Fix dependency cves (#6353)

* Upgraded golang.org/x/crypto v0.28.0 => v0.31.0.

Signed-off-by: peng wu <2030047311@qq.com>

* Upgraded golang.org/x/net v0.30.0 => v0.33.0.

Signed-off-by: peng wu <2030047311@qq.com>

* Upgraded github.com/golang/glog v1.2.2 => v1.2.4. Fix CVE-2024-45339.

Signed-off-by: peng wu <2030047311@qq.com>

* Upgrade go stdlib from 1.22.8 to 1.22.11. Fix CVE-2024-45336.

Signed-off-by: peng wu <2030047311@qq.com>

* Upgraded github.com/go-git/go-git/v5 v5.11.0 => v5.13.0. Fix CVE-2025-21613、CVE-2025-21614.

Signed-off-by: peng wu <2030047311@qq.com>

* Upgraded telemetry v1.0.1 => v1.0.2. Fix CVE-2024-45338、CVE-2024-34156、CVE-2024-34155、CVE-2024-34158、CVE-2024-4536、CVE-2024-45341.

Signed-off-by: peng wu <2030047311@qq.com>

---------

Signed-off-by: peng wu <2030047311@qq.com>
(cherry picked from commit d38db0054c)

vendor/github.com/go-git/go-git/v5/internal/revision/scanner.go

@@ -43,6 +43,11 @@ func tokenizeExpression(ch rune, tokenType token, check runeCategoryValidator, r
 	return tokenType, string(data), nil
 }
 
+// maxRevisionLength holds the maximum length that will be parsed for a
+// revision. Git itself doesn't enforce a max length, but rather leans on
+// the OS to enforce it via its ARG_MAX.
+const maxRevisionLength = 128 * 1024 // 128kb
+
 var zeroRune = rune(0)
 
 // scanner represents a lexical scanner.
@@ -52,7 +57,7 @@ type scanner struct {
 
 // newScanner returns a new instance of scanner.
 func newScanner(r io.Reader) *scanner {
-	return &scanner{r: bufio.NewReader(r)}
+	return &scanner{r: bufio.NewReader(io.LimitReader(r, maxRevisionLength))}
 }
 
 // Scan extracts tokens and their strings counterpart