go: update most dependencies to the latest version

It's a lot of work for dependabot for our outdated deps, let's
help it by making one huge manual update.

Signed-off-by: Ondřej Budai <ondrej@budai.cz>

vendor/github.com/openshift-online/ocm-sdk-go/authentication/context.go

@@ -22,7 +22,7 @@ import (
 	"context"
 	"fmt"
 
-	"github.com/dgrijalva/jwt-go"
+	"github.com/golang-jwt/jwt"
 )
 
 // ContextWithToken creates a new context containing the given token.

vendor/github.com/openshift-online/ocm-sdk-go/authentication/handler.go

@@ -35,8 +35,8 @@ import (
 	"sync"
 	"time"
 
-	"github.com/dgrijalva/jwt-go"
 	"github.com/ghodss/yaml"
+	"github.com/golang-jwt/jwt"
 
 	"github.com/openshift-online/ocm-sdk-go/errors"
 	"github.com/openshift-online/ocm-sdk-go/logging"
@@ -828,18 +828,21 @@ func (h *Handler) checkToken(w http.ResponseWriter, r *http.Request,
 // something is wrong it sends an error response to the client and returns false.
 func (h *Handler) checkClaims(w http.ResponseWriter, r *http.Request,
 	claims jwt.MapClaims) bool {
-	value, ok := h.checkStringClaim(w, r, claims, "typ")
+	// Check the token type:
+	typ, ok := h.checkStringClaim(w, r, claims, "typ")
 	if !ok {
 		return false
 	}
-	if !strings.EqualFold(value, "Bearer") {
+	if !strings.EqualFold(typ, "Bearer") {
 		h.sendError(
 			w, r,
 			"Bearer token type '%s' isn't supported",
-			value,
+			typ,
 		)
 		return false
 	}
+
+	// Check the format of the issue and expiration date claims:
 	_, ok = h.checkTimeClaim(w, r, claims, "iat")
 	if !ok {
 		return false
@@ -848,6 +851,27 @@ func (h *Handler) checkClaims(w http.ResponseWriter, r *http.Request,
 	if !ok {
 		return false
 	}
+
+	// Make sure that the impersonation flag claim doesn't exist, or is `false`:
+	value, ok := claims["impersonated"]
+	if ok {
+		flag, ok := value.(bool)
+		if !ok {
+			h.sendError(
+				w, r,
+				"Impersonation claim contains incorrect boolean value '%v'",
+				value,
+			)
+			return false
+		}
+		if flag {
+			h.sendError(
+				w, r,
+				"Impersonation isn't allowed",
+			)
+			return false
+		}
+	}
 	return true
 }
 

vendor/github.com/openshift-online/ocm-sdk-go/authentication/helpers.go

@@ -22,7 +22,7 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/dgrijalva/jwt-go"
+	"github.com/golang-jwt/jwt"
 )
 
 // tokenRemaining determines if the given token will eventually expire (offile access tokens, for

vendor/github.com/openshift-online/ocm-sdk-go/authentication/transport_wrapper.go

@@ -35,7 +35,7 @@ import (
 
 	//
 	"github.com/cenkalti/backoff/v4"
-	jwt "github.com/dgrijalva/jwt-go"
+	jwt "github.com/golang-jwt/jwt"
 	"github.com/openshift-online/ocm-sdk-go/internal"
 	"github.com/openshift-online/ocm-sdk-go/logging"
 	"github.com/prometheus/client_golang/prometheus"
@@ -612,14 +612,14 @@ func (w *TransportWrapper) Tokens(ctx context.Context, expiresIn ...time.Duratio
 		code, access, refresh, err = w.tokens(ctx, attempt, expiresDuration)
 		if err != nil {
 			if code >= http.StatusInternalServerError {
-				w.logger.Error(
+				w.logger.Debug(
 					ctx,
 					"Can't get tokens, got HTTP code %d, will retry: %v",
 					code, err,
 				)
 				return err
 			}
-			w.logger.Error(
+			w.logger.Debug(
 				ctx,
 				"Can't get tokens, got HTTP code %d, will not retry: %v",
 				code, err,
@@ -628,7 +628,7 @@ func (w *TransportWrapper) Tokens(ctx context.Context, expiresIn ...time.Duratio
 		}
 
 		if attempt > 1 {
-			w.logger.Info(ctx, "Got tokens on attempt %d", attempt)
+			w.logger.Debug(ctx, "Got tokens on attempt %d", attempt)
 		} else {
 			w.logger.Debug(ctx, "Got tokens on first attempt")
 		}

vendor/github.com/openshift-online/ocm-sdk-go/errors/errors.go

@@ -44,6 +44,7 @@ type ErrorBuilder struct {
 	href        string
 	code        string
 	reason      string
+	details     interface{}
 	operationID string
 }
 
@@ -54,6 +55,7 @@ type Error struct {
 	href        string
 	code        string
 	reason      string
+	details     interface{}
 	operationID string
 }
 
@@ -97,6 +99,13 @@ func (b *ErrorBuilder) OperationID(value string) *ErrorBuilder {
 	return b
 }
 
+// Details sets additional details of the error.
+func (b *ErrorBuilder) Details(value interface{}) *ErrorBuilder {
+	b.details = value
+	b.bitmap_ |= 32
+	return b
+}
+
 // Build uses the information stored in the builder to create a new error object.
 func (b *ErrorBuilder) Build() (result *Error, err error) {
 	result = &Error{
@@ -104,6 +113,7 @@ func (b *ErrorBuilder) Build() (result *Error, err error) {
 		href:        b.href,
 		code:        b.code,
 		reason:      b.reason,
+		details:     b.details,
 		operationID: b.operationID,
 		bitmap_:     b.bitmap_,
 	}
@@ -208,6 +218,24 @@ func (e *Error) GetOperationID() (value string, ok bool) {
 	return
 }
 
