Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2023-45142: Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp #1707

Merged
merged 1 commit into from
Nov 20, 2023
Merged

CVE-2023-45142: Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp #1707

merged 1 commit into from
Nov 20, 2023

Conversation

oshoval
Copy link
Collaborator

@oshoval oshoval commented Nov 19, 2023
edited
Loading

What this PR does / why we need it:
Fixes CVE-2023-45142

Update go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
according GHSA-rcjv-mgp8-qvmr
and do manual required changes based on
open-telemetry/opentelemetry-go#4586 (comment)

Special notes for your reviewer:

Release note:

None

@kubevirt-bot
Copy link
Collaborator

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@kubevirt-bot kubevirt-bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Nov 19, 2023
@kubevirt-bot kubevirt-bot added size/XXL release-note-none Denotes a PR that doesn't merit a release note. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Nov 19, 2023
@oshoval
Copy link
Collaborator Author

oshoval commented Nov 19, 2023

/test pull-e2e-cluster-network-addons-operator-br-marker-functests

@oshoval
CVE-2023-45142: Bump go.opentelemetry.io/contrib/instrumentation/net/…
b634d49 
…http/otelhttp

Update `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp`
according GHSA-rcjv-mgp8-qvmr
and do manual required changes based on
open-telemetry/opentelemetry-go#4586 (comment)

Signed-off-by: Or Shoval <oshoval@redhat.com>
@oshoval oshoval changed the title WIP CVE-2023-45142 CVE-2023-45142: Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp Nov 19, 2023
@oshoval oshoval marked this pull request as ready for review November 19, 2023 12:17
@kubevirt-bot kubevirt-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 19, 2023
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Nov 19, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@RamLavi
Copy link
Collaborator

RamLavi commented Nov 20, 2023

/lgtm
/approve

@kubevirt-bot kubevirt-bot added the lgtm Indicates that a PR is ready to be merged. label Nov 20, 2023
@kubevirt-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: RamLavi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kubevirt-bot kubevirt-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 20, 2023
@kubevirt-bot kubevirt-bot merged commit 4f82cc7 into kubevirt:main Nov 20, 2023
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@phoracek phoracek Awaiting requested review from phoracek

@rhrazdil rhrazdil Awaiting requested review from rhrazdil

@qinqon qinqon Awaiting requested review from qinqon

Assignees

@RamLavi RamLavi

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates the PR's author has DCO signed all their commits. lgtm Indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/XXL
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@oshoval @kubevirt-bot @RamLavi