fix(deps): vuln unstable upgrades — 9 packages (unstable: 1 · minor: 8) [src/productcatalogservice] by gh-worker-campaigns-3e9aa4[bot] · Pull Request #76 · DataDog/opentelemetry-demo

gh-worker-campaigns-3e9aa4 · 2026-04-23T09:22:24Z

Summary: Critical-severity security update — 9 packages upgraded (UNSTABLE changes included)

Manifests changed:

src/productcatalogservice (go)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package	From	To	Type	Dep Type	Vulnerabilities Fixed
google.golang.org/grpc	v1.59.0	v1.80.0	minor	Direct	3 CRITICAL
go.opentelemetry.io/otel/sdk	v1.20.0	v1.43.0	minor	Direct	1 HIGH
google.golang.org/protobuf	v1.31.0	v1.36.11	minor	Direct	2 MODERATE
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc	v0.46.0	v0.68.0	unstable	Direct	-
github.com/go-logr/logr	v1.3.0	v1.4.3	minor	Transitive	-
go.opentelemetry.io/otel	v1.20.0	v1.43.0	minor	Direct	-
go.opentelemetry.io/otel/metric	v1.20.0	v1.43.0	minor	Transitive	-
go.opentelemetry.io/otel/sdk/metric	v1.20.0	v1.43.0	minor	Direct	-
go.opentelemetry.io/otel/trace	v1.20.0	v1.43.0	minor	Direct	-

Packages marked with "-" are updated due to dependency constraints.

Security Details

🚨 Critical & High Severity (4 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
google.golang.org/grpc	GO-2026-4762	critical	Authorization bypass in gRPC-Go via missing leading slash in :path in google.golang.org/grpc	v1.59.0	1.79.3
google.golang.org/grpc	GHSA-p77j-4mvh-x3m3	CRITICAL	gRPC-Go has an authorization bypass via missing leading slash in :path	v1.59.0	1.79.3
google.golang.org/grpc	CVE-2026-33186	critical	gRPC-Go has an authorization bypass via missing leading slash in :path	v1.59.0	-
go.opentelemetry.io/otel/sdk	GHSA-hfvc-g4fc-pqhx	HIGH	opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking	v1.20.0	1.43.0

ℹ️ Other Vulnerabilities (2)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
google.golang.org/protobuf	GHSA-8r3f-844c-mc37	MODERATE	Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON	v1.31.0	1.33.0
google.golang.org/protobuf	GO-2024-2611	MODERATE	Infinite loop in JSON unmarshaling in google.golang.org/protobuf	v1.31.0	1.33.0

Review Checklist

Standard review:

Review changes for compatibility with your code
Check for breaking changes in release notes
Run tests locally or wait for CI
Approve and merge this PR

Update Mode: Vulnerability Remediation (Critical/High)

🤖 Generated by DataDog Automated Dependency Management System

campaigner-prod · 2026-04-23T09:33:14Z

Release Notes

google.golang.org/grpc (v1.59.0 → v1.80.0) — GitHub Release

v1.80.0

Behavior Changes

balancer: log a warning if a balancer is registered with uppercase letters, as balancer names should be lowercase. In a future release, balancer names will be treated as case-insensitive; see balancer: use case-sensitive balancer registries grpc/grpc-go#5288 for details. (balancer: introduce env flag for case-sensitive registry grpc/grpc-go#8837)
xds: update resource error handling and re-resolution logic (xds: change cdsbalancer to use update from dependency manager grpc/grpc-go#8907)
- Re-resolve all LOGICAL_DNS clusters simultaneously when re-resolution is requested.
- Fail all in-flight RPCs immediately upon receipt of listener or route resource errors, instead of allowing them to complete.

Bug Fixes

xds: support the LB policy configured in LOGICAL_DNS cluster resources instead of defaulting to pick_first. (xds/clusterresolver: implement gRFC A61 changes for LOGICAL_DNS clusters grpc/grpc-go#8733)
credentials/tls: perform per-RPC authority validation against the leaf certificate instead of the entire peer certificate chain. (credentials/tls: verify overwritten authority against only leaf certificate grpc/grpc-go#8831)
xds: enabling A76 ring hash endpoint keys no longer causes EDS resources with invalid proxy metadata to be NACKed when HTTP CONNECT (gRFC A86) is disabled. (xds: decouple A76 and A86 EDS metadata parsing grpc/grpc-go#8875)
xds: validate that the sum of endpoint weights in a locality does not exceed the maximum uint32 value. (xds/xdsclient: add EDS sum of endpoint weights does not exceed MaxUint32 grpc/grpc-go#8899)
- Special Thanks: @RAVEYUS
xds: fix incorrect proto field access in the weighted round robin (WRR) configuration where blackout_period was used instead of weight_expiration_period. (xds: fix copy-paste bug in WeightExpirationPeriod config grpc/grpc-go#8915)
- Special Thanks: @gregbarasch
xds/rbac: handle addresses with ports in IP matchers. (xds/rbac: add additional handling for addresses with ports grpc/grpc-go#8990)

New Features

ringhash: enable gRFC A76 (endpoint hash keys and request hash headers) by default. (ringhash: enable behaviors of A76 by default grpc/grpc-go#8922)

Performance Improvements

credentials/alts: pool write buffers to reduce memory allocations and usage. (credentials/alts: Pool write buffers grpc/grpc-go#8919)
grpc: enable the use of pooled write buffers for buffering HTTP/2 frame writes by default. This reduces memory usage when connections are idle. Use the WithSharedWriteBuffer dial option or the SharedWriteBuffer server

