feat(splunk-otel-collector): update advisory for several vulnerabilities (#21341)

efbar · web-flow · commit d08ffb46b73f · 2025-08-04T13:45:10.000Z
Signed-off-by: Francesco Bartolini &lt;francesco.bartolini@chainguard.dev&gt;
diff --git a/splunk-otel-collector.advisories.yaml b/splunk-otel-collector.advisories.yaml
@@ -95,6 +95,10 @@ advisories:
             componentType: go-module
             componentLocation: /usr/bin/otelcol
             scanner: grype
+      - timestamp: 2025-08-04T13:02:46Z
+        type: pending-upstream-fix
+        data:
+          note: 'The vulnerability originates from the Vault dependency. Upgrading Vault breaks the build due to a transitive conflict with k8s.io/client-go, which introduces incompatibility with Prometheus libraries. Once Prometheus addresses this (see issue #16767 and PR #16768) and the upstream resolves the issue, we’ll be able to upgrade and remediate the vulnerability.'
 
   - id: CGA-5fjc-fxmq-vggm
     aliases:
@@ -179,6 +183,10 @@ advisories:
             componentType: go-module
             componentLocation: /usr/bin/otelcol
             scanner: grype
+      - timestamp: 2025-08-04T13:02:46Z
+        type: pending-upstream-fix
+        data:
+          note: 'The vulnerability originates from the Vault dependency. Upgrading Vault breaks the build due to a transitive conflict with k8s.io/client-go, which introduces incompatibility with Prometheus libraries. Once Prometheus addresses this (see issue #16767 and PR #16768) and the upstream resolves the issue, we’ll be able to upgrade and remediate the vulnerability.'
 
   - id: CGA-8226-gq6c-h5h6
     aliases:
@@ -299,6 +307,10 @@ advisories:
             componentType: go-module
             componentLocation: /usr/bin/otelcol
             scanner: grype
+      - timestamp: 2025-08-04T13:02:46Z
+        type: pending-upstream-fix
+        data:
+          note: 'The vulnerability originates from the Vault dependency. Upgrading Vault breaks the build due to a transitive conflict with k8s.io/client-go, which introduces incompatibility with Prometheus libraries. Once Prometheus addresses this (see issue #16767 and PR #16768) and the upstream resolves the issue, we’ll be able to upgrade and remediate the vulnerability.'
 
   - id: CGA-crqj-9642-5m2w
     aliases:
@@ -406,6 +418,10 @@ advisories:
             componentType: go-module
             componentLocation: /usr/bin/otelcol
             scanner: grype
+      - timestamp: 2025-08-04T13:02:46Z
+        type: pending-upstream-fix
+        data:
+          note: 'The vulnerability originates from the Vault dependency. Upgrading Vault breaks the build due to a transitive conflict with k8s.io/client-go, which introduces incompatibility with Prometheus libraries. Once Prometheus addresses this (see issue #16767 and PR #16768) and the upstream resolves the issue, we’ll be able to upgrade and remediate the vulnerability.'
 
   - id: CGA-jr6h-pq36-654c
     aliases:
@@ -511,6 +527,10 @@ advisories:
             componentType: go-module
             componentLocation: /usr/bin/otelcol
             scanner: grype
+      - timestamp: 2025-08-04T13:02:46Z
+        type: pending-upstream-fix
+        data:
+          note: 'The vulnerability originates from the Vault dependency. Upgrading Vault breaks the build due to a transitive conflict with k8s.io/client-go, which introduces incompatibility with Prometheus libraries. Once Prometheus addresses this (see issue #16767 and PR #16768) and the upstream resolves the issue, we’ll be able to upgrade and remediate the vulnerability.'
 
   - id: CGA-v69g-6284-r2qx
     aliases:
@@ -564,6 +584,10 @@ advisories:
             componentType: go-module
             componentLocation: /usr/bin/otelcol
             scanner: grype
+      - timestamp: 2025-08-04T13:02:46Z
+        type: pending-upstream-fix
+        data:
+          note: 'The vulnerability originates from the Vault dependency. Upgrading Vault breaks the build due to a transitive conflict with k8s.io/client-go, which introduces incompatibility with Prometheus libraries. Once Prometheus addresses this (see issue #16767 and PR #16768) and the upstream resolves the issue, we’ll be able to upgrade and remediate the vulnerability.'
 
   - id: CGA-xgcq-m8cr-rf2h
     aliases:
@@ -582,6 +606,10 @@ advisories:
             componentType: go-module
             componentLocation: /usr/bin/otelcol
             scanner: grype
+      - timestamp: 2025-08-04T13:02:46Z
+        type: pending-upstream-fix
+        data:
+          note: 'The vulnerability originates from the Vault dependency. Upgrading Vault breaks the build due to a transitive conflict with k8s.io/client-go, which introduces incompatibility with Prometheus libraries. Once Prometheus addresses this (see issue #16767 and PR #16768) and the upstream resolves the issue, we’ll be able to upgrade and remediate the vulnerability.'
 
   - id: CGA-xpgr-wj46-h3fx
     aliases:
