Bump otel/contrib to v0.46+ #447

guicassolato · 2023-11-22T16:43:25Z

Upgrade OpenTelemetry Go Contrib packages to v0.46.0+ to address the following CVEs:

Package	Advisory	Affected version	Patched version
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc	CVE-2023-47108	0.46.0	0.46.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	CVE-2023-45142	0.44.0	0.44.0

guicassolato added area/dependencies Pull requests that update a dependency file size/small target/current labels Nov 22, 2023

guicassolato added this to Kuadrant and Kuadrant Service Protection Nov 22, 2023

guicassolato added this to the v0.16.x milestone Nov 22, 2023

guicassolato moved this to Todo in Kuadrant Nov 22, 2023

guicassolato moved this to To do in Kuadrant Service Protection Nov 22, 2023

alexsnaps mentioned this issue Nov 22, 2023

Upgrade otel deps to 0.46.1 #448

Merged

alexsnaps moved this from Todo to In Progress in Kuadrant Nov 22, 2023

alexsnaps self-assigned this Nov 22, 2023

guicassolato closed this as completed in #448 Nov 23, 2023

github-project-automation bot moved this from In Progress to Done in Kuadrant Nov 23, 2023

github-project-automation bot moved this from To do to To test in Kuadrant Service Protection Nov 23, 2023

Provide feedback