(truncated)

v1.79.3

Security

server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (grpc: enforce strict path checking for incoming requests on the server grpc/grpc-go#8981)

v1.79.2

Bug Fixes

stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (client: process RPC stats/tracing only when a handler is configured grpc/grpc-go#8874)

v1.79.1

Bug Fixes

grpc: Remove the -dev suffix from the User-Agent header. (Change version to 1.79.1 grpc/grpc-go#8902)

v1.79.0

API Changes

mem: Add experimental API SetDefaultBufferPool to change the default buffer pool. (mem: Allow overriding the default buffer pool. grpc/grpc-go#8806)
- Special Thanks: @vanja-p
experimental/stats: Update MetricsRecorder to require embedding the new UnimplementedMetricsRecorder (a no-op struct) in all implementations for forward compatibility. (stats/otel: a79 scaffolding to register an async gauge metric and api to record it- part 3 grpc/grpc-go#8780)

Behavior Changes

balancer/weightedtarget: Remove handling of Addresses and only handle Endpoints in resolver updates. (xds: remove references to ResolverState.Addresses grpc/grpc-go#8841)

New Features

experimental/stats: Add support for asynchronous gauge metrics through the new AsyncMetricReporter and RegisterAsyncReporter APIs. (stats/otel: a79 scaffolding to register an async gauge metric and api to record it- part 3 grpc/grpc-go#8780)
pickfirst: Add support for weighted random shuffling of endpoints, as described in gRFC A113.
- This is enabled by default, and can be turned off using the environment variable GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING. (*: Implementation of weighted random shuffling (A113) grpc/grpc-go#8864)
xds: Implement :authority rewriting, as specified in gRFC A81. (xds: implement :authority header rewriting in xds_cluster_impl LB policy (gRFC A81) grpc/grpc-go#8779)
balancer/randomsubsetting: Implement the random_subsetting LB policy, as specified in gRFC A68. (balancer/randomsubsetting: Implementation of the random_subsetting LB policy grpc/grpc-go#8650)
- Special Thanks: @marek-szews

Bug Fixes

credentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (credentials/tls: Strip port before validating authority override grpc/grpc-go#8726)
- Special Thanks: @Atul1710
xds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in CONNECTING state. (priority: prevent init timer restarting when a child transitions from CONNECTING to CONNECTING grpc/grpc-go#8813)
health: Fix a bug where health checks failed for clients using legacy compression options (WithDecompressor or RPCDecompressor). (grpc: initialize decompressor for health check streams grpc/grpc-go#8765)
- Special Thanks: @sanki92
transport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (transport: http2 server must validates header list size when early aborting stream grpc/grpc-go#8769)
- Special Thanks: @joybestourous
server: Propagate status detail headers, if availab

(truncated)

v1.78.0

Behavior Changes

client: Align URL validation with Go 1.26+ to now reject target URLs with unbracketed colons in the hostname. (dns: drop test depending on invalid URL "dns://::1/foo.bar.com" grpc/grpc-go#8716)
- Special Thanks: @neild
transport/client : Return status code Unknown on malformed grpc-status. (transport/client: Return status code Unknown on malformed grpc-status grpc/grpc-go#8735)
- xds/resolver:
- Drop previous route resources and report an error when no matching virtual host is found.
- Only log LDS/RDS configuration errors following a successful update and retain the last valid resource to prevent transient failures. (internal/xds: change xds_resolver to use dependency manager grpc/grpc-go#8711)

New Features

stats/otel: Add backend service label to weighted round robin metrics as part of A89. (stats/otel: Add grpc.lb.backend_service label to wrr metrics (A89) grpc/grpc-go#8737)
stats/otel: Add subchannel metrics (without the disconnection reason) to eventually replace the pickfirst metrics. (stats/otel: Add subchannel metrics (A94) grpc/grpc-go#8738)

(truncated — see source for full notes)

go.opentelemetry.io/otel/sdk (v1.20.0 → v1.43.0) — GitHub Release

v1.43.0

Added

Add IsRandom and WithRandom on TraceFlags, and IsRandom on SpanContext in go.opentelemetry.io/otel/trace
for W3C Trace Context Level 2 Random Trace ID Flag support. (trace: add Random Trace ID Flag open-telemetry/opentelemetry-go#8012)
Add service detection with WithService in go.opentelemetry.io/otel/sdk/resource. (resource: add WithService detector option open-telemetry/opentelemetry-go#7642)
Add DefaultWithContext and EnvironmentWithContext in go.opentelemetry.io/otel/sdk/resource to support plumbing context.Context through default and environment detectors. (sdk/resource: add WithContext variants for Default and Environment (#7808) open-telemetry/opentelemetry-go#8051)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Add support for per-series start time tracking for cumulative metrics in go.opentelemetry.io/otel/sdk/metric.
Set OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true to enable. (Add support for the development per-series starttime feature open-telemetry/opentelemetry-go#8060)
Add WithCardinalityLimitSelector for metric reader for configuring cardinality limits specific to the instrument kind. (sdk/metric: Support specifying cardinality limits per instrument kinds open-telemetry/opentelemetry-go#7855)

Changed

Introduce the EMPTY Type in go.opentelemetry.io/otel/attribute to reflect that an empty value is now a valid value, with INVALID remaining as a deprecated

(truncated)

v1.42.0

Added

Add go.opentelemetry.io/otel/semconv/v1.40.0 package.
The package contains semantic conventions from the v1.40.0 version of the OpenTelemetry Semantic Conventions.
See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.39.0. (Revert "Revert "Generate semconv/v1.40.0"" open-telemetry/opentelemetry-go#7985)
Add Err and SetErr on Record in go.opentelemetry.io/otel/log to attach an error and set record exception attributes in go.opentelemetry.io/otel/log/sdk. (log: add error field to Record and make SDK to emit exception attributes open-telemetry/opentelemetry-go#7924)

Changed

TracerProvider.ForceFlush in go.opentelemetry.io/otel/sdk/trace joins errors together and continues iteration through SpanProcessors as opposed to returning the first encountered error without attempting exports on subsequent SpanProcessors. (TracerProvider ForceFlush() Error Fix open-telemetry/opentelemetry-go#7856)

