Commit 56a019e
authored
![cloudquery-ci[bot]](https://avatars.githubusercontent.com/u/74616112?v=4&size=40){kind=avatar}
fix(deps): Update module go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to v1.43.0 [SECURITY] (#2484)
This PR contains the following updates:
| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp](https://redirect.github.com/open-telemetry/opentelemetry-go) | `v1.42.0` → `v1.43.0` |  |  |
### GitHub Vulnerability Alerts
#### [CVE-2026-39882](https://redirect.github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-w8rr-5gcm-pp58)
overview:
this report shows that the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory `bytes.Buffer` without a size cap.
this is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can mitm the exporter connection).
severity
HIGH
not claiming: this is a remote dos against every default deployment.
claiming: if the exporter sends traces to an untrusted collector endpoint (or over a network segment where mitm is realistic), that endpoint can crash the process via a large response body.
callsite (pinned):
- exporters/otlp/otlptrace/otlptracehttp/client.go:199
- exporters/otlp/otlptrace/otlptracehttp/client.go:230
- exporters/otlp/otlpmetric/otlpmetrichttp/client.go:170
- exporters/otlp/otlpmetric/otlpmetrichttp/client.go:201
- exporters/otlp/otlplog/otlploghttp/client.go:190
- exporters/otlp/otlplog/otlploghttp/client.go:221
permalinks (pinned):
- https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlptrace/otlptracehttp/client.go#L199
- https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlptrace/otlptracehttp/client.go#L230
- https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlpmetric/otlpmetrichttp/client.go#L170
- https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlpmetric/otlpmetrichttp/client.go#L201
- https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlplog/otlploghttp/client.go#L190
- https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlplog/otlploghttp/client.go#L221
root cause:
each exporter client reads `resp.Body` using `io.Copy(&respData, resp.Body)` into a `bytes.Buffer` on both success and error paths, with no upper bound.
impact:
a malicious collector can force large transient heap allocations during export (peak memory scales with attacker-chosen response size) and can potentially crash the instrumented process (oom).
affected component:
- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
- go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp
- go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp
repro (local-only):
```bash
unzip poc.zip -d poc
cd poc
make canonical resp_bytes=33554432 chunk_delay_ms=0
```
expected output contains:
```
[CALLSITE_HIT]: otlptracehttp.UploadTraces::io.Copy(resp.Body)
[PROOF_MARKER]: resp_bytes=33554432 peak_alloc_bytes=118050512
```
control (same env, patched target):
```bash
unzip poc.zip -d poc
cd poc
make control resp_bytes=33554432 chunk_delay_ms=0
```
expected control output contains:
```
[CALLSITE_HIT]: otlptracehttp.UploadTraces::io.Copy(resp.Body)
[NC_MARKER]: resp_bytes=33554432 peak_alloc_bytes=512232
```
attachments: poc.zip (attached)
[PR_DESCRIPTION.md](https://redirect.github.com/user-attachments/files/25564272/PR_DESCRIPTION.md)
[attack_scenario.md](https://redirect.github.com/user-attachments/files/25564273/attack_scenario.md)
[poc.zip](https://redirect.github.com/user-attachments/files/25564271/poc.zip)
Fixed in: [https://github.com/open-telemetry/opentelemetry-go/pull/8108](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8108)
---
### Release Notes
<details>
<summary>open-telemetry/opentelemetry-go (go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp)</summary>
### [`v1.43.0`](https://redirect.github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0): /v0.65.0/v0.19.0
[Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-go/compare/v1.42.0...v1.43.0)
##### Added
- Add `IsRandom` and `WithRandom` on `TraceFlags`, and `IsRandom` on `SpanContext` in `go.opentelemetry.io/otel/trace`
for [W3C Trace Context Level 2 Random Trace ID Flag](https://www.w3.org/TR/trace-context-2/#random-trace-id-flag) support. ([#​8012](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012))
- Add service detection with `WithService` in `go.opentelemetry.io/otel/sdk/resource`. ([#​7642](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642))
- Add `DefaultWithContext` and `EnvironmentWithContext` in `go.opentelemetry.io/otel/sdk/resource` to support plumbing `context.Context` through default and environment detectors. ([#​8051](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051))
- Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038))
- Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038))
- Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038))
- Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038))
- Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038))
- Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038))
- Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038))
- Add support for per-series start time tracking for cumulative metrics in `go.opentelemetry.io/otel/sdk/metric`.
