chore(deps): bump the otel-libs group across 1 directory with 10 updates#159
chore(deps): bump the otel-libs group across 1 directory with 10 updates#159dependabot[bot] wants to merge 1 commit into
Conversation
dependabot
Bot
added
dependencies
|
|
📝 WalkthroughWalkthroughThis PR updates dependency versions in ChangesDependency Version Updates
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Up to standards ✅🟢 Issues
|
| Metric | Results |
|---|---|
| Complexity | 0 |
| Duplication | 0 |
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
go.mod (1)
89-161:⚠️ Potential issue | 🔴 Critical | ⚡ Quick winCritical: update
github.com/jackc/pgx/v5fromv5.6.0(still vulnerable)
go.modpinsgithub.com/jackc/pgx/v5 v5.6.0 // indirect(line 95). This is below the fixes for GO-2026-4771 and GO-2026-4772 (fixed in pgxv5.9.0) and below GHSA-j88v-2chj-qfwx / CVE-2026-41889 (fixed in pgxv5.9.2). Liftpgxtov5.9.2or newer (e.g., via a directrequire/override) so the vulnerable transitive version can’t be selected.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@go.mod`:
- Line 38: The go.mod currently lists google.golang.org/grpc v1.81.1 but a
replace directive pins google.golang.org/grpc to v1.63.2, neutralizing the
upgrade and leaving GHSA-p77j-4mvh-x3m3 (CVE-2026-33186) unpatched; update the
replace directive for module google.golang.org/grpc to at least v1.79.3 (or
remove the replace entirely if no longer required) so the effective version
matches the fixed release, then run go mod tidy to refresh go.sum and verify the
vulnerability is resolved.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 7b30174d-1fd3-4e0e-adc2-b64440ed58cf
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum
📒 Files selected for processing (1)
go.mod
| golang.org/x/sys v0.42.0 | ||
| google.golang.org/grpc v1.80.0 | ||
| golang.org/x/sys v0.45.0 | ||
| google.golang.org/grpc v1.81.1 |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify effective grpc version constraints and override in go.mod.
rg -n 'google.golang.org/grpc' go.mod
rg -n '^replace\s+google.golang.org/grpc' go.modRepository: kubeservice-stack/common
Length of output: 342
🏁 Script executed:
#!/bin/bash
set -euo pipefail
# Inspect surrounding go.mod lines to confirm require/replace semantics.
nl -ba go.mod | sed -n '25,60p'
echo "-----"
nl -ba go.mod | sed -n '155,205p'
echo "-----"
# Check for any other grpc entries.
rg -n 'google\.golang\.org/grpc' go.modRepository: kubeservice-stack/common
Length of output: 111
🌐 Web query:
GHSA-p77j-4mvh-x3m3 grpc patched version 1.79.3
💡 Result:
GHSA-p77j-4mvh-x3m3 is a security vulnerability (CVE-2026-33186) affecting the gRPC-Go library [1][2][3]. It involves an authorization bypass caused by improper input validation of the HTTP/2:path pseudo-header [1][4][5]. Specifically, gRPC-Go servers were previously too lenient, accepting requests where the:path header omitted the mandatory leading slash (e.g., Service/Method instead of /Service/Method) [1][2]. If a server used path-based authorization interceptors—such as the official grpc/authz package—the interceptor would evaluate this non-canonical path string [1][5]. Consequently, deny rules relying on canonical paths (starting with /) would fail to match the request, potentially allowing it to bypass security policies if a fallback allow rule was present [1][4][6]. Version 1.79.3 is the patched release that addresses this issue [1][7][8]. This version ensures that any request with a:path that does not start with a leading slash is immediately rejected with a codes.Unimplemented error, thereby preventing the malformed path from reaching authorization interceptors or application handlers [1][4][8]. Users of gRPC-Go are strongly advised to upgrade to version 1.79.3 or newer to mitigate this vulnerability [1][7][6].
