PCP-6787 Fix CVEs by vishu2498 · Pull Request #19 · spectrocloud/cluster-api-provider-cloudstack

vishu2498 · 2026-05-29T09:20:00Z

No description provided.

bulwark-spectrocloud

⚠️ GoVulnCheck scan found vulnerabilities:

GO-2026-4394
- Module: go.opentelemetry.io/otel/sdk
- Found in: v1.29.0
- Fixed in: v1.40.0
- Example Traces:
  1. controllers/cloudstackfailuredomain_controller.go:150:28: controllers.GetAllMachinesInFailureDomain calls client.List, which eventually calls noop.Start
  2. main.go:36:2: cluster-api-provider-cloudstack.init calls flags.init, which eventually calls otelhttp.newTracer
  3. pkg/cloud/instance.go:493:27: cloud.DeployVM calls cloud.compress, which eventually calls otelhttp.serveHTTP$4
  4. pkg/cloud/cks_cluster.go:143:71: cloud.RemoveVMFromCksCluster calls cloudstack.RemoveVirtualMachinesFromKubernetesCluster, which eventually calls otelhttp.Close
  5. controllers/cloudstackfailuredomain_controller.go:150:28: controllers.GetAllMachinesInFailureDomain calls client.List, which eventually calls otelhttp.RoundTrip

Please review these findings and fix the issues before merging.

Changes have been made to address the security findings.

vishu2498 force-pushed the PCP-6787 branch from 9a0f843 to dccdac2 Compare May 29, 2026 09:26

bulwark-spectrocloud Bot previously requested changes May 29, 2026

View reviewed changes

vishu2498 force-pushed the PCP-6787 branch from dccdac2 to c5aa3d2 Compare May 29, 2026 09:28

PCP-6787 Fix CVEs

2442c82

vishu2498 force-pushed the PCP-6787 branch from c5aa3d2 to 2442c82 Compare May 29, 2026 09:32

vishu2498 merged commit 52eee57 into spectro-main May 29, 2026
4 of 5 checks passed

vishu2498 deleted the PCP-6787 branch May 29, 2026 09:34

Provide feedback