fix: updated packages and improve/block vuln check

[scott-ray-wilson]

Description 📣

This PR bumps package versions and updates our vuln check to also check indirect modules and removes reporting only

Type ✨

• Bug fix
• New feature
• Improvement
• Breaking change
• Documentation

Tests 🛠️

n/a

# Here's some code block to paste some code snippets

---

• I have read the contributing guide, agreed and acknowledged the code of conduct. 📝

[infisical-review-police]

💬 Discussion in Slack: #pr-review-cli-249-fix-updated-packages-and-improve-block-vuln-check

Posted by Review Police — reviews, comments, new commits, and CI failures will stream into this channel.

[greptile-apps]

Greptile Summary

This PR bumps several vulnerable indirect dependencies (quic-go v0.54.1→v0.57.0, filippo.io/edwards25519 v1.1.0→v1.1.1, full otel suite v1.39.0→v1.44.0) and tightens the CI vulnerability gate from a non-blocking report-only run to a hard-failing check using govulncheck -scan module.

• Workflow hardening: Removes continue-on-error: true so any vulnerable module version in the build list now blocks the PR, aligning with external scanners like Trivy.
• Dependency upgrades: quic-go, edwards25519, and the OpenTelemetry suite are all bumped; go.uber.org/mock, golang.org/x/mod, and golang.org/x/tools are pruned from the indirect dependency list.
• go.sum: Checksums updated consistently to match all changed module versions.

Confidence Score: 3/5

The dependency bumps are clean, but the govulncheck invocation change may produce a silent no-op if the tool requires a package or module argument when -scan module is used without one.

The govulncheck -scan module command has no trailing package pattern or explicit module path; depending on the tool version this may scan nothing and exit cleanly, leaving the new blocking gate hollow. The version bumps and go.sum updates are otherwise well-formed.

.github/workflows/govulncheck.yml — verify that govulncheck -scan module with no positional argument actually scans the full module build list in v1.1.4.

Important Files Changed

Filename	Overview
.github/workflows/govulncheck.yml	Removes continue-on-error: true so the vulnerability check now blocks CI, and switches from source-level scanning (./...) to module-level scanning (-scan module) to flag all vulnerable module versions regardless of reachability.
go.mod	Bumps quic-go v0.54.1 to v0.57.0, filippo.io/edwards25519 v1.1.0 to v1.1.1, and the full otel suite v1.39.0 to v1.44.0; removes now-unused indirect entries.
go.sum	Checksum entries updated consistently to match the new module versions introduced in go.mod.

_{Reviews (1): Last reviewed commit: "fix: updated packages and improve/block ..." | Re-trigger Greptile}