fix: vulnerabilities in dependency package hints

[fengshunli]

Signed-off-by: fengshunli fengshunli520@gmail.com

Note on DCO:

If the DCO action in the integration test fails, one or more of your commits are not signed off. Please click on the Details link next to the DCO action for instructions on how to resolve this.

Checklist:

• Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
• The title of the PR states what changed and the related issues number (used for the release note).
• I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
• I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
• Does this PR require documentation updates?
• I've updated documentation as required by this PR.
• Optional. My organization is added to USERS.md.
• I have signed off all my commits as required by DCO
• I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
• My build is green (troubleshooting builds).

[fengshunli]

upgrade package dependencies

show after repair

@crenshaw-dev @alexef can be merged

[codecov]

Codecov Report

Base: 46.70% // Head: 46.70% // No change to project coverage 👍

Coverage data is based on head (ab7e214) compared to base (752bc5f).
Patch has no changes to coverable lines.

Additional details and impacted files

@@           Coverage Diff           @@
##           master   #11434   +/-   ##
=======================================
  Coverage   46.70%   46.70%           
=======================================
  Files         240      240           
  Lines       39771    39771           
=======================================
  Hits        18577    18577           
  Misses      19310    19310           
  Partials     1884     1884           

Impacted Files	Coverage Δ
util/settings/settings.go	48.87% <0.00%> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[crenshaw-dev]

@fengshunli can we split this into multiple PRs? I'd like to cherry-pick back the x/net upgrade but leave the others for 2.6 to minimize potentially introducing bugs.

[fengshunli]

@fengshunli can we split this into multiple PRs? I'd like to cherry-pick back the x/net upgrade but leave the others for 2.6 to minimize potentially introducing bugs.

goutils and mongo-driver @crenshaw-dev there are potential security risks, which need to be upgraded to solve

[crenshaw-dev]

@fengshunli those can be in a separate PR. They'll need more analysis, because we may or may not want to cherry-pick them back, depending on the risk/benefit of closing the vulnerability vs. introducing bugs on patch releases.

[fengshunli]

@crenshaw-dev do you mean, I separate indirect dependencies and direct references to pr? see net pr #11447

[blakepettersson]

Closing since none of these deps apply anymore