Set `OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true` to enable. ([#​8060](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060))
- Add `WithCardinalityLimitSelector` for metric reader for configuring cardinality limits specific to the instrument kind. ([#​7855](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855))
##### Changed
- Introduce the `EMPTY` Type in `go.opentelemetry.io/otel/attribute` to reflect that an empty value is now a valid value, with `INVALID` remaining as a deprecated alias of `EMPTY`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038))
- Refactor slice handling in `go.opentelemetry.io/otel/attribute` to optimize short slice values with fixed-size fast paths. ([#​8039](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039))
- Improve performance of span metric recording in `go.opentelemetry.io/otel/sdk/trace` by returning early if self-observability is not enabled. ([#​8067](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067))
- Improve formatting of metric data diffs in `go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest`. ([#​8073](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073))
##### Deprecated
- Deprecate `INVALID` in `go.opentelemetry.io/otel/attribute`. Use `EMPTY` instead. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038))
##### Fixed
- Return spec-compliant `TraceIdRatioBased` description. This is a breaking behavioral change, but it is necessary to
make the implementation [spec-compliant](https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased). ([#​8027](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027))
- Fix a race condition in `go.opentelemetry.io/otel/sdk/metric` where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. ([#​8056](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056))
- Limit HTTP response body to 4 MiB in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` to mitigate excessive memory usage caused by a misconfigured or malicious server.
Responses exceeding the limit are treated as non-retryable errors. ([#​8108](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108))
- Limit HTTP response body to 4 MiB in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` to mitigate excessive memory usage caused by a misconfigured or malicious server.
Responses exceeding the limit are treated as non-retryable errors. ([#​8108](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108))
- Limit HTTP response body to 4 MiB in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp` to mitigate excessive memory usage caused by a misconfigured or malicious server.
Responses exceeding the limit are treated as non-retryable errors. ([#​8108](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108))
- `WithHostID` detector in `go.opentelemetry.io/otel/sdk/resource` to use full path for `kenv` command on BSD. ([#​8113](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113))
- Fix missing `request.GetBody` in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp` to correctly handle HTTP2 GOAWAY frame. ([#​8096](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096))
##### What's Changed
- chore(deps): update module github.com/jgautheron/goconst to v1.9.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8014](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8014)
- fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to [`190d7d4`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/190d7d4) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8013](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8013)
- chore(deps): update module go.yaml.in/yaml/v2 to v2.4.4 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8016](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8016)
- fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8011](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8011)
- fix(deps): update golang.org/x by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8023](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8023)
- fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.2 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8020](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8020)
- chore(deps): update module github.com/mattn/go-runewidth to v0.0.21 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8017](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8017)
- chore(deps): update module codeberg.org/chavacava/garif to v0.2.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8019](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8019)
- Add doc on how to upgrade to new semconv by [@​jmmcorreia](https://redirect.github.com/jmmcorreia) in [#​7807](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7807)
- fix(deps): update module go.opentelemetry.io/proto/otlp to v1.10.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8028](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8028)
- resource: add WithService detector option by [@​codeboten](https://redirect.github.com/codeboten) in [#​7642](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7642)
- fix(deps): update googleapis to [`a57be14`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/a57be14) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8031](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8031)
- fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.3 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8032](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8032)
- chore(deps): update module github.com/prometheus/procfs to v0.20.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8034](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8034)
- chore(deps): update github.com/securego/gosec/v2 digest to [`8895462`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/8895462) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8036](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8036)
- chore(deps): update module github.com/sonatard/noctx to v0.5.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8040](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8040)
- chore(deps): update github.com/securego/gosec/v2 digest to [`6e66a94`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/6e66a94) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8043](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8043)
- docs(otlp): document HTTP/protobuf insecure env vars by [@​marcschaeferger](https://redirect.github.com/marcschaeferger) in [#​8037](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8037)
- Rebuild semconvkit and verifyreadmes on changes by [@​MrAlias](https://redirect.github.com/MrAlias) in [#​7995](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7995)
- chore(sdk/trace): join errors properly by [@​ash2k](https://redirect.github.com/ash2k) in [#​8030](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8030)
- fix(deps): update googleapis to [`84a4fc4`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/84a4fc4) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8048](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8048)
- attribute: change INVALID Type to EMPTY and mark INVALID as deprecated by [@​pellared](https://redirect.github.com/pellared) in [#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8038)
- fix(sdk/trace): return spec-compliant TraceIdRatioBased description by [@​ash2k](https://redirect.github.com/ash2k) in [#​8027](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8027)
