[pull] main from googleapis:main#447
Merged
pull[bot] merged 10 commits intoJaleel-zhu:mainfrom Apr 9, 2026
Merged
Conversation
Update cloudflare sync workflow to run on manual dispatch, to fix v0.32.0 release on docsite
…ecurity] (#3005) This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [go.opentelemetry.io/otel/sdk](https://redirect.github.com/open-telemetry/opentelemetry-go) | `v1.42.0` → `v1.43.0` |  |  | ### GitHub Vulnerability Alerts #### [CVE-2026-39883](https://redirect.github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-hfvc-g4fc-pqhx) ## Summary The fix for GHSA-9h8m-3fm2-qjrq (CVE-2026-24051) changed the Darwin `ioreg` command to use an absolute path but left the BSD `kenv` command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. ## Root Cause `sdk/resource/host_id.go` line 42: if result, err := r.execCommand("kenv", "-q", "smbios.system.uuid"); err == nil { Compare with the fixed Darwin path at line 58: result, err := r.execCommand("/usr/sbin/ioreg", "-rd1", "-c", "IOPlatformExpertDevice") The `execCommand` helper at `sdk/resource/host_id_exec.go` uses `exec.Command(name, arg...)` which searches `$PATH` when the command name contains no path separator. Affected platforms (per build tag in `host_id_bsd.go:4`): DragonFly BSD, FreeBSD, NetBSD, OpenBSD, Solaris. The `kenv` path is reached when `/etc/hostid` does not exist (line 38-40), which is common on FreeBSD systems. ## Attack 1. Attacker has local access to a system running a Go application that imports `go.opentelemetry.io/otel/sdk` 2. Attacker places a malicious `kenv` binary earlier in `$PATH` 3. Application initializes OpenTelemetry resource detection at startup 4. `hostIDReaderBSD.read()` calls `exec.Command("kenv", ...)` which resolves to the malicious binary 5. Arbitrary code executes in the context of the application Same attack vector and impact as CVE-2026-24051. ## Suggested Fix Use the absolute path: if result, err := r.execCommand("/bin/kenv", "-q", "smbios.system.uuid"); err == nil { On FreeBSD, `kenv` is located at `/bin/kenv`. --- ### Release Notes <details> <summary>open-telemetry/opentelemetry-go (go.opentelemetry.io/otel/sdk)</summary> ### [`v1.43.0`](https://redirect.github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0): /v0.65.0/v0.19.0 [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-go/compare/v1.42.0...v1.43.0) #### Added - Add `IsRandom` and `WithRandom` on `TraceFlags`, and `IsRandom` on `SpanContext` in `go.opentelemetry.io/otel/trace` for [W3C Trace Context Level 2 Random Trace ID Flag](https://www.w3.org/TR/trace-context-2/#random-trace-id-flag) support. ([#​8012](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012)) - Add service detection with `WithService` in `go.opentelemetry.io/otel/sdk/resource`. ([#​7642](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642)) - Add `DefaultWithContext` and `EnvironmentWithContext` in `go.opentelemetry.io/otel/sdk/resource` to support plumbing `context.Context` through default and environment detectors. ([#​8051](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051)) - Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) - Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) - Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) - Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) - Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) - Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) - Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) - Add support for per-series start time tracking for cumulative metrics in `go.opentelemetry.io/otel/sdk/metric`. Set `OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true` to enable. ([#​8060](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060)) - Add `WithCardinalityLimitSelector` for metric reader for configuring cardinality limits specific to the instrument kind. ([#​7855](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855)) #### Changed - Introduce the `EMPTY` Type in `go.opentelemetry.io/otel/attribute` to reflect that an empty value is now a valid value, with `INVALID` remaining as a deprecated alias of `EMPTY`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) - Refactor slice handling in `go.opentelemetry.io/otel/attribute` to optimize short slice values with fixed-size fast paths. ([#​8039](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039)) - Improve performance of span metric recording in `go.opentelemetry.io/otel/sdk/trace` by returning early if self-observability is not enabled. ([#​8067](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067)) - Improve formatting of metric data diffs in `go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest`. ([#​8073](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073)) #### Deprecated - Deprecate `INVALID` in `go.opentelemetry.io/otel/attribute`. Use `EMPTY` instead. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) #### Fixed - Return spec-compliant `TraceIdRatioBased` description. This is a breaking behavioral change, but it is necessary to make the implementation [spec-compliant](https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased). ([#​8027](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027)) - Fix a race condition in `go.opentelemetry.io/otel/sdk/metric` where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. ([#​8056](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056)) - Limit HTTP response body to 4 MiB in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. ([#​8108](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108)) - Limit HTTP response body to 4 MiB in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. ([#​8108](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108)) - Limit HTTP response body to 4 MiB in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp` to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. ([#​8108](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108)) - `WithHostID` detector in `go.opentelemetry.io/otel/sdk/resource` to use full path for `kenv` command on BSD. ([#​8113](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113)) - Fix missing `request.GetBody` in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp` to correctly handle HTTP2 GOAWAY frame. ([#​8096](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096)) #### What's Changed - chore(deps): update module github.com/jgautheron/goconst to v1.9.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8014](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8014) - fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to [`190d7d4`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/190d7d4) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8013](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8013) - chore(deps): update module go.yaml.in/yaml/v2 to v2.4.4 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8016](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8016) - fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8011](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8011) - fix(deps): update golang.org/x by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8023](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8023) - fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.2 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8020](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8020) - chore(deps): update module github.com/mattn/go-runewidth to v0.0.21 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8017](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8017) - chore(deps): update module codeberg.org/chavacava/garif to v0.2.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8019](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8019) - Add doc on how to upgrade to new semconv by [@​jmmcorreia](https://redirect.github.com/jmmcorreia) in [#​7807](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7807) - fix(deps): update module go.opentelemetry.io/proto/otlp to v1.10.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8028](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8028) - resource: add WithService detector option by [@​codeboten](https://redirect.github.com/codeboten) in [#​7642](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7642) - fix(deps): update googleapis to [`a57be14`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/a57be14) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8031](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8031) - fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.3 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8032](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8032) - chore(deps): update module github.com/prometheus/procfs to v0.20.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8034](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8034) - chore(deps): update github.com/securego/gosec/v2 digest to [`8895462`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/8895462) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8036](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8036) - chore(deps): update module github.com/sonatard/noctx to v0.5.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8040](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8040) - chore(deps): update github.com/securego/gosec/v2 digest to [`6e66a94`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/6e66a94) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8043](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8043) - docs(otlp): document HTTP/protobuf insecure env vars by [@​marcschaeferger](https://redirect.github.com/marcschaeferger) in [#​8037](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8037) - Rebuild semconvkit and verifyreadmes on changes by [@​MrAlias](https://redirect.github.com/MrAlias) in [#​7995](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7995) - chore(sdk/trace): join errors properly by [@​ash2k](https://redirect.github.com/ash2k) in [#​8030](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8030) - fix(deps): update googleapis to [`84a4fc4`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/84a4fc4) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8048](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8048) - attribute: change INVALID Type to EMPTY and mark INVALID as deprecated by [@​pellared](https://redirect.github.com/pellared) in [#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8038) - fix(sdk/trace): return spec-compliant TraceIdRatioBased description by [@​ash2k](https://redirect.github.com/ash2k) in [#​8027](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8027) - linting: add depguard rule to enforce semconv version by [@​ajuijas](https://redirect.github.com/ajuijas) in [#​8041](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8041) - chore(deps): update actions/download-artifact action to v8.0.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8046](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8046) - chore(deps): update github.com/securego/gosec/v2 digest to [`b7b2c7b`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/b7b2c7b) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8044](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8044) - fix(deps): update golang.org/x by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8045](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8045) - Optimize attribute slice conversion by [@​MrAlias](https://redirect.github.com/MrAlias) in [#​8039](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8039) - Add benchmarks for end-to-end metrics SDK usage by [@​dashpole](https://redirect.github.com/dashpole) in [#​7768](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7768) - fix(deps): update golang.org/x by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8052](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8052) - chore(deps): update github.com/securego/gosec/v2 digest to [`befce8d`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/befce8d) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8053](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8053) - trace: add Random Trace ID Flag by [@​yuanyuanzhao3](https://redirect.github.com/yuanyuanzhao3) in [#​8012](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8012) - Improve aggregation concurrent safe tests by [@​dashpole](https://redirect.github.com/dashpole) in [#​8021](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8021) - Add tests for exponential histogram concurrent-safety edge-cases by [@​dashpole](https://redirect.github.com/dashpole) in [#​8024](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8024) - exphist: replace min, max, sum, and count with atomics by [@​dashpole](https://redirect.github.com/dashpole) in [#​8025](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8025) - chore(deps): update github.com/securego/gosec/v2 digest to [`c2dfcec`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/c2dfcec) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8055](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8055) - chore(deps): update otel/weaver docker tag to v0.22.