Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: upgrade to otel collector v0.90.1 #120

Merged
merged 1 commit into from
Dec 14, 2023
Merged

feat: upgrade to otel collector v0.90.1 #120

merged 1 commit into from
Dec 14, 2023

Conversation

tim-mwangi
Copy link
Collaborator

Description

Upgrade to otel collector v0.90.1. Hoping it will a vulnerability in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc

usr/local/bin/hypertrace/collector (gobinary)
=============================================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌──────────────────────────────────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│                           Library                            │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                            Title                            │
├──────────────────────────────────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ go.opentelemetry.io/contrib/instrumentation/google.golang.o- │ CVE-2023-47108 │ HIGH     │ fixed  │ v0.45.0           │ 0.46.0        │ opentelemetry-go-contrib: DoS vulnerability in otelgrpc due │
│ rg/grpc/otelgrpc                                             │                │          │        │                   │               │ to unbound cardinality metrics                              │
│                                                              │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2023-47108                  │
└──────────────────────────────────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘

Testing

Tested locally. Unit tests still passing.

Checklist:

  • [✅ ] My changes generate no new warnings
  • [✅ ] Any dependent changes have been merged and published in downstream modules

@tim-mwangi tim-mwangi requested a review from varkey98 December 14, 2023 05:09
tim-mwangi added a commit that referenced this pull request Dec 14, 2023
@tim-mwangi
undo modules upgrade. will be handled in #120
8fe0081
@puneet-traceable
Copy link

I am not sure on what to look for here. I am hoping a lot of it is generated code.

@tim-mwangi
Copy link
Collaborator Author

tim-mwangi commented Dec 14, 2023
edited
Loading

I am not sure on what to look for here. I am hoping a lot of it is generated code.

Most of it is copied over code from the otel repos with some of our custom changes that we had to make manually eg. passing down the context for the jaeger receiver, span curing for the kafka exporter.

@tim-mwangi tim-mwangi merged commit 04640a9 into main Dec 14, 2023
5 of 6 checks passed
@tim-mwangi tim-mwangi deleted the upgrade-v0.90.1 branch December 14, 2023 07:14
@tim-mwangi tim-mwangi mentioned this pull request Dec 14, 2023
Merged
tim-mwangi added a commit that referenced this pull request Dec 14, 2023
@tim-mwangi
feat: add codeql GHA and cron job for image build to run trivy (#119)
ac72f90 
* feat: add codeql GHA and cron job for image build to run trivy

* Not using gradle. Setup golang instead

* fix go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc vulnerability

* undo modules upgrade. will be handled in #120
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@puneet-traceable puneet-traceable puneet-traceable approved these changes

@prodion23 prodion23 Awaiting requested review from prodion23

@ryanericson ryanericson Awaiting requested review from ryanericson

@varkey98 varkey98 Awaiting requested review from varkey98

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tim-mwangi @puneet-traceable