[TT-XXXX] Address CVEs bu upgrading vulnerable modules

[edsonmichaque]

User description

TT-14488

Summary	Review and address CVEs
Type	Story
Status	In Code Review
Points	N/A
Labels	-

---

Description

This PR addresses the following high-severity CVEs by upgrading affected modules to their patched versions:

CVEs addressed:

• CVE-2022-29153 – affects github.com/hashicorp/consul/api

Changes:

• Upgraded vulnerable modules to safe versions

Related Issue

https://tyktech.atlassian.net/browse/TT-14488

Motivation and Context

How This Has Been Tested

Screenshots (if appropriate)

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Refactoring or add test (improvements in base code or adds test coverage to functionality)

Checklist

• I ensured that the documentation is up to date
• I explained why this PR updates go.mod in detail with reasoning why it's required
• I would like a code coverage CI quality gate exception and have explained why

---

PR Type

enhancement

---

Description

• Upgraded github.com/hashicorp/consul/api to v1.32.0

• Updated multiple Go module dependencies to latest versions

• Refreshed indirect dependencies for improved security and compatibility

• Addressed CVEs by updating vulnerable libraries

---

Changes walkthrough 📝

Relevant files

Dependencies

go.mod Upgrade Consul API and update Go module dependencies          go.mod Upgraded github.com/hashicorp/consul/api from v1.31.2 to v1.32.0 Updated direct dependencies: golang.org/x/crypto, golang.org/x/net, golang.org/x/sync, github.com/fatih/color, etc. Updated indirect dependencies: github.com/hashicorp/go-metrics, github.com/hashicorp/go-sockaddr, github.com/hashicorp/golang-lru, github.com/hashicorp/serf, etc. Ensured compatibility and security by aligning with latest releases +15/-14  go.sum Refresh go.sum for updated dependencies                                    go.sum Updated checksums for upgraded dependencies and their transitive dependencies Added new checksums for newly required versions Removed obsolete checksums for old versions Ensured integrity and reproducibility of builds +61/-68

---

Need help?

Type /help how to ... in the comments thread for any questions about PR-Agent usage.

Check out the documentation for more information.

[buger]

Knock Knock! 🔍

Just thought I'd let you know that your PR title and story title look quite different. PR titles that closely resemble the story title make it easier for reviewers to understand the context of the PR.

An easy-to-understand PR title a day makes the reviewer review away! 😛⚡️

Story Title	Review and address CVEs
PR Title	[TT-14488] Upgrade github.com/hashicorp/consul/api to v1.32.0

Check out this guide to learn more about PR best-practices.

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Dependency Upgrade Validation The upgrade of github.com/hashicorp/consul/api to v1.32.0 and several other indirect dependencies may introduce breaking changes or subtle behavioral differences. Ensure that all integrations and usages of these dependencies are still functioning as expected and that no deprecated or removed APIs are used. github.com/hashicorp/consul/api v1.32.0

[github-actions]

PR Code Suggestions ✨

No code suggestions found for the PR.

[github-actions]

API Changes

no api changes detected

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud