Commit ea0ab69
chore(deps): update module go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to v1.43.0 [security] (#3004)
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://redirect.github.com/open-telemetry/opentelemetry-go)
| `v1.42.0` → `v1.43.0` |
|
|
### GitHub Vulnerability Alerts
####
[CVE-2026-39882](https://redirect.github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-w8rr-5gcm-pp58)
overview:
this report shows that the otlp HTTP exporters (traces/metrics/logs)
read the full HTTP response body into an in-memory `bytes.Buffer`
without a size cap.
this is exploitable for memory exhaustion when the configured collector
endpoint is attacker-controlled (or a network attacker can mitm the
exporter connection).
severity
HIGH
not claiming: this is a remote dos against every default deployment.
claiming: if the exporter sends traces to an untrusted collector
endpoint (or over a network segment where mitm is realistic), that
endpoint can crash the process via a large response body.
callsite (pinned):
- exporters/otlp/otlptrace/otlptracehttp/client.go:199
- exporters/otlp/otlptrace/otlptracehttp/client.go:230
- exporters/otlp/otlpmetric/otlpmetrichttp/client.go:170
- exporters/otlp/otlpmetric/otlpmetrichttp/client.go:201
- exporters/otlp/otlplog/otlploghttp/client.go:190
- exporters/otlp/otlplog/otlploghttp/client.go:221
permalinks (pinned):
-
https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlptrace/otlptracehttp/client.go#L199
-
https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlptrace/otlptracehttp/client.go#L230
-
https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlpmetric/otlpmetrichttp/client.go#L170
-
https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlpmetric/otlpmetrichttp/client.go#L201
-
https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlplog/otlploghttp/client.go#L190
-
https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlplog/otlploghttp/client.go#L221
root cause:
each exporter client reads `resp.Body` using `io.Copy(&respData,
resp.Body)` into a `bytes.Buffer` on both success and error paths, with
no upper bound.
impact:
a malicious collector can force large transient heap allocations during
export (peak memory scales with attacker-chosen response size) and can
potentially crash the instrumented process (oom).
affected component:
- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
- go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp
- go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp
repro (local-only):
```bash
unzip poc.zip -d poc
cd poc
make canonical resp_bytes=33554432 chunk_delay_ms=0
```
expected output contains:
```
[CALLSITE_HIT]: otlptracehttp.UploadTraces::io.Copy(resp.Body)
[PROOF_MARKER]: resp_bytes=33554432 peak_alloc_bytes=118050512
```
control (same env, patched target):
```bash
unzip poc.zip -d poc
cd poc
make control resp_bytes=33554432 chunk_delay_ms=0
```
expected control output contains:
```
[CALLSITE_HIT]: otlptracehttp.UploadTraces::io.Copy(resp.Body)
[NC_MARKER]: resp_bytes=33554432 peak_alloc_bytes=512232
```
attachments: poc.zip (attached)
[PR_DESCRIPTION.md](https://redirect.github.com/user-attachments/files/25564272/PR_DESCRIPTION.md)
[attack_scenario.md](https://redirect.github.com/user-attachments/files/25564273/attack_scenario.md)
[poc.zip](https://redirect.github.com/user-attachments/files/25564271/poc.zip)
Fixed in:
[https://github.com/open-telemetry/opentelemetry-go/pull/8108](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8108)
---
### Release Notes
<details>
<summary>open-telemetry/opentelemetry-go
(go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp)</summary>
###
[`v1.43.0`](https://redirect.github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0):
/v0.65.0/v0.19.0
[Compare
Source](https://redirect.github.com/open-telemetry/opentelemetry-go/compare/v1.42.0...v1.43.0)
#### Added
- Add `IsRandom` and `WithRandom` on `TraceFlags`, and `IsRandom` on
`SpanContext` in `go.opentelemetry.io/otel/trace`
for [W3C Trace Context Level 2 Random Trace ID
Flag](https://www.w3.org/TR/trace-context-2/#random-trace-id-flag)
support.
([#​8012](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012))
- Add service detection with `WithService` in
`go.opentelemetry.io/otel/sdk/resource`.
([#​7642](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642))
- Add `DefaultWithContext` and `EnvironmentWithContext` in
`go.opentelemetry.io/otel/sdk/resource` to support plumbing
`context.Context` through default and environment detectors.
([#​8051](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051))
- Support attributes with empty value (`attribute.EMPTY`) in
`go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`.
([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038))
- Support attributes with empty value (`attribute.EMPTY`) in
`go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`.
([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038))
- Support attributes with empty value (`attribute.EMPTY`) in
`go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc`.
([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038))
- Support attributes with empty value (`attribute.EMPTY`) in
`go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`.
([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038))
- Support attributes with empty value (`attribute.EMPTY`) in
`go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`.
([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038))
- Support attributes with empty value (`attribute.EMPTY`) in
`go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp`.
([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038))
- Support attributes with empty value (`attribute.EMPTY`) in
`go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest`.
([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038))
- Add support for per-series start time tracking for cumulative metrics
in `go.opentelemetry.io/otel/sdk/metric`.
Set `OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true` to enable.
([#​8060](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060))
- Add `WithCardinalityLimitSelector` for metric reader for configuring
cardinality limits specific to the instrument kind.
([#​7855](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855))
#### Changed
- Introduce the `EMPTY` Type in `go.opentelemetry.io/otel/attribute` to
reflect that an empty value is now a valid value, with `INVALID`
remaining as a deprecated alias of `EMPTY`.
([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038))
- Refactor slice handling in `go.opentelemetry.io/otel/attribute` to
optimize short slice values with fixed-size fast paths.
([#​8039](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039))
- Improve performance of span metric recording in
`go.opentelemetry.io/otel/sdk/trace` by returning early if
self-observability is not enabled.
([#​8067](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067))
- Improve formatting of metric data diffs in
`go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest`.
([#​8073](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073))
#### Deprecated
- Deprecate `INVALID` in `go.opentelemetry.io/otel/attribute`. Use
`EMPTY` instead.
([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038))
#### Fixed
- Return spec-compliant `TraceIdRatioBased` description. This is a
breaking behavioral change, but it is necessary to
make the implementation
[spec-compliant](https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased).
([#​8027](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027))
- Fix a race condition in `go.opentelemetry.io/otel/sdk/metric` where
the lastvalue aggregation could collect the value 0 even when no
zero-value measurements were recorded.
([#​8056](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056))
- Limit HTTP response body to 4 MiB in
`go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` to
mitigate excessive memory usage caused by a misconfigured or malicious
server.
Responses exceeding the limit are treated as non-retryable errors.
([#​8108](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108))
- Limit HTTP response body to 4 MiB in
`go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` to
mitigate excessive memory usage caused by a misconfigured or malicious
server.
Responses exceeding the limit are treated as non-retryable errors.
([#​8108](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108))
- Limit HTTP response body to 4 MiB in
`go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp` to
mitigate excessive memory usage caused by a misconfigured or malicious
server.
Responses exceeding the limit are treated as non-retryable errors.
([#​8108](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108))
- `WithHostID` detector in `go.opentelemetry.io/otel/sdk/resource` to
use full path for `kenv` command on BSD.
([#​8113](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113))
- Fix missing `request.GetBody` in
`go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp` to
correctly handle HTTP2 GOAWAY frame.
([#​8096](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096))
#### What's Changed
- chore(deps): update module github.com/jgautheron/goconst to v1.9.0 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8014](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8014)
- fix(deps): update github.com/opentracing-contrib/go-grpc/test digest
to
[`190d7d4`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/190d7d4)
by [@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8013](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8013)
- chore(deps): update module go.yaml.in/yaml/v2 to v2.4.4 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8016](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8016)
- fix(deps): update module github.com/golangci/golangci-lint/v2 to
v2.11.1 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8011](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8011)
- fix(deps): update golang.org/x by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8023](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8023)
- fix(deps): update module github.com/golangci/golangci-lint/v2 to
v2.11.2 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8020](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8020)
- chore(deps): update module github.com/mattn/go-runewidth to v0.0.21 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8017](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8017)
- chore(deps): update module codeberg.org/chavacava/garif to v0.2.1 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8019](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8019)
- Add doc on how to upgrade to new semconv by
[@​jmmcorreia](https://redirect.github.com/jmmcorreia) in
[#​7807](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7807)
- fix(deps): update module go.opentelemetry.io/proto/otlp to v1.10.0 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8028](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8028)
- resource: add WithService detector option by
[@​codeboten](https://redirect.github.com/codeboten) in
[#​7642](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7642)
- fix(deps): update googleapis to
[`a57be14`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/a57be14)
by [@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8031](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8031)
- fix(deps): update module github.com/golangci/golangci-lint/v2 to
v2.11.3 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8032](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8032)
- chore(deps): update module github.com/prometheus/procfs to v0.20.1 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8034](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8034)
- chore(deps): update github.com/securego/gosec/v2 digest to
[`8895462`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/8895462)
by [@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8036](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8036)
- chore(deps): update module github.com/sonatard/noctx to v0.5.1 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8040](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8040)
- chore(deps): update github.com/securego/gosec/v2 digest to
[`6e66a94`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/6e66a94)
by [@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8043](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8043)
- docs(otlp): document HTTP/protobuf insecure env vars by
[@​marcschaeferger](https://redirect.github.com/marcschaeferger)
in
[#​8037](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8037)
- Rebuild semconvkit and verifyreadmes on changes by
[@​MrAlias](https://redirect.github.com/MrAlias) in
[#​7995](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7995)
- chore(sdk/trace): join errors properly by
[@​ash2k](https://redirect.github.com/ash2k) in
[#​8030](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8030)
- fix(deps): update googleapis to
[`84a4fc4`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/84a4fc4)
by [@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8048](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8048)
- attribute: change INVALID Type to EMPTY and mark INVALID as deprecated
by [@​pellared](https://redirect.github.com/pellared) in
[#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8038)
- fix(sdk/trace): return spec-compliant TraceIdRatioBased description by
[@​ash2k](https://redirect.github.com/ash2k) in
[#​8027](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8027)
- linting: add depguard rule to enforce semconv version by
[@​ajuijas](https://redirect.github.com/ajuijas) in
[#​8041](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8041)
- chore(deps): update actions/download-artifact action to v8.0.1 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8046](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8046)
- chore(deps): update github.com/securego/gosec/v2 digest to
[`b7b2c7b`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/b7b2c7b)
by [@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8044](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8044)
- fix(deps): update golang.org/x by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8045](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8045)
- Optimize attribute slice conversion by
[@​MrAlias](https://redirect.github.com/MrAlias) in
[#​8039](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8039)
- Add benchmarks for end-to-end metrics SDK usage by
[@​dashpole](https://redirect.github.com/dashpole) in
[#​7768](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7768)
- fix(deps): update golang.org/x by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8052](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8052)
- chore(deps): update github.com/securego/gosec/v2 digest to
[`befce8d`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/befce8d)
by [@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8053](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8053)
- trace: add Random Trace ID Flag by
[@​yuanyuanzhao3](https://redirect.github.com/yuanyuanzhao3) in
[#​8012](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8012)
- Improve aggregation concurrent safe tests by
[@​dashpole](https://redirect.github.com/dashpole) in
[#​8021](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8021)
- Add tests for exponential histogram concurrent-safety edge-cases by
[@​dashpole](https://redirect.github.com/dashpole) in
[#​8024](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8024)
- exphist: replace min, max, sum, and count with atomics by
[@​dashpole](https://redirect.github.com/dashpole) in
[#​8025](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8025)
- chore(deps): update github.com/securego/gosec/v2 digest to
[`c2dfcec`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/c2dfcec)
by [@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8055](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8055)
- chore(deps): update otel/weaver docker tag to v0.22.0 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8058](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8058)
- chore(deps): update github.com/securego/gosec/v2 digest to
[`dec52c4`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/dec52c4)
by [@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8063](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8063)
- chore(deps): update otel/weaver docker tag to v0.22.1 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8061](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8061)
- chore(deps): update github/codeql-action action to v4.33.0 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8065](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8065)
- Fix race in the lastvalue aggregation where 0 could be observed by
[@​dashpole](https://redirect.github.com/dashpole) in
[#​8056](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8056)
- chore(deps): update github.com/securego/gosec/v2 digest to
[`744bfb5`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/744bfb5)
by [@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8064](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8064)
