[TT-12425] exp/modcheck: Update go.mod dependencies

[buger]

User description

Triggered by: jeffy-mathew

IMPORT	VERSION	LATEST	WARNINGS	CVES
getkin/kin-openapi	v0.115.0	v0.125.0	Held back from upgrade
gorilla/websocket	v1.5.2	v1.5.3		0 of 1
miekg/dns	v1.1.59	v1.1.61		0 of 3
valyala/fasthttp	v1.54.0	v1.55.0		0 of 1
google.golang.org/protobuf	v1.34.1	v1.34.2		0 of 2
go-redsync/redsync/v4	v4.11.0	v4.13.0	Held back from upgrade
newrelic/go-agent	v2.13.0 +incompatible	v3.33.0+incompatible	Held back from upgrade
go.opentelemetry.io/otel	v1.19.0	v1.27.0	Held back from upgrade
go.opentelemetry.io/otel/trace	v1.19.0	v1.27.0	Held back from upgrade

Steps performed

+ go get github.com/gorilla/websocket@v1.5.3
go: downloading github.com/gorilla/websocket v1.5.3
go: upgraded github.com/gorilla/websocket v1.5.2 => v1.5.3
+ go get github.com/miekg/dns@v1.1.61
go: downloading github.com/miekg/dns v1.1.61
go: downloading golang.org/x/tools v0.22.0
go: downloading golang.org/x/mod v0.18.0
go: upgraded github.com/miekg/dns v1.1.59 => v1.1.61
go: upgraded golang.org/x/mod v0.17.0 => v0.18.0
go: upgraded golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d => v0.22.0
+ go get github.com/valyala/fasthttp@v1.55.0
go: downloading github.com/valyala/fasthttp v1.55.0
go: downloading github.com/klauspost/compress v1.17.9
go: upgraded github.com/klauspost/compress v1.17.8 => v1.17.9
go: upgraded github.com/valyala/fasthttp v1.54.0 => v1.55.0
+ go get google.golang.org/protobuf@v1.34.2
go: downloading google.golang.org/protobuf v1.34.2
go: upgraded google.golang.org/protobuf v1.34.1 => v1.34.2

go mod tidy output

go: downloading github.com/jensneuse/diffview v1.0.0
go: downloading github.com/sebdah/goldie v0.0.0-20180424091453-8784dd1ab561
go: downloading github.com/ory/dockertest/v3 v3.10.0
go: downloading gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c
go: downloading github.com/evanphx/json-patch/v5 v5.1.0
go: downloading github.com/golang/mock v1.6.0
go: downloading github.com/onsi/ginkgo v1.16.5
go: downloading github.com/onsi/gomega v1.27.10
go: downloading github.com/go-test/deep v1.0.8
go: downloading github.com/fortytw2/leaktest v1.3.0
go: downloading github.com/Microsoft/go-winio v0.6.0
go: downloading github.com/docker/go-units v0.4.0
go: downloading github.com/99designs/gqlgen v0.17.22
go: downloading go.uber.org/goleak v1.2.1
go: downloading github.com/vektah/gqlparser/v2 v2.5.1
go: downloading github.com/ugorji/go/codec v1.2.7
go: downloading gonum.org/v1/gonum v0.14.0
go: downloading github.com/ugorji/go v1.2.7
go: downloading github.com/bsm/ginkgo/v2 v2.12.0
go: downloading github.com/bsm/gomega v1.27.10
go: downloading github.com/hashicorp/consul/proto-public v0.6.1
go: downloading github.com/hashicorp/consul/sdk v0.16.1
go: downloading github.com/kr/pretty v0.3.1
go: downloading github.com/sebdah/goldie/v2 v2.5.3
go: downloading github.com/go-redis/redis v6.15.9+incompatible
go: downloading github.com/go-redis/redis/v7 v7.4.0
go: downloading github.com/gomodule/redigo v1.8.9
go: downloading github.com/redis/rueidis v1.0.19
go: downloading github.com/stvp/tempredis v0.0.0-20181119212430-b82af8480203
go: downloading github.com/frankban/quicktest v1.14.6
go: downloading github.com/jcmturner/goidentity/v6 v6.0.1
go: downloading github.com/docker/cli v20.10.17+incompatible
go: downloading github.com/opencontainers/runc v1.1.5
go: downloading github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5
go: downloading github.com/moby/term v0.0.0-20201216013528-df9cb8a40635
go: downloading github.com/opencontainers/image-spec v1.0.2
go: downloading github.com/logrusorgru/aurora/v3 v3.0.0
go: downloading github.com/benbjohnson/clock v1.1.0
go: downloading github.com/hashicorp/go-msgpack v0.5.5
go: downloading github.com/hashicorp/memberlist v0.5.0
go: downloading github.com/kr/text v0.2.0
go: downloading github.com/rogpeppe/go-internal v1.11.0
go: downloading github.com/sergi/go-diff v1.1.0
go: downloading github.com/nxadm/tail v1.4.8
go: downloading github.com/docker/go-connections v0.4.0
go: downloading github.com/containerd/continuity v0.3.0
go: downloading github.com/opencontainers/go-digest v1.0.0
go: downloading github.com/agnivade/levenshtein v1.1.1
go: downloading github.com/pascaldekloe/goe v0.1.0
go: downloading github.com/google/btree v1.0.1
go: downloading github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529
go: downloading gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7
go: downloading github.com/docker/docker v20.10.7+incompatible
go: downloading github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
go: downloading github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161
go: downloading github.com/golang/glog v1.2.0
go: downloading github.com/gogo/protobuf v1.3.2

