Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: CVE-2023-45142: bump otelhttp to v0.45.0 #1541

Merged
merged 1 commit into from
Nov 4, 2023
Merged

chore: CVE-2023-45142: bump otelhttp to v0.45.0 #1541

merged 1 commit into from
Nov 4, 2023

Conversation

jsafrane
Copy link
Contributor

@jsafrane jsafrane commented Nov 2, 2023

Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to its latest upstream release to fix CVE-2023-45142.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Nov 2, 2023
@k8s-ci-robot k8s-ci-robot requested a review from gnufied November 2, 2023 12:35
@k8s-ci-robot k8s-ci-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Nov 2, 2023
@jsafrane jsafrane changed the title CVE-2023-45142: bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to v0.45.0 chore: CVE-2023-45142: bump otelhttp to v0.45.0 Nov 2, 2023
@andyzhangx
Copy link
Member

from the trivy scan error msg, should upgrade google.golang.org/grpc to v1.58.3

@andyzhangx
Copy link
Member

from the trivy scan error msg, should upgrade google.golang.org/grpc to v1.58.3

o, it's already fixed, the e2e test framework is broken due to a capz cluster setting bug, still in fixing....

@jsafrane
Copy link
Contributor Author

jsafrane commented Nov 3, 2023

Ok, this is not an urgent CVE. Just retest when you have CI ready.

@andyzhangx
Copy link
Member

/retest

1 similar comment
@andyzhangx
Copy link
Member

/retest

andyzhangx
andyzhangx approved these changes Nov 4, 2023
View reviewed changes
Copy link
Member

@andyzhangx andyzhangx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 4, 2023
@andyzhangx andyzhangx merged commit 4bf27e4 into kubernetes-sigs:master Nov 4, 2023
9 of 10 checks passed
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andyzhangx, jsafrane

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 4, 2023
@cvvz cvvz mentioned this pull request Nov 6, 2023
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andyzhangx andyzhangx andyzhangx approved these changes

@gnufied gnufied Awaiting requested review from gnufied

Assignees

@andyzhangx andyzhangx

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jsafrane @andyzhangx @k8s-ci-robot