Viper Bump crypto dependency to address critical CVE-2024-45337

Preflight Checklist

• [X] I have searched the issue tracker for an issue that matches the one I want to file, without success.
• [X] I am not looking for support or already pursued the available support channels without success.
• [X] I have checked the troubleshooting guide for my problem, without success.

Viper Version

1.19.0

Go Version

1.22.7

Config Source

Flags

Format

No response

Repl.it link

No response

Code reproducing the issue

No response

Expected Behavior

$ go mod graph | grep viper | grep crypto
github.com/spf13/viper@v1.19.0 golang.org/x/crypto@v<version>

where <version> >= 0.32.0

Actual Behavior

$ go mod graph | grep viper | grep crypto github.com/spf13/viper@v1.19.0 golang.org/x/crypto@v0.21.0

Steps To Reproduce

No response

Additional Information

https://nvd.nist.gov/vuln/detail/CVE-2024-45337

Comment From: sagikazarmark

1.20 has updated that transitive dependency. Upcoming versions drop it entirely.