Citations:
- 1: GHSA-p77j-4mvh-x3m3
- 2: https://cve.circl.lu/cve/CVE-2026-33186
- 3: https://nvd.nist.gov/vuln/detail/CVE-2026-33186
- 4: https://osv.dev/vulnerability/GHSA-p77j-4mvh-x3m3
- 5: https://advisories.gitlab.com/golang/google.golang.org/grpc/CVE-2026-33186/
- 6: https://security.snyk.io/vuln/SNYK-GOLANG-GOOGLEGOLANGORGGRPC-15691172
- 7: chore(deps): update module google.golang.org/grpc to v1.79.3 [security] grafana/redshift-datasource#807
- 8: https://github.com/grpc/grpc-go/releases/tag/v1.79.3
🌐 Web query:
GO-2026-4762 google.golang.org/grpc affected versions patched at
💡 Result:
The vulnerability identified by GO-2026-4762 (also tracked as CVE-2026-33186 and GHSA-p77j-4mvh-x3m3) is an authorization bypass in the google.golang.org/grpc package [1][2][3]. Affected versions include all versions of google.golang.org/grpc prior to 1.79.3 [1][2]. The vulnerability was patched in version 1.79.3 [1][2][3]. The issue arises from improper input validation of the HTTP/2:path pseudo-header [2][3]. The gRPC-Go server was previously lenient in its routing logic, accepting requests where the:path omitted the mandatory leading slash (e.g., Service/Method instead of /Service/Method) [2][3]. This allowed requests to bypass path-based authorization interceptors (such as those using the official grpc/authz package) because the interceptors evaluated the non-canonical, raw path string, causing "deny" rules based on canonical paths to fail [2][3]. Version 1.79.3 resolves this by ensuring such requests are rejected with a codes.Unimplemented error [2][3].
Citations:
- 1: https://pkg.go.dev/vuln/GO-2026-4762
- 2: GHSA-p77j-4mvh-x3m3
- 3: https://nvd.nist.gov/vuln/detail/CVE-2026-33186
grpc bump is neutralized by replace pinning a vulnerable version
go.mod requires google.golang.org/grpc v1.81.1, but the replace directive still forces google.golang.org/grpc v1.63.2—which is before the patched release (v1.79.3) for GHSA-p77j-4mvh-x3m3 / GO-2026-4762 (CVE-2026-33186). This means the dependency upgrade doesn’t remediate the vulnerability.
Suggested fix
-replace google.golang.org/grpc => google.golang.org/grpc v1.63.2
+replace google.golang.org/grpc => google.golang.org/grpc v1.81.1(or remove the replace entirely if it’s no longer required).
🧰 Tools
🪛 OSV Scanner (2.3.8)
[CRITICAL] 38-38: google.golang.org/grpc 1.63.2: Authorization bypass in gRPC-Go via missing leading slash in :path in google.golang.org/grpc
(GO-2026-4762)
[CRITICAL] 38-38: google.golang.org/grpc 1.63.2: gRPC-Go has an authorization bypass via missing leading slash in :path
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@go.mod` at line 38, The go.mod currently lists google.golang.org/grpc v1.81.1
but a replace directive pins google.golang.org/grpc to v1.63.2, neutralizing the
upgrade and leaving GHSA-p77j-4mvh-x3m3 (CVE-2026-33186) unpatched; update the
replace directive for module google.golang.org/grpc to at least v1.79.3 (or
remove the replace entirely if no longer required) so the effective version
matches the fixed release, then run go mod tidy to refresh go.sum and verify the
vulnerability is resolved.
