Closed priyaselvaganesan closed 4 months ago
This repository does not use otelhttp, but I think it is still a good idea to bump the version.
/assign @dgrisonnet /triage accepted
Hi, Any plans on updating the otelhttp package?
This repo is not directly affected by that vulnerability, so we don't have any timeline for fixing it.
@manikantanallagatla would you perhaps be interested in sending a PR to bump the k8s versions and the otel dep?
Open a PR https://github.com/kubernetes-sigs/custom-metrics-apiserver/pull/162 to fix it
/close
It's in 1.29.0 already
@CatherineF-dev: Closing this issue.
CVE link: https://nvd.nist.gov/vuln/detail/CVE-2023-45142
Is this repository using the go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp dependency actively? If so, can you give a time frame on resolving the CVE?