JIRA: https://tyktech.atlassian.net/browse/TT-12425

---

PR Type

Enhancement

---

Description

• Updated several Go module dependencies to their latest versions in go.mod:
  • github.com/gorilla/websocket from v1.5.2 to v1.5.3
  • github.com/miekg/dns from v1.1.59 to v1.1.61
  • github.com/valyala/fasthttp from v1.54.0 to v1.55.0
  • google.golang.org/protobuf from v1.34.1 to v1.34.2
• Updated corresponding checksums in go.sum to reflect the new versions.

---

Changes walkthrough 📝

Relevant files

Dependencies

go.mod Update Go module dependencies to latest versions                  go.mod Updated github.com/gorilla/websocket from v1.5.2 to v1.5.3 Updated github.com/miekg/dns from v1.1.59 to v1.1.61 Updated github.com/valyala/fasthttp from v1.54.0 to v1.55.0 Updated google.golang.org/protobuf from v1.34.1 to v1.34.2 +7/-7      go.sum Update Go module checksums for dependencies                            go.sum Updated checksums for github.com/gorilla/websocket to v1.5.3 Updated checksums for github.com/miekg/dns to v1.1.61 Updated checksums for github.com/valyala/fasthttp to v1.55.0 Updated checksums for google.golang.org/protobuf to v1.34.2 +14/-14

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[github-actions]

API Changes

no api changes detected

[github-actions]

PR Reviewer Guide 🔍

⏱️ Estimated effort to review [1-5]	2
🧪 Relevant tests	No
🔒 Security concerns	No
⚡ Key issues to review	None

[github-actions]