Bumps the otel-libs group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [go.opentelemetry.io/contrib/propagators/autoprop](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.63.0` | `0.69.0` | | [go.opentelemetry.io/contrib/samplers/jaegerremote](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.37.0` | `0.37.1` | | [go.opentelemetry.io/otel/bridge/opentracing](https://github.com/open-telemetry/opentelemetry-go) | `1.36.0` | `1.44.0` | | [go.opentelemetry.io/otel/exporters/jaeger](https://github.com/open-telemetry/opentelemetry-go) | `1.16.0` | `1.17.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go) | `1.38.0` | `1.44.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.38.0` | `1.44.0` | | [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) | `1.36.0` | `1.44.0` | Updates `go.opentelemetry.io/contrib/propagators/autoprop` from 0.63.0 to 0.69.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.63.0...zpages/v0.69.0) Updates `go.opentelemetry.io/contrib/samplers/jaegerremote` from 0.37.0 to 0.37.1 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go-contrib@zpages/v0.37.0...samplers/jaegerremote/v0.37.1) Updates `go.opentelemetry.io/otel` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0) Updates `go.opentelemetry.io/otel/bridge/opentracing` from 1.36.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.36.0...v1.44.0) Updates `go.opentelemetry.io/otel/exporters/jaeger` from 1.16.0 to 1.17.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.16.0...v1.17.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace` from 1.38.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.38.0...v1.44.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.38.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.38.0...v1.44.0) Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.36.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.36.0...v1.44.0) Updates `go.opentelemetry.io/otel/sdk` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0) Updates `go.opentelemetry.io/otel/trace` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0) --- updated-dependencies: - dependency-name: go.opentelemetry.io/contrib/propagators/autoprop dependency-version: 0.69.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel-libs - dependency-name: go.opentelemetry.io/contrib/samplers/jaegerremote dependency-version: 0.37.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: otel-libs - dependency-name: go.opentelemetry.io/otel dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel-libs - dependency-name: go.opentelemetry.io/otel/bridge/opentracing dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel-libs - dependency-name: go.opentelemetry.io/otel/exporters/jaeger dependency-version: 1.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel-libs - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel-libs - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel-libs - dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel-libs - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel-libs - dependency-name: go.opentelemetry.io/otel/trace dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: otel-libs ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/go_modules/otel-libs-97d76ca4a5
branch
from
e3da094 to
153158d
Compare
|
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@go.mod`:
- Line 95: go.mod currently resolves github.com/jackc/pgx/v5 to v5.6.0 which is
vulnerable; update dependency resolution so pgx is at least v5.9.2 by either
bumping the gorm postgres driver or adding an explicit require for
github.com/jackc/pgx/v5 v5.9.2: locate the module block in go.mod and add or
update a require entry for github.com/jackc/pgx/v5 to v5.9.2 (or upgrade
gorm.io/driver/postgres to a version that itself requires >= v5.9.2), then run
go get / go mod tidy to update the go.sum and vendor files and verify the
resolved version.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: 40f144c8-6a16-4cca-a9f2-f85de28db2a2
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum
📒 Files selected for processing (1)
go.mod
| github.com/hashicorp/go-version v1.6.0 // indirect | ||
| github.com/jackc/pgpassfile v1.0.0 // indirect | ||
| github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect | ||
| github.com/jackc/pgx/v5 v5.6.0 // indirect |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Check GitHub Security Advisory for pgx vulnerabilities
gh api graphql -f query='
{
securityVulnerabilities(first: 10, ecosystem: GO, package: "github.com/jackc/pgx/v5") {
nodes {
advisory {
summary
severity
identifiers { type value }
}
vulnerableVersionRange
firstPatchedVersion { identifier }
}
}
}'
# Check if upgrading gorm.io/driver/postgres brings in a newer pgx
echo "---"
echo "Current gorm postgres driver version check:"
rg -n 'gorm.io/driver/postgres' go.modRepository: kubeservice-stack/common
Length of output: 1345
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== go.mod relevant lines =="
nl -ba go.mod | sed -n '35,110p' | sed -n '35,80p'
echo "..."
