashicorp/consul/api v1.30.0 - Suggestion importance[1-10]: 8 Why: Testing the application with the updated github.com/hashicorp/consul/api library is important to ensure there are no breaking changes or unexpected behavior. This suggestion is relevant and helps maintain application stability.	8
	Validate the updated golang.org/x/text library for compatibility and regressions Confirm that the new version of golang.org/x/text (v0.21.0) does not introduce breaking changes or regressions compared to the previous version (v0.18.0). go.mod [218] +golang.org/x/text v0.21.0 // indirect - Suggestion importance[1-10]: 8 Why: Confirming that the new version of golang.org/x/text does not introduce breaking changes or regressions is essential for maintaining compatibility. This suggestion is relevant and addresses a potential risk effectively.	8
	Validate the updated Google API genproto library for compatibility and integration Check for any breaking changes or new features in the updated google.golang.org/genproto/googleapis/api version (v0.0.0-20241015192408-796eee8c2d53) to ensure proper integration. go.mod [222] +google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53 // indirect - Suggestion importance[1-10]: 8 Why: Checking for breaking changes or new features in the updated google.golang.org/genproto/googleapis/api library ensures proper integration and avoids potential issues. This suggestion is actionable and relevant.	8

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[titpetric]

/release to release-5.3.9

[tykbot]

Working on it! Note that it can take a few minutes.

[tykbot]

Still working...