PCP-6775 Updating go build version & fixing vulns by vishu2498 · Pull Request #21 · spectrocloud/cluster-api-provider-cloudstack

vishu2498 · 2026-06-01T13:48:38Z

No description provided.

bulwark-spectrocloud

⚠️ GoVulnCheck scan found vulnerabilities:

GO-2026-4394
- Module: go.opentelemetry.io/otel/sdk
- Found in: v1.39.0
- Fixed in: v1.40.0
- Example Traces:
  1. pkg/cloud/cks_cluster.go:143:71: cloud.RemoveVMFromCksCluster calls cloudstack.RemoveVirtualMachinesFromKubernetesCluster, which eventually calls otelhttp.Read
  2. main.go:36:2: cluster-api-provider-cloudstack.init calls flags.init, which eventually calls resource.init
  3. main.go:36:2: cluster-api-provider-cloudstack.init calls flags.init, which eventually calls trace.Tracer$1
  4. main.go:36:2: cluster-api-provider-cloudstack.init calls flags.init, which eventually calls trace.init
  5. main.go:36:2: cluster-api-provider-cloudstack.init calls flags.init, which eventually calls observ.NewTracer

Please review these findings and fix the issues before merging.

Changes have been made to address the security findings.

vishu2498 force-pushed the PCP-6775 branch from ddcb3f8 to a9f6f88 Compare June 1, 2026 14:05

bulwark-spectrocloud Bot previously requested changes Jun 1, 2026

View reviewed changes

vishu2498 force-pushed the PCP-6775 branch 2 times, most recently from c4205c0 to 484ec89 Compare June 1, 2026 16:03

PCP-6775 Updating go build version & fixing vulns

2d6e172

vishu2498 force-pushed the PCP-6775 branch from 484ec89 to 2d6e172 Compare June 1, 2026 16:05

vishu2498 merged commit cc1b21a into spectro-release-4.8 Jun 1, 2026
4 of 5 checks passed

vishu2498 deleted the PCP-6775 branch June 1, 2026 16:11

Provide feedback