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8058](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8058) - chore(deps): update github.com/securego/gosec/v2 digest to [`dec52c4`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/dec52c4) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8063](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8063) - chore(deps): update otel/weaver docker tag to v0.22.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8061](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8061) - chore(deps): update github/codeql-action action to v4.33.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8065](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8065) - Fix race in the lastvalue aggregation where 0 could be observed by [@​dashpole](https://redirect.github.com/dashpole) in [#​8056](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8056) - chore(deps): update github.com/securego/gosec/v2 digest to [`744bfb5`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/744bfb5) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8064](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8064) - Migrate to new bare metal runner (Ubuntu 24) by [@​trask](https://redirect.github.com/trask) in [#​8068](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8068) - sdk/resource: add WithContext variants for Default and Environment ([#​7808](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7808)) by [@​ajuijas](https://redirect.github.com/ajuijas) in [#​8051](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8051) - Use atomics for exponential histogram buckets by [@​dashpole](https://redirect.github.com/dashpole) in [#​8057](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8057) - Added the `internal/observ` package to stdoutlog by [@​yumosx](https://redirect.github.com/yumosx) in [#​7735](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7735) - Add support for the development per-series starttime feature by [@​dashpole](https://redirect.github.com/dashpole) in [#​8060](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8060) - sdk/trace/internal/observ: guard SpanStarted and spanLive with Enabled by [@​kouji-yoshimura](https://redirect.github.com/kouji-yoshimura) in [#​8067](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8067) - Cleanup exemplar featuregate readme by [@​dashpole](https://redirect.github.com/dashpole) in [#​8072](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8072) - chore(deps): update codecov/codecov-action action to v5.5.3 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8080](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8080) - chore(deps): update module github.com/ryanrolds/sqlclosecheck to v0.6.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8083](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8083) - fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to [`de6f1cc`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/de6f1cc) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8082](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8082) - chore(deps): update module go.opentelemetry.io/collector/featuregate to v1.54.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8085](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8085) - chore(deps): update module github.com/securego/gosec/v2 to v2.25.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8084](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8084) - chore(deps): update module github.com/protonmail/go-crypto to v1.4.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8081](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8081) - fix(deps): update module go.opentelemetry.io/collector/pdata to v1.54.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8086](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8086) - chore(deps): update actions/cache action to v5.0.4 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8079](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8079) - chore(deps): update module github.com/fatih/color to v1.19.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8087](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8087) - fix(deps): update googleapis to [`d00831a`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/d00831a) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8078](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8078) - chore(deps): update golang.org/x/telemetry digest to [`b6b0c46`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/b6b0c46) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8076](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8076) - fix(deps): update module google.golang.org/grpc to v1.79.3 \[security] by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8075](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8075) - sdk/metric: Support specifying cardinality limits per instrument kinds by [@​petern48](https://redirect.github.com/petern48) in [#​7855](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7855) - chore(deps): update github/codeql-action action to v4.34.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8088](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8088) - chore(deps): update codspeedhq/action action to v4.12.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8089](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8089) - chore(deps): update github/codeql-action action to v4.34.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8090](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8090) - fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.4 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8092](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8092) - chore: fix noctx issues by [@​mmorel-35](https://redirect.github.com/mmorel-35) in [#​8008](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8008) - chore(deps): update module github.com/pelletier/go-toml/v2 to v2.3.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8095](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8095) - chore(deps): update codecov/codecov-action action to v5.5.4 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8097](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8097) - chore(deps): update codecov/codecov-action action to v6 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8098](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8098) - chore(deps): update module github.com/tetafro/godot to v1.5.6 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8099](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8099) - chore(deps): update module github.com/butuzov/ireturn to v0.4.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8100](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8100) - chore(deps): update github/codeql-action action to v4.35.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8101](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8101) - chore(deps): update actions/setup-go action to v6.4.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8107](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8107) - chore(deps): update module github.com/go-git/go-git/v5 to v5.17.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8106](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8106) - chore(deps): update module github.com/lucasb-eyer/go-colorful to v1.4.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8103](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8103) - chore(deps): update github/codeql-action action to v4.35.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8102](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8102) - chore(deps): update module github.com/hashicorp/go-version to v1.9.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8109](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8109) - metricdatatest: Improve printing of diffs by [@​dashpole](https://redirect.github.com/dashpole) in [#​8073](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8073) - fix(deps): update googleapis to [`d5a96ad`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/d5a96ad) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8112](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8112) - chore(deps): update codspeedhq/action action to v4.13.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8114](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8114) - fix(deps): update module go.opentelemetry.io/collector/pdata to v1.55.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8119](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8119) - chore(deps): update fossas/fossa-action action to v1.9.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8118](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8118) - chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8115](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8115) - fix(deps): update googleapis to [`9d38bb4`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/9d38bb4) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8117](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8117) - fix: support getBody in otelploghttp by [@​Tpuljak](https://redirect.github.com/Tpuljak) in [#​8096](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8096) - fix(deps): update module google.golang.org/grpc to v1.80.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8121](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8121) - Use an absolute path when calling bsd kenv by [@​dmathieu](https://redirect.github.com/dmathieu) in [#​8113](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8113) - limit response body size for OTLP HTTP exporters by [@​pellared](https://redirect.github.com/pellared) in [#​8108](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8108) - chore(deps): update github.com/golangci/dupl digest to [`c99c5cf`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/c99c5cf) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8122](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8122) - chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8131](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8131) - Release v1.43.0 / v0.65.0 / v0.19.0 by [@​dmathieu](https://redirect.github.com/dmathieu) in [#​8128](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8128) #### New Contributors - [@​jmmcorreia](https://redirect.github.com/jmmcorreia) made their first contribution in [#​7807](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7807) - [@​marcschaeferger](https://redirect.github.com/marcschaeferger) made their first contribution in [#​8037](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8037) - [@​ajuijas](https://redirect.github.com/ajuijas) made their first contribution in [#​8041](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8041) - [@​yuanyuanzhao3](https://redirect.github.com/yuanyuanzhao3) made their first contribution in [#​8012](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8012) - [@​kouji-yoshimura](https://redirect.github.com/kouji-yoshimura) made their first contribution in [#​8067](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8067) - [@​Tpuljak](https://redirect.github.com/Tpuljak) made their first contribution in [#​8096](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8096) **Full Changelog**: <open-telemetry/opentelemetry-go@v1.42.0...v1.43.0> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - "" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/googleapis/mcp-toolbox). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjExMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>