Fixed

Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to correctly handle HTTP2 GOAWAY frame. (support stdlib request.GetBody on metrics open-telemetry/opentelemetry-go#7931)
Fix semconv v1.39.0 generated metric helpers skipping required attributes when extra attributes were empty. (fix: generated semconv helpers skipping attributes open-telemetry/opentelemetry-go#7964)
Preserve W3C TraceFlags bitmask (including the random Trace ID flag) during trace context extraction and injection in go.opentelemetry.io/otel/propagation. (Feat: Have SpanContext support the new W3C random flag. open-telemetry/opentelemetry-go#7834)

Removed

Drop support for Go 1.24. (Drop support for Go 1.24 open-telemetry/opentelemetry-go#7984)

What's Changed

fix changelog protection marker by @pellared in fix changelog protection marker open-telemetry/opentelemetry-go#7986
Drop support for Go 1.24 by @MrAlias in Drop support for Go 1.24 open-telemetry/opentelemetry-go#7984
fix(deps): update golang.org/x by @renovate[bot] in fix(deps): update golang.org/x open-telemetry/opentelemetry-go#7907
chore(deps): update module go.opentelemetry.io/collector/featuregate to v1.53.0 by @renovate[bot] in chore(deps): update module go.opentelemetry.io/collector/featuregate to v1.53.0 open-telemetry/opentelemetry-go#7981
chore(deps): update benchmark-action/github-action-benchmark action to v1.21.0 by @renovate[bot] in chore(deps): update benchmark-action/github-action-benchmark action to v1.21.0 open-telemetry/opentelemetry-go#7989
fix(deps):

(truncated)

v1.41.0

This release is the last to support Go 1.24. The next release will require at least Go 1.25.

Added

Support testing of Go 1.26. (Support Go 1.26 open-telemetry/opentelemetry-go#7902)

Fixed

Update Baggage in go.opentelemetry.io/otel/propagation and Parse and New in go.opentelemetry.io/otel/baggage to comply with W3C Baggage specification limits. New and Parse now return partial baggage along with an error when limits are exceeded. Errors from baggage extraction are reported to the global error handler. (Comply with W3C Baggage specification limits open-telemetry/opentelemetry-go#7880)

What's Changed

fix(deps): update googleapis to ce8ad4c by @renovate[bot] in fix(deps): update googleapis to ce8ad4c open-telemetry/opentelemetry-go#7860
chore(deps): update otel/weaver docker tag to v0.21.0 by @renovate[bot] in chore(deps): update otel/weaver docker tag to v0.21.0 open-telemetry/opentelemetry-go#7865
fix(deps): update module go.opentelemetry.io/collector/pdata to v1.51.0 by @renovate[bot] in fix(deps): update module go.opentelemetry.io/collector/pdata to v1.51.0 open-telemetry/opentelemetry-go#7863
chore(deps): update golang.org/x/telemetry digest to fe4bb1c by @renovate[bot] in chore(deps): update golang.org/x/telemetry digest to fe4bb1c open-telemetry/opentelemetry-go#7861
chore(deps): update golang.org/x/telemetry digest to aaaaaa5 by @renovate[bot] in chore(deps): update golang.org/x/telemetry digest to aaaaaa5 open-telemetry/opentelemetry-go#7869

(truncated — see source for full notes)

google.golang.org/protobuf (v1.31.0 → v1.36.11) — GitHub Release

v1.36.11

Full Changelog: protocolbuffers/protobuf-go@v1.36.10...v1.36.11

User-visible changes:
CL/726780: encoding/prototext: Support URL chars in type URLs in text-format.

Bug fixes:
CL/728680: internal/impl: check recursion limit in lazy decoding validation
CL/711015: reflect/protodesc: fix handling of import options in dynamic builds

Maintenance:
CL/728681: reflect/protodesc: add support for edition unstable
CL/727960: all: add EDITION_UNSTABLE support
CL/727940: types: regenerate using latest protobuf v33.2 release
CL/727140: internal/testprotos/lazy: convert .proto files to editions
CL/723440: cmd/protoc-gen-go: add missing annotations for few generated protobuf symbols.
CL/720980: internal/filedesc: remove duplicative Message.unmarshalOptions
CL/716360: internal/encoding/tag: use proto3 defaults if proto3
CL/716520: proto: un-flake TestHasExtensionNoAlloc
CL/713342: compiler/protogen: properly filter option dependencies in go-protobuf plugin.
CL/711200: proto: add test for oneofs containing messages with required fields
CL/710855: proto: add explicit test for a non-nil but empty byte slice

v1.36.10

Full Changelog: protocolbuffers/protobuf-go@v1.36.9...v1.36.10

Bug fixes:
CL/704415: reflect/protodesc: edition-2024-specific properties should not be lost when converting FileDescriptorProto to protoreflect.FileDescriptor

Maintenance:
CL/708555: internal/race_test: add missing impl.LazyEnabled() t.Skip
CL/703295: proto: add more invalid group encoding test cases
CL/703276: internal/impl: verify lazy unmarshal on Deterministic encoding
CL/703275: internal/impl: stop using deprecated .Field in lazy_test.go
CL/702795: all: update to latest github.com/google/go-cmp

v1.36.9

Full Changelog: protocolbuffers/protobuf-go@v1.36.8...v1.36.9

User-visible changes:
CL/699715: cmd/protoc-gen-go: add test for "import option" directive
CL/699115: internal/editionssupport: declare support for edition 2024
CL/697595: editions: Fix spelling mistake in panic message

v1.36.8

Maintenance:

CL/696316: all: set Go language version to Go 1.23
CL/696315: types: regenerate using latest protobuf v32 release

v1.36.7

Maintenance / optimizations:

CL/683955: encoding/protowire: micro-optimize SizeVarint (-20% on Intel)
CL/674055: internal/impl: remove unnecessary atomic access for non-lazy lists
CL/674015: impl: remove unnecessary nil check from presence.Present
CL/673495: types/descriptorpb: regenerate using latest protobuf v31 release
CL/670516: cmd/protoc-gen-go: centralize presence and lazy logic into filedesc
CL/670515: internal: move usePresenceForField to internal/filedesc
CL/670275: internal/impl: clean up usePresenceForField() (no-op)

v1.36.6

Full Changelog: protocolbuffers/protobuf-go@v1.36.5...v1.36.6

User-visible changes:
CL/657895: internal_gengo: generate a const string literal for the raw descriptor
CL/653536: proto: Add CloneOf[M Message](m M) M

