build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.35.0 to 0.46.0

[dependabot[bot]]

Bumps go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.35.0 to 0.46.0.

Release notes

Sourced from go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc's releases.

Release v1.21.0/v0.46.0/v0.15.0/v0.1.0

Added

• Add the new go.opentelemetry.io/contrib/instrgen package to provide auto-generated source code instrumentation. (#3068, #3108)
• Add "go.opentelemetry.io/contrib/samplers/jaegerremote".WithSamplingStrategyFetcher which sets custom fetcher implementation. (#4045)
• Add "go.opentelemetry.io/contrib/config" package that includes configuration models generated via go-jsonschema. (#4376)
• Add NewSDK function to "go.opentelemetry.io/contrib/config". The initial implementation only returns noop providers. (#4414)
• Add metrics support (No-op, OTLP and Prometheus) to go.opentelemetry.io/contrib/exporters/autoexport. (#4229, #4479)
• Add support for console span exporter and metrics exporter in go.opentelemetry.io/contrib/exporters/autoexport. (#4486)
• Set unit and description on all instruments in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp. (#4500)
• Add metric support for grpc.StatsHandler in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#4356)
• Expose the name of the scopes in all instrumentation libraries as ScopeName. (#4448)

Changed

• Dropped compatibility testing for [Go 1.19]. The project no longer guarantees support for this version of Go. (#4352)
• Upgrade dependencies of OpenTelemetry Go to use the new v1.20.0/v0.43.0 release. (#4546)
• In go.opentelemetry.io/contrib/exporters/autoexport, Option was renamed to SpanOption. The old name is deprecated but continues to be supported as an alias. (#4229)

Deprecated

• The interceptors (UnaryClientInterceptor, StreamClientInterceptor, UnaryServerInterceptor, StreamServerInterceptor, WithInterceptorFilter) are deprecated. Use stats handlers (NewClientHandler, NewServerHandler) instead. (#4534)

Fixed

• The go.opentelemetry.io/contrib/samplers/jaegerremote sampler does not panic when the default HTTP round-tripper (http.DefaultTransport) is not *http.Transport. (#4045)
• The UnaryServerInterceptor in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc now sets gRPC status code correctly for the rpc.server.duration metric. (#4481)
• The NewClientHandler, NewServerHandler in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc now honor otelgrpc.WithMessageEvents options. (#4536)

Release v1.20.0/v0.45.0/v0.14.0

Added

• Set the description for the rpc.server.duration metric in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#4302)
• Add NewServerHandler and NewClientHandler that return a grpc.StatsHandler used for gRPC instrumentation in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#3002)
• Add new Prometheus bridge module in go.opentelemetry.io/contrib/bridges/prometheus. (#4227)

Changed

• Upgrade dependencies of OpenTelemetry Go to use the new v1.19.0/v0.42.0/v0.0.7 release.
• Use grpc.StatsHandler for gRPC instrumentation in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc/example. (#4325)

New Contributors

• @​puckpuck made their first contribution in open-telemetry/opentelemetry-go-contrib#4302

Full Changelog: https://github.com/open-telemetry/opentelemetry-go-contrib/compare/v1.19.0...v1.20.0

Release v1.19.0/v0.44.0/v0.13.0

Added

... (truncated)

Changelog

Sourced from go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc's changelog.

[1.21.0/0.46.0/0.15.0/0.1.0] - 2023-11-10

Added

• Add "go.opentelemetry.io/contrib/samplers/jaegerremote".WithSamplingStrategyFetcher which sets custom fetcher implementation. (#4045)
• Add "go.opentelemetry.io/contrib/config" package that includes configuration models generated via go-jsonschema. (#4376)
• Add NewSDK function to "go.opentelemetry.io/contrib/config". The initial implementation only returns noop providers. (#4414)
• Add metrics support (No-op, OTLP and Prometheus) to go.opentelemetry.io/contrib/exporters/autoexport. (#4229, #4479)
• Add support for console span exporter and metrics exporter in go.opentelemetry.io/contrib/exporters/autoexport. (#4486)
• Set unit and description on all instruments in go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp. (#4500)
• Add metric support for grpc.StatsHandler in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#4356)
• Expose the name of the scopes in all instrumentation libraries as ScopeName. (#4448)

