Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove otelgrpc pinned dependency #10799

Merged
merged 1 commit into from
Sep 6, 2024
Merged

Remove otelgrpc pinned dependency #10799

merged 1 commit into from
Sep 6, 2024

Conversation

dereknola
Copy link
Member

Proposed Changes

  • Unpin otelgrpc dependency, added with the v1.26.0 release, to allow it to match upstreams version automatically.
  • Bump grpc to match upstream version

Types of Changes

Dependency bumps

Verification

make passes

Testing

N/A

Linked Issues

N/A

User-Facing Change

Further Comments

@dereknola dereknola requested a review from a team as a code owner September 3, 2024 18:47
@codecov Codecov
Copy link

codecov bot commented Sep 3, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 44.14%. Comparing base (270f85e) to head (e33b4c7).
Report is 1 commits behind head on master.

❗ There is a different number of reports uploaded between BASE (270f85e) and HEAD (e33b4c7). Click for more details.

HEAD has 1 upload less than BASE
Flag BASE (270f85e) HEAD (e33b4c7)
e2etests 7 6
Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #10799      +/-   ##
==========================================
- Coverage   49.92%   44.14%   -5.78%     
==========================================
  Files         178      178              
  Lines       14777    14777              
==========================================
- Hits         7377     6523     -854     
- Misses       6063     7059     +996     
+ Partials     1337     1195     -142
Flag Coverage Δ
e2etests 36.46% <ø> (-9.82%) ⬇️
inttests 36.79% <ø> (+17.08%) ⬆️
unittests 13.57% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

brandond
brandond previously approved these changes Sep 3, 2024
View reviewed changes
Copy link
Member

@brandond brandond left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if it works great, the otel stuff has been a pain in the but to keep in sync across the different projects that we embed.

@cwayne18
Copy link
Member

cwayne18 commented Sep 3, 2024

/trivy

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 3, 2024
edited
Loading 


bin/k3s (gobinary)
==================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌──────────────────────────────────────────────────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│                           Library                            │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                            Title                            │
├──────────────────────────────────────────────────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ go.opentelemetry.io/contrib/instrumentation/google.golang.o- │ CVE-2023-47108 │ HIGH     │ fixed  │ v0.45.0           │ 0.46.0        │ opentelemetry-go-contrib: DoS vulnerability in otelgrpc due │
│ rg/grpc/otelgrpc                                             │                │          │        │                   │               │ to unbound cardinality metrics                              │
│                                                              │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2023-47108                  │
└──────────────────────────────────────────────────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘

bin/runc (gobinary)
===================
Total: 1 (HIGH: 1, CRITICAL: 0)

┌──────────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐
│     Library      │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                            Title                             │
├──────────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ golang.org/x/net │ CVE-2023-39325 │ HIGH     │ fixed  │ v0.8.0            │ 0.17.0        │ golang: net/http, x/net/http2: rapid stream resets can cause │
│                  │                │          │        │                   │               │ excessive work (CVE-2023-44487)                              │
│                  │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2023-39325                   │
└──────────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘

brandond
brandond previously approved these changes Sep 4, 2024
View reviewed changes
@cwayne18
Copy link
Member

cwayne18 commented Sep 5, 2024

/trivy

vitorsavian
vitorsavian previously approved these changes Sep 6, 2024
View reviewed changes
@dereknola dereknola dismissed stale reviews from vitorsavian and brandond via e33b4c7 September 6, 2024 17:10
@cwayne18
Copy link
Member

cwayne18 commented Sep 6, 2024

/trivy

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 6, 2024
edited
Loading

❌ Trivy scan action failed, check logs ❌

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 6, 2024
edited
Loading

@dereknola
Copy link
Member Author

hmmm... rerunning a failed trivy scan does not seem to work out

@dereknola dereknola merged commit 216c367 into k3s-io:master Sep 6, 2024
29 checks passed
@dereknola dereknola deleted the bump_octl branch September 12, 2024 14:29
ludost pushed a commit to asimovo-platform/k3s that referenced this pull request Oct 2, 2024
@dereknola @ludost
Remove otelgrpc pinned dependency (k3s-io#10799)
f36763e 
Signed-off-by: Derek Nola <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@galal-hussein galal-hussein galal-hussein approved these changes

@cwayne18 cwayne18 cwayne18 approved these changes

@vitorsavian vitorsavian vitorsavian left review comments

@brandond brandond brandond left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@dereknola @cwayne18 @brandond @galal-hussein @vitorsavian