search

openshift / vsphere-problem-detector

OpenShift operator that monitors & reports issues with vSphere cluster
Apache License 2.0
10 stars 24 forks source link

OCPBUGS-23890: OCPBUGS-22641: CVE-2023-45142: bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to v0.46.0 #137

Closed jsafrane closed 1 year ago

jsafrane commented 1 year ago

Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to its latest upstream release. Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc to satisfy deps. that are not tracked otelhttp's go.mod.

openshift-ci-robot commented 1 year ago

@jsafrane: This pull request references Jira Issue OCPBUGS-22641, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug * bug is open, matching expected state (open) * bug target version (4.15.0) matches configured target version for branch (4.15.0) * bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

No GitHub users were found matching the public email listed for the QA contact in Jira (wduan@redhat.com), skipping review request.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to [this](https://github.com/openshift/vsphere-problem-detector/pull/137): > Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
openshift-ci[bot] commented 1 year ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jsafrane

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift/vsphere-problem-detector/blob/master/OWNERS)~~ [jsafrane] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
openshift-ci-robot commented 1 year ago

@jsafrane: This pull request references Jira Issue OCPBUGS-22641, which is valid.

3 validation(s) were run on this bug * bug is open, matching expected state (open) * bug target version (4.15.0) matches configured target version for branch (4.15.0) * bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

No GitHub users were found matching the public email listed for the QA contact in Jira (wduan@redhat.com), skipping review request.

In response to [this](https://github.com/openshift/vsphere-problem-detector/pull/137): >Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to its latest upstream release. >Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc to satisfy deps. that are not tracked otelhttp's go.mod. Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
tsmetana commented 1 year ago

/retest

Phaow commented 1 year ago

/retest

Phaow commented 1 year ago

/retest

Phaow commented 1 year ago

The otelhttp has been upgrade to v0.45.0 and CI looks good. Verified pass. /label qe-approved

openshift-ci-robot commented 1 year ago

@jsafrane: This pull request references Jira Issue OCPBUGS-22641, which is valid.

3 validation(s) were run on this bug * bug is open, matching expected state (open) * bug target version (4.15.0) matches configured target version for branch (4.15.0) * bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact: /cc @Phaow

In response to [this](https://github.com/openshift/vsphere-problem-detector/pull/137): >Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to its latest upstream release. >Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc to satisfy deps. that are not tracked otelhttp's go.mod. Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
gnufied commented 1 year ago

/lgtm

openshift-ci-robot commented 1 year ago

@jsafrane: This pull request references Jira Issue OCPBUGS-23890, which is invalid:

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to [this](https://github.com/openshift/vsphere-problem-detector/pull/137): >Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to its latest upstream release. >Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc to satisfy deps. that are not tracked otelhttp's go.mod. Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
jsafrane commented 1 year ago

Added fix for CVE-2023-47108, i.e. bumped opentelemetry to 0.46

jsafrane commented 1 year ago

/jira refresh

openshift-ci-robot commented 1 year ago

@jsafrane: This pull request references Jira Issue OCPBUGS-23890, which is invalid:

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to [this](https://github.com/openshift/vsphere-problem-detector/pull/137#issuecomment-1827982311): >/jira refresh Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
jsafrane commented 1 year ago

/jira refresh

openshift-ci-robot commented 1 year ago

@jsafrane: This pull request references Jira Issue OCPBUGS-23890, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug * bug is open, matching expected state (open) * bug target version (4.15.0) matches configured target version for branch (4.15.0) * bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

No GitHub users were found matching the public email listed for the QA contact in Jira (wduan@redhat.com), skipping review request.

In response to [this](https://github.com/openshift/vsphere-problem-detector/pull/137#issuecomment-1827983311): > >/jira refresh > > Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
openshift-ci-robot commented 1 year ago

/retest-required

Remaining retests: 0 against base HEAD 4978528275b3159bb4bbdfb0a0559760a953cabc and 2 for PR HEAD ca54c5550ef405fe5d6fdce0d32912ec08da74f3 in total

openshift-ci[bot] commented 1 year ago

@jsafrane: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-vsphere-csi-extended ca54c5550ef405fe5d6fdce0d32912ec08da74f3 link false /test e2e-vsphere-csi-extended
ci/prow/e2e-vsphere-zones ca54c5550ef405fe5d6fdce0d32912ec08da74f3 link false /test e2e-vsphere-zones

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
openshift-ci-robot commented 1 year ago

@jsafrane: Jira Issue OCPBUGS-23890: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-23890 has been moved to the MODIFIED state.

In response to [this](https://github.com/openshift/vsphere-problem-detector/pull/137): >Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to its latest upstream release. >Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc to satisfy deps. that are not tracked otelhttp's go.mod. Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
openshift-bot commented 1 year ago

[ART PR BUILD NOTIFIER]

This PR has been included in build ose-vsphere-problem-detector-container-v4.15.0-202311272131.p0.g9706b10.assembly.stream for distgit vsphere-problem-detector. All builds following this will include this PR.

openshift-merge-robot commented 1 year ago

Fix included in accepted release 4.15.0-0.nightly-2023-11-28-101923

Phaow commented 1 year ago

/jira refresh

openshift-ci-robot commented 1 year ago

@Phaow: Jira Issue OCPBUGS-23890 is in an unrecognized state (Verified) and will not be moved to the MODIFIED state.

In response to [this](https://github.com/openshift/vsphere-problem-detector/pull/137#issuecomment-1831020048): >/jira refresh Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.