build(deps): Bump go.opentelemetry.io/collector from 0.31.0 to 0.69.1 in /pkg/batchperresourceattr

[dependabot]

Bumps go.opentelemetry.io/collector from 0.31.0 to 0.69.1.

Release notes

Sourced from go.opentelemetry.io/collector's releases.

v0.69.1

🧰 Bug fixes 🧰

• various modules: Fix issue where some collector modules imported previous version of other modules (#6929)

cmd/builder/v0.68.0

No release notes provided.

v0.66.0

No release notes provided.

v0.65.0

Images and binaries here: https://github.com/open-telemetry/opentelemetry-collector-releases/releases/tag/v0.65.0

🛑 Breaking changes 🛑

• featuregate: Capitalize featuregate.Stage string values, remove Stage prefix. (#6490)

• configtelemetry: Update values returned by Level.String and Level.MarshalText method. (#6490)

  • All returned strings are capitalized.
  • "" is returned for integers that are out of Level enum range.
  • It also affects Level.Marshal output, but it's not a problem because Unmarshal method accepts strings in all cases, e.g. "normal", "Normal" and "NORMAL".

• featuregate: Make impossible to implement RegistryOption outside featuregate package (#6532)

• service/telemetry: Remove unit suffixes from metrics exported by the otel-go prometheus exporter. (#6403)

• obsreport: obsreport.New[Receiver|Scraper|Processor|Exporter] returns error now (#6458)

• configgrpc: Remove deprecated funcs in configgrpc. (#6529)

  • configgrpc.GRPCClientSettings.ToDialOptions
  • configgrpc.GRPCServerSettings.ToServerOption

• config/configtest: Remove deprecated configtest package. (#6542)

• config: Remove deprecated types and funcs from config. Use component package. (#6511)

  • config.ComponentID
  • config.Type
  • config.DataType
  • config.Receiver
  • config.UnmarshalReceiver
  • config.Processor
  • config.UnmarshalProcessor
  • config.Exporter
  • config.UnmarshalExporter
  • config.Extension
  • config.UnmarshalExtension

• featuregate: Remove deprecated funcs and struct members from featuregate package (#6523)

  • featuregate.Gate.ID
  • featuregate.Gate.Description
  • featuregate.Gate.Enabled

... (truncated)

Changelog

Sourced from go.opentelemetry.io/collector's changelog.

v0.69.1

🧰 Bug fixes 🧰

• various modules: Fix issue where some collector modules imported previous version of other modules (#6929)

v1.0.0-RC3/v0.69.0

🛑 Breaking changes 🛑

• component: Remove deprecated Exporter types (#6880)
• component: Remove deprecated Extension types (#6865)
• component: Remove deprecated ProcessorFactoryOptions (#6881)
• component: Remove deprecated Receiver types (#6882)
• componenttest: Remove deprecated funcs from componenttest (#6836)
• batchprocessor: Remove deprecated batchprocessor.MetricViews and batchprocessor.OtelMetricViews (#6861)
• component: Remove deprecated component.[Factories|MakePorcessorFactoryMap] and componenttest.NewNopFactories (#6835)
• config: Remove deprecated cofig.*Settings (#6837)
• obsereporttest: Remove deprecated obsereporttest.SetupTelemetryWithID (#6861)
• component: Remove deprecated component [Traces|Metrics|Logs]Processor and ProcessorFactory (#6884)
• service: Remove deprecated service service.ConfigService and service.ConfigServicePipeline (#6859)

💡 Enhancements 💡

• connector: Add MakeFactoryMap (#6889)
• semconv: Add semantic conventions for specification v1.16.0 (#6714)

