Update dependencies to address known vulnerabilities

[Copilot]

Updates Go dependencies to patch known security vulnerabilities and incorporate stability improvements.

Key Updates

Security & Crypto

• golang.org/x/crypto v0.46.0 → v0.47.0
• golang.org/x/net v0.48.0 → v0.49.0
• golang-jwt/jwt/v5 v5.3.0 → v5.3.1

Azure SDK

• azure-sdk-for-go/sdk/azcore v1.20.0 → v1.21.0

Testing

• onsi/ginkgo/v2 v2.22.0 → v2.28.1
• onsi/gomega v1.36.1 → v1.39.1

Expression/Parser

• cel.dev/expr v0.24.0 → v0.25.1
• antlr4-go/antlr/v4 v4.13.0 → v4.13.1
• google/cel-go v0.26.0 → v0.27.0

Infrastructure

• go-openapi/* v0.25.3 → v0.25.4
• cloud.google.com/go/compute/metadata v0.3.0 → v0.9.0
• coreos/go-systemd/v22 v22.5.0 → v22.7.0
• prometheus/common v0.67.4 → v0.67.5

Plus golang.org/x/{sys,term,text,oauth2,tools,exp,mod} and google.golang.org/protobuf updates.

Notes

• Maintains Go 1.24 compatibility (k8s v0.35+ requires Go 1.25, deferred)
• Added cover.out to .gitignore

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• fake-vault
  • Triggering command: /tmp/go-build317601836/b1018/loader.test /tmp/go-build317601836/b1018/loader.test -test.paniconexit0 -test.gocoverdir=/tmp/go-build317601836/b1018/gocoverdir -test.timeout=10m0s -test.coverprofile=/tmp/go-build317601836/b1018/_cover_.out pkg/mod/github.c-errorsas pkg/mod/github.c-ifaceassert ux_amd64/vet iorityqueue/metr/opt/hostedtoolcache/go/1.24.12/x64/pkg/tool/linux_amd64/vet iorityqueue/prio-atomic (dns block)
• https://storage.googleapis.com/storage/v1/b/kubebuilder-tools/o/kubebuilder-tools-1.30.0-linux-amd64.tar.gz
  • Triggering command: /home/REDACTED/work/AppConfiguration-KubernetesProvider/AppConfiguration-KubernetesProvider/bin/setup-envtest-release-0.18 /home/REDACTED/work/AppConfiguration-KubernetesProvider/AppConfiguration-KubernetesProvider/bin/setup-envtest-release-0.18 use 1.30.0 --bin-dir /home/REDACTED/work/AppConfiguration-KubernetesProvider/AppConfiguration-KubernetesProvider/bin -p path rnetesProvider/bin/setup-envtest-release-0.18 ] || { set -e; package=sigs.k8s.io/controller-runtime/tools/setup-envtest@release-0.18 ; echo "Downloading ${package}" ; GOBIN=/h al/generated/cusbash /kubernetes/type-o -lang=go1.23 ux_amd64/compile-ec .cfg�� 5390543/b764/_pkg_.a -trimpath ux_amd64/vet -p /listers/node/v1-V=full -lang=go1.24 a1024min=0,tls3des=1,tlsmlkem=0,urlmaxqueryparams=0,winreadlinkvolume=0,winsymlink=0,x509keypai (http block)
• vuln.go.dev
  • Triggering command: /home/REDACTED/go/bin/govulncheck /home/REDACTED/go/bin/govulncheck ./... (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.