- linting: add depguard rule to enforce semconv version by [@​ajuijas](https://redirect.github.com/ajuijas) in [#​8041](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8041)
- chore(deps): update actions/download-artifact action to v8.0.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8046](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8046)
- chore(deps): update github.com/securego/gosec/v2 digest to [`b7b2c7b`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/b7b2c7b) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8044](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8044)
- fix(deps): update golang.org/x by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8045](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8045)
- Optimize attribute slice conversion by [@​MrAlias](https://redirect.github.com/MrAlias) in [#​8039](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8039)
- Add benchmarks for end-to-end metrics SDK usage by [@​dashpole](https://redirect.github.com/dashpole) in [#​7768](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7768)
- fix(deps): update golang.org/x by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8052](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8052)
- chore(deps): update github.com/securego/gosec/v2 digest to [`befce8d`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/befce8d) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8053](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8053)
- trace: add Random Trace ID Flag by [@​yuanyuanzhao3](https://redirect.github.com/yuanyuanzhao3) in [#​8012](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8012)
- Improve aggregation concurrent safe tests by [@​dashpole](https://redirect.github.com/dashpole) in [#​8021](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8021)
- Add tests for exponential histogram concurrent-safety edge-cases by [@​dashpole](https://redirect.github.com/dashpole) in [#​8024](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8024)
- exphist: replace min, max, sum, and count with atomics by [@​dashpole](https://redirect.github.com/dashpole) in [#​8025](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8025)
- chore(deps): update github.com/securego/gosec/v2 digest to [`c2dfcec`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/c2dfcec) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8055](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8055)
- chore(deps): update otel/weaver docker tag to v0.22.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8058](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8058)
- chore(deps): update github.com/securego/gosec/v2 digest to [`dec52c4`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/dec52c4) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8063](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8063)
- chore(deps): update otel/weaver docker tag to v0.22.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8061](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8061)
- chore(deps): update github/codeql-action action to v4.33.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8065](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8065)
- Fix race in the lastvalue aggregation where 0 could be observed by [@​dashpole](https://redirect.github.com/dashpole) in [#​8056](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8056)
- chore(deps): update github.com/securego/gosec/v2 digest to [`744bfb5`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/744bfb5) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8064](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8064)
- Migrate to new bare metal runner (Ubuntu 24) by [@​trask](https://redirect.github.com/trask) in [#​8068](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8068)
- sdk/resource: add WithContext variants for Default and Environment ([#​7808](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7808)) by [@​ajuijas](https://redirect.github.com/ajuijas) in [#​8051](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8051)
- Use atomics for exponential histogram buckets by [@​dashpole](https://redirect.github.com/dashpole) in [#​8057](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8057)
- Added the `internal/observ` package to stdoutlog by [@​yumosx](https://redirect.github.com/yumosx) in [#​7735](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7735)
- Add support for the development per-series starttime feature by [@​dashpole](https://redirect.github.com/dashpole) in [#​8060](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8060)
- sdk/trace/internal/observ: guard SpanStarted and spanLive with Enabled by [@​kouji-yoshimura](https://redirect.github.com/kouji-yoshimura) in [#​8067](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8067)
- Cleanup exemplar featuregate readme by [@​dashpole](https://redirect.github.com/dashpole) in [#​8072](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8072)
- chore(deps): update codecov/codecov-action action to v5.5.3 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8080](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8080)
- chore(deps): update module github.com/ryanrolds/sqlclosecheck to v0.6.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8083](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8083)
- fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to [`de6f1cc`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/de6f1cc) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8082](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8082)
- chore(deps): update module go.opentelemetry.io/collector/featuregate to v1.54.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8085](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8085)
- chore(deps): update module github.com/securego/gosec/v2 to v2.25.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8084](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8084)
- chore(deps): update module github.com/protonmail/go-crypto to v1.4.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8081](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8081)
- fix(deps): update module go.opentelemetry.io/collector/pdata to v1.54.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8086](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8086)
- chore(deps): update actions/cache action to v5.0.4 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8079](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8079)
- chore(deps): update module github.com/fatih/color to v1.19.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8087](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8087)
- fix(deps): update googleapis to [`d00831a`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/d00831a) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8078](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8078)
- chore(deps): update golang.org/x/telemetry digest to [`b6b0c46`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/b6b0c46) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8076](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8076)
- fix(deps): update module google.golang.org/grpc to v1.79.3 \[security] by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8075](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8075)
