Skip to content

build(deps): Upgrade otelcollector to v0.131.0#1257

Merged
gracewehner merged 20 commits into
mainfrom
bot/otelcollector-upgrade-v0.131.0
Aug 13, 2025
Merged

build(deps): Upgrade otelcollector to v0.131.0#1257
gracewehner merged 20 commits into
mainfrom
bot/otelcollector-upgrade-v0.131.0

Conversation

@azure-monitor-assistant
Copy link
Copy Markdown
Contributor

@azure-monitor-assistant azure-monitor-assistant Bot commented Aug 4, 2025

This PR upgrades the otelcollector to the latest version available for the opentelemetry-collector and opentelemetry-operator.

It was automatically generated by the GitHub Actions workflow.

The summary of the OSS changelog is below:

Prometheusreceiver Changes

v0.127.0 to v0.131.0

Generated on: 2025-08-04 17:36:24

v0.131.0

  • [FEATURE] prometheusreceiver: Add retry logic for connection refused errors so the collector doesn't crash at startup. (#40982) This change adds retry logic for connection refused errors. The target allocator could be busy starting up the receiver and the first connection attempt may fail.
  • [FEATURE] receiver/prometheus: Add support for otel_scope_schema_url label mapping to OpenTelemetry ScopeMetrics schema URL field (#41488)
  • [FEATURE] receiver/prometheusremotewrite: Add support for Native Histogram Custom Buckets (NHCB). (#41043)
  • [BUG FIX] receiver/prometheus: Fix otel_scope_name and otel_scope_version labels not being dropped from metric attributes (#41456)

v0.130.0

  • [BUG FIX] receiver/prometheusreceiver: Fixes masking of authentication credentials in Prometheus receiver, when reloading the Prometheus config. (#40520, #40916)
  • [BUG FIX] receiver/prometheusremotewrite: Handle metrics with unspecified types without panicking. (#41005)

v0.129.0

  • [FEATURE] prometheusreceiver: Promote the receiver.prometheusreceiver.RemoveLegacyResourceAttributes featuregate to stable (#40572) It has been beta since v0.126.0
  • [BUG FIX] prometheusreceiver: Fix invalid metric name validation error in scrape start from target allocator. (#35459, #40788) Prometheus made setting metric_name_validation_scheme, metric_name_escaping_scheme mandatory mandatory, use sane defaults.

Summary

Category Count
Breaking Changes 0
Features 4
Bug Fixes 4
Other Changes 0
Total 8

Target-allocator Changes

v0.127.0 to v0.131.0

Generated on: 2025-08-04 17:36:38

0.131.0

  • [FEATURE] manager, target-allocator, opamp-bridge, must-gather: add -trimpath when building binaries (#4078)
  • [FEATURE] collector, targer allocator, opamp: Require Go 1.24+ to build the collector, target allocator, and opamp. (#4173)
  • [BUG FIX] target allocator: check CRD availability before registering informers (#3987)
  • [BUG FIX] target allocator: Allow collector to use TLS Config from Target Allocator with ScrapeConfig (#3724) This change allows the target allocator to configure TLS Config for a collector using the ScrapeConfig.

0.129.1

  • [BREAKING] targetallocator, collector: Remove stable feature gate PrometheusOperatorIsAvailable (#4141)
  • [FEATURE] target allocator: Adds support for HTML output in the target allocator. (#3622)
  • [BUG FIX] target allocator: ensure stable iteration order of target labels when generating hash (#4082)
  • [BUG FIX] target allocator: Fix OpenShift must-gather for Target Allocator (#4084)

Summary

Category Count
Breaking Changes 1
Features 3
Bug Fixes 4
Other Changes 0
Total 8

@azure-monitor-assistant azure-monitor-assistant Bot requested a review from a team as a code owner August 4, 2025 17:36
@azure-monitor-assistant
Copy link
Copy Markdown
Contributor Author

azure-monitor-assistant Bot commented Aug 4, 2025

✅ Building the otelcollector and related go binaries succeeded. No breaking changes were detected.
The otelcollector was successfully upgraded to version v0.131.0.