PR Code Suggestions ✨

Category	Suggestion	Score
Security	Check for potential breaking changes in updated dependencies Ensure that the new version v1.1.61 of github.com/miekg/dns does not contain breaking changes or vulnerabilities that could impact your application. go.mod [51] -github.com/miekg/dns v1.1.61 +github.com/miekg/dns v1.1.61 // Check for breaking changes or vulnerabilities Suggestion importance[1-10]: 9 Why: Checking for breaking changes or vulnerabilities in updated dependencies is essential for security and stability. This suggestion addresses a critical aspect of dependency management.	9
	Verify the checksum of the new dependency for security Consider verifying the checksum of the newly added dependency github.com/gorilla/websocket v1.5.3 to ensure its integrity and authenticity. This is crucial for security reasons, especially when updating to new versions. go.sum [304] -github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg= +github.com/gorilla/websocket v1.5.3 h1:<verified-checksum> Suggestion importance[1-10]: 9 Why: Verifying the checksum of new dependencies is crucial for ensuring the integrity and authenticity of the code, which is a significant security measure.	9
Possible issue	Verify compatibility of updated dependencies Consider verifying the compatibility of the updated github.com/gorilla/websocket version with your project. Upgrading from v1.5.2 to v1.5.3 might introduce changes that could affect the existing functionality. go.mod [41] -github.com/gorilla/websocket v1.5.3 +github.com/gorilla/websocket v1.5.3 // Verify compatibility with project requirements Suggestion importance[1-10]: 8 Why: Verifying compatibility of updated dependencies is crucial to ensure that the new version does not introduce breaking changes or bugs. This suggestion is important for maintaining the stability of the project.	8
	Check compatibility of the new version with other dependencies Ensure that the version github.com/miekg/dns v1.1.61 is compatible with other project dependencies to prevent any potential conflicts or runtime issues. go.sum [459] -github.com/miekg/dns v1.1.61 h1:nLxbwF3XxhwVSm8g9Dghm9MHPaUZuqhPiGL+675ZmEs= +github.com/miekg/dns v1.1.61 h1:nLxbwF3XxhwVSm8g9Dghm9MHPaUZuqhPiGL+675ZmEs= # Ensure compatibility Suggestion importance[1-10]: 8 Why: Ensuring compatibility with other dependencies is important to prevent potential conflicts or runtime issues, making this a valuable suggestion.	8
	Test the new version for stability and compatibility Review and test the new version golang.org/x/mod v0.18.0 thoroughly to ensure that it does not introduce any breaking changes or unexpected behavior in the project. go.sum [733] -golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0= +golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0= # Confirm no breaking changes Suggestion importance[1-10]: 8 Why: Thorough testing of new versions is essential to ensure they do not introduce breaking changes or unexpected behavior, which is critical for maintaining project stability.	8
Maintainability	Validate compatibility of tooling updates with project requirements Validate the update of golang.org/x/tools from v0.21.1-0.20240508182429-e35e4ccd0d2d to v0.22.0 to ensure it aligns with the project's tooling requirements and does not introduce incompatibilities. go.mod [214] -golang.org/x/tools v0.22.0 // indirect +golang.org/x/tools v0.22.0 // indirect // Validate compatibility with project tooling Suggestion importance[1-10]: 8 Why: Ensuring that tooling updates do not introduce incompatibilities is important for maintainability and smooth development workflows. This suggestion helps in maintaining the integrity of the project's tooling setup.	8
Performance	Assess the impact of dependency updates on performance and security Review the necessity of updating github.com/valyala/fasthttp to v1.55.0 for test environments, ensuring it does not adversely affect the performance or security of the application. go.mod [67] -github.com/valyala/fasthttp v1.55.0 // test +github.com/valyala/fasthttp v1.55.0 // test // Review for performance and security implications Suggestion importance[1-10]: 7 Why: While this suggestion is valid, it is less critical since it pertains to a test environment. However, reviewing performance and security implications is still beneficial for overall project health.	7
Enhancement	Update to the latest stable release of the dependency Update the version of github.com/klauspost/compress to the latest stable release if available, to ensure compatibility and security with the latest fixes and features. go.sum [415] -github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= +github.com/klauspost/compress v1.18.0 h1:<new-checksum> Suggestion importance[1-10]: 7 Why: Updating to the latest stable release can provide important fixes and improvements, but the suggestion does not confirm if a newer version is available or necessary.	7

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[jeffy-mathew]

/release to release-5.4

[tykbot]

Working on it! Note that it can take a few minutes.

[tykbot]

@jeffy-mathew Succesfully merged PR