Upgrade (4) vulnerable packages in caddy:2-alpine

[JaneX8]

Can we please upgrade below vulnerable packages in the caddy:2-alpine image? All the listed vulnerable packages have fixes available (see column 'FIXED-IN'). I scanned the image with https://github.com/anchore/grype.

grype.exe caddy:2-alpine
 ✔ Loaded image                                                                                                                                                                                                                                                                                              caddy:2-alpine
 ✔ Parsed image                                                                                                                                                                                                                                     sha256:612f0ff47f33888e3b61a8db399ff2dc22c2cefb8cb652d86a619e52eabcd51f
 ✔ Cataloged contents                                                                                                                                                                                                                                      998213b69cf0a35f0eff43706159cf38bb126411c46808cef14c403188297a25
   ├── ✔ Packages                        [145 packages]
   ├── ✔ File digests                    [231 files]
   ├── ✔ File metadata                   [231 locations]
   └── ✔ Executables                     [26 executables]
 ✔ Scanned for vulnerabilities     [9 vulnerability matches]
   ├── by severity: 2 critical, 4 high, 3 medium, 0 low, 0 negligible
   └── by status:   9 fixed, 0 not-fixed, 0 ignored
NAME                        INSTALLED  FIXED-IN         TYPE       VULNERABILITY        SEVERITY
github.com/quic-go/quic-go  v0.44.0    0.48.2           go-module  GHSA-px8v-pp82-rcvr  Medium
golang.org/x/crypto         v0.23.0    0.31.0           go-module  GHSA-v778-237x-gjrc  Critical
golang.org/x/net            v0.25.0    0.33.0           go-module  GHSA-w32m-9786-jp63  High
stdlib                      go1.22.3   1.21.11, 1.22.4  go-module  CVE-2024-24790       Critical
stdlib                      go1.22.3   1.22.7, 1.23.1   go-module  CVE-2024-34158       High
stdlib                      go1.22.3   1.22.7, 1.23.1   go-module  CVE-2024-34156       High
stdlib                      go1.22.3   1.21.12, 1.22.5  go-module  CVE-2024-24791       High
stdlib                      go1.22.3   1.22.7, 1.23.1   go-module  CVE-2024-34155       Medium
stdlib                      go1.22.3   1.21.11, 1.22.4  go-module  CVE-2024-24789       Medium

[mholt]

Duplicate of #361, I think

[JaneX8]

It seems to be only a partial duplicate. #361 is only about one vulnerability CVE-2024-24790⁠. While this issue mentions 9 different vulnerabilities.

[mholt]

I don't think that's relevant though, it's the same discussion and resolution. And none of the vulns are particularly relevant to Caddy.