Merge pull request #8928 from hectorj2f/prom-adapter

prometheus-adapter: fixing CVE-2023-5528

prometheus-adapter.yaml

@@ -1,7 +1,7 @@
 package:
   name: prometheus-adapter
   version: 0.11.2
-  epoch: 0
+  epoch: 1
   description: Prometheus Adapter for Kubernetes Metrics APIs
   copyright:
     - license: Apache-2.0
@@ -24,13 +24,11 @@ pipeline:
       # Handle CVE-2023-39325 and CVE-2023-3978
       go get golang.org/x/[email protected]
 
-      # Remediate GHSA-m425-mq94-257g
-      go get google.golang.org/[email protected]
-
-      # Mitigate GHSA-rcjv-mgp8-qvmr (These are interrelated Go modules.)
-      go get go.opentelemetry.io/contrib/instrumentation/net/http/[email protected]
-      go get go.opentelemetry.io/otel/exporters/otlp/otlptrace/[email protected]
-      go get go.opentelemetry.io/otel/exporters/otlp/otlptrace/[email protected]
+      # Mitigate CVE-2023-47108
+      go get go.opentelemetry.io/contrib/instrumentation/net/http/[email protected]
+      go get go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/[email protected]
+      go get go.opentelemetry.io/otel/exporters/otlp/otlptrace/[email protected]
+      go get go.opentelemetry.io/otel/exporters/otlp/otlptrace/[email protected]
       go mod tidy
 
       make prometheus-adapter