OCPBUGS-26450,OCPBUGS-26451: [release-4.14] CVE-2023-45142,CVE-2023-47108: bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc to v0.46.1

[jsafrane]

@openshift/storage

This is a manual cherry-pick of:
#82

[jsafrane]

/jira cherry-pick OCPBUGS-26407,OCPBUGS-25232

[openshift-ci-robot]

@jsafrane: Jira Issue OCPBUGS-26407 has been cloned as Jira Issue OCPBUGS-26450. Will retitle bug to link to clone.

Jira Issue OCPBUGS-25232 has been cloned as Jira Issue OCPBUGS-26451. Will retitle bug to link to clone.
/retitle OCPBUGS-26450,OCPBUGS-26451: [release-4.14] CVE-2023-45142,CVE-2023-47108: bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc to v0.46.1

In response to this:

/jira cherry-pick OCPBUGS-26407,OCPBUGS-25232

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@jsafrane: This pull request references Jira Issue OCPBUGS-26450, which is valid. The bug has been moved to the POST state.

6 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.14.z) matches configured target version for branch (4.14.z)
• bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)
• dependent bug Jira Issue OCPBUGS-26407 is in the state Verified, which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
• dependent Jira Issue OCPBUGS-26407 targets the "4.15.0" version, which is one of the valid target versions: 4.15.0
• bug has dependents

No GitHub users were found matching the public email listed for the QA contact in Jira (wduan@redhat.com), skipping review request.

The bug has been updated to refer to the pull request using the external bug tracker.

This pull request references Jira Issue OCPBUGS-26451, which is valid. The bug has been moved to the POST state.

6 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.14.z) matches configured target version for branch (4.14.z)
• bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)
• dependent bug Jira Issue OCPBUGS-25232 is in the state Verified, which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
• dependent Jira Issue OCPBUGS-25232 targets the "4.15.0" version, which is one of the valid target versions: 4.15.0
• bug has dependents

No GitHub users were found matching the public email listed for the QA contact in Jira (wduan@redhat.com), skipping review request.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

@openshift/storage

This is a manual cherry-pick of:
#82

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jsafrane

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [jsafrane]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jsafrane]

/label backport-risk-assessed

[openshift-ci]

@jsafrane: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/verify-deps	a9f51c5	link	true	/test verify-deps
ci/prow/e2e-aws-csi	a9f51c5	link	true	/test e2e-aws-csi
ci/prow/unit	a9f51c5	link	true	/test unit
ci/prow/images	a9f51c5	link	true	/test images
ci/prow/e2e-gcp-csi	a9f51c5	link	true	/test e2e-gcp-csi

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[jsafrane]

/close
we've decided not to fix 4.14.z and wait for 4.15 GA instead. The amount of dependency changes is too big to be safe for a z-stream and moderate CVE.

[openshift-ci]

@jsafrane: Closed this PR.

In response to this:

/close
we've decided not to fix 4.14.z and wait for 4.15 GA instead. The amount of dependency changes is too big to be safe for a z-stream and moderate CVE.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci-robot]

@jsafrane: This pull request references Jira Issue OCPBUGS-26450. The bug has been updated to no longer refer to the pull request using the external bug tracker. All external bug links have been closed. The bug has been moved to the NEW state.

This pull request references Jira Issue OCPBUGS-26451. The bug has been updated to no longer refer to the pull request using the external bug tracker. All external bug links have been closed. The bug has been moved to the NEW state.

In response to this:

@openshift/storage

This is a manual cherry-pick of:
#82

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.