Changed

• Dropped compatibility testing for [Go 1.19]. The project no longer guarantees support for this version of Go. (#4352)
• Upgrade dependencies of OpenTelemetry Go to use the new v1.20.0/v0.43.0 release. (#4546)
• In go.opentelemetry.io/contrib/exporters/autoexport, Option was renamed to SpanOption. The old name is deprecated but continues to be supported as an alias. (#4229)

Deprecated

• The interceptors (UnaryClientInterceptor, StreamClientInterceptor, UnaryServerInterceptor, StreamServerInterceptor, WithInterceptorFilter) are deprecated. Use stats handlers (NewClientHandler, NewServerHandler) instead. (#4534)

Fixed

• The go.opentelemetry.io/contrib/samplers/jaegerremote sampler does not panic when the default HTTP round-tripper (http.DefaultTransport) is not *http.Transport. (#4045)
• The UnaryServerInterceptor in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc now sets gRPC status code correctly for the rpc.server.duration metric. (#4481)
• The NewClientHandler, NewServerHandler in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc now honor otelgrpc.WithMessageEvents options. (#4536)

[1.20.0/0.45.0/0.14.0] - 2023-09-28

Added

• Set the description for the rpc.server.duration metric in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#4302)
• Add NewServerHandler and NewClientHandler that return a grpc.StatsHandler used for gRPC instrumentation in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#3002)
• Add new Prometheus bridge module in go.opentelemetry.io/contrib/bridges/prometheus. (#4227)

Changed

• Upgrade dependencies of OpenTelemetry Go to use the new v1.19.0/v0.42.0/v0.0.7 release.
• Use grpc.StatsHandler for gRPC instrumentation in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc/example. (#4325)

Removed

• The net.sock.peer.* and net.peer.* high cardinality attributes are removed from the metrics generated by go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (#4322)

[1.19.0/0.44.0/0.13.0] - 2023-09-12

Added

... (truncated)

Commits

• b4b06bc Release v1.21.0/v0.46.0/v0.15.0/v0.1.0 (#4546)
• c1ac303 config: Prepare module for release (#4541)
• fe68fe9 host: fix typo (#4540)
• 016b46f otelgrpc: Use net.Listen in TestStatsHandler (#4538)
• 23bd4ed otelgrpc: Deprecate interceptors in favor of stats handlers (#4534)
• a3b16ae Expose instrumentation scope name (#4448)
• 2b69029 otelgrpc: Fix stats handlers to honor WithMessageEvents option (#4536)
• f6aeb0d otelgrpc: Stablize TestInterceptors (#4535)
• b44dfc9 otelgrpc: Remove high cardinality metric attributes (#4322)
• 2a5fe23 otelgrpc: Refine tests to use a net socket instead of a buffer (#4503)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/kubernetes-sigs/prometheus-adapter/network/alerts).

[k8s-ci-robot]

This issue is currently awaiting triage.

If prometheus-adapter contributors determine this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

[k8s-ci-robot]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

[dgrisonnet]

/ok-to-test /lgtm /approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dependabot[bot], dgrisonnet

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kubernetes-sigs/prometheus-adapter/blob/master/OWNERS)~~ [dgrisonnet] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[k8s-ci-robot]

@dependabot[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-prometheus-adapter-test	c189ca8de92f41cb847dbb1c0078a867fd2d2c63	link	true	/test pull-prometheus-adapter-test
pull-prometheus-adapter-test-e2e	c189ca8de92f41cb847dbb1c0078a867fd2d2c63	link	true	/test pull-prometheus-adapter-test-e2e
pull-prometheus-adapter-verify	c189ca8de92f41cb847dbb1c0078a867fd2d2c63	link	true	/test pull-prometheus-adapter-verify

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).

[dgrisonnet]

/close

[k8s-ci-robot]

@dgrisonnet: Closed this PR.

In response to [this](https://github.com/kubernetes-sigs/prometheus-adapter/pull/621#issuecomment-1814935603): >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

[aditjha-msft]

Hi @dgrisonnet , I was wondering if there is a plan to address the HIGH CVE-2023-47108: https://nvd.nist.gov/vuln/detail/CVE-2023-47108 by pulling in 0.46 of the otelgrpc dependency? Are there next steps to address this? Thank you.