nl -ba go.mod | sed -n '80,110p'
echo "== rg pgx/v5 in go.mod =="
rg -n 'github\.com/jackc/pgx/v5' go.mod || trueRepository: kubeservice-stack/common
Length of output: 157
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== go.mod relevant lines (around gorm driver and pgx) =="
nl -ba go.mod | sed -n '30,115p'
echo "== rg pgx/v5 in go.mod =="
rg -n 'github\.com/jackc/pgx/v5' go.mod || true
echo "== rg gorm.io/driver/postgres in go.mod =="
rg -n 'gorm\.io/driver/postgres' go.mod || trueRepository: kubeservice-stack/common
Length of output: 186
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== go.mod relevant lines =="
awk 'NR>=30 && NR<=115 {printf "%d\t%s\n", NR, $0}' go.mod
echo "== rg pgx/v5 in go.mod =="
rg -n 'github\.com/jackc/pgx/v5' go.mod || true
echo "== rg gorm.io/driver/postgres in go.mod =="
rg -n 'gorm\.io/driver/postgres' go.mod || true
echo "== rg pgx/v5 in go.sum (first 50 matches) =="
rg -n 'github\.com/jackc/pgx/v5 v' go.sum | head -n 50 || trueRepository: kubeservice-stack/common
Length of output: 4961
🏁 Script executed:
#!/bin/bash
set -euo pipefail
go mod why -m github.com/jackc/pgx/v5Repository: kubeservice-stack/common
Length of output: 4952
Upgrade github.com/jackc/pgx/v5 (v5.6.0 is affected by critical vulnerabilities).
go.modpinsgithub.com/jackc/pgx/v5 v5.6.0 // indirect(pulled in viagorm.io/driver/postgres v1.6.0).ghadvisory data shows:- GHSA-9jj7-4m8r-rfcm (memory-safety) is patched in
>= v5.9.0→ v5.6.0 is vulnerable. - GHSA-j88v-2chj-qfwx (SQL injection) is patched in
>= v5.9.2→ v5.6.0 is vulnerable.
- GHSA-9jj7-4m8r-rfcm (memory-safety) is patched in
- Upgrade
gorm.io/driver/postgresso it resolvesgithub.com/jackc/pgx/v5 >= v5.9.2(or add a directrequire github.com/jackc/pgx/v5 v5.9.2to force the patched version).
🧰 Tools
🪛 OSV Scanner (2.3.8)
[CRITICAL] 95-95: github.com/jackc/pgx/v5 5.6.0: CVE-2026-33815 in github.com/jackc/pgx
(GO-2026-4771)
[CRITICAL] 95-95: github.com/jackc/pgx/v5 5.6.0: CVE-2026-33816 in github.com/jackc/pgx
(GO-2026-4772)
[CRITICAL] 95-95: github.com/jackc/pgx/v5 5.6.0: Memory-safety vulnerability in github.com/jackc/pgx/v5.
[CRITICAL] 95-95: github.com/jackc/pgx/v5 5.6.0: pgx: SQL Injection via placeholder confusion with dollar quoted string literals
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@go.mod` at line 95, go.mod currently resolves github.com/jackc/pgx/v5 to
v5.6.0 which is vulnerable; update dependency resolution so pgx is at least
v5.9.2 by either bumping the gorm postgres driver or adding an explicit require
for github.com/jackc/pgx/v5 v5.9.2: locate the module block in go.mod and add or
update a require entry for github.com/jackc/pgx/v5 to v5.9.2 (or upgrade
gorm.io/driver/postgres to a version that itself requires >= v5.9.2), then run
go get / go mod tidy to update the go.sum and vendor files and verify the
resolved version.
1 participant
Bumps the otel-libs group with 7 updates in the / directory:
0.63.00.69.00.37.00.37.11.36.01.44.01.16.01.17.01.38.01.44.01.38.01.44.01.36.01.44.0Updates
go.opentelemetry.io/contrib/propagators/autopropfrom 0.63.0 to 0.69.0Release notes
Sourced from go.opentelemetry.io/contrib/propagators/autoprop's releases.
... (truncated)
Changelog
Sourced from go.opentelemetry.io/contrib/propagators/autoprop's changelog.