…en/documentation/configuration/pre-post-processing/js/adk (#2980) Bumps [@hono/node-server](https://github.com/honojs/node-server) from 1.19.10 to 1.19.13. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/honojs/node-server/releases"><code>@hono/node-server</code>'s releases</a>.</em></p> <blockquote> <h2>v1.19.13</h2> <h2>Security Fix</h2> <p>Fixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (<code>//</code>) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.</p> <p>See GHSA-92pp-h63x-v22m for details.</p> <h2>v1.19.12</h2> <h2>What's Changed</h2> <ul> <li>chore: ignore claude setting by <a href="https://github.com/yusukebe"><code>@yusukebe</code></a> in <a href="https://redirect.github.com/honojs/node-server/pull/314">honojs/node-server#314</a></li> <li>fix: request draining for early 413 responses by <a href="https://github.com/usualoma"><code>@usualoma</code></a> in <a href="https://redirect.github.com/honojs/node-server/pull/329">honojs/node-server#329</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/honojs/node-server/compare/v1.19.11...v1.19.12">https://github.com/honojs/node-server/compare/v1.19.11...v1.19.12</a></p> <h2>v1.19.11</h2> <h2>What's Changed</h2> <ul> <li>fix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by <a href="https://github.com/usualoma"><code>@usualoma</code></a> in <a href="https://redirect.github.com/honojs/node-server/pull/309">honojs/node-server#309</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/honojs/node-server/compare/v1.19.10...v1.19.11">https://github.com/honojs/node-server/compare/v1.19.10...v1.19.11</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/honojs/node-server/commit/fd64e659a34ec661fd9ccda00d1b9dff88dfaf90"><code>fd64e65</code></a> 1.19.13</li> <li><a href="https://github.com/honojs/node-server/commit/025c30f55d589ddbe6048b151d77e904f67a8cc2"><code>025c30f</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/node-server/commit/6cdb5a724952f3df5748e435637792068ebea6d9"><code>6cdb5a7</code></a> 1.19.12</li> <li><a href="https://github.com/honojs/node-server/commit/70250f780ec99d2ddc0dd8275a42f8e091e06e94"><code>70250f7</code></a> fix: request draining for early 413 responses (<a href="https://redirect.github.com/honojs/node-server/issues/329">#329</a>)</li> <li><a href="https://github.com/honojs/node-server/commit/cfc08b330a1f2e0a2d8cc7797cde389465b5f4fb"><code>cfc08b3</code></a> chore: ignore claude setting (<a href="https://redirect.github.com/honojs/node-server/issues/314">#314</a>)</li> <li><a href="https://github.com/honojs/node-server/commit/ecd4d6be55117005acfd60a22d90c4818618507b"><code>ecd4d6b</code></a> 1.19.11</li> <li><a href="https://github.com/honojs/node-server/commit/c94489955ebd855630b703022837f7fe5f925111"><code>c944899</code></a> fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...</li> <li>See full diff in <a href="https://github.com/honojs/node-server/compare/v1.19.10...v1.19.13">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/googleapis/genai-toolbox/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>
… to 1.97.3 (#2983) Bumps [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) from 1.88.1 to 1.97.3. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aws/aws-sdk-go-v2/commit/90650dd22735ab68f6089ae5c39b6614286ae9ec"><code>90650dd</code></a> Release 2026-03-26</li> <li><a href="https://github.com/aws/aws-sdk-go-v2/commit/dd88818bee7d632a8b9da6e2c78ef92e23c94c62"><code>dd88818</code></a> Regenerated Clients</li> <li><a href="https://github.com/aws/aws-sdk-go-v2/commit/b662c50138bd393927871b46e84ee3483377f5be"><code>b662c50</code></a> Update endpoints model</li> <li><a href="https://github.com/aws/aws-sdk-go-v2/commit/500a9cb3522a0e71d798d7079ff5856b23c2cac1"><code>500a9cb</code></a> Update API model</li> <li><a href="https://github.com/aws/aws-sdk-go-v2/commit/6221102f763bd65d7e403fa62c3a1e3d39e24dc6"><code>6221102</code></a> fix stale skew and delayed skew healing (<a href="https://redirect.github.com/aws/aws-sdk-go-v2/issues/3359">#3359</a>)</li> <li><a href="https://github.com/aws/aws-sdk-go-v2/commit/0a39373433a121800bc68efa743a7486eb07aa3f"><code>0a39373</code></a> fix order of generated event header handlers (<a href="https://redirect.github.com/aws/aws-sdk-go-v2/issues/3361">#3361</a>)</li> <li><a href="https://github.com/aws/aws-sdk-go-v2/commit/098f3898271e2eaaf8a92e38d1d928fb018805a6"><code>098f389</code></a> Only generate resolveAccountID when it's required (<a href="https://redirect.github.com/aws/aws-sdk-go-v2/issues/3360">#3360</a>)</li> <li><a href="https://github.com/aws/aws-sdk-go-v2/commit/6ebab66428e97db0ee252fea042d56b1313cb9f6"><code>6ebab66</code></a> Release 2026-03-25</li> <li><a href="https://github.com/aws/aws-sdk-go-v2/commit/b2ec3beebb986a5e74e50d0c105119d84e1e934e"><code>b2ec3be</code></a> Regenerated Clients</li> <li><a href="https://github.com/aws/aws-sdk-go-v2/commit/abc126f6b35bfe2f77e2505f6d04f8ceced971ee"><code>abc126f</code></a> Update API model</li> <li>Additional commits viewable in <a href="https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.88.1...service/s3/v1.97.3">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>
…lptrace/otlptracehttp to v1.43.0 [security] (#3004) This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://redirect.github.com/open-telemetry/opentelemetry-go) | `v1.42.0` → `v1.43.0` |  |  | ### GitHub Vulnerability Alerts #### [CVE-2026-39882](https://redirect.github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-w8rr-5gcm-pp58) overview: this report shows that the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory `bytes.Buffer` without a size cap. this is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can mitm the exporter connection). severity HIGH not claiming: this is a remote dos against every default deployment. claiming: if the exporter sends traces to an untrusted collector endpoint (or over a network segment where mitm is realistic), that endpoint can crash the process via a large response body. callsite (pinned): - exporters/otlp/otlptrace/otlptracehttp/client.go:199 - exporters/otlp/otlptrace/otlptracehttp/client.go:230 - exporters/otlp/otlpmetric/otlpmetrichttp/client.go:170 - exporters/otlp/otlpmetric/otlpmetrichttp/client.go:201 - exporters/otlp/otlplog/otlploghttp/client.go:190 - exporters/otlp/otlplog/otlploghttp/client.go:221 permalinks (pinned): - https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlptrace/otlptracehttp/client.go#L199 - https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlptrace/otlptracehttp/client.go#L230 - https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlpmetric/otlpmetrichttp/client.go#L170 - https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlpmetric/otlpmetrichttp/client.go#L201 - https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlplog/otlploghttp/client.go#L190 - https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlplog/otlploghttp/client.go#L221 root cause: each exporter client reads `resp.Body` using `io.Copy(&respData, resp.Body)` into a `bytes.Buffer` on both success and error paths, with no upper bound. impact: a malicious collector can force large transient heap allocations during export (peak memory scales with attacker-chosen response size) and can potentially crash the instrumented process (oom). affected component: - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp - go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp - go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp repro (local-only): ```bash unzip poc.zip -d poc cd poc make canonical resp_bytes=33554432 chunk_delay_ms=0 ``` expected output contains: ``` [CALLSITE_HIT]: otlptracehttp.UploadTraces::io.Copy(resp.Body) [PROOF_MARKER]: resp_bytes=33554432 peak_alloc_bytes=118050512 ``` control (same env, patched target): ```bash unzip poc.zip -d poc cd poc make control resp_bytes=33554432 chunk_delay_ms=0 ``` expected control output contains: ``` [CALLSITE_HIT]: otlptracehttp.UploadTraces::io.Copy(resp.Body) [NC_MARKER]: resp_bytes=33554432 peak_alloc_bytes=512232 ``` attachments: poc.zip (attached) [PR_DESCRIPTION.md](https://redirect.github.com/user-attachments/files/25564272/PR_DESCRIPTION.md) [attack_scenario.md](https://redirect.github.com/user-attachments/files/25564273/attack_scenario.md) [poc.zip](https://redirect.github.com/user-attachments/files/25564271/poc.zip) Fixed in: [https://github.com/open-telemetry/opentelemetry-go/pull/8108](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8108) --- ### Release Notes <details> <summary>open-telemetry/opentelemetry-go (go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp)</summary> ### [`v1.43.0`](https://redirect.github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0): /v0.65.0/v0.19.0 [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-go/compare/v1.42.0...v1.43.0) #### Added - Add `IsRandom` and `WithRandom` on `TraceFlags`, and `IsRandom` on `SpanContext` in `go.opentelemetry.io/otel/trace` for [W3C Trace Context Level 2 Random Trace ID Flag](https://www.w3.org/TR/trace-context-2/#random-trace-id-flag) support. ([#​8012](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012)) - Add service detection with `WithService` in `go.opentelemetry.io/otel/sdk/resource`. ([#​7642](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642)) - Add `DefaultWithContext` and `EnvironmentWithContext` in `go.opentelemetry.io/otel/sdk/resource` to support plumbing `context.Context` through default and environment detectors. ([#​8051](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051)) - Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) - Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) - Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) - Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) - Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) - Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) - Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) - Add support for per-series start time tracking for cumulative metrics in `go.opentelemetry.io/otel/sdk/metric`. Set `OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true` to enable. ([#​8060](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060)) - Add `WithCardinalityLimitSelector` for metric reader for configuring cardinality limits specific to the instrument kind. ([#​7855](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855)) #### Changed - Introduce the `EMPTY` Type in `go.opentelemetry.io/otel/attribute` to reflect that an empty value is now a valid value, with `INVALID` remaining as a deprecated alias of `EMPTY`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) - Refactor slice handling in `go.opentelemetry.io/otel/attribute` to optimize short slice values with fixed-size fast paths. ([#​8039](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039)) - Improve performance of span metric recording in `go.opentelemetry.io/otel/sdk/trace` by returning early if self-observability is not enabled. ([#​8067](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067)) - Improve formatting of metric data diffs in `go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest`. ([#​8073](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073)) #### Deprecated - Deprecate `INVALID` in `go.opentelemetry.io/otel/attribute`. Use `EMPTY` instead. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) #### Fixed - Return spec-compliant `TraceIdRatioBased` description. This is a breaking behavioral change, but it is necessary to make the implementation [spec-compliant](https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased). ([#​8027](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027)) - Fix a race condition in `go.opentelemetry.io/otel/sdk/metric` where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. ([#​8056](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056)) - Limit HTTP response body to 4 MiB in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. ([#​8108](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108)) - Limit HTTP response body to 4 MiB in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. ([#​8108](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108)) - Limit HTTP response body to 4 MiB in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp` to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. ([#​8108](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108)) - `WithHostID` detector in `go.opentelemetry.io/otel/sdk/resource` to use full path for `kenv` command on BSD. ([#​8113](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113)) - Fix missing `request.GetBody` in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp` to correctly handle HTTP2 GOAWAY frame. ([#​8096](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096)) #### What's Changed - chore(deps): update module github.com/jgautheron/goconst to v1.9.