Merging to release-5.3.9: [TT-13741] [release-5.3] exp/modcheck: Update go.mod dependencies (#6795)

[buger]

User description

TT-13741 [release-5.3] exp/modcheck: Update go.mod dependencies (#6795)

User description

Triggered by: titpetric
JIRA: https://tyktech.atlassian.net/browse/TT-13741

IMPORT	VERSION	LATEST	WARNINGS	CVES
getkin/kin-openapi	v0.115.0	v0.128.0	Held back from upgrade
golang-jwt/jwt/v4	v4.5.0	v4.5.1		0 of 1
hashicorp/consul/api	v1.29.4	v1.30.0
pires/go-proxyproto	v0.7.0	v0.8.0		0 of 1
robertkrimen/otto	v0.4.0	v0.5.1
stretchr/testify	v1.9.0	v1.10.0
valyala/fasthttp	v1.55.0	v1.58.0		0 of 1
golang.org/x/crypto	v0.27.0	v0.31.0		0 of 11
golang.org/x/net	v0.29.0	v0.33.0		0 of 17
golang.org/x/sync	v0.8.0	v0.10.0
google.golang.org/grpc	v1.66.2	v1.69.2		0 of 2
google.golang.org/protobuf	v1.34.2	v1.36.0		0 of 2
redis/go-redis/v9	v9.6.1	v9.7.0
newrelic/go-agent	v2.13.0 +incompatible	v3.35.1+incompatible
Held back from upgrade
go.opentelemetry.io/otel	v1.32.0	v1.33.0	Held back from upgrade
go.opentelemetry.io/otel/trace	v1.32.0	v1.33.0	Held back from
upgrade
go.uber.org/mock	v0.4.0	v0.5.0

Steps performed

+ go get github.com/golang-jwt/jwt/[email protected]
go: upgraded github.com/golang-jwt/jwt/v4 v4.5.0 => v4.5.1
+ go get github.com/hashicorp/consul/[email protected]
go: upgraded github.com/hashicorp/consul/api v1.29.4 => v1.30.0
+ go get github.com/pires/[email protected]
go: upgraded github.com/pires/go-proxyproto v0.7.0 => v0.8.0
+ go get github.com/robertkrimen/[email protected]
go: upgraded github.com/robertkrimen/otto v0.4.0 => v0.5.1
+ go get github.com/stretchr/[email protected]
go: upgraded github.com/stretchr/testify v1.9.0 => v1.10.0
+ go get github.com/valyala/[email protected]
go: upgraded github.com/andybalholm/brotli v1.1.0 => v1.1.1
go: upgraded github.com/klauspost/compress v1.17.9 => v1.17.11
go: upgraded github.com/valyala/fasthttp v1.55.0 => v1.58.0
go: upgraded golang.org/x/crypto v0.27.0 => v0.29.0
go: upgraded golang.org/x/net v0.29.0 => v0.31.0
go: upgraded golang.org/x/sync v0.8.0 => v0.9.0
go: upgraded golang.org/x/text v0.18.0 => v0.20.0
+ go get golang.org/x/[email protected]
go: upgraded golang.org/x/crypto v0.29.0 => v0.31.0
go: upgraded golang.org/x/sync v0.9.0 => v0.10.0
go: upgraded golang.org/x/sys v0.27.0 => v0.28.0
go: upgraded golang.org/x/text v0.20.0 => v0.21.0
+ go get golang.org/x/[email protected]
go: upgraded golang.org/x/net v0.31.0 => v0.33.0
+ go get golang.org/x/[email protected]
+ go get google.golang.org/[email protected]
go: downloading google.golang.org/genproto/googleapis/rpc
v0.0.0-20241015192408-796eee8c2d53
go: downloading google.golang.org/genproto/googleapis/api
v0.0.0-20241015192408-796eee8c2d53
go: upgraded google.golang.org/genproto/googleapis/api
v0.0.0-20240604185151-ef581f913117 => v0.0.0-20241015192408-796eee8c2d53
go: upgraded google.golang.org/genproto/googleapis/rpc
v0.0.0-20240604185151-ef581f913117 => v0.0.0-20241015192408-796eee8c2d53
go: upgraded google.golang.org/grpc v1.66.2 => v1.69.2
go: upgraded google.golang.org/protobuf v1.34.2 => v1.35.1
+ go get google.golang.org/[email protected]
go: upgraded google.golang.org/protobuf v1.35.1 => v1.36.0
+ go get github.com/redis/go-redis/[email protected]
go: upgraded github.com/redis/go-redis/v9 v9.6.1 => v9.7.0
+ go get go.uber.org/[email protected]
go: upgraded go.uber.org/mock v0.4.0 => v0.5.0

go mod tidy output

---

PR Type

dependencies

---

Description

• Updated several dependencies in go.mod to their latest versions,
  including github.com/golang-jwt/jwt/v4,
  github.com/hashicorp/consul/api, github.com/pires/go-proxyproto,
  github.com/robertkrimen/otto, github.com/stretchr/testify,
  github.com/valyala/fasthttp, golang.org/x/crypto,
  golang.org/x/net, golang.org/x/sync, google.golang.org/grpc, and
  google.golang.org/protobuf.
• Addressed potential CVEs and improved security by upgrading vulnerable
  dependencies.
• Updated go.sum to reflect the changes in go.mod, ensuring
  integrity and consistency of the dependency graph.
• Enhanced compatibility and performance by using the latest versions of
  libraries.

