fix the cve GHSA-v778-237x-gjrc

Signed-off-by: Batuhan Apaydin <[email protected]>

opentelemetry-collector.yaml

@@ -13,6 +13,7 @@ environment:
       - curl
       - go
       - openssf-compiler-options
+      - yq
 
 pipeline:
   - runs: |
@@ -30,11 +31,6 @@ pipeline:
       tag: v${{package.version}}
       expected-commit: 4ed80bbc4d9a6753ba6b959f5625a6f75fa1229c
 
-  - uses: go/bump
-    with:
-      deps: golang.org/x/[email protected]
-      modroot: ./internal/tools
-
   - uses: go/build
     with:
       packages: .
@@ -44,6 +40,7 @@ pipeline:
   - runs: |
       set -x
       # Use the builder to compile opentelemetry-collector
+      yq eval '.replaces += ["golang.org/x/crypto => golang.org/x/crypto v0.31.0"]' builder-config.yaml -i
       ${{targets.destdir}}/usr/bin/ocb --config=builder-config.yaml
 
       install -Dm755 ./_build/otelcol "${{targets.destdir}}"/usr/bin/otelcol