Vulnerability fixes & dep bump (#11)

* Fix for GHSA-c2h3-6mxw-7mvq

* Upgrade deps to latest

* Remove allow to replace google/ko

Author: cardil

.golangci.yml

@@ -34,11 +34,3 @@ issues:
     - path: _test\.go
       linters:
         - wrapcheck
-
-
-linters-settings:
-  gomoddirectives:
-    # List of allowed `replace` directives. Default is empty.
-    replace-allow-list:
-        # FIXME: remove after https://github.com/google/ko/issues/476
-      - github.com/google/ko

go.mod

@@ -4,7 +4,11 @@ go 1.16
 
 require (
 	github.com/BurntSushi/toml v0.4.1 // indirect
+	// Fix for GHSA-c2h3-6mxw-7mvq
+	github.com/containerd/containerd v1.5.7 // indirect
+	github.com/containerd/stargz-snapshotter/estargz v0.9.0 // indirect
 	github.com/docker/cli v20.10.9+incompatible // indirect
+	github.com/docker/docker v20.10.9+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.6.4 // indirect
 	github.com/fatih/color v1.13.0
 	github.com/go-logr/logr v1.1.0 // indirect
@@ -17,8 +21,12 @@ require (
 	github.com/mattn/go-colorable v0.1.11 // indirect
 	github.com/wavesoftware/go-ensure v1.0.0
 	golang.org/x/mod v0.5.1
-	golang.org/x/net v0.0.0-20211008194852-3b03d305991f // indirect
-	google.golang.org/genproto v0.0.0-20211008145708-270636b82663 // indirect
+	golang.org/x/net v0.0.0-20211013171255-e13a2654a71e // indirect
+	golang.org/x/sys v0.0.0-20211013075003-97ac67df715c // indirect
+	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/tools v0.1.7 // indirect
+	google.golang.org/genproto v0.0.0-20211013025323-ce878158c4d4 // indirect
+	google.golang.org/grpc v1.41.0 // indirect
 	gotest.tools/v3 v3.0.3
 	k8s.io/klog/v2 v2.20.0 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect