Upgrade golang.org/x/crypto and other deps

[dveeden]

What problem does this PR solve?

Problem Summary:

Vulnerability #1: GO-2025-4116
    Potential denial of service in golang.org/x/crypto/ssh/agent
  More info: https://pkg.go.dev/vuln/GO-2025-4116
  Module: golang.org/x/crypto
    Found in: golang.org/x/crypto@v0.40.0
    Fixed in: golang.org/x/crypto@v0.43.0

Note that we do not use the vulnerable part of x/crypto, but would still be good to upgrade to a safer version.

What is changed and how it works:

Check List

Tests

• Unit test
• Integration test
• Manual test (add detailed scripts or steps below)
• No code

Notable changes

• Has configuration change
• Has HTTP API interfaces change
• Has tiproxyctl change
• Other user behavior changes

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

None

[ti-chi-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign djshow832 for approval. For more information see the Code Review Process.
Please ensure that each of them provides their approval before proceeding.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[dveeden]

/cc @djshow832

[ti-chi-bot]

@dveeden: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-check	82a0f40	link	true	/test check

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (main@1c16be2). Learn more about missing BASE report.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #984   +/-   ##
=======================================
  Coverage        ?   65.65%           
=======================================
  Files           ?      138           
  Lines           ?    14060           
  Branches        ?        0           
=======================================
  Hits            ?     9231           
  Misses          ?     4182           
  Partials        ?      647           

Flag	Coverage Δ
unit	65.65% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[djshow832]

CI reports

Error: can't load config: the Go language version (go1.23) used to build golangci-lint is lower than the targeted Go version (1.24.0)
Failed executing command with error: can't load config: the Go language version (go1.23) used to build golangci-lint is lower than the targeted Go version (1.24.0)

Maybe I need to ask the EE team to upgrade Go.

[dveeden]

CI reports

Error: can't load config: the Go language version (go1.23) used to build golangci-lint is lower than the targeted Go version (1.24.0)
Failed executing command with error: can't load config: the Go language version (go1.23) used to build golangci-lint is lower than the targeted Go version (1.24.0)

Maybe I need to ask the EE team to upgrade Go.

Yes going from 1.23 to 1.24 or even better 1.25 would be good. The best before date for 1.23 is getting closer.

[djshow832]

I told him to upgrade the builder version but it may take some time. Please upgrade directly to v1.25 if you have time.