[release/1.7] deps: Update otelgrpc #10413
Conversation
|
Hi @austinvazquez. Thanks for your PR. I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Signed-off-by: Bryant Biggs <bryantbiggs@gmail.com> (cherry picked from commit 7842161) Signed-off-by: Austin Vazquez <macedonv@amazon.com>
457a009 to
3a02c52
Compare
|
I was curious where this part of the commit went:
But it looks like that was included in a somewhat unrelated cherry-pick that only update golang.org/x/net; 4e6335e (#10211) On that matter, is it intentional to not include the second commit (a1e0601) from #9581 ? It seems to indicate it was needed to satisfy compatibility, but I don't know the details. |
|
@thaJeztah, oh good catch. That might be a miss by me. Let me take another look. |
|
I don't know for sure it it's needed, but I know that OTEL can be a lot of "fun" w.r.t. subtle compatibility issues 😞 - so it won't hurt to have enough eyes on this PR 🤗 |
|
Okay I understand better now. The story is a1e0601 is included in my backport. It resolves OTEL package build issues and 7842161 alone is a broken commit. (I thought these failures were a result of my changes when I tested locally) Unless there is any objections, we can update the description to state both commits are backported as a singular commit to avoid having a broken commit in history. |
| google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb // indirect | ||
| google.golang.org/genproto/googleapis/api v0.0.0-20231120223509-83a465c0220f // indirect |
There was a problem hiding this comment.
Wondering if we could (should?) somehow implement a check for all the google.golang.org/genproto/googleapis/* dependencies to be aligned, I don't know how much relation they have, but they all come from the same repository (and don't provide tagged releases), but wondering if it'd be good to have them all at the same snapshot (when they were regenerated).
There was a problem hiding this comment.
(sorry; random comment on this PR)
containerd 1.7.20 Welcome to the v1.7.20 release of containerd! The twentieth patch release for containerd 1.7 contains various fixes and updates. * Support for dropping inheritable capabilities ([#10469](containerd/containerd#10469)) * Make PodSandboxStatus friendlier to shim crashes ([#10461](containerd/containerd#10461)) * Handle empty DNSConfig differently than unspecified ([#10462](containerd/containerd#10462)) * Fix for `[cri] ttrpc: closed` during ListPodSandboxStats ([#10423](containerd/containerd#10423)) Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues. * Derek McGowan * Akihiro Suda * Phil Estes * Akhil Mohan * Bryant Biggs * Danny Canter * Davanum Srinivas * Mike Brown * Samuel Karp * Tim Hockin <details><summary>16 commits</summary> <p> * Prepare release notes for v1.7.20 ([#10481](containerd/containerd#10481)) * [`7f2d4cd97`](containerd/containerd@7f2d4cd) Prepare release notes for v1.7.20 * deps: Update otelgrpc ([#10413](containerd/containerd#10413)) * [`3a02c523d`](containerd/containerd@3a02c52) deps: Update otelgrpc * Make PodSandboxStatus friendlier to shim crashes ([#10461](containerd/containerd#10461)) * [`df86bdd5d`](containerd/containerd@df86bdd) CRI Sbserver: Make PodSandboxStatus friendlier to shim crashes * Handle empty DNSConfig differently than unspecified ([#10462](containerd/containerd#10462)) * [`209ee4f10`](containerd/containerd@209ee4f) CRI: An empty DNSConfig != unspecified * Support for dropping inheritable capabilities ([#10469](containerd/containerd#10469)) * [`ce65228af`](containerd/containerd@ce65228) Support for dropping inheritable capabilities * Fix for `[cri] ttrpc: closed` during ListPodSandboxStats ([#10423](containerd/containerd#10423)) * [`610498df7`](containerd/containerd@610498d) Fix for `[cri] ttrpc: closed` during ListPodSandboxStats * update to go1.21.12 / go1.22.5 ([#10426](containerd/containerd#10426)) * [`e61c7932e`](containerd/containerd@e61c793) update to go1.21.12 / go1.22.5 * errdefs: denote deprecation as a godoc comment ([#10424](containerd/containerd#10424)) * [`c7d5e430a`](containerd/containerd@c7d5e43) errdefs: denote deprecation as a godoc comment </p> </details> * **github.com/go-logr/logr** v1.2.4 -> v1.3.0 * **github.com/google/go-cmp** v0.5.9 -> v0.6.0 * **github.com/google/uuid** v1.3.1 -> v1.4.0 * **go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc** v0.45.0 -> v0.46.1 * **go.opentelemetry.io/otel** v1.19.0 -> v1.21.0 * **go.opentelemetry.io/otel/metric** v1.19.0 -> v1.21.0 * **go.opentelemetry.io/otel/sdk** v1.19.0 -> v1.21.0 * **go.opentelemetry.io/otel/trace** v1.19.0 -> v1.21.0 * **google.golang.org/genproto** e6e6cdab5c13 -> 989df2bf70f3 * **google.golang.org/genproto/googleapis/api** 007df8e322eb -> 83a465c0220f * **google.golang.org/genproto/googleapis/rpc** d307bd883b97 -> 995d672761c0 Previous release can be found at [v1.7.19](https://github.com/containerd/containerd/releases/tag/v1.7.19)
Issue:
Warning for CVE-2023-2331 on containerd v1.7.
Description of changes:
This change cherry-picks 7842161 and a1e0601 to release/1.7 as a single commit. (Alone 7842161 is a broken commit and will not compile)
Reproduction of changes:
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
(cherry picked from commit 7842161)