Fix Dependabot alerts

[kuritka]

• Bump Operator SDK version to v0.26.3
• upgrade golangci to v1.51.2
• dependabot
  • golangorg/x/text
  • golang.org/x/crypto
  • golang.org/x/net

[ytsarev]

why do we have to maintain such a complex replacement array?

[kuritka]

Hi @ytsarev , I don't like it much either. I tried to bump core modules to avoid using old modules in module tree. Unfortunately they are there. It's not a lot of libraries, rather they are used differently across different dependencies.

For example, if I don't do a replace in go.mod, I'll see this in our dependency tree (go.sum)

golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=

but depndabot is disingenuous and will mark all golang.org/x/text that are older than v.0.3.8 (see: dependabot alert)

---

I see that dependabot only marked golang.org/x/net in k8gb, the rest was marked in terratests ( crypto and golang.org/x/text). Since the same problem is also in k8gb, I'll mark it there soon too.

For now, I'm replacing only what is strictly necessary to avoid dependabot alerts.

[ytsarev]

There is something with DCO, could you please check?

[kuritka]

@ytsarev, fixed, thx!