🧰 Bug fixes 🧰

• config: use [REDACTED] when marshaling to text a configopaque.String, instead of disclosing secret length. (#6868)

v1.0.0-RC2/v0.68.0

🛑 Breaking changes 🛑

• componenttest: Move NopFactories to otelcoltest (#6792)
• config/confighttp: Change confighttp.HTTPClientSettings.Headers type to map[string]configopaque.String (#5653)
• config: Remove deprecated component.Config.[ID|SetIDName]. (#4714)
• configauth: Remove deprecated funcs/types from configauth (#6719)
• component: Remove deprecated funcs/types from component package (#6769)
  • component.[Exporter|Processor|Receiver|Extension]Config
  • component.Unmarshal[Exporter|Processor|Receiver|Extension]Config
  • component.[Exporter|Processor|Receiver|Extension]CreateDefaultConfigFunc
  • component.[Exporter|Receiver|Extension]FactoryOption
  • component.New[Exporter|Receiver|Extension]Factory
  • component.With[Traces|Metrics|Logs][Exporter|Receiver]
  • component.Create[Traces|Metrics|Logs][Exporter|Receiver]Func
  • component.CreateExtensionFunc
• componenttest: Remove deprecated componenttest.NewNop*CreateSettings (#6761)
• service: Remove deprecated service.[Collector|New|CollectorSettings|ConfigProvider] (#5564)

... (truncated)

Commits

• b6571e0 Prepare release v0.69.1 (#6934)
• ea8eb18 Update all modules to use v0.69.0 of collector modules (#6933)
• d01b50b [chore] prepare release v1.0.0-RC3/v0.69.0 (#6910)
• 0ad0436 [chore] Don't use prom server created by OpenCensus iniialization (#6890)
• 40721e5 Add semantic conventions for specification v1.16.0 (#6713)
• 39201f6 [chore] Update pcommon.Map.Equal deprecation doc string (#6894)
• 1f3c5fb Add connector.MakeFactoryMap (#6889)
• d8c9f24 Add @​djaglowski as approver, and make him work from the first week. (#6885)
• 2fc6b0e Remove deprecated component [Traces|Metrics|Logs]Processor and ProcessorFacto...
• 76cf776 Remove deprecated funcs in obsereporttest and batchprocessor (#6861)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[guardrails]

⚠️ We detected 76 security issues in this pull request:

Mode: paranoid | Total findings: 76 | Considered vulnerability: 76

Insecure Network Communication (13)

Docs	Details
💡	Title: Insecure gRPC server connection, Severity: Medium opentelemetry-collector-contrib/exporter/googlecloudexporter/googlecloud_test.go Line 93 in c240b05 srv := grpc.NewServer()
💡	Title: Insecure gRPC server connection, Severity: Medium opentelemetry-collector-contrib/exporter/googlecloudexporter/googlecloud_test.go Line 168 in c240b05 srv := grpc.NewServer()
💡	Title: Plaintext HTTP Server, Severity: High opentelemetry-collector-contrib/internal/aws/xray/testdata/sampleserver/sample.go Line 34 in c240b05 go http.ListenAndServe(":8000", nil)
💡	Title: Plaintext HTTP Server, Severity: High opentelemetry-collector-contrib/receiver/prometheusexecreceiver/testdata/end_to_end_metrics_test/test_prometheus_exporter.go Line 48 in c240b05 err := http.ListenAndServe(fmt.Sprintf(":%v", os.Args[1]), nil)
💡	Title: Plaintext HTTP Server, Severity: High opentelemetry-collector-contrib/receiver/simpleprometheusreceiver/examples/federation/prom-counter/main.go Line 56 in c240b05 _ = http.ListenAndServe(":8080", nil)
💡	Title: Insecure SSL/TLS versions allowed, Severity: Medium opentelemetry-collector-contrib/internal/kubelet/client.go Line 104 in c240b05 RootCAs: rootCAs,
💡	Title: Look For Bad TLS Connection Settings, Severity: High opentelemetry-collector-contrib/internal/kubelet/client.go Line 103 in c240b05 tr.TLSClientConfig = &tls.Config{
💡	Title: Look For Bad TLS Connection Settings, Severity: High opentelemetry-collector-contrib/exporter/datadogexporter/internal/utils/http.go Line 53 in c240b05 TLSClientConfig: &tls.Config{InsecureSkipVerify: false},
💡	Title: Look For Bad TLS Connection Settings, Severity: High opentelemetry-collector-contrib/internal/kubelet/client.go Line 121 in c240b05 InsecureSkipVerify: insecureSkipVerify,
💡	Title: Look For Bad TLS Connection Settings, Severity: High opentelemetry-collector-contrib/internal/aws/awsutil/conn.go Line 63 in c240b05 InsecureSkipVerify: noVerify,
💡	Title: Look For Bad TLS Connection Settings, Severity: High opentelemetry-collector-contrib/exporter/sentryexporter/sentry_exporter.go Line 403 in c240b05 clientOptions.HTTPTransport = &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}}
💡	Title: Look For Bad TLS Connection Settings, Severity: High opentelemetry-collector-contrib/receiver/awsxrayreceiver/internal/proxy/conn.go Line 191 in c240b05 InsecureSkipVerify: config.TLSSetting.Insecure,
💡	Title: Look For Bad TLS Connection Settings, Severity: High opentelemetry-collector-contrib/internal/aws/awsutil/conn.go Line 166 in c240b05 InsecureSkipVerify: config.NoVerifySSL,

