CVE fix 0422 (#477)

* bump golang crypto dep, add golang tools

* changelog

* update go.sum

* bump go 1.18

* bump ginkgo

* update go.mod

* install ginkgo

* update go.sum

* tidy

* tidy with 1.18

* use 1.18

* format code

* pin go 1.18.1

.github/workflows/codeformat.yaml

@@ -26,10 +26,10 @@ jobs:
 
           echo "After clearing disk space:"
           df -h
-      - name: Set up Go 1.16.3
+      - name: Set up Go 1.18.1
         uses: actions/setup-go@v2
         with:
-          go-version: 1.16.3
+          go-version: 1.18.1
         id: go
       - name: Check out code into the Go module directory
         uses: actions/checkout@v2

.github/workflows/pull_request.yaml

@@ -28,10 +28,10 @@ jobs:
       run: |
         wget https://github.com/aquasecurity/trivy/releases/download/v0.18.3/trivy_0.18.3_Linux-64bit.deb
         sudo dpkg -i trivy_0.18.3_Linux-64bit.deb
-    - name: Set up Go 1.14
+    - name: Set up Go 1.18.1
       uses: actions/setup-go@v1
       with:
-        go-version: 1.14
+        go-version: 1.18.1
     - uses: actions/cache@v1
       with:
         path: ~/go/pkg/mod
@@ -46,7 +46,7 @@ jobs:
       env:
         GITHUB_TOKEN: ${{ secrets.CLOUDBUILD_GITHUB_TOKEN }}
       run: |
-        go get -v github.com/onsi/ginkgo/ginkgo@v1.12.0 && export PATH=$PATH:$(go env GOPATH)/bin/
+        go install -v github.com/onsi/ginkgo/ginkgo@v1.16.5 && export PATH=$PATH:$(go env GOPATH)/bin/
         ginkgo  -r   -p   -failFast   -randomizeSuites   -randomizeAllSpecs   -skipPackage=./installutils/kubeinstall,./debugutils/test
     - uses: testspace-com/setup-testspace@v1
       with:

changelog/v0.21.25/bump-crypto-dep.yaml

@@ -0,0 +1,10 @@
+changelog:
+  - type: DEPENDENCY_BUMP
+    dependencyOwner: golang
+    dependencyRepo: golang.org/x/crypto
+    dependencyTag: v0.0.0-20220315160706-3147a52a75dd
+  - type: DEPENDENCY_BUMP
+    description: Bumped the go version for go.mod
+    dependencyOwner: golang
+    dependencyRepo: go
+    dependencyTag: v1.18

go.mod

@@ -1,6 +1,6 @@
 module github.com/solo-io/go-utils
 
-go 1.13
+go 1.18
 
 require (
 	cloud.google.com/go/pubsub v1.3.1
@@ -10,8 +10,6 @@ require (
 	github.com/Netflix/go-expect v0.0.0-20180928190340-9d1f4485533b
 	github.com/avast/retry-go v2.2.0+incompatible
 	github.com/fgrosse/zaptest v1.1.0
-	github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect
-	github.com/fsnotify/fsnotify v1.4.9 // indirect
 	github.com/ghodss/yaml v1.0.0
 	github.com/go-git/go-git/v5 v5.4.1
 	github.com/gogo/protobuf v1.3.1
@@ -22,31 +20,24 @@ require (
 	github.com/hashicorp/go-multierror v1.0.0
 	github.com/hinshun/vt10x v0.0.0-20180809195222-d55458df857c
 	github.com/imroc/req v0.3.0
-	github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88 // indirect
 	github.com/k0kubun/pp v2.3.0+incompatible
-	github.com/kr/pty v1.1.5 // indirect
-	github.com/mattn/go-isatty v0.0.4 // indirect
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/mitchellh/hashstructure v1.0.0
-	github.com/onsi/ginkgo v1.12.1
+	github.com/onsi/ginkgo v1.16.5
 	github.com/onsi/gomega v1.10.1
 	github.com/palantir/go-baseapp v0.2.3
 	github.com/palantir/go-githubapp v0.5.0
 	github.com/pelletier/go-toml v1.2.0
 	github.com/pkg/errors v0.9.1
-	github.com/prometheus/client_golang v1.2.1 // indirect
-	github.com/prometheus/client_model v0.2.0 // indirect
-	github.com/prometheus/procfs v0.0.11 // indirect
 	github.com/rotisserie/eris v0.1.1
 	github.com/rs/zerolog v1.18.0
 	github.com/spf13/afero v1.2.2
 	github.com/spf13/cobra v1.1.3
-	github.com/yuin/goldmark v1.3.3
+	github.com/yuin/goldmark v1.4.1
 	go.opencensus.io v0.23.0
 	go.uber.org/zap v1.10.0
 	goji.io v2.0.2+incompatible
-	golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a // indirect
-	golang.org/x/mod v0.4.1
+	golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3
 	golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84
 	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
 	google.golang.org/api v0.42.0
@@ -57,6 +48,74 @@ require (
 	gopkg.in/yaml.v2 v2.4.0
 )
 
