Critical and High CVEs in latest OLM version ("operatorhubio/catalog")

[mike-pt]

The following CRIT and HIGH CVEs are present in catalog component, mostly golang but all fixable by upgrading these deps.

Registry	Repository	Tag	CVE ID	Type	Severity	Packages	Package Version	CVSS	Fix Status
quay.io	operatorhubio/catalog	latest	CVE-2022-41723	go	high	golang.org/x/net/http2/hpack	v0.0.0-20220407224826-aac1ed45d8e3	7.50	fixed in 0.7.0
quay.io	operatorhubio/catalog	latest	CVE-2023-45287	go	high	crypto/tls	1.17.9	7.50	fixed in 1.20.0
quay.io	operatorhubio/catalog	latest	CVE-2022-27664	go	high	golang.org/x/net/http2	v0.0.0-20220407224826-aac1ed45d8e3	7.50	fixed in 0.0.0-20220906165146-f3363e06e74c
quay.io	operatorhubio/catalog	latest	CVE-2022-41723	go	high	golang.org/x/net/http2	v0.0.0-20220407224826-aac1ed45d8e3	7.50	fixed in 0.7.0
quay.io	operatorhubio/catalog	latest	CVE-2023-39325	go	high	golang.org/x/net/http2	v0.0.0-20220407224826-aac1ed45d8e3	7.50	fixed in 0.17.0
quay.io	operatorhubio/catalog	latest	CVE-2023-44487	go	high	golang.org/x/net	v0.0.0-20220407224826-aac1ed45d8e3	5.30	fixed in 0.17.0
quay.io	operatorhubio/catalog	latest	CVE-2023-44487	go	high	google.golang.org/grpc	v1.45.0	5.30	fixed in 1.58.3, 1.57.1, 1.56.3
quay.io	operatorhubio/catalog	latest	CVE-2024-24790	go	critical	net/netip	1.22.2	9.80	fixed in 1.21.11, 1.22.4

[grokspawn]

This doesn't belong to operator-lifecycle-manager. This appears to be the quay security scanner report for operatorhub/catalog image. I'm not sure exactly where that dockerfile lives, but I asked upstream.
For now, I took off the bug label since this isn't an olm bug.