Chore: Update third-party dependencies to their latest releases

[nfnt]

What this PR does / why we need it:
This bumps the modules as well as 'golangci-lint' to their latest releases.
It also fixes linter warnings due to updated linters, among them a potential DoS when copying files from archives (gosec G110).
gotest.tools has been removed in favor of stretchr/testify, as it offers the same functionality.

[ANeumann82]

Looks pretty good, apart from that one change that I commented. It may be ok to change the behavior, but i'd like to get some more opinions about it

[alenkacz]

Looks good, I have two questions but they probably won't be a blockers. Thanks 👏

[alenkacz]

what changed here? that we can do it now...

[nfnt]

No idea 😆
I had a lot of issues with that back when we introduced golangci-lint. Now I don't see them anymore and have been using it with full prefixes successfully in other (albeit smaller) projects -- kitt and test-tools.

[kensipe]

why don't we leave it local-prefixes: github.com/kudobuilder? It seems to function and allows for a usable configuration across projects.

[nfnt]

Because that wouldn't just group kudo packages but packages from other projects in the kudobuilder org as well. For example in pkg/engine/task/task_kudo_operator_test.go, a kuttl import was grouped with kudo imports. This will be fixed with this change to local-prefixes.

[kensipe]

make generate leaves the repo dirty
CRDs and bindata.go are dirty

[kensipe]

why don't we leave it local-prefixes: github.com/kudobuilder? It seems to function and allows for a usable configuration across projects.

[kensipe]

I would push the updated changes... but it likely needs some analysis... some of the change looks like simple line limits which result in wrapping... like:

                   email:
-                    description: Email is an optional email address to contact the named maintainer.
+                    description: Email is an optional email address to contact the
+                      named maintainer.
                     type: string

It would be good to understand what is causing this change... and if innocuous.. then including the changed files

[kensipe]

after generating files make generate, make test passes... but make integration-test fails. (around crds)

[kensipe]

additionally... golangci needs a change to install-golangcilint.sh which is missing in this change.
https://github.com/kudobuilder/kudo/blob/main/hack/install-golangcilint.sh#L7

which makes me question if the correct linter version was used..

[kensipe]

I should add.. there are some really good mods here... In particular the error handling around io.Copy and size limitations!

[nfnt]

@kensipe, interesting,make generate was run here and resulted in updated CRDs, make integration-test succeeds in the CI. But controller-gen isn't being updated as part of this PR. This must be due to the Kubernetes APIs bump to 0.18.6. The updated APIs are used by controller-gen as well -- because that's how dependency resolution works with Go modules. As a result, the output is different.

[nfnt]

This would also explain why running make generate locally leaves your repo dirty: You already have controller-gen in the right version installed. But if you would rebuild controller-gen, it would use different dependencies, which results in a different binary.
This is a problem 😦. Thanks for surfacing this.

[kensipe]

lgtm

It was necessary to delete controller-gen and go-bindata. after that all is well!