Fix CVE for autoscaler earlier version (#5207)

Author: peirulu

projects/kubernetes/autoscaler/1-29/ATTRIBUTION.txt

@@ -816,7 +816,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 ------
 
 ** github.com/imdario/mergo; version v0.3.15 --
-https://github.com/imdario/mergo
+https://github.com/darccio/mergo
 
 Copyright (c) 2013 Dario Castañé. All rights reserved.
 Copyright (c) 2012 The Go Authors. All rights reserved.
@@ -992,78 +992,60 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 ** golang.org/go; version go1.24.13 --
 https://github.com/golang/go
 
-
-<html>
-  <head>
-    <meta content="origin" name="referrer">
-    <title>Rate limit &middot; GitHub</title>
-    <meta name="viewport" content="width=device-width">
-    <style type="text/css" media="screen">
-      body {
-        background-color: #f6f8fa;
-        color: rgba(0, 0, 0, 0.5);
-        font-family: -apple-system,BlinkMacSystemFont,Segoe UI,Helvetica,Arial,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol;
-        font-size: 14px;
-        line-height: 1.5;
-      }
-      .c { margin: 50px auto; max-width: 600px; text-align: center; padding: 0 24px; }
-      a { text-decoration: none; }
-      a:hover { text-decoration: underline; }
-      h1 { color: #24292e; line-height: 60px; font-size: 48px; font-weight: 300; margin: 0px; }
-      p { margin: 20px 0 40px; }
-      #s { margin-top: 35px; }
-      #s a {
-        color: #666666;
-        font-weight: 200;
-        font-size: 14px;
-        margin: 0 10px;
-      }
-    </style>
-  </head>
-  <body>
-    <div class="c">
-      <h1>Access has been restricted</h1>
-      <p>You have triggered a rate limit.<br><br>
-         Please wait a few minutes before you try again;<br>
-         in some cases this may take up to an hour.
-      </p>
-      <div id="s">
-        <a href="https://support.github.com">Contact Support</a> &mdash;
-        <a href="https://githubstatus.com">GitHub Status</a> &mdash;
-        <a href="https://twitter.com/githubstatus">@githubstatus</a>
-      </div>
-    </div>
-  </body>
-</html>
-
-
-
-------
-
-** golang.org/x/crypto; version v0.22.0 --
+** golang.org/x/crypto; version v0.45.0 --
 https://golang.org/x/crypto
 
-** golang.org/x/exp; version v0.0.0-20230905200255-921286631fa9 --
-https://golang.org/x/exp
-
-** golang.org/x/net; version v0.24.0 --
+** golang.org/x/net; version v0.47.0 --
 https://golang.org/x/net
 
-** golang.org/x/oauth2; version v0.11.0 --
-https://golang.org/x/oauth2
-
-** golang.org/x/sync/singleflight; version v0.7.0 --
+** golang.org/x/sync/singleflight; version v0.18.0 --
 https://golang.org/x/sync
 
-** golang.org/x/sys/unix; version v0.19.0 --
+** golang.org/x/sys/unix; version v0.38.0 --
 https://golang.org/x/sys
 
-** golang.org/x/term; version v0.19.0 --
+** golang.org/x/term; version v0.37.0 --
 https://golang.org/x/term
 
-** golang.org/x/text; version v0.14.0 --
+** golang.org/x/text; version v0.31.0 --
 https://golang.org/x/text
 
+Copyright 2009 The Go Authors.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google LLC nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+------
+
+** golang.org/x/exp; version v0.0.0-20230905200255-921286631fa9 --
+https://golang.org/x/exp
+
+** golang.org/x/oauth2; version v0.11.0 --
+https://golang.org/x/oauth2
+
 ** golang.org/x/time/rate; version v0.5.0 --
 https://golang.org/x/time
 

projects/kubernetes/autoscaler/1-29/CHECKSUMS

@@ -1,2 +1,2 @@
-5b4afb1f38027f8349a834aae68b6275868f1916c8be77b5e5478477495786c2  _output/1-29/bin/autoscaler/linux-amd64/cluster-autoscaler
-c890efb9596f1c0a9a45bcf473e2b75fcf5824311a8a2c792ea94e3dac9ef71a  _output/1-29/bin/autoscaler/linux-arm64/cluster-autoscaler
+86d799c5a09fe96eeda38ab2275ef9574c596b30c715a9db89263e4f385c8ef3  _output/1-29/bin/autoscaler/linux-amd64/cluster-autoscaler
+44808f5a53fbc9e4865bf1f8a0391bb0c578652a3a150a732a59c8464cfd7a14  _output/1-29/bin/autoscaler/linux-arm64/cluster-autoscaler