Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[elastic. azure, gcp] Mitigate STJ vulnerabilities #2198

Merged
merged 2 commits into from
Oct 9, 2024
Merged

[elastic. azure, gcp] Mitigate STJ vulnerabilities #2198

merged 2 commits into from
Oct 9, 2024

Conversation

CodeBlanch
Copy link
Member

@CodeBlanch CodeBlanch commented Oct 9, 2024
edited
Loading

Changes

  • Mitigate security vulnerabilities in more remaining projects with a direct reference to STJ.

Details

OpenTelemetry.Instrumentation.ElasticsearchClient

Before

Target Direct reference Version Vulnerable
net462 Yes 6.0.4 Yes
netstandard2.0 Yes 6.0.4 Yes

After

Target Direct reference Version Vulnerable
net462 Yes 4.7.2 No
netstandard2.0 Yes 4.7.2 No

OpenTelemetry.Resources.Azure

Before

Target Direct reference Version Vulnerable
net462 Yes 4.7.2 No
net8.0 Yes 4.7.2 No
netstandard2.0 Yes 4.7.2 No

After

Target Direct reference Version Vulnerable Notes
net462 Yes 4.7.2 No
net8.0 Yes 8.0.5 No Wasn't vulnerable before, but also wasn't standard with everything else. Decided to make this standard.
netstandard2.0 Yes 4.7.2 No

OpenTelemetry.Resources.Gcp

Before

Target Direct reference Version Vulnerable
net462 Yes 4.7.2 No
net8.0 Yes 4.7.2 No
netstandard2.0 Yes 4.7.2 No

After

Target Direct reference Version Vulnerable Notes
net462 Yes 4.7.2 No
net8.0 Yes 8.0.5 No Wasn't vulnerable before, but also wasn't standard with everything else. Decided to make this standard.
netstandard2.0 Yes 4.7.2 No

Merge requirement checklist

  • CONTRIBUTING guidelines followed (license requirements, nullable enabled, static analysis, etc.)

@CodeBlanch CodeBlanch requested a review from a team as a code owner October 9, 2024 23:22
@github-actions github-actions bot added infra Infra work - CI/CD, code coverage, linters comp:instrumentation.elasticsearchclient Things related to OpenTelemetry.Instrumentation.ElasticsearchClient comp:resources.azure Things related to OpenTelemetry.Resources.Azure comp:resources.gcp Things related to OpenTelemetry.Resources.Gcp labels Oct 9, 2024
@codecov Codecov
Copy link

codecov bot commented Oct 9, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 70.24%. Comparing base (71655ce) to head (eba9b31).
Report is 524 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #2198      +/-   ##
==========================================
- Coverage   73.91%   70.24%   -3.68%     
==========================================
  Files         267      290      +23     
  Lines        9615    11782    +2167     
==========================================
+ Hits         7107     8276    +1169     
- Misses       2508     3506     +998
Flag Coverage Δ
unittests-Exporter.Geneva 59.12% <ø> (?)
unittests-Exporter.Instana 71.24% <ø> (?)
unittests-Exporter.OneCollector 94.32% <ø> (?)
unittests-Exporter.Stackdriver 75.73% <ø> (?)
unittests-Extensions 88.63% <ø> (?)
unittests-Extensions.AWS 83.41% <ø> (?)
unittests-Extensions.Enrichment 100.00% <ø> (?)
unittests-Instrumentation.AspNet 77.00% <ø> (?)
unittests-Instrumentation.ConfluentKafka 14.12% <ø> (?)
unittests-Instrumentation.ElasticsearchClient 79.87% <ø> (?)
unittests-Instrumentation.EventCounters 76.36% <ø> (?)
unittests-Instrumentation.GrpcNetClient 79.61% <ø> (?)
unittests-Instrumentation.Hangfire 93.58% <ø> (?)
unittests-Instrumentation.Http 73.57% <ø> (?)
unittests-Instrumentation.Owin 85.97% <ø> (?)
unittests-Instrumentation.Process 100.00% <ø> (?)
unittests-Instrumentation.Quartz 78.94% <ø> (?)
unittests-Instrumentation.Runtime 97.53% <ø> (?)
unittests-Instrumentation.StackExchangeRedis 69.92% <ø> (?)
unittests-Instrumentation.Wcf 78.47% <ø> (?)
unittests-PersistentStorage 65.78% <ø> (?)
unittests-Resources.AWS 77.85% <ø> (?)
unittests-Resources.Azure 83.89% <ø> (?)
unittests-Resources.Container 72.41% <ø> (?)
unittests-Resources.Gcp 72.54% <ø> (?)
unittests-Resources.Host 73.94% <ø> (?)
unittests-Resources.OperatingSystem 77.20% <ø> (?)
unittests-Resources.Process 100.00% <ø> (?)
unittests-Resources.ProcessRuntime 77.08% <ø> (?)
unittests-Sampler.AWS 87.74% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

see 344 files with indirect coverage changes

@CodeBlanch CodeBlanch merged commit 5127c95 into open-telemetry:main Oct 9, 2024
113 of 133 checks passed
@CodeBlanch CodeBlanch deleted the repo-stj-mitigate-remaining-projects branch October 9, 2024 23:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cijothomas cijothomas cijothomas approved these changes

@ejsmith ejsmith ejsmith approved these changes

@matt-hensley matt-hensley matt-hensley approved these changes

@pyohannes pyohannes Awaiting requested review from pyohannes

@rajkumar-rangaraj rajkumar-rangaraj Awaiting requested review from rajkumar-rangaraj

@TimothyMothra TimothyMothra Awaiting requested review from TimothyMothra

Assignees

@matt-hensley matt-hensley

@ejsmith ejsmith

@rajkumar-rangaraj rajkumar-rangaraj

@pyohannes pyohannes

@TimothyMothra TimothyMothra

Labels
comp:instrumentation.elasticsearchclient Things related to OpenTelemetry.Instrumentation.ElasticsearchClient comp:resources.azure Things related to OpenTelemetry.Resources.Azure comp:resources.gcp Things related to OpenTelemetry.Resources.Gcp infra Infra work - CI/CD, code coverage, linters
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@CodeBlanch @matt-hensley @ejsmith @cijothomas @rajkumar-rangaraj @pyohannes @TimothyMothra