go.mod: update golang.org/x dependencies

Update golang.org/x dependencies to their latest tagged versions.

Change-Id: Id2855137e0a9d4f22587cbae94f238a5fa37d14b
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/640696
Auto-Submit: Gopher Robot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: David Chase <drchase@google.com>

internal/openvex: update handler test

Updates handler tests to have more accurate package paths.
This doesn't affect anything right now, but will be relevant for
future features/testing.

Change-Id: Ia72c749cdaf263d2a425f349f72630cda576b5f0
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/598593
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>

internal/osv: add review status

Ecosystem metrics cannot pick up REVIEWED vs UNREVIWED unless
govulncheck produces it.

Change-Id: Ia6ea1ef7cf681ac51e18dd32748dc658a72ebad9
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/591055
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>

all: remove unit tests for staticcheck, unparam, and spellcheck

Those should not be unit tests and, more importantly, they should not be
running on builders.

Change-Id: I70504fedce3bad17ac408dc6f208d61fb7bd6071
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/587097
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Cottrell <iancottrell@google.com>
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

internal/openvex: add vex types

updates golang/go#62486

Change-Id: I550ca00f1209e21ee3fef91128d0522494b9d994
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/575857
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>

cmd/govulncheck: mask line numbers and columns

These can in principle change for stdlib. Although we always pretend we
are running against go1.18, the actual stdlib underneath can be
different. This could result in different line numbers and columns.
There currently does not exist a clean way of masking line position for
stdlib paths, so we mask everything with placeholders.

Change-Id: I08628acbf10aa3f36b969bac5745ae3b4d52f284
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/562215
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Maceo Thompson <maceothompson@google.com>
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>

internal/scan: add binary extract mode

The extract mode spits out a json blob representing the minimal
representation of a Go binary needed for govulncheck vulnerability
detection. binary mode accepts both a Go binary and this representation
as an input.

The contents of extract should be regarded as a blob. The users of this
flag should not rely on its representation. It might change in the
future.

Change-Id: I81027062d34609fed7541ad2092d4cbe5df0d118
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/542035
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Ian Cottrell <iancottrell@google.com>
Reviewed-by: Maceo Thompson <maceothompson@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>

cmd/govulncheck: update test data

Generated with 'go test -update' for changes introduced by CL 555515.

For golang/go#65084.

Change-Id: I05938ce2755b6acdd42efc3fe9f51a485d8ca405
Cq-Include-Trybots: luci.golang.try:x_vuln-gotip-linux-amd64-longtest
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/555655
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>

all: go get golang.org/x/tools@74c255b

go get golang.org/x/tools@74c255b # CL 519295
go mod tidy

Pulling in the fix for unnecessary dependency on *types.StdSizes, which
is non guaranteed behavior.

Updates golang/go#62103

Change-Id: I351e98f59dafc728b6821330b897a0457f4127d1
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/520555
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Reviewed-by: Robert Findley <rfindley@google.com>
Auto-Submit: Hyang-Ah Hana Kim <hyangah@gmail.com>
Auto-Submit: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Reviewed-by: Hyang-Ah Hana Kim <hyangah@gmail.com>

internal/scan: fix double line spacing

Change-Id: I67d096196a4e54a12b4213c8011406a9ff65759e
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/508921
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Julie Qiu <julie@golang.org>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Run-TryBot: Ian Cottrell <iancottrell@google.com>
Auto-Submit: Ian Cottrell <iancottrell@google.com>