Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vendor resources pulled in during runtime #24

Closed
beorn7 opened this issue Jan 28, 2015 · 1 comment
Closed

Vendor resources pulled in during runtime #24

beorn7 opened this issue Jan 28, 2015 · 1 comment

Comments

@beorn7
Copy link
Member

beorn7 commented Jan 28, 2015

Alertmanager should be able to run in an environment that is not connected to the internet.
Therefore, we must not pull in external resources like e.g. in https://github.com/prometheus/alertmanager/blob/master/web/templates/_base.html#L8
@brian-brazil
Copy link
Contributor

The new alertmanager isn't using any remote resources AFAICT.

simonpasquier pushed a commit to simonpasquier/alertmanager that referenced this issue Jul 9, 2019
@openshift-merge-robot
Merge pull request prometheus#24 from simonpasquier/remove-rpm
1c87876 
Remove spec and systemd files
zecke added a commit to zecke/alertmanager that referenced this issue Apr 17, 2024
@zecke
dep: Manually upgrade golang.org/x/net (prometheus#3674)
c506dab 
Addresses:
Scanning your code and 410 packages across 83 dependent modules for known vulnerabilities...

=== Symbol Results ===

Vulnerability prometheus#1: GO-2024-2687
    HTTP/2 CONTINUATION flood in net/http
  More info: https://pkg.go.dev/vuln/GO-2024-2687
  Module: golang.org/x/net
    Found in: golang.org/x/[email protected]
    Fixed in: golang.org/x/[email protected]
    Example traces found:
      prometheus#1: cli/root.go:122:52: cli.NewAlertmanagerClient calls config.NewClientFromConfig, which eventually calls http2.ConfigureTransports
      prometheus#2: types/types.go:290:28: types.MultiError.Error calls http2.ConnectionError.Error
      prometheus#3: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.ErrCode.String
      prometheus#4: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.FrameHeader.String
      prometheus#5: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.FrameType.String
      prometheus#6: types/types.go:290:28: types.MultiError.Error calls http2.GoAwayError.Error
      prometheus#7: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.Setting.String
      prometheus#8: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.SettingID.String
      prometheus#9: types/types.go:290:28: types.MultiError.Error calls http2.StreamError.Error
      prometheus#10: api/v2/client/silence/silence_client.go:196:35: silence.Client.PostSilences calls client.Runtime.Submit, which eventually calls http2.Transport.NewClientConn
      prometheus#11: api/v2/client/silence/silence_client.go:196:35: silence.Client.PostSilences calls client.Runtime.Submit, which eventually calls http2.Transport.RoundTrip
      prometheus#12: notify/email/email.go:253:14: email.Email.Notify calls fmt.Fprintf, which eventually calls http2.chunkWriter.Write
      prometheus#13: types/types.go:290:28: types.MultiError.Error calls http2.connError.Error
      prometheus#14: types/types.go:290:28: types.MultiError.Error calls http2.duplicatePseudoHeaderError.Error
      prometheus#15: test/cli/acceptance.go:362:3: cli.Alertmanager.Start calls http2.gzipReader.Close
      prometheus#16: test/cli/acceptance.go:366:22: cli.Alertmanager.Start calls io.ReadAll, which calls http2.gzipReader.Read
      prometheus#17: types/types.go:290:28: types.MultiError.Error calls http2.headerFieldNameError.Error
      prometheus#18: types/types.go:290:28: types.MultiError.Error calls http2.headerFieldValueError.Error
      prometheus#19: api/v2/client/silence/silence_client.go:196:35: silence.Client.PostSilences calls client.Runtime.Submit, which eventually calls http2.noDialH2RoundTripper.RoundTrip
      prometheus#20: types/types.go:290:28: types.MultiError.Error calls http2.pseudoHeaderError.Error
      prometheus#21: notify/email/email.go:253:14: email.Email.Notify calls fmt.Fprintf, which eventually calls http2.stickyErrWriter.Write
      prometheus#22: test/cli/acceptance.go:362:3: cli.Alertmanager.Start calls http2.transportResponseBody.Close
      prometheus#23: test/cli/acceptance.go:366:22: cli.Alertmanager.Start calls io.ReadAll, which calls http2.transportResponseBody.Read
      prometheus#24: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.writeData.String

Your code is affected by 1 vulnerability from 1 module.
This scan also found 0 vulnerabilities in packages you import and 2
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.

Signed-off-by: Holger Hans Peter Freyther <[email protected]>
zecke added a commit to zecke/alertmanager that referenced this issue Apr 17, 2024
@zecke
dep: Manually upgrade golang.org/x/net (prometheus#3674)
0aa89d8 
Addresses:
Scanning your code and 410 packages across 83 dependent modules for known vulnerabilities...

=== Symbol Results ===

Vulnerability prometheus#1: GO-2024-2687
    HTTP/2 CONTINUATION flood in net/http
  More info: https://pkg.go.dev/vuln/GO-2024-2687
  Module: golang.org/x/net
    Found in: golang.org/x/[email protected]
    Fixed in: golang.org/x/[email protected]
    Example traces found:
      prometheus#1: cli/root.go:122:52: cli.NewAlertmanagerClient calls config.NewClientFromConfig, which eventually calls http2.ConfigureTransports
      prometheus#2: types/types.go:290:28: types.MultiError.Error calls http2.ConnectionError.Error
      prometheus#3: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.ErrCode.String
      prometheus#4: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.FrameHeader.String
      prometheus#5: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.FrameType.String
      prometheus#6: types/types.go:290:28: types.MultiError.Error calls http2.GoAwayError.Error
      prometheus#7: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.Setting.String
      prometheus#8: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.SettingID.String
      prometheus#9: types/types.go:290:28: types.MultiError.Error calls http2.StreamError.Error
      prometheus#10: api/v2/client/silence/silence_client.go:196:35: silence.Client.PostSilences calls client.Runtime.Submit, which eventually calls http2.Transport.NewClientConn
      prometheus#11: api/v2/client/silence/silence_client.go:196:35: silence.Client.PostSilences calls client.Runtime.Submit, which eventually calls http2.Transport.RoundTrip
      prometheus#12: notify/email/email.go:253:14: email.Email.Notify calls fmt.Fprintf, which eventually calls http2.chunkWriter.Write
      prometheus#13: types/types.go:290:28: types.MultiError.Error calls http2.connError.Error
      prometheus#14: types/types.go:290:28: types.MultiError.Error calls http2.duplicatePseudoHeaderError.Error
      prometheus#15: test/cli/acceptance.go:362:3: cli.Alertmanager.Start calls http2.gzipReader.Close
      prometheus#16: test/cli/acceptance.go:366:22: cli.Alertmanager.Start calls io.ReadAll, which calls http2.gzipReader.Read
      prometheus#17: types/types.go:290:28: types.MultiError.Error calls http2.headerFieldNameError.Error
      prometheus#18: types/types.go:290:28: types.MultiError.Error calls http2.headerFieldValueError.Error
      prometheus#19: api/v2/client/silence/silence_client.go:196:35: silence.Client.PostSilences calls client.Runtime.Submit, which eventually calls http2.noDialH2RoundTripper.RoundTrip
      prometheus#20: types/types.go:290:28: types.MultiError.Error calls http2.pseudoHeaderError.Error
      prometheus#21: notify/email/email.go:253:14: email.Email.Notify calls fmt.Fprintf, which eventually calls http2.stickyErrWriter.Write
      prometheus#22: test/cli/acceptance.go:362:3: cli.Alertmanager.Start calls http2.transportResponseBody.Close
      prometheus#23: test/cli/acceptance.go:366:22: cli.Alertmanager.Start calls io.ReadAll, which calls http2.transportResponseBody.Read
      prometheus#24: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.writeData.String

Your code is affected by 1 vulnerability from 1 module.
This scan also found 0 vulnerabilities in packages you import and 2
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.

Signed-off-by: Holger Hans Peter Freyther <[email protected]>
zecke added a commit to zecke/alertmanager that referenced this issue Apr 17, 2024
@zecke
dep: Manually upgrade golang.org/x/net (prometheus#3674)
11192e9 
Addresses:
Scanning your code and 410 packages across 83 dependent modules for known vulnerabilities...