Maintenance:
CL/649135: all: set Go language version to Go 1.22
CL/654955: types/descriptorpb: regenerate using latest protobuf v30 release

v1.36.5

Full Changelog: protocolbuffers/protobuf-go@v1.36.4...v1.36.5

Bug fixes:
CL/644437: protogen: fix name mangling for fields with identical GoCamelCase

Maintenance:
CL/641655: all: remove weak field support

v1.36.4

Full Changelog: protocolbuffers/protobuf-go@v1.36.3...v1.36.4

Bug fixes:
CL/642975: reflect/protodesc: fix panic when working with dynamicpb

Maintenance:
CL/643276: internal_gengo: avoid allocations in rawDescGZIP() accessors
CL/642857: internal_gengo: switch back from string literal to hex byte slice
CL/642055: internal_gengo: use unsafe.StringData() to avoid a descriptor copy
CL/638135: internal_gengo: store raw descriptor in .rodata section

v1.36.3

Full Changelog: protocolbuffers/protobuf-go@v1.36.2...v1.36.3

Bug fixes:

(truncated — see source for full notes)

go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc (v0.46.0 → v0.68.0) — Changelog

Added

Add Resource method to SDK in go.opentelemetry.io/contrib/otelconf/v0.3.0 to expose the resolved SDK resource from declarative configuration. (Add SDK.Resource() to otelconf/v0.3.0 open-telemetry/opentelemetry-go-contrib#8660)
Add support to set the configuration file via OTEL_CONFIG_FILE in go.opentelemetry.io/contrib/otelconf. (otelconf: support OTEL_CONFIG_FILE as it is no longer experimental open-telemetry/opentelemetry-go-contrib#8639)
Add support for service resource detector in go.opentelemetry.io/contrib/otelconf. (otelconf: support service resource detector open-telemetry/opentelemetry-go-contrib#8674)
Add support for attribute_count_limit and attribute_value_length_limit in tracer provider configuration in go.opentelemetry.io/contrib/otelconf. (otelconf: add support for tracer provider limits open-telemetry/opentelemetry-go-contrib#8687)
Add support for attribute_count_limit and attribute_value_length_limit in logger provider configuration in go.opentelemetry.io/contrib/otelconf. (otelconf: add support for logger provider limits open-telemetry/opentelemetry-go-contrib#8686)
Add support for server.address and server.port attributes in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (otelgrpc: add server.address and server.port open-telemetry/opentelemetry-go-contrib#8723)
Add support for OTEL_SEMCONV_STABILITY_OPT_IN in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. Supported values are rpc (default), rpc/dup and rpc/old. (otelgrpc: support OTEL_SEMCONV_STABILITY_OPT_IN open-telemetry/opentelemetry-go-contrib#8726)
Add the http.route metric attribute to go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp. (feat(net/http/otelhttp): Add http.route attribute open-telemetry/opentelemetry-go-contrib#8632)

Changed

Prepend _ to the normalized environment variable name when the key starts with a digit in go.opentelemetry.io/contrib/propagators/envcar, ensuring POSIX compliance. (envcar: refine normalization open-telemetry/opentelemetry-go-contrib#8678)
Move experimental types from go.opentelemetry.io/contrib/otelconf to go.opentelemetry.io/contrib/otelconf/x. (otelconf: move experimental types to otelconf/x open-telemetry/opentelemetry-go-contrib#8529)
Normalize cached environment variable names in go.opentelemetry.io/contrib/propagators/envcar, aligning Carrier.Keys output with the carrier's normalized key format. (envcar: normalize cached environment variable names open-telemetry/opentelemetry-go-contrib#8761)

Fixed

Fix go.opentelemetry.io/contrib/otelconf Prometheus reader converting OTel dot-style label names (e.g. service.name) to underscore-style (service_name) in target_info when both without_type_suffix and without_units are set. Use NoTranslation instead of UnderscoreEscapingWithoutSuffixes to preserve dot-style label names while still suppressing metric name suffixes. (Fix otelconf prometheus label escaping open-telemetry/opentelemetry-go-contrib#8763)
Limit the request body size at 1MB in go.opentelemetry.io/contrib/zpages. (Limit the number of bytes read from the zpages body open-telemetry/opentelemetry-go-contrib#8656)
Fix server spans using the client's address and port for server.address and server.port attributes in go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc. (otelgrpc: add server.address and server.port open-telemetry/opentelemetry-go-contrib#8723)

Removed

Host ID resource detector has been removed when configuring the host resource detector in go.opentelemetry.io/contrib/otelconf. (otelconf: remove host ID detector in host configuration open-telemetry/opentelemetry-go-contrib#8581)

Deprecated

Deprecate OTEL_EXPERIMENTAL_CONFIG_FILE in favour of OTEL_CONFIG_FILE in go.opentelemetry.io/contrib/otelconf. (otelconf: support OTEL_CONFIG_FILE as it is no longer experimental open-telemetry/opentelemetry-go-contrib#8639)

go.opentelemetry.io/otel (v1.20.0 → v1.43.0) — GitHub Release

v1.43.0

Added

Add IsRandom and WithRandom on TraceFlags, and IsRandom on SpanContext in go.opentelemetry.io/otel/trace
for W3C Trace Context Level 2 Random Trace ID Flag support. (trace: add Random Trace ID Flag open-telemetry/opentelemetry-go#8012)
Add service detection with WithService in go.opentelemetry.io/otel/sdk/resource. (resource: add WithService detector option open-telemetry/opentelemetry-go#7642)
Add DefaultWithContext and EnvironmentWithContext in go.opentelemetry.io/otel/sdk/resource to support plumbing context.Context through default and environment detectors. (sdk/resource: add WithContext variants for Default and Environment (#7808) open-telemetry/opentelemetry-go#8051)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Add support for per-series start time tracking for cumulative metrics in go.opentelemetry.io/otel/sdk/metric.
Set OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true to enable. (Add support for the development per-series starttime feature open-telemetry/opentelemetry-go#8060)
Add WithCardinalityLimitSelector for metric reader for configuring cardinality limits specific to the instrument kind. (sdk/metric: Support specifying cardinality limits per instrument kinds open-telemetry/opentelemetry-go#7855)

