New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[release-0.89] CVE-2023-45142: Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp #1731
Conversation
Skipping CI for Draft Pull Request. |
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/test pull-e2e-cnao-kubemacpool-functests-release-0.89 |
It will fail due to this now the root cause is [1] kubernetes/client-go#1075 (comment) |
Need this for updating otelhttp Signed-off-by: Or Shoval <oshoval@redhat.com>
Update go version Fixes CVE-2023-45142 Update `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` according GHSA-rcjv-mgp8-qvmr and do manual required changes based on open-telemetry/opentelemetry-go#4586 (comment) Signed-off-by: Or Shoval <oshoval@redhat.com>
c5ac971
to
2f802d8
Compare
Found a way to make it compile, this PR present some bumping that it is good to have (but not mandatory for the CVE), Assuming it is fine to use kubevirt.io/x (v1.0.0) on release-0.89, else we can't merge it. |
Pin k8s.io/kube-openapi and update sigs.k8s.io/controller-runtime Signed-off-by: Or Shoval <oshoval@redhat.com>
Kudos, SonarCloud Quality Gate passed! 0 Bugs No Coverage information |
/test pull-cluster-network-addons-operator-unit-test-release-0.89 not sure it works yet
closing, because for not it is not a must, if we need it in the future we can continue from here |
@oshoval: The following tests failed, say
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
What this PR does / why we need it:
Update
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
according GHSA-rcjv-mgp8-qvmr
and do manual required changes based on
open-telemetry/opentelemetry-go#4586 (comment)
Special notes for your reviewer:
Had to update k8s/x (v0.26.3) and kubevirt.io/x (v1.0.0) because of none backward compatible
changes with otelhttp, bump
sigs.k8s.io/controller-runtime
, pin specifick8s.io/kube-openapi
and to use go v1.19
Release note: