Bump github.com/prometheus/client_golang from 1.11.0 to 1.12.0 in /ot…

…elcollector/fluent-bit/src (#124) * Bump github.com/prometheus/client_golang Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.11.0 to 1.12.0. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.11.0...v1.12.0) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * verify build * check collector scan * ignore vulnerability Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: vishwanath <[email protected]>
Azure · Jan 20, 2022 · 958e65f · 958e65f
1 parent b40444d
commit 958e65f
Show file tree

Hide file tree

Showing 5 changed files with 337 additions and 13 deletions.
diff --git a/.github/workflows/build-and-push-image-and-chart.yml b/.github/workflows/build-and-push-image-and-chart.yml
@@ -89,7 +89,7 @@ jobs:
           format: 'table'
           severity: 'CRITICAL,HIGH'
           vuln-type: 'os,library'
-          skip-dirs: '/opt/telegraf,/opt/microsoft/otelcollector'
+          skip-dirs: '/opt/telegraf'
           exit-code: '1'
           timeout: '5m0s'
       - name: Update-HELM-dependencies

diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1,2 @@
+# ignore this vulnerability (in otelcollector), but continue scanning to catch other vulns. Note : this will ignore this vuln globally
+CVE-2020-13949
diff --git a/README.md b/README.md
@@ -15,7 +15,7 @@ As the maintainer of this project, please make a few updates:
 - Understanding the security reporting process in SECURITY.MD
 - Remove this section from the README
 
-## Contributing
+## Contributing 
 
 This project welcomes contributions and suggestions.  Most contributions require you to agree to a
 Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us

diff --git a/otelcollector/fluent-bit/src/go.mod b/otelcollector/fluent-bit/src/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/BurntSushi/toml v0.4.1 // indirect
 	github.com/fluent/fluent-bit-go v0.0.0-20171103221316-c4a158a6e3a7
 	github.com/microsoft/ApplicationInsights-Go v0.4.4
-	github.com/prometheus/client_golang v1.11.0
+	github.com/prometheus/client_golang v1.12.0
 	github.com/ugorji/go v1.1.2-0.20180813092308-00b869d2f4a5 // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0-20170531160350-a96e63847dc3
 	gopkg.in/yaml.v2 v2.4.0
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# ignore this vulnerability (in otelcollector), but continue scanning to catch other vulns. Note : this will ignore this vuln globally
		CVE-2020-13949