From 2d37c8cf87c0493622fa884bbae5dc45cdf87b59 Mon Sep 17 00:00:00 2001
From: ccowman <ccowman@redhat.com>
Date: Tue, 18 Mar 2025 19:12:29 +0000
Subject: [PATCH] Update x/oauth and golang

Update golang from v1.22.11 to v1.23 and x/oauth
from v0.22.0 to v0.27.0 to resolve CVE-2025-22868

Resolves: RHEL-84025

Signed-off-by: ccowman <ccowman@redhat.com>
---
 opentelemetry-collector.spec | 9 ++++++++-
 sources                      | 2 +-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/opentelemetry-collector.spec b/opentelemetry-collector.spec
index e00a93a..4430c7c 100644
--- a/opentelemetry-collector.spec
+++ b/opentelemetry-collector.spec
@@ -12,7 +12,7 @@ Collector with the supported components for a Red Hat build of OpenTelemetry}
 %global godocs        README.md
 
 Name:           opentelemetry-collector
-Release:        5%{?dist}
+Release:        6%{?dist}
 Summary:        Red Hat build of OpenTelemetry
 
 License:        Apache-2.0
@@ -106,6 +106,13 @@ fi
 %{_bindir}/*
 
 %changelog
+* Tue Mar 18 2025 Conor Cowman <ccowman@redhat.com> - 0.107.0-6
+- Bump revision
+- Update Golang v1.22.11 to v1.23.0
+- Update x/oauth2 v0.22.0 to v0.27.0
+- Update addresses CVE-2025-22868
+  Resolves: RHEL-84025
+
 * Mon Mar 03 2025 Conor Cowman <ccowman@redhat.com> - 0.107.0-5
 - Bump revision
 - Add runtime requirements for shadow-utils and util-linux to ensure successful creation of observability user on installation
diff --git a/sources b/sources
index 1ab0832..7b537e4 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (redhat-opentelemetry-collector-0.107.0.tar.gz) = dc5e7b705ee8089a85875e73a2ee26d8a2c92445314ee01d64c9dbd8d9b0e6106d4e1d74de5327d99b92222d105e774e2183040acabdebcf533951571eaf8ee7
+SHA512 (redhat-opentelemetry-collector-0.107.0.tar.gz) = 438954937041f7e1eb4c97bf90d6047467c4476f1b8ace667ac1f2082d644f1fd1785d4f3c4c36b9f8eba9f46b9f2169b15b7c18a3c17ed6798a0ae28caad135