+// Details returns the details of the error
+func (e *Error) Details() interface{} {
+	if e != nil && e.bitmap_&32 != 0 {
+		return e.details
+	}
+	return nil
+}
+
+// GetDetails returns the details of the error and a flag
+// indicating if the details have a value.
+func (e *Error) GetDetails() (value interface{}, ok bool) {
+	ok = e != nil && e.bitmap_&32 != 0
+	if ok {
+		value = e.details
+	}
+	return
+}
+
 // Error is the implementation of the error interface.
 func (e *Error) Error() string {
 	chunks := make([]string, 0, 3)
@@ -278,6 +306,9 @@ func readError(iterator *jsoniter.Iterator) *Error {
 		case "operation_id":
 			object.operationID = iterator.ReadString()
 			object.bitmap_ |= 16
+		case "details":
+			object.details = iterator.ReadAny().GetInterface()
+			object.bitmap_ |= 32
 		default:
 			iterator.ReadAny()
 		}
@@ -321,6 +352,11 @@ func writeError(e *Error, stream *jsoniter.Stream) {
 		stream.WriteObjectField("operation_id")
 		stream.WriteString(e.operationID)
 	}
+	if e.bitmap_&32 != 0 {
+		stream.WriteMore()
+		stream.WriteObjectField("details")
+		stream.WriteVal(e.details)
+	}
 	stream.WriteObjectEnd()
 }
 

vendor/github.com/openshift-online/ocm-sdk-go/internal/check_content_type.go

@@ -27,7 +27,7 @@ import (
 	"regexp"
 	"strings"
 
-	strip "github.com/grokify/html-strip-tags-go"
+	"github.com/microcosm-cc/bluemonday"
 )
 
 var wsRegex = regexp.MustCompile(`\s+`)
@@ -78,7 +78,7 @@ func contentSummary(mediaType string, response *http.Response) (summary string,
 	limit := 250
 	runes := []rune(string(body))
 	if strings.EqualFold(mediaType, "text/html") && len(runes) > limit {
-		content := html.UnescapeString(strip.StripTags(string(body)))
+		content := html.UnescapeString(bluemonday.StrictPolicy().Sanitize(string(body)))
 		content = wsRegex.ReplaceAllString(strings.TrimSpace(content), " ")
 		runes = []rune(content)
 	}

vendor/github.com/openshift-online/ocm-sdk-go/internal/client_selector.go

@@ -221,6 +221,49 @@ func (b *ClientSelectorBuilder) createCookieJar() (result http.CookieJar, err er
 // created previously for the server address it will be reused, otherwise it will be created.
 func (s *ClientSelector) Select(ctx context.Context, address *ServerAddress) (client *http.Client,
 	err error) {
+	// We will be modifiying the clients table so we need to acquire the lock before proceeding:
+	s.clientsMutex.Lock()
+	defer s.clientsMutex.Unlock()
+
+	// Get an existing client, or create a new one if it doesn't exist yet:
+	key := s.key(address)
+	client, ok := s.clientsTable[key]
+	if ok {
+		return
+	}
+	s.logger.Debug(ctx, "Client for key '%s' doesn't exist, will create it", key)
+	client, err = s.create(ctx, address)
+	if err != nil {
+		return
+	}
+	s.clientsTable[key] = client
+
+	return
+}
+
+// Forget forgets the client for the given server address. This is intended for situations where a
+// client is missbehaving, for example when it is generating protocol errors. In those situations
+// connections may be still open but already unusable. To avoid additional errors is beter to
+// discard the client and create a new one.
+func (s *ClientSelector) Forget(ctx context.Context, address *ServerAddress) error {
+	// We will be modifiying the clients table so we need to acquire the lock before proceeding:
+	s.clientsMutex.Lock()
+	defer s.clientsMutex.Unlock()
+
+	// Close the client and delete it from the table:
+	key := s.key(address)
+	client, ok := s.clientsTable[key]
+	if ok {
+		delete(s.clientsTable, key)
+		client.CloseIdleConnections()
+	}
+	s.logger.Debug(ctx, "Discarded client for key '%s'", key)
+
+	return nil
+}
+
+// key calculates from the given server address the key that is used to store clients in the table.
+func (s *ClientSelector) key(address *ServerAddress) string {
 	// We need to use a different client for each TCP host name and each Unix socket because we
 	// explicitly set the TLS server name to the host name. For example, if the first request is
 	// for the SSO service (it will usually be) then we would set the TLS server name to
@@ -242,24 +285,7 @@ func (s *ClientSelector) Select(ctx context.Context, address *ServerAddress) (cl
 	case TCPNetwork:
 		key = fmt.Sprintf("%s:%s", key, address.Host)
 	}
-
-	// We will be modifiying the clients table so we need to acquire the lock before proceeding:
-	s.clientsMutex.Lock()
-	defer s.clientsMutex.Unlock()
-
-	// Get an existing client, or create a new one if it doesn't exist yet:
-	client, ok := s.clientsTable[key]
-	if ok {
-		return
-	}
-	s.logger.Debug(ctx, "Client for key '%s' doesn't exist, will create it", key)
-	client, err = s.create(ctx, address)
-	if err != nil {
-		return
-	}
-	s.clientsTable[key] = client
-
-	return
+	return key
 }
 
 // create creates a new HTTP client to use to connect to the given address.