- sdk/metric: Support specifying cardinality limits per instrument kinds by [@​petern48](https://redirect.github.com/petern48) in [#​7855](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7855)
- chore(deps): update github/codeql-action action to v4.34.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8088](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8088)
- chore(deps): update codspeedhq/action action to v4.12.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8089](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8089)
- chore(deps): update github/codeql-action action to v4.34.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8090](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8090)
- fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.4 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8092](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8092)
- chore: fix noctx issues by [@​mmorel-35](https://redirect.github.com/mmorel-35) in [#​8008](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8008)
- chore(deps): update module github.com/pelletier/go-toml/v2 to v2.3.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8095](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8095)
- chore(deps): update codecov/codecov-action action to v5.5.4 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8097](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8097)
- chore(deps): update codecov/codecov-action action to v6 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8098](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8098)
- chore(deps): update module github.com/tetafro/godot to v1.5.6 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8099](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8099)
- chore(deps): update module github.com/butuzov/ireturn to v0.4.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8100](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8100)
- chore(deps): update github/codeql-action action to v4.35.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8101](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8101)
- chore(deps): update actions/setup-go action to v6.4.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8107](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8107)
- chore(deps): update module github.com/go-git/go-git/v5 to v5.17.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8106](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8106)
- chore(deps): update module github.com/lucasb-eyer/go-colorful to v1.4.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8103](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8103)
- chore(deps): update github/codeql-action action to v4.35.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8102](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8102)
- chore(deps): update module github.com/hashicorp/go-version to v1.9.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8109](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8109)
- metricdatatest: Improve printing of diffs by [@​dashpole](https://redirect.github.com/dashpole) in [#​8073](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8073)
- fix(deps): update googleapis to [`d5a96ad`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/d5a96ad) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8112](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8112)
- chore(deps): update codspeedhq/action action to v4.13.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8114](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8114)
- fix(deps): update module go.opentelemetry.io/collector/pdata to v1.55.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8119](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8119)
- chore(deps): update fossas/fossa-action action to v1.9.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8118](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8118)
- chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8115](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8115)
- fix(deps): update googleapis to [`9d38bb4`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/9d38bb4) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8117](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8117)
- fix: support getBody in otelploghttp by [@​Tpuljak](https://redirect.github.com/Tpuljak) in [#​8096](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8096)
- fix(deps): update module google.golang.org/grpc to v1.80.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8121](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8121)
- Use an absolute path when calling bsd kenv by [@​dmathieu](https://redirect.github.com/dmathieu) in [#​8113](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8113)
- limit response body size for OTLP HTTP exporters by [@​pellared](https://redirect.github.com/pellared) in [#​8108](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8108)
- chore(deps): update github.com/golangci/dupl digest to [`c99c5cf`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/c99c5cf) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8122](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8122)
- chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8131](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8131)
- Release v1.43.0 / v0.65.0 / v0.19.0 by [@​dmathieu](https://redirect.github.com/dmathieu) in [#​8128](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8128)
##### New Contributors
- [@​jmmcorreia](https://redirect.github.com/jmmcorreia) made their first contribution in [#​7807](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7807)
- [@​marcschaeferger](https://redirect.github.com/marcschaeferger) made their first contribution in [#​8037](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8037)
- [@​ajuijas](https://redirect.github.com/ajuijas) made their first contribution in [#​8041](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8041)
- [@​yuanyuanzhao3](https://redirect.github.com/yuanyuanzhao3) made their first contribution in [#​8012](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8012)
- [@​kouji-yoshimura](https://redirect.github.com/kouji-yoshimura) made their first contribution in [#​8067](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8067)
- [@​Tpuljak](https://redirect.github.com/Tpuljak) made their first contribution in [#​8096](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8096)
**Full Changelog**: <open-telemetry/opentelemetry-go@v1.42.0...v1.43.0>
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My44OS41IiwidXBkYXRlZEluVmVyIjoiNDMuODkuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiYXV0b21lcmdlIiwic2VjdXJpdHkiXX0=-->1 parent 7161513 commit 56a019e
4 files changed
+6
-6
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
69 | 69 | | |
70 | 70 | | |
71 | 71 | | |
72 | | - | |
| 72 | + | |
73 | 73 | | |
74 | 74 | | |
75 | 75 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
182 | 182 | | |
183 | 183 | | |
184 | 184 | | |
185 | | - | |
186 | | - | |
| 185 | + | |
| 186 | + | |
187 | 187 | | |
188 | 188 | | |
189 | 189 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
30 | 30 | | |
31 | 31 | | |
32 | 32 | | |
33 | | - | |
| 33 | + | |
34 | 34 | | |
35 | 35 | | |
36 | 36 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
193 | 193 | | |
194 | 194 | | |
195 | 195 | | |
196 | | - | |
197 | | - | |
| 196 | + | |
| 197 | + | |
198 | 198 | | |
199 | 199 | | |
200 | 200 | | |
| |||
0 commit comments