diff --git a/go.mod b/go.mod index ca2f30686df..41607378be2 100644 --- a/go.mod +++ b/go.mod @@ -131,7 +131,9 @@ require ( ) replace ( - // + // Fixes CVE-2022-21698 and CVE-2023-45142 + // this dependency comes from k8s.io/component-base@v0.28.4 and k8s.io/apiextensions-apiserver@v0.28.4 + // before removing it make sure that the next version of the related k8s dependencies contains the fix go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp => go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.44.0 // The crypto is pulled from go/compute which is pulled by go/storage // this replace can be removed when version 1.36.1 of go/storage is released.