Changed

Introduce the EMPTY Type in go.opentelemetry.io/otel/attribute to reflect that an empty value is now a valid value, with INVALID remaining as a deprecated

(truncated)

v1.42.0

Added

Add go.opentelemetry.io/otel/semconv/v1.40.0 package.
The package contains semantic conventions from the v1.40.0 version of the OpenTelemetry Semantic Conventions.
See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.39.0. (Revert "Revert "Generate semconv/v1.40.0"" open-telemetry/opentelemetry-go#7985)
Add Err and SetErr on Record in go.opentelemetry.io/otel/log to attach an error and set record exception attributes in go.opentelemetry.io/otel/log/sdk. (log: add error field to Record and make SDK to emit exception attributes open-telemetry/opentelemetry-go#7924)

Changed

TracerProvider.ForceFlush in go.opentelemetry.io/otel/sdk/trace joins errors together and continues iteration through SpanProcessors as opposed to returning the first encountered error without attempting exports on subsequent SpanProcessors. (TracerProvider ForceFlush() Error Fix open-telemetry/opentelemetry-go#7856)

Fixed

Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to correctly handle HTTP2 GOAWAY frame. (support stdlib request.GetBody on metrics open-telemetry/opentelemetry-go#7931)
Fix semconv v1.39.0 generated metric helpers skipping required attributes when extra attributes were empty. (fix: generated semconv helpers skipping attributes open-telemetry/opentelemetry-go#7964)
Preserve W3C TraceFlags bitmask (including the random Trace ID flag) during trace context extraction and injection in go.opentelemetry.io/otel/propagation. (Feat: Have SpanContext support the new W3C random flag. open-telemetry/opentelemetry-go#7834)

Removed

Drop support for Go 1.24. (Drop support for Go 1.24 open-telemetry/opentelemetry-go#7984)

What's Changed

fix changelog protection marker by @pellared in fix changelog protection marker open-telemetry/opentelemetry-go#7986
Drop support for Go 1.24 by @MrAlias in Drop support for Go 1.24 open-telemetry/opentelemetry-go#7984
fix(deps): update golang.org/x by @renovate[bot] in fix(deps): update golang.org/x open-telemetry/opentelemetry-go#7907
chore(deps): update module go.opentelemetry.io/collector/featuregate to v1.53.0 by @renovate[bot] in chore(deps): update module go.opentelemetry.io/collector/featuregate to v1.53.0 open-telemetry/opentelemetry-go#7981
chore(deps): update benchmark-action/github-action-benchmark action to v1.21.0 by @renovate[bot] in chore(deps): update benchmark-action/github-action-benchmark action to v1.21.0 open-telemetry/opentelemetry-go#7989
fix(deps):

(truncated)

v1.41.0

This release is the last to support Go 1.24. The next release will require at least Go 1.25.

Added

Support testing of Go 1.26. (Support Go 1.26 open-telemetry/opentelemetry-go#7902)

Fixed

Update Baggage in go.opentelemetry.io/otel/propagation and Parse and New in go.opentelemetry.io/otel/baggage to comply with W3C Baggage specification limits. New and Parse now return partial baggage along with an error when limits are exceeded. Errors from baggage extraction are reported to the global error handler. (Comply with W3C Baggage specification limits open-telemetry/opentelemetry-go#7880)

What's Changed

fix(deps): update googleapis to ce8ad4c by @renovate[bot] in fix(deps): update googleapis to ce8ad4c open-telemetry/opentelemetry-go#7860
chore(deps): update otel/weaver docker tag to v0.21.0 by @renovate[bot] in chore(deps): update otel/weaver docker tag to v0.21.0 open-telemetry/opentelemetry-go#7865
fix(deps): update module go.opentelemetry.io/collector/pdata to v1.51.0 by @renovate[bot] in fix(deps): update module go.opentelemetry.io/collector/pdata to v1.51.0 open-telemetry/opentelemetry-go#7863
chore(deps): update golang.org/x/telemetry digest to fe4bb1c by @renovate[bot] in chore(deps): update golang.org/x/telemetry digest to fe4bb1c open-telemetry/opentelemetry-go#7861
chore(deps): update golang.org/x/telemetry digest to aaaaaa5 by @renovate[bot] in chore(deps): update golang.org/x/telemetry digest to aaaaaa5 open-telemetry/opentelemetry-go#7869

(truncated — see source for full notes)

go.opentelemetry.io/otel/metric (v1.20.0 → v1.43.0) — GitHub Release

v1.43.0

Added

Add IsRandom and WithRandom on TraceFlags, and IsRandom on SpanContext in go.opentelemetry.io/otel/trace
for W3C Trace Context Level 2 Random Trace ID Flag support. (trace: add Random Trace ID Flag open-telemetry/opentelemetry-go#8012)
Add service detection with WithService in go.opentelemetry.io/otel/sdk/resource. (resource: add WithService detector option open-telemetry/opentelemetry-go#7642)
Add DefaultWithContext and EnvironmentWithContext in go.opentelemetry.io/otel/sdk/resource to support plumbing context.Context through default and environment detectors. (sdk/resource: add WithContext variants for Default and Environment (#7808) open-telemetry/opentelemetry-go#8051)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Add support for per-series start time tracking for cumulative metrics in go.opentelemetry.io/otel/sdk/metric.
Set OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true to enable. (Add support for the development per-series starttime feature open-telemetry/opentelemetry-go#8060)
Add WithCardinalityLimitSelector for metric reader for configuring cardinality limits specific to the instrument kind. (sdk/metric: Support specifying cardinality limits per instrument kinds open-telemetry/opentelemetry-go#7855)