+require (
+	cloud.google.com/go v0.79.0 // indirect
+	github.com/Microsoft/go-winio v0.4.16 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 // indirect
+	github.com/acomagu/bufpipe v1.0.3 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/bluekeyes/hatpear v0.1.1 // indirect
+	github.com/bradleyfalzon/ghinstallation v1.1.1 // indirect
+	github.com/cespare/xxhash/v2 v2.1.0 // indirect
+	github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect
+	github.com/dgrijalva/jwt-go v3.2.0+incompatible // indirect
+	github.com/emirpasic/gods v1.12.0 // indirect
+	github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect
+	github.com/fsnotify/fsnotify v1.5.3 // indirect
+	github.com/go-git/gcfg v1.5.0 // indirect
+	github.com/go-git/go-billy/v5 v5.3.1 // indirect
+	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
+	github.com/google/go-cmp v0.5.5 // indirect
+	github.com/google/go-github/v29 v29.0.3 // indirect
+	github.com/google/go-querystring v1.0.0 // indirect
+	github.com/googleapis/gax-go/v2 v2.0.5 // indirect
+	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
+	github.com/hashicorp/errwrap v1.0.0 // indirect
+	github.com/hashicorp/golang-lru v0.5.4 // indirect
+	github.com/imdario/mergo v0.3.12 // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
+	github.com/jstemmer/go-junit-report v0.9.1 // indirect
+	github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88 // indirect
+	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
+	github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 // indirect
+	github.com/kr/pty v1.1.5 // indirect
+	github.com/mattn/go-colorable v0.0.9 // indirect
+	github.com/mattn/go-isatty v0.0.4 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
+	github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect
+	github.com/nxadm/tail v1.4.8 // indirect
+	github.com/prometheus/client_golang v1.2.1 // indirect
+	github.com/prometheus/client_model v0.2.0 // indirect
+	github.com/prometheus/common v0.7.0 // indirect
+	github.com/prometheus/procfs v0.0.11 // indirect
+	github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 // indirect
+	github.com/rs/xid v1.2.1 // indirect
+	github.com/russross/blackfriday/v2 v2.0.1 // indirect
+	github.com/sergi/go-diff v1.1.0 // indirect
+	github.com/shurcooL/githubv4 v0.0.0-20191127044304-8f68eb5628d0 // indirect
+	github.com/shurcooL/graphql v0.0.0-20181231061246-d48a9a75455f // indirect
+	github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/src-d/gcfg v1.4.0 // indirect
+	github.com/xanzy/ssh-agent v0.3.0 // indirect
+	github.com/zenazn/goji v0.9.1-0.20160507202103-64eb34159fe5 // indirect
+	go.uber.org/atomic v1.4.0 // indirect
+	go.uber.org/multierr v1.1.0 // indirect
+	golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd // indirect
+	golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5 // indirect
+	golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2 // indirect
+	golang.org/x/sys v0.0.0-20220422013727-9388b58f7150 // indirect
+	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/tools v0.1.10 // indirect
+	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto v0.0.0-20210312152112-fc591d9ea70f // indirect
+	gopkg.in/src-d/go-billy.v4 v4.2.1 // indirect
+	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
+	gopkg.in/warnings.v0 v0.1.2 // indirect
+)
+
 replace (
 	github.com/Azure/go-autorest => github.com/Azure/go-autorest v13.0.0+incompatible
 	github.com/Sirupsen/logrus => github.com/sirupsen/logrus v1.0.5