opentelemetry-collector/0.115.0-r0: cve remediation (#36751)

opentelemetry-collector/0.115.0-r0: fix GHSA-v778-237x-gjrc Advisory data: https://github.com/wolfi-dev/advisories/blob/main/opentelemetry-collector.advisories.yaml --------- Signed-off-by: Batuhan Apaydin <[email protected]> Co-authored-by: octo-sts[bot] <[email protected]> Co-authored-by: hbh7 <[email protected]> Co-authored-by: Batuhan Apaydin <[email protected]>
wolfi-dev · Dec 14, 2024 · d024097 · d024097
1 parent 689759c
commit d024097
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/opentelemetry-collector.yaml b/opentelemetry-collector.yaml
@@ -1,7 +1,7 @@
 package:
   name: opentelemetry-collector
   version: 0.115.0
-  epoch: 0
+  epoch: 1
   description: OpenTelemetry Collector
   copyright:
     - license: Apache-2.0
@@ -13,6 +13,7 @@ environment:
       - curl
       - go
       - openssf-compiler-options
+      - yq
 
 pipeline:
   - runs: |
@@ -39,6 +40,7 @@ pipeline:
   - runs: |
       set -x
       # Use the builder to compile opentelemetry-collector
+      yq eval '.replaces += ["golang.org/x/crypto => golang.org/x/crypto v0.31.0"]' builder-config.yaml -i
       ${{targets.destdir}}/usr/bin/ocb --config=builder-config.yaml
 
       install -Dm755 ./_build/otelcol "${{targets.destdir}}"/usr/bin/otelcol