=== Symbol Results ===

Vulnerability prometheus#1: GO-2024-2687
    HTTP/2 CONTINUATION flood in net/http
  More info: https://pkg.go.dev/vuln/GO-2024-2687
  Module: golang.org/x/net
    Found in: golang.org/x/[email protected]
    Fixed in: golang.org/x/[email protected]
    Example traces found:
      prometheus#1: cli/root.go:122:52: cli.NewAlertmanagerClient calls config.NewClientFromConfig, which eventually calls http2.ConfigureTransports
      prometheus#2: types/types.go:290:28: types.MultiError.Error calls http2.ConnectionError.Error
      prometheus#3: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.ErrCode.String
      prometheus#4: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.FrameHeader.String
      prometheus#5: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.FrameType.String
      prometheus#6: types/types.go:290:28: types.MultiError.Error calls http2.GoAwayError.Error
      prometheus#7: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.Setting.String
      prometheus#8: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.SettingID.String
      prometheus#9: types/types.go:290:28: types.MultiError.Error calls http2.StreamError.Error
      prometheus#10: api/v2/client/silence/silence_client.go:196:35: silence.Client.PostSilences calls client.Runtime.Submit, which eventually calls http2.Transport.NewClientConn
      prometheus#11: api/v2/client/silence/silence_client.go:196:35: silence.Client.PostSilences calls client.Runtime.Submit, which eventually calls http2.Transport.RoundTrip
      prometheus#12: notify/email/email.go:253:14: email.Email.Notify calls fmt.Fprintf, which eventually calls http2.chunkWriter.Write
      prometheus#13: types/types.go:290:28: types.MultiError.Error calls http2.connError.Error
      prometheus#14: types/types.go:290:28: types.MultiError.Error calls http2.duplicatePseudoHeaderError.Error
      prometheus#15: test/cli/acceptance.go:362:3: cli.Alertmanager.Start calls http2.gzipReader.Close
      prometheus#16: test/cli/acceptance.go:366:22: cli.Alertmanager.Start calls io.ReadAll, which calls http2.gzipReader.Read
      prometheus#17: types/types.go:290:28: types.MultiError.Error calls http2.headerFieldNameError.Error
      prometheus#18: types/types.go:290:28: types.MultiError.Error calls http2.headerFieldValueError.Error
      prometheus#19: api/v2/client/silence/silence_client.go:196:35: silence.Client.PostSilences calls client.Runtime.Submit, which eventually calls http2.noDialH2RoundTripper.RoundTrip
      prometheus#20: types/types.go:290:28: types.MultiError.Error calls http2.pseudoHeaderError.Error
      prometheus#21: notify/email/email.go:253:14: email.Email.Notify calls fmt.Fprintf, which eventually calls http2.stickyErrWriter.Write
      prometheus#22: test/cli/acceptance.go:362:3: cli.Alertmanager.Start calls http2.transportResponseBody.Close
      prometheus#23: test/cli/acceptance.go:366:22: cli.Alertmanager.Start calls io.ReadAll, which calls http2.transportResponseBody.Read
      prometheus#24: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.writeData.String

Your code is affected by 1 vulnerability from 1 module.
This scan also found 0 vulnerabilities in packages you import and 2
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.

Signed-off-by: Holger Hans Peter Freyther <[email protected]>
zecke added a commit to zecke/alertmanager that referenced this issue Apr 17, 2024
@zecke
dep: Manually upgrade golang.org/x/net (prometheus#3674)
87ca419 
Addresses:
Scanning your code and 410 packages across 83 dependent modules for known vulnerabilities...

=== Symbol Results ===

Vulnerability prometheus#1: GO-2024-2687
    HTTP/2 CONTINUATION flood in net/http
  More info: https://pkg.go.dev/vuln/GO-2024-2687
  Module: golang.org/x/net
    Found in: golang.org/x/[email protected]
    Fixed in: golang.org/x/[email protected]
    Example traces found:
      prometheus#1: cli/root.go:122:52: cli.NewAlertmanagerClient calls config.NewClientFromConfig, which eventually calls http2.ConfigureTransports
      prometheus#2: types/types.go:290:28: types.MultiError.Error calls http2.ConnectionError.Error
      prometheus#3: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.ErrCode.String
      prometheus#4: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.FrameHeader.String
      prometheus#5: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.FrameType.String
      prometheus#6: types/types.go:290:28: types.MultiError.Error calls http2.GoAwayError.Error
      prometheus#7: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.Setting.String
      prometheus#8: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.SettingID.String
      prometheus#9: types/types.go:290:28: types.MultiError.Error calls http2.StreamError.Error
      prometheus#10: api/v2/client/silence/silence_client.go:196:35: silence.Client.PostSilences calls client.Runtime.Submit, which eventually calls http2.Transport.NewClientConn
      prometheus#11: api/v2/client/silence/silence_client.go:196:35: silence.Client.PostSilences calls client.Runtime.Submit, which eventually calls http2.Transport.RoundTrip
      prometheus#12: notify/email/email.go:253:14: email.Email.Notify calls fmt.Fprintf, which eventually calls http2.chunkWriter.Write
      prometheus#13: types/types.go:290:28: types.MultiError.Error calls http2.connError.Error
      prometheus#14: types/types.go:290:28: types.MultiError.Error calls http2.duplicatePseudoHeaderError.Error
      prometheus#15: test/cli/acceptance.go:362:3: cli.Alertmanager.Start calls http2.gzipReader.Close
      prometheus#16: test/cli/acceptance.go:366:22: cli.Alertmanager.Start calls io.ReadAll, which calls http2.gzipReader.Read
      prometheus#17: types/types.go:290:28: types.MultiError.Error calls http2.headerFieldNameError.Error
      prometheus#18: types/types.go:290:28: types.MultiError.Error calls http2.headerFieldValueError.Error
      prometheus#19: api/v2/client/silence/silence_client.go:196:35: silence.Client.PostSilences calls client.Runtime.Submit, which eventually calls http2.noDialH2RoundTripper.RoundTrip
      prometheus#20: types/types.go:290:28: types.MultiError.Error calls http2.pseudoHeaderError.Error
      prometheus#21: notify/email/email.go:253:14: email.Email.Notify calls fmt.Fprintf, which eventually calls http2.stickyErrWriter.Write
      prometheus#22: test/cli/acceptance.go:362:3: cli.Alertmanager.Start calls http2.transportResponseBody.Close
      prometheus#23: test/cli/acceptance.go:366:22: cli.Alertmanager.Start calls io.ReadAll, which calls http2.transportResponseBody.Read
      prometheus#24: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.writeData.String

