CVE Fix Jan 25

[cnimbalkar-infoblox]

Ticket: https://infoblox.atlassian.net/browse/PTOCP-1929
github.com/golang-jwt/jwt/v4 v4.4.2 -> 4.5.1
golang.org/x/crypto v0.23.0 -> 0.31.0
golang.org/x/net v0.23.0 -> 0.33.0

Before:

grype harbor.services.sdp.infoblox.com/infoblox/migrate@sha256:ec80ae99711804a3e9b9cb32925bcfc79c95a02d750dd61d414a52571de20d33                            02:38:19 PM
 ✔ Vulnerability DB                [no update available]
 ✔ Loaded image                                 harbor.services.sdp.infoblox.com/infoblox/migrate@sha256:ec80ae99711804a3e9b9cb32925bcfc79c95a02d750dd61d414a52571de20d33
 ✔ Parsed image                                                                                   sha256:19073181b464bdd225c8d85b20945660b1ff74496f552e2288a47249f1df7603
 ✔ Cataloged contents                                                                                    2fff71557a96944a08f7f8138645f03dd06be751b68a0aea84679050d669719d
   ├── ✔ Packages                        [118 packages]
   ├── ✔ File digests                    [78 files]
   ├── ✔ File metadata                   [78 locations]
   └── ✔ Executables                     [18 executables]
 ✔ Scanned for vulnerabilities     [5 vulnerability matches]
   ├── by severity: 1 critical, 1 high, 2 medium, 1 low, 0 negligible
   └── by status:   5 fixed, 0 not-fixed, 0 ignored
NAME                          INSTALLED  FIXED-IN  TYPE       VULNERABILITY        SEVERITY
github.com/golang-jwt/jwt/v4  v4.4.2     4.5.1     go-module  GHSA-29wx-vh33-7x7r  Low
golang.org/x/crypto           v0.23.0    0.31.0    go-module  GHSA-v778-237x-gjrc  Critical
golang.org/x/net              v0.23.0    0.33.0    go-module  GHSA-w32m-9786-jp63  High
libcrypto3                    3.3.2-r0   3.3.2-r1  apk        CVE-2024-9143        Medium
libssl3                       3.3.2-r0   3.3.2-r1  apk        CVE-2024-9143        Medium

After:

grype infoblox/migrate:latest                                                                                                                              02:54:34 PM
 ✔ Loaded image                                                                                                                                   infoblox/migrate:latest
 ✔ Parsed image                                                                                   sha256:a4065557b1eb492fdb592e4fb9d5dc8fe4bbb3535f97384afec700e7e9ad6634
 ✔ Cataloged contents                                                                                    e320496edcf831265118d4a9fe2d239e0f520c6971ee21497888292976b4f784
   ├── ✔ Packages                        [119 packages]
   ├── ✔ File digests                    [104 files]
   ├── ✔ File metadata                   [104 locations]
   └── ✔ Executables                     [28 executables]
 ✔ Scanned for vulnerabilities     [0 vulnerability matches]
   ├── by severity: 0 critical, 0 high, 0 medium, 0 low, 0 negligible
   └── by status:   0 fixed, 0 not-fixed, 0 ignored
[0001]  WARN could not match by package language (package=Pkg(type=go-module, name=github.com/golang-migrate/migrate/v4, version=v3e87621-j0, upstreams=0)): matcher failed
No vulnerabilities found