@azure-monitor-assistant
Copy link
Copy Markdown
Contributor Author

azure-monitor-assistant Bot commented Aug 4, 2025

CVE Changes Report

The following CVE changes were detected when upgrading to version v0.131.0:

=== CVE Changes Report ===
Removed CVEs:
  - GHSA-fv92-fjc5-jj9h from prometheusui with severity MEDIUM and package 
  - CVE-2025-22872 from prometheusui with severity MEDIUM and package golang.org/x/net
Added CVEs:
  + CVE-2025-54388 from otelcollector with severity MEDIUM and package github.com/docker/docker
  + CVE-2025-54388 from promconfigvalidator with severity MEDIUM and package github.com/docker/docker

Preserved CVEs (not scanned):
  = CVE-2024-33599 from kube-state-metrics with severity HIGH and package 
  = CVE-2023-4806 from kube-state-metrics with severity MEDIUM and package 
  = CVE-2023-4527 from kube-state-metrics with severity MEDIUM and package 
  = CVE-2024-33601 from kube-state-metrics with severity HIGH and package 
  = CVE-2024-33600 from kube-state-metrics with severity MEDIUM and package

The trivyignore file was updated to ignore the new CVEs.

github-actions Bot and others added 19 commits August 4, 2025 17:43
@github-actions
Update .trivyignore with new CVEs from version v0.131.0
da8ceda
@gracewehner
Use golang 1.24
71b36f8
@rashmichandrashekar
Secret informer changes on bot branch PR (#1261)
9d1b9cf 
[comment]: # (Note that your PR title should follow the conventional
commit format: https://conventionalcommits.org/en/v1.0.0/#summary)
# PR Description

[comment]: # (The below checklist is for PRs adding new features. If a
box is not checked, add a reason why it's not needed.)
# New Feature Checklist

- [ ] List telemetry added about the feature.
- [ ] Link to the one-pager about the feature.
- [ ] List any tasks necessary for release (3P docs, AKS RP chart
changes, etc.) after merging the PR.
- [ ] Attach results of scale and perf testing.

[comment]: # (The below checklist is for code changes. Not all boxes
necessarily need to be checked. Build, doc, and template changes do not
need to fill out the checklist.)
# Tests Checklist

- [ ] Have end-to-end Ginkgo tests been run on your cluster and passed?
To bootstrap your cluster to run the tests, follow [these
instructions](/otelcollector/test/README.md#bootstrap-a-dev-cluster-to-run-ginkgo-tests).
  - Labels used when running the tests on your cluster:
    - [ ] `operator`
    - [ ] `windows`
    - [ ] `arm64`
    - [ ] `arc-extension`
    - [ ] `fips`
- [ ] Have new tests been added? For features, have tests been added for
this feature? For fixes, is there a test that could have caught this
issue and could validate that the fix works?
  - [ ] Is a new scrape job needed?
- [ ] The scrape job was added to the folder
[test-cluster-yamls](/otelcollector/test/test-cluster-yamls/) in the
correct configmap or as a CR.
  - [ ] Was a new test label added?
- [ ] A string constant for the label was added to
[constants.go](/otelcollector/test/utils/constants.go).
- [ ] The label and description was added to the [test
README](/otelcollector/test/README.md).
- [ ] The label was added to this [PR
checklist](/.github/pull_request_template).
- [ ] The label was added as needed to
[testkube-test-crs.yaml](/otelcollector/test/testkube/testkube-test-crs.yaml).
  - [ ] Are additional API server permissions needed for the new tests?
- [ ] These permissions have been added to
[api-server-permissions.yaml](/otelcollector/test/testkube/api-server-permissions.yaml).
  - [ ] Was a new test suite (a new folder under `/tests`) added?
- [ ] The new test suite is included in
[testkube-test-crs.yaml](/otelcollector/test/testkube/testkube-test-crs.yaml).
@gracewehner
New naming changes
5457bd8
@gracewehner
Merge remote-tracking branch 'origin/main' into bot/otelcollector-upg…
0a78bda 
…rade-v0.131.0
@gracewehner
test branch name change
df70918
@gracewehner
fix syntax
664cd21
@gracewehner
lower retry count since canceling doesn't seem to cancel and it gets …
8ef5d26 
…stuck until timing out
@gracewehner
fix using branch name
52c27e7
@gracewehner
revert back after testing
c64e928
@gracewehner
Merge remote-tracking branch 'origin/main' into bot/otelcollector-upg…
eea0033 
…rade-v0.131.0
@gracewehner
Merge remote-tracking branch 'origin/main' into bot/otelcollector-upg…
7446b87 
…rade-v0.131.0
@gracewehner
up version for go 1.24
f116860
@gracewehner
fix all pathing
79f24e4
@gracewehner
fix chmod for scripts
5673a6b
@gracewehner
add in test updates from script
b7c2087
@gracewehner
fix results file path
5c6c87d
@gracewehner
cleanup branch
96f185a
@gracewehner
add go mod tidy to upgrade script
dbf2af3
@gracewehner gracewehner enabled auto-merge (squash) August 13, 2025 19:36
@gracewehner gracewehner merged commit 4922ce3 into main Aug 13, 2025
23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bragi92 bragi92 bragi92 approved these changes

Assignees

No one assigned

Labels

size/XXL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bragi92 @gracewehner @rashmichandrashekar