Magnum provider: switch UUID dependency from satori to gofrs

Addresses issue kubernetes#5218, that the satori UUID package
is unmaintained and has security vulnerabilities
affecting generating random UUIDs.

In the magnum cloud provider, this package was only
used to check whether a string matches a UUIDv4 or
not, so the vulnerability with generating UUIDs could
not have been exploited. (Generating UUIDs is only
done in the unit tests).

The gofrs/uuid package is currenly at version 4.0.0
in go.mod, well past point at which it was forked
and the vulnerability was fixed. It is a drop in
replacement for verifying a UUID, and only a small
change was needed in the testing code to handle
a new returned error when generating a random UUID.

cluster-autoscaler/cloudprovider/magnum/magnum_cloud_provider_test.go

@@ -23,7 +23,7 @@ import (
 	"testing"
 	"time"
 
-	"github.com/satori/go.uuid"
+	"github.com/gofrs/uuid"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
@@ -46,7 +46,12 @@ func (m *magnumManagerDiscoveryMock) autoDiscoverNodeGroups(cfgs []magnumAutoDis
 	ngs := []*nodegroups.NodeGroup{}
 	two := 2
 	for i := 0; i < rand.Intn(20); i++ {
-		ngs = append(ngs, &nodegroups.NodeGroup{Name: uuid.NewV4().String(), NodeCount: 1, MinNodeCount: 1, MaxNodeCount: &two})
+		newUUID, err := uuid.NewV4()
+		if err != nil {
+			return nil, fmt.Errorf("failed to produce a random UUID: %v", err)
+		}
+		newUUIDStr := newUUID.String()
+		ngs = append(ngs, &nodegroups.NodeGroup{Name: newUUIDStr, NodeCount: 1, MinNodeCount: 1, MaxNodeCount: &two})
 	}
 	return ngs, nil
 }

cluster-autoscaler/cloudprovider/magnum/magnum_manager_impl.go

@@ -21,7 +21,7 @@ import (
 	"sort"
 	"strings"
 
-	"github.com/satori/go.uuid"
+	"github.com/gofrs/uuid"
 
 	apiv1 "k8s.io/api/core/v1"