Closed dependabot[bot] closed 10 months ago
This issue is currently awaiting triage.
If prometheus-adapter contributors determine this is a relevant issue, they will accept it by applying the triage/accepted
label and provide further guidance.
The triage/accepted
label can be added by org members by writing /triage accepted
in a comment.
Hi @dependabot[bot]. Thanks for your PR.
I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test
on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.
Once the patch is verified, the new status will be reflected by the ok-to-test
label.
I understand the commands that are listed here.
/ok-to-test /lgtm /approve
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: dependabot[bot], dgrisonnet
The full list of commands accepted by this bot can be found here.
The pull request process is described here
@dependabot[bot]: The following tests failed, say /retest
to rerun all failed tests or /retest-required
to rerun all mandatory failed tests:
Test name | Commit | Details | Required | Rerun command |
---|---|---|---|---|
pull-prometheus-adapter-test | c189ca8de92f41cb847dbb1c0078a867fd2d2c63 | link | true | /test pull-prometheus-adapter-test |
pull-prometheus-adapter-test-e2e | c189ca8de92f41cb847dbb1c0078a867fd2d2c63 | link | true | /test pull-prometheus-adapter-test-e2e |
pull-prometheus-adapter-verify | c189ca8de92f41cb847dbb1c0078a867fd2d2c63 | link | true | /test pull-prometheus-adapter-verify |
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.
/close
@dgrisonnet: Closed this PR.
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version
or @dependabot ignore this minor version
.
If you change your mind, just re-open this PR and I'll resolve any conflicts on it.
Hi @dgrisonnet , I was wondering if there is a plan to address the HIGH CVE-2023-47108: https://nvd.nist.gov/vuln/detail/CVE-2023-47108 by pulling in 0.46 of the otelgrpc dependency? Are there next steps to address this? Thank you.
Bumps go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.35.0 to 0.46.0.
Release notes
Sourced from go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc's releases.
... (truncated)
Changelog
Sourced from go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc's changelog.
... (truncated)
Commits
b4b06bc
Release v1.21.0/v0.46.0/v0.15.0/v0.1.0 (#4546)c1ac303
config: Prepare module for release (#4541)fe68fe9
host: fix typo (#4540)016b46f
otelgrpc: Use net.Listen in TestStatsHandler (#4538)23bd4ed
otelgrpc: Deprecate interceptors in favor of stats handlers (#4534)a3b16ae
Expose instrumentation scope name (#4448)2b69029
otelgrpc: Fix stats handlers to honor WithMessageEvents option (#4536)f6aeb0d
otelgrpc: Stablize TestInterceptors (#4535)b44dfc9
otelgrpc: Remove high cardinality metric attributes (#4322)2a5fe23
otelgrpc: Refine tests to use a net socket instead of a buffer (#4503)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show