Skip to content

Commit 1061b7b

Browse files
msukkariclaude
msukkari
and
claude
authored
chore: bump grpc and otel to patch GHSA alerts (#12)
- google.golang.org/grpc 1.75.0 -> 1.80.0 (addresses GHSA critical #11: authorization bypass via missing leading slash in :path). - go.opentelemetry.io/otel* 1.42.0/1.33.0 -> 1.43.0 (addresses #15 high: BSD kenv PATH hijack, and #14 medium: unbounded OTLP HTTP response body). Fixes Dependabot alerts 11, 14, 15 on sourcebot-dev/zoekt. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1 parent 63c6546 commit 1061b7b

2 files changed

Lines changed: 86 additions & 73 deletions

File tree

go.mod

Lines changed: 21 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -40,26 +40,27 @@ require (
4040
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.63.0
4141
go.opentelemetry.io/contrib/propagators/jaeger v1.33.0
4242
go.opentelemetry.io/contrib/propagators/ot v1.33.0
43-
go.opentelemetry.io/otel v1.42.0
44-
go.opentelemetry.io/otel/bridge/opentracing v1.33.0
45-
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.33.0
46-
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.33.0
47-
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.33.0
48-
go.opentelemetry.io/otel/sdk v1.42.0
49-
go.opentelemetry.io/otel/trace v1.42.0
43+
go.opentelemetry.io/otel v1.43.0
44+
go.opentelemetry.io/otel/bridge/opentracing v1.43.0
45+
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0
46+
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.43.0
47+
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.43.0
48+
go.opentelemetry.io/otel/sdk v1.43.0
49+
go.opentelemetry.io/otel/trace v1.43.0
5050
go.uber.org/atomic v1.11.0
5151
go.uber.org/automaxprocs v1.6.0
52-
golang.org/x/net v0.47.0
53-
golang.org/x/oauth2 v0.34.0
54-
golang.org/x/sync v0.19.0
55-
golang.org/x/sys v0.41.0
56-
google.golang.org/grpc v1.75.0
52+
golang.org/x/net v0.52.0
53+
golang.org/x/oauth2 v0.35.0
54+
golang.org/x/sync v0.20.0
55+
golang.org/x/sys v0.42.0
56+
google.golang.org/grpc v1.80.0
5757
google.golang.org/protobuf v1.36.11
5858
pgregory.net/rapid v1.2.0
5959
)
6060

6161
require (
6262
github.com/42wim/httpsig v1.2.2 // indirect
63+
github.com/cenkalti/backoff/v5 v5.0.3 // indirect
6364
github.com/davidmz/go-pageant v1.0.2 // indirect
6465
github.com/go-fed/httpsig v1.1.0 // indirect
6566
github.com/hashicorp/go-version v1.7.0 // indirect
@@ -73,15 +74,14 @@ require (
7374
cloud.google.com/go v0.118.0 // indirect
7475
cloud.google.com/go/auth v0.14.0 // indirect
7576
cloud.google.com/go/auth/oauth2adapt v0.2.7 // indirect
76-
cloud.google.com/go/compute/metadata v0.7.0 // indirect
77+
cloud.google.com/go/compute/metadata v0.9.0 // indirect
7778
code.gitea.io/sdk/gitea v0.20.0
7879
dario.cat/mergo v1.0.1 // indirect
7980
github.com/HdrHistogram/hdrhistogram-go v1.1.2 // indirect
8081
github.com/Microsoft/go-winio v0.6.2 // indirect
8182
github.com/ProtonMail/go-crypto v1.1.6 // indirect
8283
github.com/beorn7/perks v1.0.1 // indirect
8384
github.com/bits-and-blooms/bitset v1.20.0 // indirect
84-
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
8585
github.com/cespare/xxhash/v2 v2.3.0
8686
github.com/cloudflare/circl v1.6.3 // indirect
8787
github.com/cockroachdb/errors v1.11.3 // indirect
@@ -106,7 +106,7 @@ require (
106106
github.com/google/uuid v1.6.0 // indirect
107107
github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
108108
github.com/googleapis/gax-go/v2 v2.14.1 // indirect
109-
github.com/grpc-ecosystem/grpc-gateway/v2 v2.25.1 // indirect
109+
github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0 // indirect
110110
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
111111
github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
112112
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
@@ -132,17 +132,17 @@ require (
132132
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
133133
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
134134
github.com/yusufpapurcu/wmi v1.2.4 // indirect
135-
go.opentelemetry.io/otel/metric v1.42.0 // indirect
136-
go.opentelemetry.io/proto/otlp v1.5.0 // indirect
135+
go.opentelemetry.io/otel/metric v1.43.0 // indirect
136+
go.opentelemetry.io/proto/otlp v1.10.0 // indirect
137137
go.uber.org/multierr v1.11.0
138138
go.uber.org/zap v1.27.0 // indirect
139-
golang.org/x/crypto v0.45.0 // indirect
140-
golang.org/x/text v0.32.0 // indirect
139+
golang.org/x/crypto v0.49.0 // indirect
140+
golang.org/x/text v0.35.0 // indirect
141141
golang.org/x/time v0.14.0 // indirect
142142
google.golang.org/api v0.217.0 // indirect
143143
google.golang.org/genproto v0.0.0-20250115164207-1a7da9e5054f // indirect
144-
google.golang.org/genproto/googleapis/api v0.0.0-20250811230008-5f3141c8851a // indirect
145-
google.golang.org/genproto/googleapis/rpc v0.0.0-20250825161204-c5933d9347a5 // indirect
144+
google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9 // indirect
145+
google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9 // indirect
146146
gopkg.in/warnings.v0 v0.1.2 // indirect
147147
gopkg.in/yaml.v3 v3.0.1 // indirect
148148
)

0 commit comments

Comments
 (0)