Bump versions for oauth2, crypto and net packages

[sfc-gh-ssudakovich]

This should take care of the following known vulnerabilities:
CVE-2025-22868, CVE-2025-22872, CVE-2025-22870, CVE-2024-45337

[SuperQ]

Please do not report raw vulnerability scanner results. They are prone to false positives and cause the Prometheus team toil in verifying. Please verify vulnerability reports and include specific details as to which components are directly exploitable.

[sfc-gh-ssudakovich]

From what I can see there are few packages that have vulnerabilities:

• 2 in crypto
• 1 in stdlib
• 1 in oauth2
  How likely a user to exploit them in the context of the exporter - not sure, i am not a security expert. But what I do know is that all the people that are using your public images (me included) will run their vulnerability scanners and will have to get off your images and build their own. I think it is better to preemptively bump up the versions (or trigger whatever machinery that you have that does it) vs people revving their own.

[sfc-gh-ssudakovich]

you already have one open for crypto (but going to 0.32 not 0.36) #202 so maybe asking dependabot to run again and picking them up would be the easiest.