---

Changes walkthrough 📝

Relevant files

Dependencies

go.mod Update Go module dependencies to latest versions                  go.mod Updated multiple dependencies to their latest versions. Improved security by addressing potential CVEs in dependencies. Enhanced compatibility and performance with updated libraries. +19/-19  go.sum Update dependency checksums in go.sum                                        go.sum Updated checksums for the newly updated dependencies. Ensured consistency and integrity of dependency versions. +42/-40

---

💡 PR-Agent usage: Comment /help "your question" on any pull
request to receive relevant information

Co-authored-by: titpetric [email protected]

---

PR Type

dependencies

---

Description

• Updated several dependencies in go.mod to their latest versions, including github.com/golang-jwt/jwt/v4, github.com/hashicorp/consul/api, github.com/pires/go-proxyproto, github.com/robertkrimen/otto, github.com/stretchr/testify, github.com/valyala/fasthttp, golang.org/x/crypto, golang.org/x/net, golang.org/x/sync, google.golang.org/grpc, and google.golang.org/protobuf.
• Addressed potential CVEs and improved security by upgrading vulnerable dependencies.
• Updated go.sum to reflect the changes in go.mod, ensuring integrity and consistency of the dependency graph.
• Enhanced compatibility and performance by using the latest versions of libraries.

---

Changes walkthrough 📝

Relevant files

Dependencies

go.mod Update Go module dependencies to latest versions                  go.mod Updated multiple dependencies to their latest versions. Improved security by addressing potential CVEs in dependencies. Enhanced compatibility and performance with updated libraries. +19/-19  go.sum Update dependency checksums in go.sum                                        go.sum Updated checksums for the newly updated dependencies. Ensured consistency and integrity of dependency versions. +42/-40

---

💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

[github-actions]

API Changes

no api changes detected

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

🎫 Ticket compliance analysis ✅ 6795 - Fully compliant Fully compliant requirements: Update Go module dependencies to their latest versions. Address potential CVEs and improve security by upgrading vulnerable dependencies. Update go.sum to reflect changes in go.mod. Enhance compatibility and performance by using the latest versions of libraries. Not compliant requirements:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Dependency Updates Ensure that all updated dependencies are compatible with the existing codebase and do not introduce regressions or unexpected behavior. Dependency Integrity Verify that the updated checksums in go.sum match the expected values for the updated dependencies.

[github-actions]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Score
General	Ensure compatibility of the updated JWT library version with the existing codebase Verify compatibility of the updated github.com/golang-jwt/jwt/v4 dependency (v4.5.1) with existing code, as changes in minor versions may introduce breaking changes or deprecations. go.mod [34] +github.com/golang-jwt/jwt/v4 v4.5.1 - Suggestion importance[1-10]: 7 Why: The suggestion to verify compatibility of the updated github.com/golang-jwt/jwt/v4 library is valid and important, as minor version updates can introduce breaking changes or deprecations. However, it is not actionable in itself and requires further testing or analysis.	7
	Validate the compatibility of the updated Consul API library with the current implementation Confirm that the updated github.com/hashicorp/consul/api version (v1.30.0) does not introduce breaking changes or require configuration updates. go.mod [39] +github.com/hashicorp/consul/api v1.30.0 - Suggestion importance[1-10]: 7 Why: The suggestion to confirm compatibility of the updated github.com/hashicorp/consul/api library is relevant, as changes in dependencies can impact the application's functionality. However, it is not a direct code improvement but a recommendation for validation.	7
	Verify the updated Google GenProto libraries for compatibility and functionality Test the integration of the updated google.golang.org/genproto/googleapis/api and google.golang.org/genproto/googleapis/rpc dependencies to ensure no regressions or API mismatches. go.mod [222-223] +google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53 // indirect +google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 // indirect - Suggestion importance[1-10]: 7 Why: Testing the integration of the updated google.golang.org/genproto/googleapis/api and google.golang.org/genproto/googleapis/rpc libraries is a valid suggestion to ensure no regressions or API mismatches. However, the suggestion is not actionable and requires additional testing.	7
	Validate the updated Golang text library for compatibility with existing text processing logic Ensure that the updated golang.org/x/text version (v0.21.0) does not introduce changes that could affect text processing or encoding in the application. go.mod [218] +golang.org/x/text v0.21.0 // indirect - Suggestion importance[1-10]: 7 Why: Ensuring that the updated golang.org/x/text library does not introduce changes affecting text processing is a valid and relevant suggestion. However, it is not an immediate code improvement and requires further validation or testing.	7

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud