Skip to content

fix: fix vulnerabilities in grpc and net#218

Merged
tim-mwangi merged 1 commit intomainfrom
fix-vuln
Nov 7, 2023
Merged

fix: fix vulnerabilities in grpc and net#218
tim-mwangi merged 1 commit intomainfrom
fix-vuln

Conversation

@tim-mwangi
Copy link
Copy Markdown
Collaborator

@tim-mwangi tim-mwangi commented Nov 7, 2023

Description

Fix these vulnerabilities

Testing /github/workspace...

✗ High severity vulnerability found in google.golang.org/grpc
  Description: Denial of Service (DoS)
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGGRPC-5953328
  Introduced through: google.golang.org/grpc@1.58.2, go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.45.0, go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc@0.42.0, go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.19.0
  From: google.golang.org/grpc@1.58.2
  From: go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.45.0 > google.golang.org/grpc@1.58.2
  From: go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc@0.42.0 > google.golang.org/grpc@1.58.2
  and 7 more...
  Fixed in: 1.56.3, 1.57.1, 1.58.3

✗ High severity vulnerability found in golang.org/x/net/http2
  Description: Denial of Service (DoS)
  Info: https://security.snyk.io/vuln/SNYK-GOLANG-GOLANGORGXNETHTTP2-5953327
  Introduced through: github.com/gin-gonic/gin@1.9.1, google.golang.org/grpc@1.58.2, go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.45.0, go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc@0.42.0, go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.19.0
  From: github.com/gin-gonic/gin@1.9.1 > golang.org/x/net/http2@0.[15](https://github.com/hypertrace/goagent/actions/runs/6789363516/job/18456380587#step:4:16).0
  From: github.com/gin-gonic/gin@1.9.1 > golang.org/x/net/http2/h2c@0.15.0 > golang.org/x/net/http2@0.15.0
  From: google.golang.org/grpc@1.58.2 > google.golang.org/grpc/internal/transport@1.58.2 > golang.org/x/net/http2@0.15.0
  and 3 more...
  Fixed in: 0.[17](https://github.com/hypertrace/goagent/actions/runs/6789363516/job/18456380587#step:4:18).0

Checklist:

  • [✅ ] My changes generate no new warnings

@codecov
Copy link
Copy Markdown

codecov Bot commented Nov 7, 2023

Codecov Report

Merging #218 (861362b) into main (ea08a0b) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #218   +/-   ##
=======================================
  Coverage   58.94%   58.94%           
=======================================
  Files          55       55           
  Lines        2236     2236           
=======================================
  Hits         1318     1318           
  Misses        859      859           
  Partials       59       59

📣 Codecov offers a browser extension for seamless coverage viewing on GitHub. Try it in Chrome or Firefox today!

@tim-mwangi tim-mwangi merged commit de9ef45 into main Nov 7, 2023
@tim-mwangi tim-mwangi deleted the fix-vuln branch November 7, 2023 21:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ryanericson ryanericson ryanericson approved these changes

@prodion23 prodion23 Awaiting requested review from prodion23

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tim-mwangi @ryanericson