Govulncheck CI action is failing on the latest scans

[travisn]

Is this a bug report or feature request?

• Bug Report

Deviation from expected behavior:
The govulncheck CI action is failing since yesterday. It appears the tool is scanning for new issues and reporting the following. I don't see any urgent issues to fix, we just need to get the CI passing again.

See this run:

Vulnerability #1: GO-2024-2610
    Errors returned from JSON marshaling may break template escaping in
    html/template
  More info: https://pkg.go.dev/vuln/GO-2024-2610
  Standard library
    Found in: html/template@go1.21.5
    Fixed in: html/template@go1.21.8
    Example traces found:
Error:       #1: pkg/operator/ceph/file/mds/livenessprobe.go:53:21: mds.renderProbe calls template.Template.Execute

Vulnerability #2: GO-2024-2600
    Incorrect forwarding of sensitive headers and cookies on HTTP redirect in
    net/http
  More info: https://pkg.go.dev/vuln/GO-2024-2600
  Standard library
    Found in: net/http@go1.21.5
    Fixed in: net/http@go1.21.8
    Example traces found:
Error:       #1: pkg/operator/ceph/object/admin.go:79:26: object.debugHTTPClient.Do calls http.Client.Do
Error:       #2: tests/framework/installer/settings.go:64:27: installer.readManifestFromURL calls http.Get

Vulnerability #3: GO-2024-2599
    Memory exhaustion in multipart form parsing in net/textproto and net/http
  More info: https://pkg.go.dev/vuln/GO-2024-2599
  Standard library
    Found in: net/textproto@go1.21.5
    Fixed in: net/textproto@go1.21.8
    Example traces found:
Error:       #1: pkg/operator/ceph/object/admin.go:72:38: object.debugHTTPClient.Do calls httputil.DumpRequestOut, which eventually calls textproto.Reader.ReadLine
Error:       #2: pkg/operator/ceph/object/admin.go:72:38: object.debugHTTPClient.Do calls httputil.DumpRequestOut, which eventually calls textproto.Reader.ReadMIMEHeader

Vulnerability #4: GO-2024-2598
    Verify panics on certificates with an unknown public key algorithm in
    crypto/x509
  More info: https://pkg.go.dev/vuln/GO-2024-2598
  Standard library
    Found in: crypto/x509@go1.21.5
    Fixed in: crypto/x509@go1.21.8
    Example traces found:
Error:       #1: pkg/operator/ceph/object/s3-handlers.go:[170](https://github.com/rook/rook/actions/runs/8164968994/job/22321623536#step:3:183):23: object.S3Agent.GetObjectInBucket calls bytes.Buffer.ReadFrom, which eventually calls x509.Certificate.Verify

Your code is affected by 4 vulnerabilities from the Go standard library.
This scan also found 0 vulnerabilities in packages you import and 3
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.
Error: Process completed with exit code 3.

Expected behavior:
Passing security scan

How to reproduce it (minimal and precise):

See the Golangci-lint action history since yesterday.

[NymanRobin]

/assign

[github-actions]

Thanks for taking this issue! Let us know if you have any questions!