Merge pull request #138 from Conjur-Enterprise/CNJR-13645

hdabrowski · GitHub Enterprise · commit bcf147dc9826 · 2026-04-13T17:48:19.000+02:00
CNJR-13645: Remove unused grpc module, upgrade otel/sdk
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -16,6 +16,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ### Security
 - Upgrade golang to 1.26 to address CVE-2026-22184 (CNJR-13301)
+- Upgrade otel to 1.43 to address CVE-2026-39883 and CVE-2026-39882. CNJR-13645
 
 ## [1.9.0] - 2026-03-09
 
diff --git a/deploy/test/test_cases/run_tests.sh b/deploy/test/test_cases/run_tests.sh
@@ -115,7 +115,7 @@ if ! command -v helm >/dev/null 2>&1; then
   echo "ERROR: helm not found in PATH; cannot build chart dependencies" >&2
   exit 1
 fi
-helm repo add stakater https://stakater.github.io/stakater-charts 2>/dev/null || true
+helm repo add stakater https://stakater.github.io/stakater-charts || true
 helm repo update
 helm dependency build "${_REPO_ROOT}/helm/secrets-provider"
 
diff --git a/go.mod b/go.mod
@@ -86,13 +86,13 @@ require (
 	go.opentelemetry.io/otel/exporters/jaeger v1.17.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.42.0 // indirect
 	go.opentelemetry.io/otel/metric v1.43.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.42.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.43.0 // indirect
 	go.opentelemetry.io/otel/trace v1.43.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.4 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	golang.org/x/net v0.52.0 // indirect
 	golang.org/x/oauth2 v0.36.0 // indirect
-	golang.org/x/sys v0.42.0 // indirect
+	golang.org/x/sys v0.43.0 // indirect
 	golang.org/x/term v0.41.0 // indirect
 	golang.org/x/text v0.35.0 // indirect
 	golang.org/x/time v0.15.0 // indirect
@@ -123,7 +123,3 @@ replace github.com/cyberark/conjur-opentelemetry-tracer => github.com/cyberark/c
 // so we don't downgrade future versions unintentionally.
 
 exclude github.com/emicklei/go-restful v2.9.5+incompatible
-
-replace google.golang.org/grpc v1.65.0 => google.golang.org/grpc v1.79.3
-
-replace go.opentelemetry.io/otel/sdk v1.42.0 => go.opentelemetry.io/otel/sdk v1.43.0
diff --git a/go.sum b/go.sum
@@ -210,8 +210,8 @@ golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs=
 golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q=
 golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4=
 golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
-golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=
-golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
+golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI=
+golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
 golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU=
 golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A=
 golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8=