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8014](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8014) - fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to [`190d7d4`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/190d7d4) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8013](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8013) - chore(deps): update module go.yaml.in/yaml/v2 to v2.4.4 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8016](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8016) - fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8011](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8011) - fix(deps): update golang.org/x by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8023](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8023) - fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.2 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8020](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8020) - chore(deps): update module github.com/mattn/go-runewidth to v0.0.21 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8017](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8017) - chore(deps): update module codeberg.org/chavacava/garif to v0.2.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8019](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8019) - Add doc on how to upgrade to new semconv by [@​jmmcorreia](https://redirect.github.com/jmmcorreia) in [#​7807](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7807) - fix(deps): update module go.opentelemetry.io/proto/otlp to v1.10.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8028](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8028) - resource: add WithService detector option by [@​codeboten](https://redirect.github.com/codeboten) in [#​7642](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7642) - fix(deps): update googleapis to [`a57be14`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/a57be14) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8031](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8031) - fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.3 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8032](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8032) - chore(deps): update module github.com/prometheus/procfs to v0.20.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8034](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8034) - chore(deps): update github.com/securego/gosec/v2 digest to [`8895462`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/8895462) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8036](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8036) - chore(deps): update module github.com/sonatard/noctx to v0.5.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8040](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8040) - chore(deps): update github.com/securego/gosec/v2 digest to [`6e66a94`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/6e66a94) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8043](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8043) - docs(otlp): document HTTP/protobuf insecure env vars by [@​marcschaeferger](https://redirect.github.com/marcschaeferger) in [#​8037](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8037) - Rebuild semconvkit and verifyreadmes on changes by [@​MrAlias](https://redirect.github.com/MrAlias) in [#​7995](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7995) - chore(sdk/trace): join errors properly by [@​ash2k](https://redirect.github.com/ash2k) in [#​8030](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8030) - fix(deps): update googleapis to [`84a4fc4`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/84a4fc4) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8048](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8048) - attribute: change INVALID Type to EMPTY and mark INVALID as deprecated by [@​pellared](https://redirect.github.com/pellared) in [#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8038) - fix(sdk/trace): return spec-compliant TraceIdRatioBased description by [@​ash2k](https://redirect.github.com/ash2k) in [#​8027](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8027) - linting: add depguard rule to enforce semconv version by [@​ajuijas](https://redirect.github.com/ajuijas) in [#​8041](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8041) - chore(deps): update actions/download-artifact action to v8.0.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8046](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8046) - chore(deps): update github.com/securego/gosec/v2 digest to [`b7b2c7b`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/b7b2c7b) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8044](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8044) - fix(deps): update golang.org/x by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8045](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8045) - Optimize attribute slice conversion by [@​MrAlias](https://redirect.github.com/MrAlias) in [#​8039](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8039) - Add benchmarks for end-to-end metrics SDK usage by [@​dashpole](https://redirect.github.com/dashpole) in [#​7768](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7768) - fix(deps): update golang.org/x by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8052](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8052) - chore(deps): update github.com/securego/gosec/v2 digest to [`befce8d`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/befce8d) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8053](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8053) - trace: add Random Trace ID Flag by [@​yuanyuanzhao3](https://redirect.github.com/yuanyuanzhao3) in [#​8012](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8012) - Improve aggregation concurrent safe tests by [@​dashpole](https://redirect.github.com/dashpole) in [#​8021](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8021) - Add tests for exponential histogram concurrent-safety edge-cases by [@​dashpole](https://redirect.github.com/dashpole) in [#​8024](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8024) - exphist: replace min, max, sum, and count with atomics by [@​dashpole](https://redirect.github.com/dashpole) in [#​8025](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8025) - chore(deps): update github.com/securego/gosec/v2 digest to [`c2dfcec`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/c2dfcec) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8055](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8055) - chore(deps): update otel/weaver docker tag to v0.22.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8058](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8058) - chore(deps): update github.com/securego/gosec/v2 digest to [`dec52c4`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/dec52c4) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8063](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8063) - chore(deps): update otel/weaver docker tag to v0.22.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8061](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8061) - chore(deps): update github/codeql-action action to v4.33.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8065](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8065) - Fix race in the lastvalue aggregation where 0 could be observed by [@​dashpole](https://redirect.github.com/dashpole) in [#​8056](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8056) - chore(deps): update github.com/securego/gosec/v2 digest to [`744bfb5`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/744bfb5) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8064](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8064) - Migrate to new bare metal runner (Ubuntu 24) by [@​trask](https://redirect.github.com/trask) in [#​8068](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8068) - sdk/resource: add WithContext variants for Default and Environment ([#​7808](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7808)) by [@​ajuijas](https://redirect.github.com/ajuijas) in [#​8051](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8051) - Use atomics for exponential histogram buckets by [@​dashpole](https://redirect.github.com/dashpole) in [#​8057](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8057) - Added the `internal/observ` package to stdoutlog by [@​yumosx](https://redirect.github.com/yumosx) in [#​7735](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7735) - Add support for the development per-series starttime feature by [@​dashpole](https://redirect.github.com/dashpole) in [#​8060](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8060) - sdk/trace/internal/observ: guard SpanStarted and spanLive with Enabled by [@​kouji-yoshimura](https://redirect.github.com/kouji-yoshimura) in [#​8067](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8067) - Cleanup exemplar featuregate readme by [@​dashpole](https://redirect.github.com/dashpole) in [#​8072](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8072) - chore(deps): update codecov/codecov-action action to v5.5.3 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8080](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8080) - chore(deps): update module github.com/ryanrolds/sqlclosecheck to v0.6.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8083](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8083) - fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to [`de6f1cc`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/de6f1cc) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8082](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8082) - chore(deps): update module go.opentelemetry.io/collector/featuregate to v1.54.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8085](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8085) - chore(deps): update module github.com/securego/gosec/v2 to v2.25.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8084](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8084) - chore(deps): update module github.com/protonmail/go-crypto to v1.4.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8081](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8081) - fix(deps): update module go.opentelemetry.io/collector/pdata to v1.54.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8086](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8086) - chore(deps): update actions/cache action to v5.0.4 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8079](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8079) - chore(deps): update module github.com/fatih/color to v1.19.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8087](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8087) - fix(deps): update googleapis to [`d00831a`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/d00831a) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8078](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8078) - chore(deps): update golang.org/x/telemetry digest to [`b6b0c46`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/b6b0c46) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8076](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8076) - fix(deps): update module google.golang.org/grpc to v1.79.3 \[security] by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8075](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8075) - sdk/metric: Support specifying cardinality limits per instrument kinds by [@​petern48](https://redirect.github.com/petern48) in [#​7855](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7855) - chore(deps): update github/codeql-action action to v4.34.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8088](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8088) - chore(deps): update codspeedhq/action action to v4.12.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8089](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8089) - chore(deps): update github/codeql-action action to v4.34.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8090](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8090) - fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.4 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8092](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8092) - chore: fix noctx issues by [@​mmorel-35](https://redirect.github.com/mmorel-35) in [#​8008](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8008) - chore(deps): update module github.com/pelletier/go-toml/v2 to v2.3.