... (truncated)
Commits
03b2bcdRelease v1.44.0/v2.5.1/v0.69.0/v0.37.1/v0.24.0/v0.19.0/v0.16.1/v0.16.0 (#9033)80c46d4chore(deps): update module github.com/alecthomas/chroma/v2 to v2.26.0 (#9034)51f2921fix(deps): update module github.com/hetznercloud/hcloud-go/v2 to v2.41.2 (#9026)db82162fix(deps): update aws-sdk-go-v2 monorepo (#9031)5a3e533fix(deps): update module github.com/aws/smithy-go to v1.26.0 (#9032)c67843cotelhttp: Remove custom wrapper after handling request (#6914)c0a4135docs(otelhttptrace): add performance guidance for WithoutSubSpans (#8785)a51a867otelconf: implement cardinality_limits support in PeriodicMetricReader (#8885)dead6e5chore(deps): update module go.yaml.in/yaml/v2 to v2.4.4 (#8994)979ce18chore(deps): update module github.com/jgautheron/goconst to v1.10.2 (#9030)Updates
go.opentelemetry.io/contrib/samplers/jaegerremotefrom 0.37.0 to 0.37.1Release notes
Sourced from go.opentelemetry.io/contrib/samplers/jaegerremote's releases.
... (truncated)
Changelog
Sourced from go.opentelemetry.io/contrib/samplers/jaegerremote's changelog.
Commits
03b2bcdRelease v1.44.0/v2.5.1/v0.69.0/v0.37.1/v0.24.0/v0.19.0/v0.16.1/v0.16.0 (#9033)80c46d4chore(deps): update module github.com/alecthomas/chroma/v2 to v2.26.0 (#9034)51f2921fix(deps): update module github.com/hetznercloud/hcloud-go/v2 to v2.41.2 (#9026)db82162fix(deps): update aws-sdk-go-v2 monorepo (#9031)5a3e533fix(deps): update module github.com/aws/smithy-go to v1.26.0 (#9032)c67843cotelhttp: Remove custom wrapper after handling request (#6914)c0a4135docs(otelhttptrace): add performance guidance for WithoutSubSpans (#8785)a51a867otelconf: implement cardinality_limits support in PeriodicMetricReader (#8885)dead6e5chore(deps): update module go.yaml.in/yaml/v2 to v2.4.4 (#8994)979ce18chore(deps): update module github.com/jgautheron/goconst to v1.10.2 (#9030)Updates
go.opentelemetry.io/otelfrom 1.43.0 to 1.44.0Changelog
Sourced from go.opentelemetry.io/otel's changelog.
... (truncated)
Commits
b62d928Release 1.44.0 (#8376)94132a0chore(deps): update golang.org/x/telemetry digest to 5997936 (#8379)6fdcf82feat: add self-observability metrics to otlpmetricgrpc metric exporters (#8192)761bbfcfix(deps): update golang.org/x (#8377)3a91dc6fix(deps): update googleapis to 3dc84a4 (#8375)f593185exporters/otlp: default max request size to 64 MiB (#8365)f02feacMerge commit from fork36c2f1bsemconvkit: add invariant test for histogram-exclusion rule (#8370)d0b6cbdsdk/metric: document unit-sensitivity of DefaultAggregationSelector (#8224)9a68034add self observability for stdout exporter (#8263)Updates
go.opentelemetry.io/otel/bridge/opentracingfrom 1.36.0 to 1.44.0Changelog
Sourced from go.opentelemetry.io/otel/bridge/opentracing's changelog.
... (truncated)
Commits
b62d928Release 1.44.0 (#8376)94132a0chore(deps): update golang.org/x/telemetry digest to 5997936 (#8379)6fdcf82feat: add self-observability metrics to otlpmetricgrpc metric exporters (#8192)761bbfcfix(deps): update golang.org/x (#8377)3a91dc6fix(deps): update googleapis to 3dc84a4 (#8375)f593185exporters/otlp: default max request size to 64 MiB (#8365)f02feacMerge commit from forkDescription has been truncated
Summary by CodeRabbit