Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-0.89] CVE-2023-45142: Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp #1731

Closed
wants to merge 3 commits into from
Closed

[release-0.89] CVE-2023-45142: Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp #1731

wants to merge 3 commits into from

Commits on Nov 29, 2023

  1. go.mod: Update k8s/x and kubevirt.io/x 

    Need this for updating otelhttp

Signed-off-by: Or Shoval <oshoval@redhat.com>
    @oshoval
    oshoval committed Nov 29, 2023
    Configuration menu
    Copy the full SHA
    211e8eb View commit details
    Browse the repository at this point in the history

  2. Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp 

    Update go version

Fixes CVE-2023-45142

Update `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp`
according GHSA-rcjv-mgp8-qvmr
and do manual required changes based on
open-telemetry/opentelemetry-go#4586 (comment)

Signed-off-by: Or Shoval <oshoval@redhat.com>
    @oshoval
    oshoval committed Nov 29, 2023
    Configuration menu
    Copy the full SHA
    a96f102 View commit details
    Browse the repository at this point in the history

  3. go mod: Fix bumping 

    Pin k8s.io/kube-openapi and update sigs.k8s.io/controller-runtime

Signed-off-by: Or Shoval <oshoval@redhat.com>
    @oshoval
    oshoval committed Nov 29, 2023
    Configuration menu
    Copy the full SHA
    422d4f1 View commit details
    Browse the repository at this point in the history