update golang.org/x/text dependency to 0.3.8

[nfedyk]

Consul Template version 0.29.2

Expected behavior

No CVE's

Actual behavior

Found CVE's

Steps to reproduce

trivy image --security-checks vuln hashicorp/consul-template:0.29.5

Output

/usr/bin/consul-template (gobinary)
=====================================
Total: 1 (MEDIUM: 0, HIGH: 1, CRITICAL: 0)

+-------------------+------------------+----------+-------------------+---------------+---------------------------------------+
|      LIBRARY      | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                 TITLE                 |
+-------------------+------------------+----------+-------------------+---------------+---------------------------------------+
| [golang.org/x/text](http://golang.org/x/text) | CVE-2022-32149   | HIGH     | v0.3.7            | 0.3.8         | golang: [golang.org/x/text/language:](http://golang.org/x/text/language:)   |
|                   |                  |          |                   |               | ParseAcceptLanguage takes a           |
|                   |                  |          |                   |               | long time to parse complex tags       |
|                   |                  |          |                   |               | -->[avd.aquasec.com/nvd/cve-2022-32149](http://avd.aquasec.com/nvd/cve-2022-32149) |
+-------------------+------------------+----------+-------------------+---------------+---------------------------------------+```

[eikenb]

This is already fixed on HEAD. It is a DOS issue that only impacts parsing http headers which consul-template is not vulnerable to.

[noorul]

@eikenb Can we make a release? I know that this might not be directly used but it is hard to explain this to others. The weekly report shows this.

[eikenb]

@noorul .. I'll see what I can do.

[noorul]

@eikenb Thank you!

[noorul]

@eikenb Gentle reminder!

[eikenb]

It's away!

[noorul]

Great! Thanks!