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8095](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8095) - chore(deps): update codecov/codecov-action action to v5.5.4 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8097](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8097) - chore(deps): update codecov/codecov-action action to v6 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8098](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8098) - chore(deps): update module github.com/tetafro/godot to v1.5.6 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8099](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8099) - chore(deps): update module github.com/butuzov/ireturn to v0.4.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8100](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8100) - chore(deps): update github/codeql-action action to v4.35.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8101](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8101) - chore(deps): update actions/setup-go action to v6.4.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8107](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8107) - chore(deps): update module github.com/go-git/go-git/v5 to v5.17.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8106](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8106) - chore(deps): update module github.com/lucasb-eyer/go-colorful to v1.4.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8103](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8103) - chore(deps): update github/codeql-action action to v4.35.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8102](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8102) - chore(deps): update module github.com/hashicorp/go-version to v1.9.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8109](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8109) - metricdatatest: Improve printing of diffs by [@​dashpole](https://redirect.github.com/dashpole) in [#​8073](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8073) - fix(deps): update googleapis to [`d5a96ad`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/d5a96ad) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8112](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8112) - chore(deps): update codspeedhq/action action to v4.13.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8114](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8114) - fix(deps): update module go.opentelemetry.io/collector/pdata to v1.55.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8119](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8119) - chore(deps): update fossas/fossa-action action to v1.9.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8118](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8118) - chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8115](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8115) - fix(deps): update googleapis to [`9d38bb4`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/9d38bb4) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8117](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8117) - fix: support getBody in otelploghttp by [@​Tpuljak](https://redirect.github.com/Tpuljak) in [#​8096](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8096) - fix(deps): update module google.golang.org/grpc to v1.80.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8121](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8121) - Use an absolute path when calling bsd kenv by [@​dmathieu](https://redirect.github.com/dmathieu) in [#​8113](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8113) - limit response body size for OTLP HTTP exporters by [@​pellared](https://redirect.github.com/pellared) in [#​8108](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8108) - chore(deps): update github.com/golangci/dupl digest to [`c99c5cf`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/c99c5cf) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8122](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8122) - chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8131](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8131) - Release v1.43.0 / v0.65.0 / v0.19.0 by [@​dmathieu](https://redirect.github.com/dmathieu) in [#​8128](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8128) #### New Contributors - [@​jmmcorreia](https://redirect.github.com/jmmcorreia) made their first contribution in [#​7807](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7807) - [@​marcschaeferger](https://redirect.github.com/marcschaeferger) made their first contribution in [#​8037](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8037) - [@​ajuijas](https://redirect.github.com/ajuijas) made their first contribution in [#​8041](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8041) - [@​yuanyuanzhao3](https://redirect.github.com/yuanyuanzhao3) made their first contribution in [#​8012](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8012) - [@​kouji-yoshimura](https://redirect.github.com/kouji-yoshimura) made their first contribution in [#​8067](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8067) - [@​Tpuljak](https://redirect.github.com/Tpuljak) made their first contribution in [#​8096](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8096) **Full Changelog**: <open-telemetry/opentelemetry-go@v1.42.0...v1.43.0> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - "" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/googleapis/mcp-toolbox). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjExMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>
…on/getting-started/quickstart/js/adk (#2984) Bumps [hono](https://github.com/honojs/hono) from 4.12.7 to 4.12.12. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/honojs/hono/releases">hono's releases</a>.</em></p> <blockquote> <h2>v4.12.12</h2> <h2>Security fixes</h2> <p>This release includes fixes for the following security issues:</p> <h3>Middleware bypass via repeated slashes in serveStatic</h3> <p>Affects: Serve Static middleware. Fixes a path normalization inconsistency where repeated slashes (<code>//</code>) could bypass route-based middleware protections and allow access to protected static files. GHSA-wmmm-f939-6g9c</p> <h3>Path traversal in toSSG() allows writing files outside the output directory</h3> <p>Affects: <code>toSSG()</code> for Static Site Generation. Fixes a path traversal issue where crafted <code>ssgParams</code> values could write files outside the configured output directory. GHSA-xf4j-xp2r-rqqx</p> <h3>Incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses</h3> <p>Affects: IP Restriction Middleware. Fixes improper handling of IPv4-mapped IPv6 addresses (e.g. <code>::ffff:127.0.0.1</code>) that could cause allow/deny rules to be bypassed. GHSA-xpcf-pg52-r92g</p> <h3>Missing validation of cookie name on write path in setCookie()</h3> <p>Affects: <code>setCookie()</code>, <code>serialize()</code>, and <code>serializeSigned()</code> from <code>hono/cookie</code>. Fixes missing validation of cookie names on the write path, preventing inconsistent handling between parsing and serialization. GHSA-26pp-8wgv-hjvm</p> <h3>Non-breaking space prefix bypass in cookie name handling in getCookie()</h3> <p>Affects: <code>getCookie()</code> from <code>hono/cookie</code>. Fixes a discrepancy in cookie name handling that could allow attacker-controlled cookies to override legitimate ones and bypass prefix protections. GHSA-r5rp-j6wh-rvv4</p> <hr /> <p>Users who use Serve Static, Static Site Generation, Cookie utilities, or IP restriction middleware are strongly encouraged to upgrade to this version.</p> <h2>v4.12.11</h2> <h2>What's Changed</h2> <ul> <li>feat(css): add classNameSlug option to createCssContext by <a href="https://github.com/flow-pie"><code>@flow-pie</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4834">honojs/hono#4834</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/flow-pie"><code>@flow-pie</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/hono/pull/4834">honojs/hono#4834</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/honojs/hono/compare/v4.12.10...v4.12.11">https://github.com/honojs/hono/compare/v4.12.10...v4.12.11</a></p> <h2>v4.12.10</h2> <h2>What's Changed</h2> <ul> <li>test(router): fix <code>Simple capturing group</code> test by <a href="https://github.com/yusukebe"><code>@yusukebe</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4838">honojs/hono#4838</a></li> <li>docs: fix impaired -> inspired typo in benchmark READMEs by <a href="https://github.com/Abhi3975"><code>@Abhi3975</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4843">honojs/hono#4843</a></li> <li>fix(jsx/dom): apply select value after children are rendered by <a href="https://github.com/usualoma"><code>@usualoma</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4847">honojs/hono#4847</a></li> <li>fix(compress): convert strong ETag to weak ETag when compressing by <a href="https://github.com/usualoma"><code>@usualoma</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4848">honojs/hono#4848</a></li> <li>docs(ip-restriction): add clear JSDoc examples and param types by <a href="https://github.com/VISHNU7KASIREDDY"><code>@VISHNU7KASIREDDY</code></a> in <a href="https://redirect.github.com/honojs/hono/pull/4851">honojs/hono#4851</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Abhi3975"><code>@Abhi3975</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/hono/pull/4843">honojs/hono#4843</a></li> <li><a href="https://github.com/VISHNU7KASIREDDY"><code>@VISHNU7KASIREDDY</code></a> made their first contribution in <a href="https://redirect.github.com/honojs/hono/pull/4851">honojs/hono#4851</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/honojs/hono/commit/c37ba26da9709ad03b803d1972773ed864b7e60d"><code>c37ba26</code></a> 4.12.12</li> <li><a href="https://github.com/honojs/hono/commit/cc067c85592415cb1880ad3c61ed923472452ec0"><code>cc067c8</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/a586cd72e3f6122792e631ecf1817e5cabb803ec"><code>a586cd7</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/48fa2233bc092f650119f42df043050737cabf39"><code>48fa223</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/b470278920fffcfd6d76002755d6db53db827679"><code>b470278</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/9aff14bd727f8b0435c963363fd803260e7b8e3c"><code>9aff14b</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/hono/commit/2c403c67eb3d7be15aaa9e74ec74d2dcb4b4b4d2"><code>2c403c6</code></a> 4.12.11</li> <li><a href="https://github.com/honojs/hono/commit/f82aba8e8ea45d56199e751cee6ea7c067bcd176"><code>f82aba8</code></a> feat(css): add classNameSlug option to createCssContext (<a href="https://redirect.github.com/honojs/hono/issues/4834">#4834</a>)</li> <li><a href="https://github.com/honojs/hono/commit/9f374a55b25c5c644c293bd4ed6ffce016eb3b44"><code>9f374a5</code></a> 4.12.10</li> <li><a href="https://github.com/honojs/hono/commit/a8c56a6620597084e97792f7de3ffbd257c004cc"><code>a8c56a6</code></a> docs(ip-restriction): add clear JSDoc examples and param types (<a href="https://redirect.github.com/honojs/hono/issues/4851">#4851</a>)</li> <li>Additional commits viewable in <a href="https://github.com/honojs/hono/compare/v4.12.7...v4.12.12">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/googleapis/genai-toolbox/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Twisha Bansal <58483338+twishabansal@users.noreply.github.com>
