updated golang oauth2, crypto and net to address CVES. Fixed build error with unuesed code

Author: kbsteere

calico-3.29.yaml

@@ -68,10 +68,22 @@ pipeline:
       repository: https://github.com/projectcalico/calico
       tag: v${{package.version}}
       expected-commit: c29210835f7a2795d0791974602c8e1c625c8ca1
+  - runs: |
+      # apiserver/cmd/apiserver
+      sed -i '/_ "k8s.io\/code-generator\/cmd\/import-boss"/s/^/\/\//g' apiserver/cmd/apiserver/tools.go
+      sed -i '/_ "k8s.io\/code-generator\/cmd\/openapi-gen"/s/^/\/\//g' apiserver/cmd/apiserver/tools.go
+      sed -i '/_ "k8s.io\/code-generator\/cmd\/set-gen"/s/^/\/\//g' apiserver/cmd/apiserver/tools.go
+      # libcaliico-go
+      sed -i '/_ "k8s.io\/code-generator\/cmd\/import-boss"/s/^/\/\//g' libcalico-go/tools.go
+      sed -i '/_ "k8s.io\/code-generator\/cmd\/set-gen"/s/^/\/\//g' libcalico-go/tools.go
+      # updates all x.30.9 to x.30.11
+      sed -i 's/\.30\.9/\.30\.11/g' go.mod
   - uses: go/bump
     with:
       deps: |-
+        golang.org/x/crypto@v0.35.0
         golang.org/x/oauth2@v0.27.0
+        golang.org/x/net@v0.36.0
   # Because we are using tigera-operator during image test we are reliant on tigera-operator setting
   # up all the required rbac rules that are needed for calico-apiserver to run. Currently it does not and
   # this is a temporary solution until https://github.com/tigera/operator/issues/3780 is resolved upstream with a new