Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: fix vulnerabilities in grpc and net #218

Merged
merged 1 commit into from
Nov 7, 2023
Merged

fix: fix vulnerabilities in grpc and net #218

merged 1 commit into from
Nov 7, 2023

Conversation

tim-mwangi
Copy link
Collaborator

Description

Fix these vulnerabilities

Testing /github/workspace...

✗ High severity vulnerability found in google.golang.org/grpc
  Description: Denial of Service (DoS)
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328
  Introduced through: google.golang.org/[email protected], go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/[email protected], go.opentelemetry.io/otel/exporters/otlp/otlpmetric/[email protected], go.opentelemetry.io/otel/exporters/otlp/otlptrace/[email protected]
  From: google.golang.org/[email protected]
  From: go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/[email protected] > google.golang.org/[email protected]
  From: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/[email protected] > google.golang.org/[email protected]
  and 7 more...
  Fixed in: 1.56.3, 1.57.1, 1.58.3

✗ High severity vulnerability found in golang.org/x/net/http2
  Description: Denial of Service (DoS)
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5953327
  Introduced through: github.com/gin-gonic/[email protected], google.golang.org/[email protected], go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/[email protected], go.opentelemetry.io/otel/exporters/otlp/otlpmetric/[email protected], go.opentelemetry.io/otel/exporters/otlp/otlptrace/[email protected]
  From: github.com/gin-gonic/[email protected] > golang.org/x/net/http2@0.[15](https://github.com/hypertrace/goagent/actions/runs/6789363516/job/18456380587#step:4:16).0
  From: github.com/gin-gonic/[email protected] > golang.org/x/net/http2/[email protected] > golang.org/x/net/[email protected]
  From: google.golang.org/[email protected] > google.golang.org/grpc/internal/[email protected] > golang.org/x/net/[email protected]
  and 3 more...
  Fixed in: 0.[17](https://github.com/hypertrace/goagent/actions/runs/6789363516/job/18456380587#step:4:18).0

Checklist:

  • [✅ ] My changes generate no new warnings

@codecov Codecov
Copy link

codecov bot commented Nov 7, 2023

Codecov Report

Merging #218 (861362b) into main (ea08a0b) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #218   +/-   ##
=======================================
  Coverage   58.94%   58.94%           
=======================================
  Files          55       55           
  Lines        2236     2236           
=======================================
  Hits         1318     1318           
  Misses        859      859           
  Partials       59       59

📣 Codecov offers a browser extension for seamless coverage viewing on GitHub. Try it in Chrome or Firefox today!

@tim-mwangi tim-mwangi merged commit de9ef45 into main Nov 7, 2023
6 of 7 checks passed
@tim-mwangi tim-mwangi deleted the fix-vuln branch November 7, 2023 21:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ryanericson ryanericson ryanericson approved these changes

@prodion23 prodion23 Awaiting requested review from prodion23

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tim-mwangi @ryanericson