…lpmetric/otlpmetrichttp to v1.43.0 [security] (#3003) This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp](https://redirect.github.com/open-telemetry/opentelemetry-go) | `v1.42.0` → `v1.43.0` |  |  | ### GitHub Vulnerability Alerts #### [CVE-2026-39882](https://redirect.github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-w8rr-5gcm-pp58) overview: this report shows that the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory `bytes.Buffer` without a size cap. this is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can mitm the exporter connection). severity HIGH not claiming: this is a remote dos against every default deployment. claiming: if the exporter sends traces to an untrusted collector endpoint (or over a network segment where mitm is realistic), that endpoint can crash the process via a large response body. callsite (pinned): - exporters/otlp/otlptrace/otlptracehttp/client.go:199 - exporters/otlp/otlptrace/otlptracehttp/client.go:230 - exporters/otlp/otlpmetric/otlpmetrichttp/client.go:170 - exporters/otlp/otlpmetric/otlpmetrichttp/client.go:201 - exporters/otlp/otlplog/otlploghttp/client.go:190 - exporters/otlp/otlplog/otlploghttp/client.go:221 permalinks (pinned): - https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlptrace/otlptracehttp/client.go#L199 - https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlptrace/otlptracehttp/client.go#L230 - https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlpmetric/otlpmetrichttp/client.go#L170 - https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlpmetric/otlpmetrichttp/client.go#L201 - https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlplog/otlploghttp/client.go#L190 - https://github.com/open-telemetry/opentelemetry-go/blob/248da958375e4dfb4a1105645107be3ef04b1c59/exporters/otlp/otlplog/otlploghttp/client.go#L221 root cause: each exporter client reads `resp.Body` using `io.Copy(&respData, resp.Body)` into a `bytes.Buffer` on both success and error paths, with no upper bound. impact: a malicious collector can force large transient heap allocations during export (peak memory scales with attacker-chosen response size) and can potentially crash the instrumented process (oom). affected component: - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp - go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp - go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp repro (local-only): ```bash unzip poc.zip -d poc cd poc make canonical resp_bytes=33554432 chunk_delay_ms=0 ``` expected output contains: ``` [CALLSITE_HIT]: otlptracehttp.UploadTraces::io.Copy(resp.Body) [PROOF_MARKER]: resp_bytes=33554432 peak_alloc_bytes=118050512 ``` control (same env, patched target): ```bash unzip poc.zip -d poc cd poc make control resp_bytes=33554432 chunk_delay_ms=0 ``` expected control output contains: ``` [CALLSITE_HIT]: otlptracehttp.UploadTraces::io.Copy(resp.Body) [NC_MARKER]: resp_bytes=33554432 peak_alloc_bytes=512232 ``` attachments: poc.zip (attached) [PR_DESCRIPTION.md](https://redirect.github.com/user-attachments/files/25564272/PR_DESCRIPTION.md) [attack_scenario.md](https://redirect.github.com/user-attachments/files/25564273/attack_scenario.md) [poc.zip](https://redirect.github.com/user-attachments/files/25564271/poc.zip) Fixed in: [https://github.com/open-telemetry/opentelemetry-go/pull/8108](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8108) --- ### Release Notes <details> <summary>open-telemetry/opentelemetry-go (go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp)</summary> ### [`v1.43.0`](https://redirect.github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0): /v0.65.0/v0.19.0 [Compare Source](https://redirect.github.com/open-telemetry/opentelemetry-go/compare/v1.42.0...v1.43.0) #### Added - Add `IsRandom` and `WithRandom` on `TraceFlags`, and `IsRandom` on `SpanContext` in `go.opentelemetry.io/otel/trace` for [W3C Trace Context Level 2 Random Trace ID Flag](https://www.w3.org/TR/trace-context-2/#random-trace-id-flag) support. ([#​8012](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012)) - Add service detection with `WithService` in `go.opentelemetry.io/otel/sdk/resource`. ([#​7642](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642)) - Add `DefaultWithContext` and `EnvironmentWithContext` in `go.opentelemetry.io/otel/sdk/resource` to support plumbing `context.Context` through default and environment detectors. ([#​8051](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051)) - Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) - Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) - Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) - Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) - Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) - Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) - Support attributes with empty value (`attribute.EMPTY`) in `go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) - Add support for per-series start time tracking for cumulative metrics in `go.opentelemetry.io/otel/sdk/metric`. Set `OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true` to enable. ([#​8060](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060)) - Add `WithCardinalityLimitSelector` for metric reader for configuring cardinality limits specific to the instrument kind. ([#​7855](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855)) #### Changed - Introduce the `EMPTY` Type in `go.opentelemetry.io/otel/attribute` to reflect that an empty value is now a valid value, with `INVALID` remaining as a deprecated alias of `EMPTY`. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) - Refactor slice handling in `go.opentelemetry.io/otel/attribute` to optimize short slice values with fixed-size fast paths. ([#​8039](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039)) - Improve performance of span metric recording in `go.opentelemetry.io/otel/sdk/trace` by returning early if self-observability is not enabled. ([#​8067](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067)) - Improve formatting of metric data diffs in `go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest`. ([#​8073](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073)) #### Deprecated - Deprecate `INVALID` in `go.opentelemetry.io/otel/attribute`. Use `EMPTY` instead. ([#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038)) #### Fixed - Return spec-compliant `TraceIdRatioBased` description. This is a breaking behavioral change, but it is necessary to make the implementation [spec-compliant](https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased). ([#​8027](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027)) - Fix a race condition in `go.opentelemetry.io/otel/sdk/metric` where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. ([#​8056](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056)) - Limit HTTP response body to 4 MiB in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. ([#​8108](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108)) - Limit HTTP response body to 4 MiB in `go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp` to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. ([#​8108](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108)) - Limit HTTP response body to 4 MiB in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp` to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. ([#​8108](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108)) - `WithHostID` detector in `go.opentelemetry.io/otel/sdk/resource` to use full path for `kenv` command on BSD. ([#​8113](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113)) - Fix missing `request.GetBody` in `go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp` to correctly handle HTTP2 GOAWAY frame. ([#​8096](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096)) #### What's Changed - chore(deps): update module github.com/jgautheron/goconst to v1.9.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8014](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8014) - fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to [`190d7d4`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/190d7d4) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8013](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8013) - chore(deps): update module go.yaml.in/yaml/v2 to v2.4.4 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8016](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8016) - fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8011](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8011) - fix(deps): update golang.org/x by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8023](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8023) - fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.2 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8020](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8020) - chore(deps): update module github.com/mattn/go-runewidth to v0.0.21 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8017](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8017) - chore(deps): update module codeberg.org/chavacava/garif to v0.2.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8019](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8019) - Add doc on how to upgrade to new semconv by [@​jmmcorreia](https://redirect.github.com/jmmcorreia) in [#​7807](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7807) - fix(deps): update module go.opentelemetry.io/proto/otlp to v1.10.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8028](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8028) - resource: add WithService detector option by [@​codeboten](https://redirect.github.com/codeboten) in [#​7642](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7642) - fix(deps): update googleapis to [`a57be14`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/a57be14) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8031](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8031) - fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.3 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8032](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8032) - chore(deps): update module github.com/prometheus/procfs to v0.20.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8034](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8034) - chore(deps): update github.com/securego/gosec/v2 digest to [`8895462`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/8895462) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8036](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8036) - chore(deps): update module github.com/sonatard/noctx to v0.5.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8040](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8040) - chore(deps): update github.com/securego/gosec/v2 digest to [`6e66a94`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/6e66a94) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8043](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8043) - docs(otlp): document HTTP/protobuf insecure env vars by [@​marcschaeferger](https://redirect.github.com/marcschaeferger) in [#​8037](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8037) - Rebuild semconvkit and verifyreadmes on changes by [@​MrAlias](https://redirect.github.com/MrAlias) in [#​7995](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7995) - chore(sdk/trace): join errors properly by [@​ash2k](https://redirect.github.com/ash2k) in [#​8030](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8030) - fix(deps): update googleapis to [`84a4fc4`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/84a4fc4) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8048](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8048) - attribute: change INVALID Type to EMPTY and mark INVALID as deprecated by [@​pellared](https://redirect.github.com/pellared) in [#​8038](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8038) - fix(sdk/trace): return spec-compliant TraceIdRatioBased description by [@​ash2k](https://redirect.github.com/ash2k) in [#​8027](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8027) - linting: add depguard rule to enforce semconv version by [@​ajuijas](https://redirect.github.com/ajuijas) in [#​8041](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8041) - chore(deps): update actions/download-artifact action to v8.0.