Skip to content

deps: Update otelgrpc#9581

Merged
fuweid merged 2 commits intocontainerd:mainfrom
bryantbiggs:chore/update-otelgrpc
Dec 29, 2023
Merged

deps: Update otelgrpc#9581
fuweid merged 2 commits intocontainerd:mainfrom
bryantbiggs:chore/update-otelgrpc

Conversation

@bryantbiggs
Copy link
Copy Markdown
Contributor

@bryantbiggs bryantbiggs commented Dec 28, 2023
edited
Loading

  • Update otelgrpc dependency to resolve HIGH CVE and replace deprecated StreamServerInterceptor/UnaryServerInterceptor with NewServerHandler
  • Update go.opentelemetry.io/otel/sdk/trace to satisfy traceProvider interface (required after updating otelgrpc and resolving deprecations

Relates to #9536

image

opentelemetry-go-contrib: DoS vulnerability in otelgrpc due to unbound cardinality metrics https://avd.aquasec.com/nvd/cve-2023-47108

Vulnerability Severity Status Installed Version Fixed Version
CVE-2023-47108 HIGH fixed v0.45.0 0.46.0

@k8s-ci-robot
Copy link
Copy Markdown

k8s-ci-robot commented Dec 28, 2023

Hi @bryantbiggs. Thanks for your PR.

I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@bryantbiggs
deps: Update otelgrpc
7842161 
Signed-off-by: Bryant Biggs <[email protected]>
@bryantbiggs bryantbiggs force-pushed the chore/update-otelgrpc branch from 39f42b6 to 7842161 Compare December 28, 2023 14:47
@bryantbiggs bryantbiggs force-pushed the chore/update-otelgrpc branch from 39b74f2 to a1e0601 Compare December 28, 2023 14:57
@samuelkarp
Copy link
Copy Markdown
Member

samuelkarp commented Dec 28, 2023

/ok-to-test

fuweid
fuweid approved these changes Dec 29, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@fuweid fuweid left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@fuweid fuweid added this pull request to the merge queue Dec 29, 2023
Merged via the queue into containerd:main with commit 1f76ca4 Dec 29, 2023
@bryantbiggs bryantbiggs deleted the chore/update-otelgrpc branch December 29, 2023 13:05
This was referenced Jan 4, 2024
Merged
Closed
@thaJeztah thaJeztah mentioned this pull request Jul 2, 2024
Merged
@ErikJiang ErikJiang mentioned this pull request Dec 18, 2024
Merged
@chrishenzie chrishenzie added the cherry-picked/1.7.x PR commits are cherry-picked into release/1.7 branch label Apr 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@samuelkarp samuelkarp samuelkarp approved these changes

@fuweid fuweid fuweid approved these changes

Assignees

No one assigned

Labels

cherry-picked/1.7.x PR commits are cherry-picked into release/1.7 branch ok-to-test size/XXL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@bryantbiggs @k8s-ci-robot @samuelkarp @fuweid @chrishenzie