[v1.6] Remove usages of an old versions of github.com/emicklei/go-restful

[mkevac]

Description

There is a still usage on an old (and vulnerable) version of github.com/emicklei/go-restful in pkg/cri/streaming/server.go

➜  containerd git:(v1.6.18) rg "go-restful" go.mod
29:	github.com/emicklei/go-restful v2.9.5+incompatible
➜  containerd git:(v1.6.18) go mod why -m github.com/emicklei/go-restful
# github.com/emicklei/go-restful
github.com/containerd/containerd/pkg/cri/streaming
github.com/emicklei/go-restful
➜  containerd git:(v1.6.18) rg "github.com/emicklei/go-restful" pkg/cri
pkg/cri/streaming/server.go
48:	restful "github.com/emicklei/go-restful"

Current version of github.com/emicklei/go-restful is v3

Steps to reproduce the issue

No response

Describe the results you received and expected

I expected v3 version to be used.

What version of containerd are you using?

v1.6.18

Any other relevant information

No response

Show configuration if it is related to CRI plugin.

No response

[Anis-cpu-13]

Hello, as part of a university project and a first contribution to open source software, I would like to work on this issue

[AkihiroSuda]

Hello, as part of a university project and a first contribution to open source software, I would like to work on this issue

Yes, you can cherry pick this
481fb92

[Abhishek-569]

Is this issue fixed? I can't find the old version in pkg/cri/streaming/server.go.

[estesp]

I just opened #8271 to solve this

[mmerkes]

@mkevac Looks like this issue can be resolved?

[matrey]

Seems like there are still traces of go-restful v3.7.3, which is also vulnerable to CVE-2022-1996 (need to use at least v3.8.0)

[mmerkes]

Makes sense. #8221 up to resolve it!