From 81b1354d5fa42ebab85fd7c9091aaa55e74c1ebf Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Jan 2024 09:56:01 -0800
Subject: [PATCH 1/2] Bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 in
/internal/tools (#9236)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl)
from 1.3.3 to 1.3.7.
Release notes
Sourced from github.com/cloudflare/circl's
releases.
CIRCL v1.3.7
What's Changed
New Contributors
Full Changelog: https://github.com/cloudflare/circl/compare/v1.3.6...v1.3.7
CIRCL v1.3.6
What's Changed
New Contributors
Full Changelog: https://github.com/cloudflare/circl/compare/v1.3.3...v1.3.6
Commits
c48866b
Releasing CIRCL v1.3.775ef91e
kyber: remove division by q in ciphertext compression899732a
build(deps): bump golang.org/x/crypto99f0f71
Releasing CIRCL v1.3.6e728d0d
Apply thibmeu code review suggestionsceb2d90
Updating blindrsa to be compliant with RFC9474.44133f7
spelling: trippedc2076d6
spelling: transposesdad2166
spelling: title171c418
spelling: threshold- Additional commits viewable in compare
view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/open-telemetry/opentelemetry-collector/network/alerts).
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
internal/tools/go.mod | 2 +-
internal/tools/go.sum | 3 ++-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/internal/tools/go.mod b/internal/tools/go.mod
index d0ccec69521..8e01578ef5f 100644
--- a/internal/tools/go.mod
+++ b/internal/tools/go.mod
@@ -56,7 +56,7 @@ require (
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/charithe/durationcheck v0.0.10 // indirect
github.com/chavacava/garif v0.1.0 // indirect
- github.com/cloudflare/circl v1.3.3 // indirect
+ github.com/cloudflare/circl v1.3.7 // indirect
github.com/curioswitch/go-reassign v0.2.0 // indirect
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
github.com/daixiang0/gci v0.11.2 // indirect
diff --git a/internal/tools/go.sum b/internal/tools/go.sum
index a30db336a8d..2d17015d768 100644
--- a/internal/tools/go.sum
+++ b/internal/tools/go.sum
@@ -132,8 +132,9 @@ github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5P
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
github.com/client9/misspell v0.3.4 h1:ta993UF76GwbvJcIo3Y68y/M3WxlpEHPWIGDkJYwzJI=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
+github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
+github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
From fb3ed1b0d65b91e49209a7e60d40ef4b607c6b10 Mon Sep 17 00:00:00 2001
From: Pablo Baeyens
Date: Mon, 8 Jan 2024 20:53:58 +0100
Subject: [PATCH 2/2] [config/configretry] Allow zero multiplier and arbitrary
randomization factor (#9235)
**Description:**
Partial revert of #9091 to unblock
open-telemetry/opentelemetry-collector-contrib/pull/30167
This does not mean that usage of a zero multiplier or a randomization
factor outside of [0,1] is blessed upon by Collector maintainers, just
that we need to unblock the release :)
---------
Signed-off-by: Alex Boten
Co-authored-by: Alex Boten
---
.chloggen/addretrysetvalidation.yaml | 3 +++
config/configretry/backoff.go | 4 ++--
config/configretry/backoff_test.go | 9 ++++++++-
3 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/.chloggen/addretrysetvalidation.yaml b/.chloggen/addretrysetvalidation.yaml
index db6b49d0309..e6ace8b2555 100755
--- a/.chloggen/addretrysetvalidation.yaml
+++ b/.chloggen/addretrysetvalidation.yaml
@@ -9,5 +9,8 @@ component: "exporterhelper"
# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
note: "Add RetrySettings validation function"
+subtext: |
+ Validate that time.Duration, multiplier values in configretry are non-negative, and randomization_factor is between 0 and 1
+
# One or more tracking issues or pull requests related to the change
issues: [9089]
diff --git a/config/configretry/backoff.go b/config/configretry/backoff.go
index c3ffc68fe8d..f872600846d 100644
--- a/config/configretry/backoff.go
+++ b/config/configretry/backoff.go
@@ -52,8 +52,8 @@ func (bs *BackOffConfig) Validate() error {
if bs.RandomizationFactor < 0 || bs.RandomizationFactor > 1 {
return errors.New("'randomization_factor' must be within [0, 1]")
}
- if bs.Multiplier <= 0 {
- return errors.New("'multiplier' must be positive")
+ if bs.Multiplier < 0 {
+ return errors.New("'multiplier' must be non-negative")
}
if bs.MaxInterval < 0 {
return errors.New("'max_interval' must be non-negative")
diff --git a/config/configretry/backoff_test.go b/config/configretry/backoff_test.go
index 8c9bf7f41c3..417ebe86161 100644
--- a/config/configretry/backoff_test.go
+++ b/config/configretry/backoff_test.go
@@ -43,10 +43,17 @@ func TestInvalidRandomizationFactor(t *testing.T) {
func TestInvalidMultiplier(t *testing.T) {
cfg := NewDefaultBackOffConfig()
assert.NoError(t, cfg.Validate())
- cfg.Multiplier = 0
+ cfg.Multiplier = -1
assert.Error(t, cfg.Validate())
}
+func TestZeroMultiplierIsValid(t *testing.T) {
+ cfg := NewDefaultBackOffConfig()
+ assert.NoError(t, cfg.Validate())
+ cfg.Multiplier = 0
+ assert.NoError(t, cfg.Validate())
+}
+
func TestInvalidMaxInterval(t *testing.T) {
cfg := NewDefaultBackOffConfig()
assert.NoError(t, cfg.Validate())