Changed

Introduce the EMPTY Type in go.opentelemetry.io/otel/attribute to reflect that an empty value is now a valid value, with INVALID remaining as a deprecated

(truncated)

v1.42.0

Added

Add go.opentelemetry.io/otel/semconv/v1.40.0 package.
The package contains semantic conventions from the v1.40.0 version of the OpenTelemetry Semantic Conventions.
See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.39.0. (Revert "Revert "Generate semconv/v1.40.0"" open-telemetry/opentelemetry-go#7985)
Add Err and SetErr on Record in go.opentelemetry.io/otel/log to attach an error and set record exception attributes in go.opentelemetry.io/otel/log/sdk. (log: add error field to Record and make SDK to emit exception attributes open-telemetry/opentelemetry-go#7924)

Changed

TracerProvider.ForceFlush in go.opentelemetry.io/otel/sdk/trace joins errors together and continues iteration through SpanProcessors as opposed to returning the first encountered error without attempting exports on subsequent SpanProcessors. (TracerProvider ForceFlush() Error Fix open-telemetry/opentelemetry-go#7856)

Fixed

Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to correctly handle HTTP2 GOAWAY frame. (support stdlib request.GetBody on metrics open-telemetry/opentelemetry-go#7931)
Fix semconv v1.39.0 generated metric helpers skipping required attributes when extra attributes were empty. (fix: generated semconv helpers skipping attributes open-telemetry/opentelemetry-go#7964)
Preserve W3C TraceFlags bitmask (including the random Trace ID flag) during trace context extraction and injection in go.opentelemetry.io/otel/propagation. (Feat: Have SpanContext support the new W3C random flag. open-telemetry/opentelemetry-go#7834)

Removed

Drop support for Go 1.24. (Drop support for Go 1.24 open-telemetry/opentelemetry-go#7984)

What's Changed

fix changelog protection marker by @pellared in fix changelog protection marker open-telemetry/opentelemetry-go#7986
Drop support for Go 1.24 by @MrAlias in Drop support for Go 1.24 open-telemetry/opentelemetry-go#7984
fix(deps): update golang.org/x by @renovate[bot] in fix(deps): update golang.org/x open-telemetry/opentelemetry-go#7907
chore(deps): update module go.opentelemetry.io/collector/featuregate to v1.53.0 by @renovate[bot] in chore(deps): update module go.opentelemetry.io/collector/featuregate to v1.53.0 open-telemetry/opentelemetry-go#7981
chore(deps): update benchmark-action/github-action-benchmark action to v1.21.0 by @renovate[bot] in chore(deps): update benchmark-action/github-action-benchmark action to v1.21.0 open-telemetry/opentelemetry-go#7989
fix(deps):

(truncated)

v1.41.0

This release is the last to support Go 1.24. The next release will require at least Go 1.25.

Added

Support testing of Go 1.26. (Support Go 1.26 open-telemetry/opentelemetry-go#7902)

Fixed

Update Baggage in go.opentelemetry.io/otel/propagation and Parse and New in go.opentelemetry.io/otel/baggage to comply with W3C Baggage specification limits. New and Parse now return partial baggage along with an error when limits are exceeded. Errors from baggage extraction are reported to the global error handler. (Comply with W3C Baggage specification limits open-telemetry/opentelemetry-go#7880)

What's Changed

fix(deps): update googleapis to ce8ad4c by @renovate[bot] in fix(deps): update googleapis to ce8ad4c open-telemetry/opentelemetry-go#7860
chore(deps): update otel/weaver docker tag to v0.21.0 by @renovate[bot] in chore(deps): update otel/weaver docker tag to v0.21.0 open-telemetry/opentelemetry-go#7865
fix(deps): update module go.opentelemetry.io/collector/pdata to v1.51.0 by @renovate[bot] in fix(deps): update module go.opentelemetry.io/collector/pdata to v1.51.0 open-telemetry/opentelemetry-go#7863
chore(deps): update golang.org/x/telemetry digest to fe4bb1c by @renovate[bot] in chore(deps): update golang.org/x/telemetry digest to fe4bb1c open-telemetry/opentelemetry-go#7861
chore(deps): update golang.org/x/telemetry digest to aaaaaa5 by @renovate[bot] in chore(deps): update golang.org/x/telemetry digest to aaaaaa5 open-telemetry/opentelemetry-go#7869

(truncated — see source for full notes)

go.opentelemetry.io/otel/sdk/metric (v1.20.0 → v1.43.0) — GitHub Release

v1.43.0

Added

Add IsRandom and WithRandom on TraceFlags, and IsRandom on SpanContext in go.opentelemetry.io/otel/trace
for W3C Trace Context Level 2 Random Trace ID Flag support. (trace: add Random Trace ID Flag open-telemetry/opentelemetry-go#8012)
Add service detection with WithService in go.opentelemetry.io/otel/sdk/resource. (resource: add WithService detector option open-telemetry/opentelemetry-go#7642)
Add DefaultWithContext and EnvironmentWithContext in go.opentelemetry.io/otel/sdk/resource to support plumbing context.Context through default and environment detectors. (sdk/resource: add WithContext variants for Default and Environment (#7808) open-telemetry/opentelemetry-go#8051)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Add support for per-series start time tracking for cumulative metrics in go.opentelemetry.io/otel/sdk/metric.
Set OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true to enable. (Add support for the development per-series starttime feature open-telemetry/opentelemetry-go#8060)
Add WithCardinalityLimitSelector for metric reader for configuring cardinality limits specific to the instrument kind. (sdk/metric: Support specifying cardinality limits per instrument kinds open-telemetry/opentelemetry-go#7855)

Changed

Introduce the EMPTY Type in go.opentelemetry.io/otel/attribute to reflect that an empty value is now a valid value, with INVALID remaining as a deprecated