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8046](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8046) - chore(deps): update github.com/securego/gosec/v2 digest to [`b7b2c7b`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/b7b2c7b) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8044](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8044) - fix(deps): update golang.org/x by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8045](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8045) - Optimize attribute slice conversion by [@​MrAlias](https://redirect.github.com/MrAlias) in [#​8039](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8039) - Add benchmarks for end-to-end metrics SDK usage by [@​dashpole](https://redirect.github.com/dashpole) in [#​7768](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7768) - fix(deps): update golang.org/x by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8052](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8052) - chore(deps): update github.com/securego/gosec/v2 digest to [`befce8d`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/befce8d) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8053](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8053) - trace: add Random Trace ID Flag by [@​yuanyuanzhao3](https://redirect.github.com/yuanyuanzhao3) in [#​8012](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8012) - Improve aggregation concurrent safe tests by [@​dashpole](https://redirect.github.com/dashpole) in [#​8021](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8021) - Add tests for exponential histogram concurrent-safety edge-cases by [@​dashpole](https://redirect.github.com/dashpole) in [#​8024](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8024) - exphist: replace min, max, sum, and count with atomics by [@​dashpole](https://redirect.github.com/dashpole) in [#​8025](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8025) - chore(deps): update github.com/securego/gosec/v2 digest to [`c2dfcec`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/c2dfcec) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8055](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8055) - chore(deps): update otel/weaver docker tag to v0.22.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8058](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8058) - chore(deps): update github.com/securego/gosec/v2 digest to [`dec52c4`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/dec52c4) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8063](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8063) - chore(deps): update otel/weaver docker tag to v0.22.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8061](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8061) - chore(deps): update github/codeql-action action to v4.33.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8065](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8065) - Fix race in the lastvalue aggregation where 0 could be observed by [@​dashpole](https://redirect.github.com/dashpole) in [#​8056](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8056) - chore(deps): update github.com/securego/gosec/v2 digest to [`744bfb5`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/744bfb5) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8064](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8064) - Migrate to new bare metal runner (Ubuntu 24) by [@​trask](https://redirect.github.com/trask) in [#​8068](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8068) - sdk/resource: add WithContext variants for Default and Environment ([#​7808](https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7808)) by [@​ajuijas](https://redirect.github.com/ajuijas) in [#​8051](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8051) - Use atomics for exponential histogram buckets by [@​dashpole](https://redirect.github.com/dashpole) in [#​8057](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8057) - Added the `internal/observ` package to stdoutlog by [@​yumosx](https://redirect.github.com/yumosx) in [#​7735](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7735) - Add support for the development per-series starttime feature by [@​dashpole](https://redirect.github.com/dashpole) in [#​8060](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8060) - sdk/trace/internal/observ: guard SpanStarted and spanLive with Enabled by [@​kouji-yoshimura](https://redirect.github.com/kouji-yoshimura) in [#​8067](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8067) - Cleanup exemplar featuregate readme by [@​dashpole](https://redirect.github.com/dashpole) in [#​8072](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8072) - chore(deps): update codecov/codecov-action action to v5.5.3 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8080](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8080) - chore(deps): update module github.com/ryanrolds/sqlclosecheck to v0.6.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8083](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8083) - fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to [`de6f1cc`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/de6f1cc) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8082](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8082) - chore(deps): update module go.opentelemetry.io/collector/featuregate to v1.54.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8085](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8085) - chore(deps): update module github.com/securego/gosec/v2 to v2.25.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8084](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8084) - chore(deps): update module github.com/protonmail/go-crypto to v1.4.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8081](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8081) - fix(deps): update module go.opentelemetry.io/collector/pdata to v1.54.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8086](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8086) - chore(deps): update actions/cache action to v5.0.4 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8079](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8079) - chore(deps): update module github.com/fatih/color to v1.19.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8087](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8087) - fix(deps): update googleapis to [`d00831a`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/d00831a) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8078](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8078) - chore(deps): update golang.org/x/telemetry digest to [`b6b0c46`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/b6b0c46) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8076](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8076) - fix(deps): update module google.golang.org/grpc to v1.79.3 \[security] by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8075](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8075) - sdk/metric: Support specifying cardinality limits per instrument kinds by [@​petern48](https://redirect.github.com/petern48) in [#​7855](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7855) - chore(deps): update github/codeql-action action to v4.34.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8088](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8088) - chore(deps): update codspeedhq/action action to v4.12.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8089](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8089) - chore(deps): update github/codeql-action action to v4.34.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8090](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8090) - fix(deps): update module github.com/golangci/golangci-lint/v2 to v2.11.4 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8092](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8092) - chore: fix noctx issues by [@​mmorel-35](https://redirect.github.com/mmorel-35) in [#​8008](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8008) - chore(deps): update module github.com/pelletier/go-toml/v2 to v2.3.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8095](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8095) - chore(deps): update codecov/codecov-action action to v5.5.4 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8097](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8097) - chore(deps): update codecov/codecov-action action to v6 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8098](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8098) - chore(deps): update module github.com/tetafro/godot to v1.5.6 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8099](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8099) - chore(deps): update module github.com/butuzov/ireturn to v0.4.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8100](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8100) - chore(deps): update github/codeql-action action to v4.35.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8101](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8101) - chore(deps): update actions/setup-go action to v6.4.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8107](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8107) - chore(deps): update module github.com/go-git/go-git/v5 to v5.17.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8106](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8106) - chore(deps): update module github.com/lucasb-eyer/go-colorful to v1.4.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8103](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8103) - chore(deps): update github/codeql-action action to v4.35.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8102](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8102) - chore(deps): update module github.com/hashicorp/go-version to v1.9.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8109](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8109) - metricdatatest: Improve printing of diffs by [@​dashpole](https://redirect.github.com/dashpole) in [#​8073](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8073) - fix(deps): update googleapis to [`d5a96ad`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/d5a96ad) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8112](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8112) - chore(deps): update codspeedhq/action action to v4.13.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8114](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8114) - fix(deps): update module go.opentelemetry.io/collector/pdata to v1.55.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8119](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8119) - chore(deps): update fossas/fossa-action action to v1.9.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8118](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8118) - chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8115](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8115) - fix(deps): update googleapis to [`9d38bb4`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/9d38bb4) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8117](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8117) - fix: support getBody in otelploghttp by [@​Tpuljak](https://redirect.github.com/Tpuljak) in [#​8096](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8096) - fix(deps): update module google.golang.org/grpc to v1.80.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8121](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8121) - Use an absolute path when calling bsd kenv by [@​dmathieu](https://redirect.github.com/dmathieu) in [#​8113](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8113) - limit response body size for OTLP HTTP exporters by [@​pellared](https://redirect.github.com/pellared) in [#​8108](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8108) - chore(deps): update github.com/golangci/dupl digest to [`c99c5cf`](https://redirect.github.com/open-telemetry/opentelemetry-go/commit/c99c5cf) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8122](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8122) - chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​8131](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8131) - Release v1.43.0 / v0.65.0 / v0.19.0 by [@​dmathieu](https://redirect.github.com/dmathieu) in [#​8128](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8128) #### New Contributors - [@​jmmcorreia](https://redirect.github.com/jmmcorreia) made their first contribution in [#​7807](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/7807) - [@​marcschaeferger](https://redirect.github.com/marcschaeferger) made their first contribution in [#​8037](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8037) - [@​ajuijas](https://redirect.github.com/ajuijas) made their first contribution in [#​8041](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8041) - [@​yuanyuanzhao3](https://redirect.github.com/yuanyuanzhao3) made their first contribution in [#​8012](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8012) - [@​kouji-yoshimura](https://redirect.github.com/kouji-yoshimura) made their first contribution in [#​8067](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8067) - [@​Tpuljak](https://redirect.github.com/Tpuljak) made their first contribution in [#​8096](https://redirect.github.com/open-telemetry/opentelemetry-go/pull/8096) **Full Changelog**: <open-telemetry/opentelemetry-go@v1.42.0...v1.43.0> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - "" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/googleapis/mcp-toolbox). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTAuMiIsInVwZGF0ZWRJblZlciI6IjQzLjExMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com>