More info on how to fix Insecure Network Communication in Go.

---

Insecure Use of Dangerous Function (3)

Docs	Details
💡	Title: Review use of exec.Command(), Severity: High opentelemetry-collector-contrib/receiver/prometheusexecreceiver/subprocessmanager/manager.go Line 40 in c240b05 childProcess := exec.Command(args[0], args[1:]...) // #nosec
💡	Title: Audit Use of Command Execution, Severity: High opentelemetry-collector-contrib/receiver/jmxreceiver/internal/subprocess/subprocess.go Line 303 in c240b05 cmd := exec.Command(execPath, args...)
💡	Title: Audit Use of Command Execution, Severity: High opentelemetry-collector-contrib/extension/fluentbitextension/process.go Line 192 in c240b05 cmd := exec.Command(execPath, args...)

More info on how to fix Insecure Use of Dangerous Function in Go.

---

Insecure Use of SQL Queries (1)

Docs	Details
💡	Title: SQL Injection - go-pg ORM string concatenation, Severity: High opentelemetry-collector-contrib/receiver/dotnetdiagnosticsreceiver/network/fake_rw.go Line 87 in c240b05 return path.Join(dir, fmt.Sprintf("msg.%d.bin", i))

More info on how to fix Insecure Use of SQL Queries in Go.

---

Insecure File Management (11)

Docs	Details
💡	Title: File Path Provided As Taint Input, Severity: High opentelemetry-collector-contrib/testbed/datasenders/fluent.go Line 66 in c240b05 f.dataFile, err = os.OpenFile(dataFileName, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0600)
💡	Title: File Path Provided As Taint Input, Severity: High opentelemetry-collector-contrib/receiver/awsxrayreceiver/internal/proxy/conn.go Line 167 in c240b05 metadata, err := ioutil.ReadFile(metadataFilePath)
💡	Title: File Path Provided As Taint Input, Severity: High opentelemetry-collector-contrib/receiver/awscontainerinsightreceiver/internal/ecsInfo/cgroup.go Line 213 in c240b05 f, err := os.Open(mountConfigPath)
💡	Title: File Path Provided As Taint Input, Severity: High opentelemetry-collector-contrib/receiver/awscontainerinsightreceiver/internal/ecsInfo/cgroup.go Line 186 in c240b05 out, err := ioutil.ReadFile(cgroupFile)
💡	Title: File Path Provided As Taint Input, Severity: High opentelemetry-collector-contrib/receiver/awscontainerinsightreceiver/internal/cadvisor/testutils/helpers.go Line 28 in c240b05 info, err := ioutil.ReadFile(file)
💡	Title: File Path Provided As Taint Input, Severity: High opentelemetry-collector-contrib/processor/resourcedetectionprocessor/internal/aws/elasticbeanstalk/fs.go Line 31 in c240b05 return os.Open(name)
💡	Title: File Path Provided As Taint Input, Severity: High opentelemetry-collector-contrib/internal/kubelet/cert.go Line 33 in c240b05 certBytes, err := ioutil.ReadFile(certPath)
💡	Title: File Path Provided As Taint Input, Severity: High opentelemetry-collector-contrib/exporter/signalfxexporter/internal/hostmetadata/host.go Line 205 in c240b05 if file, err = ioutil.ReadFile(path); err == nil {
💡	Title: File Path Provided As Taint Input, Severity: High opentelemetry-collector-contrib/exporter/signalfxexporter/internal/hostmetadata/host.go Line 172 in c240b05 if value, err := ioutil.ReadFile(filepath.Join(etc, "system-release")); err == nil {
💡	Title: File Path Provided As Taint Input, Severity: High opentelemetry-collector-contrib/exporter/signalfxexporter/internal/hostmetadata/host.go Line 169 in c240b05 if value, err := ioutil.ReadFile(filepath.Join(etc, "redhat-release")); err == nil {
💡	Title: File Path Provided As Taint Input, Severity: High opentelemetry-collector-contrib/exporter/signalfxexporter/internal/hostmetadata/host.go Line 166 in c240b05 if value, err := ioutil.ReadFile(filepath.Join(etc, "centos-release")); err == nil {

