build: update golang.org/x/net

[clD11]

Summary

This PR updates golang.org/x/net.

closes https://github.com/brave-intl/bat-go/security/dependabot/179

Type of Change

• Product feature
• Bug fix
• Performance improvement
• Refactor
• [build: update golang.org/x/net] Other

Tested Environments

• Development
• Staging
• Production

Before Requesting Review

• Does your code build cleanly without any errors or warnings?
• Have you used auto closing keywords?
• Have you added tests for new functionality?
• Have validated query efficiency for new database queries?
• Have documented new functionality in README or in comments?
• Have you squashed all intermediate commits?
• Is there a clear title that explains what the PR does?
• Have you used intuitive function, variable and other naming?
• Have you requested security and/or privacy review if needed
• Have you performed a self review of this PR?

Manual Test Plan

[socket-security]

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report↗︎

[github-actions]

[puLL-Merge] - brave-intl/bat-go@2802

Description

This PR updates various dependencies in the go.mod file for the BAT-Go library. The main changes include:

1. Specifying a more precise Go version (1.23.0 instead of 1.23)
2. Removing redundant AWS SDK dependencies
3. Upgrading several security and core dependencies to newer versions
4. Adding new dependencies for containerization and telemetry

Changes

Changes

By file:
libs/go.mod:

• Updated Go version from 1.23 to 1.23.0
• Removed redundant AWS SDK dependencies:
  • aws-sdk-go-v2
  • aws-sdk-go-v2/config
  • aws-sdk-go-v2/credentials
  • aws-sdk-go-v2/feature/ec2/imds
• Updated key dependencies:
  • go-jose/go-jose/v3: v3.0.0 -> v3.0.3
  • prometheus/client_golang: v1.13.0 -> v1.16.0
  • sirupsen/logrus: v1.9.0 -> v1.9.3
  • golang.org/x/crypto: v0.31.0 -> v0.37.0
  • golang.org/x/net: v0.23.0 -> v0.39.0
• Added new dependencies for containerization and telemetry support:
  • containerd/log v0.1.0
  • containerd/containerd/api v1.8.0
  • go.opentelemetry.io packages

libs/go.sum:

• Updated checksums to reflect the new dependency versions

sequenceDiagram
    participant App
    participant Dependencies
    participant Security
    Note over App,Dependencies: Initial State
    Dependencies->>Security: Remove vulnerable versions
    Dependencies->>App: Update core dependencies
    Dependencies->>App: Add telemetry support
    App->>Dependencies: Clean up AWS SDK
    Note over App,Security: Final State with improved security

Loading

Security Hotspots

• Moving to go-jose/go-jose v3.0.3 addresses known vulnerabilities in earlier versions
• The update to golang.org/x/crypto to v0.37.0 includes important security fixes
• The update to golang.org/x/net to v0.39.0 includes security improvements for network-related functionality

Possible Issues

• The removal of direct AWS SDK dependencies might impact features that were directly using these packages
• The significant version jump in prometheus/client_golang might require adjustments to metrics collection code
• The addition of OpenTelemetry packages suggests a shift in observability strategy that might need configuration updates