chore: Upgrade Go libraries to resolve some security issues in the katib-controller

[tenzen-y]

What this PR does / why we need it:
I upgraded Go libraries to resolve some security issues in the katib-controller.

• before

$ trivy image --severity CRITICAL,HIGH -ignore-unfixed kubeflowkatib/katib-controller
2022-06-06T23:32:04.497+0900	INFO	Detected OS: alpine
2022-06-06T23:32:04.497+0900	INFO	Detecting Alpine vulnerabilities...
2022-06-06T23:32:04.499+0900	INFO	Number of language-specific files: 1
2022-06-06T23:32:04.499+0900	INFO	Detecting gobinary vulnerabilities...

kubeflowkatib/katib-controller (alpine 3.15.4)

Total: 0 (HIGH: 0, CRITICAL: 0)


app/katib-controller (gobinary)

Total: 6 (HIGH: 6, CRITICAL: 0)

┌──────────────────────────┬────────────────┬──────────┬──────────────────────────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐
│         Library          │ Vulnerability  │ Severity │          Installed Version           │ Fixed Version │                            Title                             │
├──────────────────────────┼────────────────┼──────────┼──────────────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ github.com/docker/cli    │ CVE-2021-41092 │ HIGH     │ v0.0.0-20191017083524-a8ff7f821017   │ v20.10.9      │ docker: cli leaks private registry credentials to            │
│                          │                │          │                                      │               │ registry-1.docker.io                                         │
│                          │                │          │                                      │               │ https://avd.aquasec.com/nvd/cve-2021-41092                   │
├──────────────────────────┼────────────────┤          ├──────────────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ github.com/docker/docker │ CVE-2015-3627  │          │ v1.4.2-0.20190924003213-a8608b5b67c7 │ v1.6.1        │ docker: insecure opening of file-descriptor 1 leading to     │
│                          │                │          │                                      │               │ privilege escalation                                         │
│                          │                │          │                                      │               │ https://avd.aquasec.com/nvd/cve-2015-3627                    │
├──────────────────────────┼────────────────┤          ├──────────────────────────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ github.com/tidwall/gjson │ CVE-2020-35380 │          │ v1.6.0                               │ 1.6.4         │ GJSON before 1.6.4 allows attackers to cause a denial of     │
│                          │                │          │                                      │               │ service via...                                               │
│                          │                │          │                                      │               │ https://avd.aquasec.com/nvd/cve-2020-35380                   │
│                          ├────────────────┤          │                                      ├───────────────┼──────────────────────────────────────────────────────────────┤
│                          │ CVE-2020-36066 │          │                                      │ v1.6.5        │ GJSON <1.6.5 allows attackers to cause a denial of        │
│                          │                │          │                                      │               │ service (remote) ......                                      │
│                          │                │          │                                      │               │ https://avd.aquasec.com/nvd/cve-2020-36066                   │
│                          ├────────────────┤          │                                      ├───────────────┼──────────────────────────────────────────────────────────────┤
│                          │ CVE-2020-36067 │          │                                      │ 1.6.6         │ GJSON <=v1.6.5 allows attackers to cause a denial of      │
│                          │                │          │                                      │               │ service (panic ......                                        │
│                          │                │          │                                      │               │ https://avd.aquasec.com/nvd/cve-2020-36067                   │
│                          ├────────────────┤          │                                      ├───────────────┼──────────────────────────────────────────────────────────────┤
│                          │ CVE-2021-42836 │          │                                      │ 1.9.3         │ GJSON before 1.9.3 allows a ReDoS (regular expression denial │
│                          │                │          │                                      │               │ of servic ......                                             │
│                          │                │          │                                      │               │ https://avd.aquasec.com/nvd/cve-2021-42836                   │
└──────────────────────────┴────────────────┴──────────┴──────────────────────────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘

• after

$ trivy image --severity CRITICAL,HIGH -ignore-unfixed ytenzen/katib-controller:upgrade-go-libraries
2022-06-07T00:05:53.311+0900	INFO	Detected OS: alpine
2022-06-07T00:05:53.311+0900	INFO	Detecting Alpine vulnerabilities...
2022-06-07T00:05:53.313+0900	INFO	Number of language-specific files: 1
2022-06-07T00:05:53.313+0900	INFO	Detecting gobinary vulnerabilities...

ytenzen/katib-controller:upgrade-go-libraries (alpine 3.15.4)

Total: 0 (HIGH: 0, CRITICAL: 0)


app/katib-controller (gobinary)

Total: 0 (HIGH: 0, CRITICAL: 0)

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

Checklist:

• Docs included if any changes are user facing

[coveralls]

Coverage remained the same at 73.948% when pulling aff2453 on tenzen-y:upgrade-go-libraries into e2378c3 on kubeflow:master.

[johnugeorge]

Inorder to save GHA minutes, we might to keep testing restricted to a single k8s version in the future.

[johnugeorge]

/lgtm

[tenzen-y]

Inorder to save GHA minutes, we might to keep testing restricted to a single k8s version in the future.

Thanks for your review! @johnugeorge
As discussed in #1882 (comment), I will try to re-build workflows for building container images to reduce the time running integration tests in another PR.

So, should we merge this PR? @johnugeorge

[johnugeorge]

/approve

[google-oss-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: johnugeorge, tenzen-y

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [johnugeorge]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment