Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependencies to address CVE-2023-45142 #6640

Merged
merged 5 commits into from
Dec 18, 2023
Merged

Update dependencies to address CVE-2023-45142 #6640

merged 5 commits into from
Dec 18, 2023

Conversation

everettraven
Copy link
Contributor

Description of the change:

  • Updates dependencies as necessary to ensure a remediated version of go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp is used. Verified with:
$ cat go.mod | grep -i otelhttp
	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0 // indirect

$ cat go.sum | grep -i otelhttp
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0 h1:KfYpVmrjI7JuToy5k8XV3nkapjWx48k4E4JOtVstzQI=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0/go.mod h1:SeQhzAEccGVZVEy7aH87Nh0km+utSpo1pTv6eMMop48=

$ go mod graph | grep -i otelhttp
github.com/operator-framework/operator-sdk go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.44.0
github.com/operator-framework/api@v0.20.0 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1
github.com/operator-framework/operator-registry@v1.33.0 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.44.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.44.0 github.com/felixge/httpsnoop@v1.0.3
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.44.0 github.com/stretchr/testify@v1.8.4
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.44.0 go.opentelemetry.io/otel@v1.18.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.44.0 go.opentelemetry.io/otel/metric@v1.18.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.44.0 go.opentelemetry.io/otel/trace@v1.18.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.44.0 github.com/davecgh/go-spew@v1.1.1
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.44.0 github.com/go-logr/logr@v1.2.4
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.44.0 github.com/go-logr/stdr@v1.2.2
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.44.0 github.com/pmezard/go-difflib@v1.0.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.44.0 gopkg.in/yaml.v3@v3.0.1
k8s.io/apiextensions-apiserver@v0.27.7 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1
k8s.io/apiserver@v0.27.7 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1
k8s.io/component-base@v0.27.7 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.35.1

Motivation for the change:

Checklist

If the pull request includes user-facing changes, extra documentation is required:

@everettraven
update dependencies to address CVE-2023-45142
d5329f6 
Signed-off-by: everettraven <everettraven@gmail.com>
@everettraven
update kube to v0.27.8
ace0426 
Signed-off-by: everettraven <everettraven@gmail.com>
rashmigottipati
rashmigottipati approved these changes Dec 14, 2023
View reviewed changes
Copy link
Member

@rashmigottipati rashmigottipati left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Dec 14, 2023
@everettraven
bump golangci-lint to 1.53.3 and resolve linter errors
52cc899 
Signed-off-by: everettraven <everettraven@gmail.com>
@openshift-ci openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Dec 14, 2023
@everettraven
bump golangci-lint to 1.54.0 for compatible go version
8fe3e45 
Signed-off-by: everettraven <everettraven@gmail.com>
rashmigottipati
rashmigottipati approved these changes Dec 14, 2023
View reviewed changes
Copy link
Member

@rashmigottipati rashmigottipati left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Dec 14, 2023
@everettraven
fix broken links
d696732 
Signed-off-by: everettraven <everettraven@gmail.com>
@openshift-ci openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Dec 14, 2023
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Dec 14, 2023

New changes are detected. LGTM label has been removed.

@everettraven everettraven merged commit 2a90950 into operator-framework:master Dec 18, 2023
23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rashmigottipati rashmigottipati rashmigottipati approved these changes

@theishshah theishshah Awaiting requested review from theishshah

@varshaprasad96 varshaprasad96 Awaiting requested review from varshaprasad96

Assignees

@rashmigottipati rashmigottipati

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@everettraven @rashmigottipati