- Migrate to new bare metal runner (Ubuntu 24) by
[@​trask](https://redirect.github.com/trask) in
[#​8068](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8068)
- sdk/resource: add WithContext variants for Default and Environment
([#​7808](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7808))
by [@​ajuijas](https://redirect.github.com/ajuijas) in
[#​8051](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8051)
- Use atomics for exponential histogram buckets by
[@​dashpole](https://redirect.github.com/dashpole) in
[#​8057](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8057)
- Added the `internal/observ` package to stdoutlog by
[@​yumosx](https://redirect.github.com/yumosx) in
[#​7735](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7735)
- Add support for the development per-series starttime feature by
[@​dashpole](https://redirect.github.com/dashpole) in
[#​8060](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8060)
- sdk/trace/internal/observ: guard SpanStarted and spanLive with Enabled
by
[@​kouji-yoshimura](https://redirect.github.com/kouji-yoshimura)
in
[#​8067](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8067)
- Cleanup exemplar featuregate readme by
[@​dashpole](https://redirect.github.com/dashpole) in
[#​8072](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8072)
- chore(deps): update codecov/codecov-action action to v5.5.3 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8080](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8080)
- chore(deps): update module github.com/ryanrolds/sqlclosecheck to
v0.6.0 by [@​renovate](https://redirect.github.com/renovate)\[bot]
in
[#​8083](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8083)
- fix(deps): update github.com/opentracing-contrib/go-grpc/test digest
to
[`de6f1cc`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/de6f1cc)
by [@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8082](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8082)
- chore(deps): update module go.opentelemetry.io/collector/featuregate
to v1.54.0 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8085](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8085)
- chore(deps): update module github.com/securego/gosec/v2 to v2.25.0 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8084](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8084)
- chore(deps): update module github.com/protonmail/go-crypto to v1.4.1
by [@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8081](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8081)
- fix(deps): update module go.opentelemetry.io/collector/pdata to
v1.54.0 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8086](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8086)
- chore(deps): update actions/cache action to v5.0.4 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8079](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8079)
- chore(deps): update module github.com/fatih/color to v1.19.0 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8087](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8087)
- fix(deps): update googleapis to
[`d00831a`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/d00831a)
by [@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8078](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8078)
- chore(deps): update golang.org/x/telemetry digest to
[`b6b0c46`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/b6b0c46)
by [@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8076](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8076)
- fix(deps): update module google.golang.org/grpc to v1.79.3 \[security]
by [@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8075](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8075)
- sdk/metric: Support specifying cardinality limits per instrument kinds
by [@​petern48](https://redirect.github.com/petern48) in
[#​7855](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7855)
- chore(deps): update github/codeql-action action to v4.34.0 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8088](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8088)
- chore(deps): update codspeedhq/action action to v4.12.1 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8089](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8089)
- chore(deps): update github/codeql-action action to v4.34.1 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8090](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8090)
- fix(deps): update module github.com/golangci/golangci-lint/v2 to
v2.11.4 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8092](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8092)
- chore: fix noctx issues by
[@​mmorel-35](https://redirect.github.com/mmorel-35) in
[#​8008](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8008)
- chore(deps): update module github.com/pelletier/go-toml/v2 to v2.3.0
by [@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8095](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8095)
- chore(deps): update codecov/codecov-action action to v5.5.4 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8097](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8097)
- chore(deps): update codecov/codecov-action action to v6 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8098](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8098)
- chore(deps): update module github.com/tetafro/godot to v1.5.6 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8099](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8099)
- chore(deps): update module github.com/butuzov/ireturn to v0.4.1 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8100](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8100)
- chore(deps): update github/codeql-action action to v4.35.0 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8101](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8101)
- chore(deps): update actions/setup-go action to v6.4.0 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8107](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8107)
- chore(deps): update module github.com/go-git/go-git/v5 to v5.17.1 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8106](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8106)