Your code is affected by 1 vulnerability from 1 module.
This scan also found 0 vulnerabilities in packages you import and 2
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.

Signed-off-by: Holger Hans Peter Freyther <[email protected]>
gotjosh pushed a commit that referenced this issue Apr 25, 2024
@zecke
dep: Manually upgrade golang.org/x/net (#3674) (#3811)
5b99b12 
Addresses:
Scanning your code and 410 packages across 83 dependent modules for known vulnerabilities...

=== Symbol Results ===

Vulnerability #1: GO-2024-2687
    HTTP/2 CONTINUATION flood in net/http
  More info: https://pkg.go.dev/vuln/GO-2024-2687
  Module: golang.org/x/net
    Found in: golang.org/x/[email protected]
    Fixed in: golang.org/x/[email protected]
    Example traces found:
      #1: cli/root.go:122:52: cli.NewAlertmanagerClient calls config.NewClientFromConfig, which eventually calls http2.ConfigureTransports
      #2: types/types.go:290:28: types.MultiError.Error calls http2.ConnectionError.Error
      #3: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.ErrCode.String
      #4: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.FrameHeader.String
      #5: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.FrameType.String
      #6: types/types.go:290:28: types.MultiError.Error calls http2.GoAwayError.Error
      #7: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.Setting.String
      #8: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.SettingID.String
      #9: types/types.go:290:28: types.MultiError.Error calls http2.StreamError.Error
      #10: api/v2/client/silence/silence_client.go:196:35: silence.Client.PostSilences calls client.Runtime.Submit, which eventually calls http2.Transport.NewClientConn
      #11: api/v2/client/silence/silence_client.go:196:35: silence.Client.PostSilences calls client.Runtime.Submit, which eventually calls http2.Transport.RoundTrip
      #12: notify/email/email.go:253:14: email.Email.Notify calls fmt.Fprintf, which eventually calls http2.chunkWriter.Write
      #13: types/types.go:290:28: types.MultiError.Error calls http2.connError.Error
      #14: types/types.go:290:28: types.MultiError.Error calls http2.duplicatePseudoHeaderError.Error
      #15: test/cli/acceptance.go:362:3: cli.Alertmanager.Start calls http2.gzipReader.Close
      #16: test/cli/acceptance.go:366:22: cli.Alertmanager.Start calls io.ReadAll, which calls http2.gzipReader.Read
      #17: types/types.go:290:28: types.MultiError.Error calls http2.headerFieldNameError.Error
      #18: types/types.go:290:28: types.MultiError.Error calls http2.headerFieldValueError.Error
      #19: api/v2/client/silence/silence_client.go:196:35: silence.Client.PostSilences calls client.Runtime.Submit, which eventually calls http2.noDialH2RoundTripper.RoundTrip
      #20: types/types.go:290:28: types.MultiError.Error calls http2.pseudoHeaderError.Error
      #21: notify/email/email.go:253:14: email.Email.Notify calls fmt.Fprintf, which eventually calls http2.stickyErrWriter.Write
      #22: test/cli/acceptance.go:362:3: cli.Alertmanager.Start calls http2.transportResponseBody.Close
      #23: test/cli/acceptance.go:366:22: cli.Alertmanager.Start calls io.ReadAll, which calls http2.transportResponseBody.Read
      #24: notify/notify.go:998:21: notify.TimeActiveStage.Exec calls log.jsonLogger.Log, which eventually calls http2.writeData.String

Your code is affected by 1 vulnerability from 1 module.
This scan also found 0 vulnerabilities in packages you import and 2
vulnerabilities in modules you require, but your code doesn't appear to call
these vulnerabilities.
Use '-show verbose' for more details.

Signed-off-by: Holger Hans Peter Freyther <[email protected]>
saswatamcode pushed a commit to saswatamcode/alertmanager that referenced this issue Jun 17, 2024
@dislbenn
Merge pull request prometheus#24 from stolostron/dbennett/image-rebui…
5ad38ed 
…ld-2.5

[release-2.5] Triggering image rebuild
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@beorn7 @brian-brazil