Fix CVE-2024-45337 - golang.org/x/crypto - loki

[rgoltz]

Is your feature request related to a problem? Please describe.
The current loki docker image might be affected by an possible misuse of ServerConfig.PublicKeyCallback, which may cause authorization bypass in golang.org/x/crypto. This issue (and it's fix in crypto) is assinged to CVE-2024-45337 / GHSA-v778-237x-gjrc.

Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. Since this API is widely misused, as a partial mitigation golang.org/x/[email protected] enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary.

Describe the solution you'd like
Upgrade golang.org/x/crypto to v0.31.0 - hence merging this PRs would be great:

• chore(deps): bump golang.org/x/crypto from 0.26.0 to 0.31.0 in /cmd/chunks-inspect #15377
• fix(deps): update module golang.org/x/crypto to v0.31.0 [security] #15378

Additional context - Details from Image-Scan

Package Name	golang.org/x/crypto
Vulnerability ID	https://nvd.nist.gov/vuln/detail/CVE-2024-45337
GitHub Advisory	GHSA-v778-237x-gjrc
Severity	High
Fix available	Yes
Fixed version	v0.31.0
Package Manager	GOBINARY
File paths	usr/bin/loki

[paul1r]

3.3 backport
3.2 backport