(truncated)

v1.42.0

Added

Add go.opentelemetry.io/otel/semconv/v1.40.0 package.
The package contains semantic conventions from the v1.40.0 version of the OpenTelemetry Semantic Conventions.
See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.39.0. (Revert "Revert "Generate semconv/v1.40.0"" open-telemetry/opentelemetry-go#7985)
Add Err and SetErr on Record in go.opentelemetry.io/otel/log to attach an error and set record exception attributes in go.opentelemetry.io/otel/log/sdk. (log: add error field to Record and make SDK to emit exception attributes open-telemetry/opentelemetry-go#7924)

Changed

TracerProvider.ForceFlush in go.opentelemetry.io/otel/sdk/trace joins errors together and continues iteration through SpanProcessors as opposed to returning the first encountered error without attempting exports on subsequent SpanProcessors. (TracerProvider ForceFlush() Error Fix open-telemetry/opentelemetry-go#7856)

Fixed

Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to correctly handle HTTP2 GOAWAY frame. (support stdlib request.GetBody on metrics open-telemetry/opentelemetry-go#7931)
Fix semconv v1.39.0 generated metric helpers skipping required attributes when extra attributes were empty. (fix: generated semconv helpers skipping attributes open-telemetry/opentelemetry-go#7964)
Preserve W3C TraceFlags bitmask (including the random Trace ID flag) during trace context extraction and injection in go.opentelemetry.io/otel/propagation. (Feat: Have SpanContext support the new W3C random flag. open-telemetry/opentelemetry-go#7834)

Removed

Drop support for Go 1.24. (Drop support for Go 1.24 open-telemetry/opentelemetry-go#7984)

What's Changed

fix changelog protection marker by @pellared in fix changelog protection marker open-telemetry/opentelemetry-go#7986
Drop support for Go 1.24 by @MrAlias in Drop support for Go 1.24 open-telemetry/opentelemetry-go#7984
fix(deps): update golang.org/x by @renovate[bot] in fix(deps): update golang.org/x open-telemetry/opentelemetry-go#7907
chore(deps): update module go.opentelemetry.io/collector/featuregate to v1.53.0 by @renovate[bot] in chore(deps): update module go.opentelemetry.io/collector/featuregate to v1.53.0 open-telemetry/opentelemetry-go#7981
chore(deps): update benchmark-action/github-action-benchmark action to v1.21.0 by @renovate[bot] in chore(deps): update benchmark-action/github-action-benchmark action to v1.21.0 open-telemetry/opentelemetry-go#7989
fix(deps):

(truncated)

v1.41.0

This release is the last to support Go 1.24. The next release will require at least Go 1.25.

Added

Support testing of Go 1.26. (Support Go 1.26 open-telemetry/opentelemetry-go#7902)

Fixed

Update Baggage in go.opentelemetry.io/otel/propagation and Parse and New in go.opentelemetry.io/otel/baggage to comply with W3C Baggage specification limits. New and Parse now return partial baggage along with an error when limits are exceeded. Errors from baggage extraction are reported to the global error handler. (Comply with W3C Baggage specification limits open-telemetry/opentelemetry-go#7880)

What's Changed

fix(deps): update googleapis to ce8ad4c by @renovate[bot] in fix(deps): update googleapis to ce8ad4c open-telemetry/opentelemetry-go#7860
chore(deps): update otel/weaver docker tag to v0.21.0 by @renovate[bot] in chore(deps): update otel/weaver docker tag to v0.21.0 open-telemetry/opentelemetry-go#7865
fix(deps): update module go.opentelemetry.io/collector/pdata to v1.51.0 by @renovate[bot] in fix(deps): update module go.opentelemetry.io/collector/pdata to v1.51.0 open-telemetry/opentelemetry-go#7863
chore(deps): update golang.org/x/telemetry digest to fe4bb1c by @renovate[bot] in chore(deps): update golang.org/x/telemetry digest to fe4bb1c open-telemetry/opentelemetry-go#7861
chore(deps): update golang.org/x/telemetry digest to aaaaaa5 by @renovate[bot] in chore(deps): update golang.org/x/telemetry digest to aaaaaa5 open-telemetry/opentelemetry-go#7869

(truncated — see source for full notes)

go.opentelemetry.io/otel/trace (v1.20.0 → v1.43.0) — GitHub Release

v1.43.0

Added

Add IsRandom and WithRandom on TraceFlags, and IsRandom on SpanContext in go.opentelemetry.io/otel/trace
for W3C Trace Context Level 2 Random Trace ID Flag support. (trace: add Random Trace ID Flag open-telemetry/opentelemetry-go#8012)
Add service detection with WithService in go.opentelemetry.io/otel/sdk/resource. (resource: add WithService detector option open-telemetry/opentelemetry-go#7642)
Add DefaultWithContext and EnvironmentWithContext in go.opentelemetry.io/otel/sdk/resource to support plumbing context.Context through default and environment detectors. (sdk/resource: add WithContext variants for Default and Environment (#7808) open-telemetry/opentelemetry-go#8051)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (attribute: change INVALID Type to EMPTY and mark INVALID as deprecated open-telemetry/opentelemetry-go#8038)
Add support for per-series start time tracking for cumulative metrics in go.opentelemetry.io/otel/sdk/metric.
Set OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true to enable. (Add support for the development per-series starttime feature open-telemetry/opentelemetry-go#8060)
Add WithCardinalityLimitSelector for metric reader for configuring cardinality limits specific to the instrument kind. (sdk/metric: Support specifying cardinality limits per instrument kinds open-telemetry/opentelemetry-go#7855)

Changed

Introduce the EMPTY Type in go.opentelemetry.io/otel/attribute to reflect that an empty value is now a valid value, with INVALID remaining as a deprecated

