Fix High/Medium severity CVEs

[ramandeepsharma]

Checklist:

• I've included steps to reproduce the bug.
• [ ✔️ ] I've included the version of argo rollouts.

Describe the bug

An Orca scan detected the following CVEs:

GHSA-9763-4f94-gfch
CVE-2023-39325
CVE-2023-44487
GHSA-m425-mq94-257g
CVE-2023-3676
CVE-2023-3955
CVE-2023-5528
CVE-2023-2253
CVE-2023-48795
CVE-2023-3978
CVE-2023-45288
CVE-2024-24786
CVE-2023-2431
CVE-2023-2727
CVE-2023-2728

To Reproduce

N/A

Expected behavior

listed vulnerabilities not showing up

Screenshots

CVE detail along with fix version

Vulnerability_id	Package Name	Vulnerable Version	Fixed Version	Type
GHSA-9763-4f94-gfch	github.com/cloudflare/circl	v1.3.3	1.3.7	gobinary
CVE-2023-39325	golang.org/x/net	v0.12.0	0.17.0	gobinary
CVE-2023-44487	golang.org/x/net	v0.12.0	0.17.0	gobinary
GHSA-m425-mq94-257g	google.golang.org/grpc	v1.57.0	1.56.3, 1.57.1, 1.58.3	gobinary
CVE-2023-2253	github.com/docker/distribution	v2.8.1+incompatible	2.8.2-beta.1	gobinary
CVE-2023-48795	golang.org/x/crypto	v0.11.0	0.17.0	gobinary
CVE-2023-3978	golang.org/x/net	v0.12.0	0.13.0	gobinary
CVE-2023-45288	golang.org/x/net	v0.12.0	0.23.0	gobinary
CVE-2024-24786	google.golang.org/protobuf	v1.31.0	1.33.0	gobinary

some CVE found related to k8s.io/kubernetes version as well:

Vulnerability_id	Package Name	Vulnerable Version	Fixed Version	Type
CVE-2023-3676	k8s.io/kubernetes	v1.25.8	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	gobinary
CVE-2023-3955	k8s.io/kubernetes	v1.25.8	1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17	gobinary
CVE-2023-5528	k8s.io/kubernetes	v1.25.8	1.28.4, 1.27.8, 1.26.11, 1.25.16	gobinary
CVE-2023-2431	k8s.io/kubernetes	v1.25.8	1.24.14, 1.25.10, 1.26.5, 1.27.2	gobinary
CVE-2023-2727	k8s.io/kubernetes	v1.25.8	1.27.3, 1.26.6, 1.25.11, 1.24.15	gobinary
CVE-2023-2728	k8s.io/kubernetes	v1.25.8	1.27.3, 1.26.6, 1.25.11, 1.24.15	gobinary

Version

1.6.6

---

Message from the maintainers:

Impacted by this bug? Give it a 👍. We prioritize the issues with the most 👍.