CVE-2023-45142 on otelhttp

[ThomasSamson]

Hi, There is a security breach on the go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp package in the latest image.

[snieguu]

Vulnerability is in dependency of Caddy https://github.com/caddyserver/caddy/blob/v2.7.5/go.mod#L30

[francislavoie]

Fixed by https://github.com/caddyserver/caddy/pull/5908

The vulnerability only affects users using the tracing handler. Others are not affected. If you absolutely need the fix right away, you may build from Caddy's master branch using the builder Docker image with xcaddy build master. Otherwise, it'll be included in v2.7.6.