[TT-12234] update golang.org/x/net, pin Go version to v1.21.11

jeffy-mathew commented 1 month ago

User description

Description

Motivation and Context

How This Has Been Tested

Screenshots (if appropriate)

Types of changes

[x] Bug fix (non-breaking change which fixes an issue)
[ ] New feature (non-breaking change which adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to change)
[ ] Refactoring or add test (improvements in base code or adds test coverage to functionality)

Checklist

[ ] I ensured that the documentation is up to date
[ ] I explained why this PR updates go.mod in detail with reasoning why it's required
[ ] I would like a code coverage CI quality gate exception and have explained why

PR Type

Enhancement, Dependencies

Description

Updated golang.org/x/crypto dependency from v0.21.0 to v0.24.0 in go.mod.
Updated golang.org/x/net dependency from v0.21.0 to v0.26.0 in go.mod.
Updated golang.org/x/sync dependency from v0.6.0 to v0.7.0 in go.mod.
Updated several indirect dependencies in go.mod.
Updated corresponding checksums in go.sum for the new dependency versions.

Changes walkthrough 📝

Relevant files

Dependencies

go.mod `Update Go module dependencies to latest versions` go.mod Updated `golang.org/x/crypto` from v0.21.0 to v0.24.0 Updated `golang.org/x/net` from v0.21.0 to v0.26.0 Updated `golang.org/x/sync` from v0.6.0 to v0.7.0 Updated several indirect dependencies	+7/-7
go.sum `Update Go module checksums for new dependency versions` go.sum Updated checksums for `golang.org/x/crypto` to v0.24.0 Updated checksums for `golang.org/x/net` to v0.26.0 Updated checksums for `golang.org/x/sync` to v0.7.0 Updated checksums for several indirect dependencies	+14/-13

💡 PR-Agent usage: Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

github-actions[bot] commented 1 month ago

API Changes

no api changes detected

github-actions[bot] commented 1 month ago

PR Reviewer Guide 🔍

⏱️ Estimated effort to review [1-5]	2
🧪 Relevant tests	No
🔒 Security concerns	No
⚡ Key issues to review	None

github-actions[bot] commented 1 month ago

PR Code Suggestions ✨

Category	Suggestion	Score
Possible issue	Check module compatibility after updates to avoid integration issues ___ Verify compatibility of updated modules with your project to prevent potential integration issues, especially for major version changes. [go.mod [209]](https://github.com/TykTechnologies/tyk/pull/6384/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R209-R209) ```diff -golang.org/x/sys v0.21.0 +golang.org/x/sys v0.21.0 // ensure compatibility with project ``` Suggestion importance[1-10]: 7 Why: Ensuring compatibility after module updates is a good practice to prevent integration issues. This suggestion is practical and can help maintain project stability.	7
Maintainability	Clean up dependency specifications to improve clarity in the dependency graph ___ Consider removing the `// indirect` comments if these dependencies are now being used directly in the project, to clarify the dependency graph. [go.mod [208]](https://github.com/TykTechnologies/tyk/pull/6384/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R208-R208) ```diff -golang.org/x/mod v0.17.0 // indirect +golang.org/x/mod v0.17.0 ``` Suggestion importance[1-10]: 6 Why: Removing the `// indirect` comments if dependencies are used directly can improve the clarity of the dependency graph. This is a useful suggestion for maintainability.	6
Best practice	Specify exact versions for dependencies to enhance build predictability ___ Consider specifying the exact version of `golang.org/x/net` instead of using a pseudo-version. This can help ensure more predictable builds and clearer dependency management. [go.mod [70]](https://github.com/TykTechnologies/tyk/pull/6384/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R70-R70) ```diff -golang.org/x/net v0.26.0 +golang.org/x/net v0.26.0 // replace with an exact version if available ``` Suggestion importance[1-10]: 5 Why: While specifying exact versions can improve build predictability, the provided suggestion does not offer a concrete improvement over the current version. The current version is already specific enough.	5
Security	Keep cryptographic libraries up-to-date to ensure security ___ Update the `golang.org/x/crypto` to a newer version if available, as it is often critical to keep cryptographic libraries up to date for security reasons. [go.mod [69]](https://github.com/TykTechnologies/tyk/pull/6384/files#diff-33ef32bf6c23acb95f5902d7097b7a1d5128ca061167ec0716715b0b9eeaa5f6R69-R69) ```diff -golang.org/x/crypto v0.24.0 +golang.org/x/crypto v0.25.0 // hypothetical newer version ``` Suggestion importance[1-10]: 3 Why: The suggestion to update to a hypothetical newer version without verifying its existence or compatibility is not practical. It is important to ensure that the suggested version actually exists and is compatible with the project.	3