- chore(deps): update module github.com/lucasb-eyer/go-colorful to
v1.4.0 by [@​renovate](https://redirect.github.com/renovate)\[bot]
in
[#​8103](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8103)
- chore(deps): update github/codeql-action action to v4.35.1 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8102](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8102)
- chore(deps): update module github.com/hashicorp/go-version to v1.9.0
by [@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8109](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8109)
- metricdatatest: Improve printing of diffs by
[@​dashpole](https://redirect.github.com/dashpole) in
[#​8073](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8073)
- fix(deps): update googleapis to
[`d5a96ad`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/d5a96ad)
by [@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8112](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8112)
- chore(deps): update codspeedhq/action action to v4.13.0 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8114](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8114)
- fix(deps): update module go.opentelemetry.io/collector/pdata to
v1.55.0 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8119](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8119)
- chore(deps): update fossas/fossa-action action to v1.9.0 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8118](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8118)
- chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8115](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8115)
- fix(deps): update googleapis to
[`9d38bb4`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/9d38bb4)
by [@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8117](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8117)
- fix: support getBody in otelploghttp by
[@​Tpuljak](https://redirect.github.com/Tpuljak) in
[#​8096](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8096)
- fix(deps): update module google.golang.org/grpc to v1.80.0 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8121](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8121)
- Use an absolute path when calling bsd kenv by
[@​dmathieu](https://redirect.github.com/dmathieu) in
[#​8113](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8113)
- limit response body size for OTLP HTTP exporters by
[@​pellared](https://redirect.github.com/pellared) in
[#​8108](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8108)
- chore(deps): update github.com/golangci/dupl digest to
[`c99c5cf`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/c99c5cf)
by [@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8122](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8122)
- chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 by
[@​renovate](https://redirect.github.com/renovate)\[bot] in
[#​8131](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8131)
- Release v1.43.0 / v0.65.0 / v0.19.0 by
[@​dmathieu](https://redirect.github.com/dmathieu) in
[#​8128](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8128)
#### New Contributors
- [@​jmmcorreia](https://redirect.github.com/jmmcorreia) made
their first contribution in
[#​7807](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7807)
- [@​marcschaeferger](https://redirect.github.com/marcschaeferger)
made their first contribution in
[#​8037](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8037)
- [@​ajuijas](https://redirect.github.com/ajuijas) made their
first contribution in
[#​8041](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8041)
- [@​yuanyuanzhao3](https://redirect.github.com/yuanyuanzhao3)
made their first contribution in
[#​8012](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8012)
- [@​kouji-yoshimura](https://redirect.github.com/kouji-yoshimura)
made their first contribution in
[#​8067](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8067)
- [@​Tpuljak](https://redirect.github.com/Tpuljak) made their
first contribution in
[#​8096](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8096)
**Full Changelog**:
<open-telemetry/opentelemetry-go@v1.42.0...v1.43.0>
</details>
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- ""
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/googleapis/mcp-toolbox).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjExMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>1 parent 5fd7012 commit ea0ab69
2 files changed
+23
-23
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
63 | 63 | | |
64 | 64 | | |
65 | 65 | | |
66 | | - | |
| 66 | + | |
67 | 67 | | |
68 | 68 | | |
69 | 69 | | |
| |||
72 | 72 | | |
73 | 73 | | |
74 | 74 | | |
75 | | - | |
| 75 | + | |
76 | 76 | | |
77 | 77 | | |
78 | 78 | | |
| |||
109 | 109 | | |
110 | 110 | | |
111 | 111 | | |
112 | | - | |
| 112 | + | |
113 | 113 | | |
114 | 114 | | |
115 | 115 | | |
| |||
261 | 261 | | |
262 | 262 | | |
263 | 263 | | |
264 | | - | |
265 | | - | |
| 264 | + | |
| 265 | + | |
266 | 266 | | |
267 | 267 | | |
268 | 268 | | |
| |||
278 | 278 | | |
279 | 279 | | |
280 | 280 | | |
281 | | - | |
282 | | - | |
| 281 | + | |
| 282 | + | |
283 | 283 | | |
284 | 284 | | |
285 | 285 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
79 | 79 | | |
80 | 80 | | |
81 | 81 | | |
82 | | - | |
83 | | - | |
| 82 | + | |
| 83 | + | |
84 | 84 | | |
85 | 85 | | |
86 | 86 | | |
| |||
652 | 652 | | |
653 | 653 | | |
654 | 654 | | |
655 | | - | |
656 | | - | |
657 | | - | |
658 | | - | |
| 655 | + | |
| 656 | + | |
| 657 | + | |
| 658 | + | |
659 | 659 | | |
660 | 660 | | |
661 | 661 | | |
| |||
664 | 664 | | |
665 | 665 | | |
666 | 666 | | |
667 | | - | |
668 | | - | |
| 667 | + | |
| 668 | + | |
669 | 669 | | |
670 | 670 | | |
671 | 671 | | |
| |||
813 | 813 | | |
814 | 814 | | |
815 | 815 | | |
816 | | - | |
817 | | - | |
| 816 | + | |
| 817 | + | |
818 | 818 | | |
819 | 819 | | |
820 | 820 | | |
| |||
826 | 826 | | |
827 | 827 | | |
828 | 828 | | |
829 | | - | |
830 | | - | |
831 | | - | |
832 | | - | |
| 829 | + | |
| 830 | + | |
| 831 | + | |
| 832 | + | |
833 | 833 | | |
834 | 834 | | |
835 | 835 | | |
836 | 836 | | |
837 | 837 | | |
838 | | - | |
839 | | - | |
| 838 | + | |
| 839 | + | |
840 | 840 | | |
841 | 841 | | |
842 | 842 | | |
| |||
0 commit comments