More info on how to fix Insecure File Management in Go.

---

Hard-Coded Secrets (48)

Docs	Details
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/alibabacloudlogserviceexporter/README.md Line 28 in c240b05 access_key_secret: "access-key-secret"
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/alibabacloudlogserviceexporter/config_test.go Line 54 in c240b05 AccessKeySecret: "test-secret",
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/alibabacloudlogserviceexporter/uploader.go Line 64 in c240b05 producerConfig.AccessKeySecret = config.AccessKeySecret
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/datadogexporter/internal/utils/http_test.go Line 41 in c240b05 apiKey := "apikey"
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/datadogexporter/trace_connection.go Line 59 in c240b05 apiKey: apiKey,
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/elasticexporter/README.md Line 76 in c240b05 # secret_token: "hunter2"
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/elasticexporter/config_test.go Line 54 in c240b05 APIKey: "RTNxMjlXNEJt",
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/elasticexporter/config_test.go Line 55 in c240b05 SecretToken: "hunter2",
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/elasticexporter/config_test.go Line 88 in c240b05 cfg.APIKey = apiKey
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/elasticexporter/config_test.go Line 89 in c240b05 cfg.SecretToken = secretToken
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/elasticsearchexporter/config_test.go Line 56 in c240b05 Password: "search",
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/elasticsearchexporter/config_test.go Line 57 in c240b05 APIKey: "AvFsEiPs==",
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/elasticsearchexporter/exporter.go Line 235 in c240b05 Password: config.Authentication.Password,
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/elasticsearchexporter/exporter.go Line 236 in c240b05 APIKey: config.Authentication.APIKey,
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/honeycombexporter/README.md Line 30 in c240b05 api_key: "my-api-key"
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/honeycombexporter/config_test.go Line 49 in c240b05 APIKey: "test-apikey",
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/honeycombexporter/honeycomb_test.go Line 107 in c240b05 APIKey: "test",
💡	Title: Hex High Entropy String, Severity: Medium opentelemetry-collector-contrib/exporter/honeycombexporter/ids_test.go Line 33 in c240b05 want: "cbe4decd12429177",
💡	Title: Hex High Entropy String, Severity: Medium opentelemetry-collector-contrib/exporter/honeycombexporter/ids_test.go Line 38 in c240b05 want: "f23b42eac289a0fdcde48fcbe3ab1a32",
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/newrelicexporter/config_test.go Line 56 in c240b05 APIKey: "a1b2c3d4",
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/newrelicexporter/factory_test.go Line 41 in c240b05 nrConfig.MetricsConfig.APIKey = "a1b2c3d4"
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/newrelicexporter/factory_test.go Line 62 in c240b05 nrConfig.MetricsConfig.APIKeyHeader = "api-key"
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/newrelicexporter/metrics.go Line 176 in c240b05 apiKey: "not_present",
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/newrelicexporter/metrics_test.go Line 66 in c240b05 apiKey: "shhh",
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/newrelicexporter/newrelic_test.go Line 85 in c240b05 c.TracesConfig.APIKeyHeader = "api-key"
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/newrelicexporter/newrelic_test.go Line 87 in c240b05 c.TracesConfig.APIKey = "NRII-1"