## Description > Should include a concise description of the changes (bug or feature), it's > impact, along with a summary of the solution ## PR Checklist > Thank you for opening a Pull Request! Before submitting your PR, there are a > few things you can do to make sure it goes smoothly: - [ ] Make sure you reviewed [CONTRIBUTING.md](https://github.com/googleapis/genai-toolbox/blob/main/CONTRIBUTING.md) - [ ] Make sure to open an issue as a [bug/issue](https://github.com/googleapis/genai-toolbox/issues/new/choose) before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea - [ ] Ensure the tests and linter pass - [ ] Code coverage does not decrease (if any source code was changed) - [ ] Appropriate docs were updated (if necessary) - [ ] Make sure to add `!` if this involve a breaking change 🛠️ Fixes #<issue_number_goes_here>
…en/documentation/getting-started/quickstart/js/adk (#2981) Bumps [@hono/node-server](https://github.com/honojs/node-server) from 1.19.10 to 1.19.13. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/honojs/node-server/releases"><code>@hono/node-server</code>'s releases</a>.</em></p> <blockquote> <h2>v1.19.13</h2> <h2>Security Fix</h2> <p>Fixed an issue in Serve Static Middleware where inconsistent handling of repeated slashes (<code>//</code>) between the router and static file resolution could allow middleware to be bypassed. Users of Serve Static Middleware are encouraged to upgrade to this version.</p> <p>See GHSA-92pp-h63x-v22m for details.</p> <h2>v1.19.12</h2> <h2>What's Changed</h2> <ul> <li>chore: ignore claude setting by <a href="https://github.com/yusukebe"><code>@yusukebe</code></a> in <a href="https://redirect.github.com/honojs/node-server/pull/314">honojs/node-server#314</a></li> <li>fix: request draining for early 413 responses by <a href="https://github.com/usualoma"><code>@usualoma</code></a> in <a href="https://redirect.github.com/honojs/node-server/pull/329">honojs/node-server#329</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/honojs/node-server/compare/v1.19.11...v1.19.12">https://github.com/honojs/node-server/compare/v1.19.11...v1.19.12</a></p> <h2>v1.19.11</h2> <h2>What's Changed</h2> <ul> <li>fix: do not overwrite Content-Length in the fast path pattern if Content-Length already exists. by <a href="https://github.com/usualoma"><code>@usualoma</code></a> in <a href="https://redirect.github.com/honojs/node-server/pull/309">honojs/node-server#309</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/honojs/node-server/compare/v1.19.10...v1.19.11">https://github.com/honojs/node-server/compare/v1.19.10...v1.19.11</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/honojs/node-server/commit/fd64e659a34ec661fd9ccda00d1b9dff88dfaf90"><code>fd64e65</code></a> 1.19.13</li> <li><a href="https://github.com/honojs/node-server/commit/025c30f55d589ddbe6048b151d77e904f67a8cc2"><code>025c30f</code></a> Merge commit from fork</li> <li><a href="https://github.com/honojs/node-server/commit/6cdb5a724952f3df5748e435637792068ebea6d9"><code>6cdb5a7</code></a> 1.19.12</li> <li><a href="https://github.com/honojs/node-server/commit/70250f780ec99d2ddc0dd8275a42f8e091e06e94"><code>70250f7</code></a> fix: request draining for early 413 responses (<a href="https://redirect.github.com/honojs/node-server/issues/329">#329</a>)</li> <li><a href="https://github.com/honojs/node-server/commit/cfc08b330a1f2e0a2d8cc7797cde389465b5f4fb"><code>cfc08b3</code></a> chore: ignore claude setting (<a href="https://redirect.github.com/honojs/node-server/issues/314">#314</a>)</li> <li><a href="https://github.com/honojs/node-server/commit/ecd4d6be55117005acfd60a22d90c4818618507b"><code>ecd4d6b</code></a> 1.19.11</li> <li><a href="https://github.com/honojs/node-server/commit/c94489955ebd855630b703022837f7fe5f925111"><code>c944899</code></a> fix: do not overwrite Content-Length in the fast path pattern if Content-Leng...</li> <li>See full diff in <a href="https://github.com/honojs/node-server/compare/v1.19.10...v1.19.13">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/googleapis/genai-toolbox/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Yuan Teoh <45984206+Yuan325@users.noreply.github.com> Co-authored-by: Twisha Bansal <58483338+twishabansal@users.noreply.github.com>
…in /docs/en/documentation/configuration/pre-post-processing/go/adk (#3000) Bumps [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) from 1.39.0 to 1.43.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md">go.opentelemetry.io/otel/sdk's changelog</a>.</em></p> <blockquote> <h2>[1.43.0/0.65.0/0.19.0] 2026-04-02</h2> <h3>Added</h3> <ul> <li>Add <code>IsRandom</code> and <code>WithRandom</code> on <code>TraceFlags</code>, and <code>IsRandom</code> on <code>SpanContext</code> in <code>go.opentelemetry.io/otel/trace</code> for <a href="https://www.w3.org/TR/trace-context-2/#random-trace-id-flag">W3C Trace Context Level 2 Random Trace ID Flag</a> support. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8012">#8012</a>)</li> <li>Add service detection with <code>WithService</code> in <code>go.opentelemetry.io/otel/sdk/resource</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7642">#7642</a>)</li> <li>Add <code>DefaultWithContext</code> and <code>EnvironmentWithContext</code> in <code>go.opentelemetry.io/otel/sdk/resource</code> to support plumbing <code>context.Context</code> through default and environment detectors. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8051">#8051</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Support attributes with empty value (<code>attribute.EMPTY</code>) in <code>go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Add support for per-series start time tracking for cumulative metrics in <code>go.opentelemetry.io/otel/sdk/metric</code>. Set <code>OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true</code> to enable. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8060">#8060</a>)</li> <li>Add <code>WithCardinalityLimitSelector</code> for metric reader for configuring cardinality limits specific to the instrument kind. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7855">#7855</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Introduce the <code>EMPTY</code> Type in <code>go.opentelemetry.io/otel/attribute</code> to reflect that an empty value is now a valid value, with <code>INVALID</code> remaining as a deprecated alias of <code>EMPTY</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> <li>Improve slice handling in <code>go.opentelemetry.io/otel/attribute</code> to optimize short slice values with fixed-size fast paths. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8039">#8039</a>)</li> <li>Improve performance of span metric recording in <code>go.opentelemetry.io/otel/sdk/trace</code> by returning early if self-observability is not enabled. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8067">#8067</a>)</li> <li>Improve formatting of metric data diffs in <code>go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8073">#8073</a>)</li> </ul> <h3>Deprecated</h3> <ul> <li>Deprecate <code>INVALID</code> in <code>go.opentelemetry.io/otel/attribute</code>. Use <code>EMPTY</code> instead. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8038">#8038</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Return spec-compliant <code>TraceIdRatioBased</code> description. This is a breaking behavioral change, but it is necessary to make the implementation <a href="https://opentelemetry.io/docs/specs/otel/trace/sdk/#traceidratiobased">spec-compliant</a>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8027">#8027</a>)</li> <li>Fix a race condition in <code>go.opentelemetry.io/otel/sdk/metric</code> where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8056">#8056</a>)</li> <li>Limit HTTP response body to 4 MiB in <code>go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp</code> to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li> <li>Limit HTTP response body to 4 MiB in <code>go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp</code> to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li> <li>Limit HTTP response body to 4 MiB in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code> to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li> <li><code>WithHostID</code> detector in <code>go.opentelemetry.io/otel/sdk/resource</code> to use full path for <code>kenv</code> command on BSD. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113">#8113</a>)</li> <li>Fix missing <code>request.GetBody</code> in <code>go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp</code> to correctly handle HTTP2 GOAWAY frame. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096">#8096</a>)</li> </ul> <h2>[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06</h2> <h3>Added</h3> <ul> <li>Add <code>go.opentelemetry.io/otel/semconv/v1.40.0</code> package. The package contains semantic conventions from the <code>v1.40.0</code> version of the OpenTelemetry Semantic Conventions. See the <a href="https://github.com/open-telemetry/opentelemetry-go/blob/main/semconv/v1.40.0/MIGRATION.md">migration documentation</a> for information on how to upgrade from <code>go.opentelemetry.io/otel/semconv/v1.39.0</code>. (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/7985">#7985</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/9276201a64b623606e3eaa0d61ae8ee6d62756c0"><code>9276201</code></a> Release v1.43.0 / v0.65.0 / v0.19.0 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8128">#8128</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/61b8c9466c4e6b17e69b622279fe9b63fb15c89a"><code>61b8c94</code></a> chore(deps): update module github.com/mattn/go-runewidth to v0.0.22 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8131">#8131</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/97a086e82ffe01502f4c620e9c447efa229e2a23"><code>97a086e</code></a> chore(deps): update github.com/golangci/dupl digest to c99c5cf (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8122">#8122</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/5e363de517dba6db62736b2f5cdef0e0929b4cd0"><code>5e363de</code></a> limit response body size for OTLP HTTP exporters (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8108">#8108</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/35214b60138eac8dec97a2d2b851d8c8471680c7"><code>35214b6</code></a> Use an absolute path when calling bsd kenv (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8113">#8113</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/290024ceaf695f9cdbf29a0c6731a317d92bc361"><code>290024c</code></a> fix(deps): update module google.golang.org/grpc to v1.80.0 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8121">#8121</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/e70658e098033d6bb5ec1b399de16bbb2642f6dc"><code>e70658e</code></a> fix: support getBody in otelploghttp (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8096">#8096</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/4afe468e3b4859c949a1c1e8d92684d43d86ef8a"><code>4afe468</code></a> fix(deps): update googleapis to 9d38bb4 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8117">#8117</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/b9ca729776309e3c08fe700c131797a3b4d10634"><code>b9ca729</code></a> chore(deps): update module github.com/go-git/go-git/v5 to v5.17.2 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8115">#8115</a>)</li> <li><a href="https://github.com/open-telemetry/opentelemetry-go/commit/69472ec56cb7674d55ca2e2bcb04dea73228ab79"><code>69472ec</code></a> chore(deps): update fossas/fossa-action action to v1.9.0 (<a href="https://redirect.github.com/open-telemetry/opentelemetry-go/issues/8118">#8118</a>)</li> <li>Additional commits viewable in <a href="https://github.com/open-telemetry/opentelemetry-go/compare/v1.39.0...v1.43.0">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: dishaprakash <57954147+dishaprakash@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )