Fix Docker image vulnerabilities

[igorbrites]

The security team blocked us from implementing this exporter due of the following vulnerabilities:

❯ docker scout cves quay.io/prometheuscommunity/pgbouncer-exporter:v0.8.0
    i New version 1.11.0 available (installed version is 1.6.3) at https://github.com/docker/scout-cli
    ✓ Pulled
    ✓ Image stored for indexing
    ✓ Indexed 27 packages
    ✗ Detected 2 vulnerable packages with a total of 5 vulnerabilities


## Overview

                    │                     Analyzed Image                       
────────────────────┼──────────────────────────────────────────────────────────
  Target            │  quay.io/prometheuscommunity/pgbouncer-exporter:v0.8.0   
    digest          │  ca78408f49b6                                            
    platform        │ linux/arm64/v8                                           
    vulnerabilities │    1C     1H     2M     0L     2?                        
    size            │ 9.2 MB                                                   
    packages        │ 27                                                       


## Packages and Vulnerabilities

   1C     1H     1M     0L     2?  stdlib 1.22.1
pkg:golang/[email protected]

    ✗ CRITICAL CVE-2024-24790
      https://scout.docker.com/v/CVE-2024-24790
      Affected range : >=1.22.0-0  
                     : <1.22.4     
      Fixed version  : 1.22.4      
    
    ✗ HIGH CVE-2024-24791
      https://scout.docker.com/v/CVE-2024-24791
      Affected range : >=1.22.0-0  
                     : <1.22.5     
      Fixed version  : 1.22.5      
    
    ✗ MEDIUM CVE-2024-24789
      https://scout.docker.com/v/CVE-2024-24789
      Affected range : >=1.22.0-0  
                     : <1.22.4     
      Fixed version  : 1.22.4      
    
    ✗ UNSPECIFIED CVE-2024-24788
      https://scout.docker.com/v/CVE-2024-24788
      Affected range : >=1.22.0-0  
                     : <1.22.3     
      Fixed version  : 1.22.3      
    
    ✗ UNSPECIFIED CVE-2023-45288
      https://scout.docker.com/v/CVE-2023-45288
      Affected range : >=1.22.0-0  
                     : <1.22.2     
      Fixed version  : 1.22.2      
    

   0C     0H     1M     0L  golang.org/x/net 0.22.0
pkg:golang/golang.org/x/[email protected]

    ✗ MEDIUM CVE-2023-45288 [Uncontrolled Resource Consumption]
      https://scout.docker.com/v/CVE-2023-45288
      Affected range : <0.23.0                                       
      Fixed version  : 0.23.0                                        
      CVSS Score     : 5.3                                           
      CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L  
    
6 vulnerabilities found in 2 packages
  UNSPECIFIED  2  
  LOW          0  
  MEDIUM       2  
  HIGH         1  
  CRITICAL     1

[igorbrites]

I see that some of them would be fixed from this Dependabot PR: #154

EDIT:

Applied the PR changes locally, built the binary and the Docker image, and I see no further vulnerabilities:

❯ docker scout cves pgbouncer-exporter:latest
    i New version 1.11.0 available (installed version is 1.10.0) at https://github.com/docker/scout-cli
          ✓ SBOM of image already cached, 29 packages indexed
    ✓ No vulnerable package detected


## Overview

                    │       Analyzed Image         
────────────────────┼──────────────────────────────
  Target            │  pgbouncer-exporter:latest   
    digest          │  f5919f779664                
    platform        │ linux/amd64                  
    vulnerabilities │    0C     0H     0M     0L   
    size            │ 9.7 MB                       
    packages        │ 29                           


## Packages and Vulnerabilities

  No vulnerable packages detected

[igorbrites]

I see the PR was merged, waiting for the new release. Thanks!