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/newrelicexporter/newrelic_test.go Line 191 in c240b05 useAPIKeyHeader := apiKey != ""
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/newrelicexporter/newrelic_test.go Line 762 in c240b05 cfg := mockConfig{useAPIKeyHeader: false}
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/exporter/observiqexporter/factory_test.go Line 41 in c240b05 cfg.APIKey = exampleAPIKey
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/extension/oauth2clientauthextension/config_test.go Line 42 in c240b05 expected.ClientSecret = "someclientsecret"
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/extension/oauth2clientauthextension/extension.go Line 66 in c240b05 ClientSecret: cfg.ClientSecret,
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/extension/oauth2clientauthextension/extension_test.go Line 47 in c240b05 ClientSecret: "testsecret",
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/extension/oauth2clientauthextension/factory_test.go Line 54 in c240b05 ClientSecret: "testsecret",
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/extension/oauth2clientauthextension/factory_test.go Line 74 in c240b05 cfg.ClientSecret = testcase.settings.ClientSecret
💡	Title: Base64 High Entropy String, Severity: Medium opentelemetry-collector-contrib/internal/aws/k8s/k8sclient/obj_store_test.go Line 109 in c240b05 SelfLink: "/api/v1/namespaces/kube-system/pods/coredns-7554568866-26jdf",
💡	Title: Base64 High Entropy String, Severity: Medium opentelemetry-collector-contrib/internal/aws/k8s/k8sclient/pod_test.go Line 47 in c240b05 SelfLink: "/api/v1/namespaces/kube-system/pods/coredns-7554568866-26jdf",
💡	Title: Hex High Entropy String, Severity: Medium opentelemetry-collector-contrib/internal/aws/xray/tracesegment_test.go Line 533 in c240b05 String("d8453812a556"),
💡	Title: Hex High Entropy String, Severity: Medium opentelemetry-collector-contrib/processor/resourcedetectionprocessor/internal/aws/ecs/metadata_ecs_test.go Line 89 in c240b05 assert.Equal(t, "abcdef12345", fetchResp.DockerID)
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/receiver/awsxrayreceiver/internal/proxy/conn_test.go Line 287 in c240b05 "AWS_SECRET_KEY": "SECRET",
💡	Title: Hex High Entropy String, Severity: Medium opentelemetry-collector-contrib/receiver/fluentforwardreceiver/receiver_test.go Line 187 in c240b05 const chunkValue = "abcdef01234576789"
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/receiver/jmxreceiver/config_test.go Line 62 in c240b05 Password: "mypassword",
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/receiver/jmxreceiver/config_test.go Line 74 in c240b05 KeystorePassword: "mykeystorepassword",
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/receiver/jmxreceiver/config_test.go Line 77 in c240b05 TruststorePassword: "mytruststorepassword",
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/receiver/jmxreceiver/integration_test.go Line 151 in c240b05 Password: "cassandra",
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/receiver/kubeletstatsreceiver/internal/kubelet/conventions.go Line 27 in c240b05 labelValueSecretVolume = "secret"
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/receiver/kubeletstatsreceiver/internal/kubelet/volume.go Line 100 in c240b05 case volume.Secret != nil:
💡	Title: Secret Keyword, Severity: Medium opentelemetry-collector-contrib/receiver/redisreceiver/receiver.go Line 51 in c240b05 Password: r.config.Password,
💡	Title: Private Key, Severity: Medium opentelemetry-collector-contrib/testbed/mockdatareceivers/mockawsxrayreceiver/server.key Line 1 in c240b05 -----BEGIN PRIVATE KEY-----

More info on how to fix Hard-Coded Secrets in General.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.