Update dependencies

[jay-lark]

This should resolve every vulnerability shown in Snyk except one.

Reviewer Instructions

• Ensure that the plan filename matches from the output of the plan and the deployment instructions below.
• That only the expected changes will occur. No unintentional resources will be changed.

Deployment Instructions

TFC

[jay-lark]

Close and reopen since snyk tests are failing

[jay-lark]

Looks like Snyk is having an issue right now. I'll try to get the tests running later.

[jay-lark]

Tests were failing because the hashicorp dependencies required a newer version of Go. I've update the GitHub actions accordingly.

[jay-lark]

Currently this repository has 4 High vulnerabilities and 2 Medium in Snyk. This takes it to 1 High and 3 mediums. I've asked Adam if we can ignore the snyk test and merge in.

[czeeb]

I forced the security/snyk check as passing for the following reasons:

• We are using the latest dependency versions
• The vulnerabilities introduced are due to deep external dependencies which are version pinned by their dependency. We are unable to pin versions of these dependencies to resolved versions because of that version pinning.
• The risk of any vulnerability being leveraged is extremely low. To leverage any of these vulnerabilities Terraform credentials would need to become compromised and a method of leverage the vulnerabilities through Terraform's HCL itself would need to be devised.

The conversation around this happened in a private channel, but for future reference the full conversation can be found here: https://formstack.slack.com/archives/G7409KK7U/p1700681237047739