(truncated)

v1.42.0

Added

Add go.opentelemetry.io/otel/semconv/v1.40.0 package.
The package contains semantic conventions from the v1.40.0 version of the OpenTelemetry Semantic Conventions.
See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.39.0. (Revert "Revert "Generate semconv/v1.40.0"" open-telemetry/opentelemetry-go#7985)
Add Err and SetErr on Record in go.opentelemetry.io/otel/log to attach an error and set record exception attributes in go.opentelemetry.io/otel/log/sdk. (log: add error field to Record and make SDK to emit exception attributes open-telemetry/opentelemetry-go#7924)

Changed

TracerProvider.ForceFlush in go.opentelemetry.io/otel/sdk/trace joins errors together and continues iteration through SpanProcessors as opposed to returning the first encountered error without attempting exports on subsequent SpanProcessors. (TracerProvider ForceFlush() Error Fix open-telemetry/opentelemetry-go#7856)

Fixed

Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to correctly handle HTTP2 GOAWAY frame. (support stdlib request.GetBody on metrics open-telemetry/opentelemetry-go#7931)
Fix semconv v1.39.0 generated metric helpers skipping required attributes when extra attributes were empty. (fix: generated semconv helpers skipping attributes open-telemetry/opentelemetry-go#7964)
Preserve W3C TraceFlags bitmask (including the random Trace ID flag) during trace context extraction and injection in go.opentelemetry.io/otel/propagation. (Feat: Have SpanContext support the new W3C random flag. open-telemetry/opentelemetry-go#7834)

Removed

Drop support for Go 1.24. (Drop support for Go 1.24 open-telemetry/opentelemetry-go#7984)

What's Changed

fix changelog protection marker by @pellared in fix changelog protection marker open-telemetry/opentelemetry-go#7986
Drop support for Go 1.24 by @MrAlias in Drop support for Go 1.24 open-telemetry/opentelemetry-go#7984
fix(deps): update golang.org/x by @renovate[bot] in fix(deps): update golang.org/x open-telemetry/opentelemetry-go#7907
chore(deps): update module go.opentelemetry.io/collector/featuregate to v1.53.0 by @renovate[bot] in chore(deps): update module go.opentelemetry.io/collector/featuregate to v1.53.0 open-telemetry/opentelemetry-go#7981
chore(deps): update benchmark-action/github-action-benchmark action to v1.21.0 by @renovate[bot] in chore(deps): update benchmark-action/github-action-benchmark action to v1.21.0 open-telemetry/opentelemetry-go#7989
fix(deps):

(truncated)

v1.41.0

This release is the last to support Go 1.24. The next release will require at least Go 1.25.

Added

Support testing of Go 1.26. (Support Go 1.26 open-telemetry/opentelemetry-go#7902)

Fixed

Update Baggage in go.opentelemetry.io/otel/propagation and Parse and New in go.opentelemetry.io/otel/baggage to comply with W3C Baggage specification limits. New and Parse now return partial baggage along with an error when limits are exceeded. Errors from baggage extraction are reported to the global error handler. (Comply with W3C Baggage specification limits open-telemetry/opentelemetry-go#7880)

What's Changed

fix(deps): update googleapis to ce8ad4c by @renovate[bot] in fix(deps): update googleapis to ce8ad4c open-telemetry/opentelemetry-go#7860
chore(deps): update otel/weaver docker tag to v0.21.0 by @renovate[bot] in chore(deps): update otel/weaver docker tag to v0.21.0 open-telemetry/opentelemetry-go#7865
fix(deps): update module go.opentelemetry.io/collector/pdata to v1.51.0 by @renovate[bot] in fix(deps): update module go.opentelemetry.io/collector/pdata to v1.51.0 open-telemetry/opentelemetry-go#7863
chore(deps): update golang.org/x/telemetry digest to fe4bb1c by @renovate[bot] in chore(deps): update golang.org/x/telemetry digest to fe4bb1c open-telemetry/opentelemetry-go#7861
chore(deps): update golang.org/x/telemetry digest to aaaaaa5 by @renovate[bot] in chore(deps): update golang.org/x/telemetry digest to aaaaaa5 open-telemetry/opentelemetry-go#7869

(truncated — see source for full notes)

Generated by ADMS Sources: 7 GitHub Releases, 1 Changelog, 1 not available.

seberm-6 · 2026-04-23T11:01:12Z

Hey, sorry for the noise. This was caused by a bug in our automated dependency update system that incorrectly included upstream changelog content in PR comments, triggering notifications to external contributors. The feature flag has been turned off and we're working on a fix. Sorry about that again.

Executing automated changes

180026a

gh-worker-campaigns-3e9aa4 Bot added campaigner-automated-change adms-critical-severity adms-go adms-high-severity adms-medium-severity adms-mode-all-updates adms-unstable-update adms-dependency-update labels Apr 23, 2026

seberm-6 closed this Apr 23, 2026

Conversation

gh-worker-campaigns-3e9aa4 Bot commented Apr 23, 2026

Updates

Security Details

Review Checklist

Uh oh!

campaigner-prod Bot commented Apr 23, 2026

Release Notes

v1.80.0

Behavior Changes

Bug Fixes

New Features

Performance Improvements

v1.79.3

Security

v1.79.2

Bug Fixes

v1.79.1

Bug Fixes

v1.79.0

API Changes

Behavior Changes

New Features

Bug Fixes

v1.78.0

Behavior Changes

New Features

v1.43.0

Added

Changed

v1.42.0

Added

Changed

Fixed

Removed

What's Changed

v1.41.0

Added

Fixed

What's Changed

v1.36.11

v1.36.10

v1.36.9

v1.36.8

v1.36.7

v1.36.6

v1.36.5

v1.36.4

v1.36.3

Added

Changed

Fixed

Removed

Deprecated

v1.43.0

Added

Changed

v1.42.0

Added

Changed

Fixed

Removed

What's Changed

v1.41.0

Added

Fixed

What's Changed

v1.43.0

Added

Changed

v1.42.0

Added

Changed

Fixed

Removed

What's Changed

v1.41.0

Added

Fixed

What's Changed