From 43a06c0e0359911210690a7f57f17452ca5d3110 Mon Sep 17 00:00:00 2001
From: jamie-albert <jamie.albert@chainguard.dev>
Date: Tue, 23 Dec 2025 18:50:19 -0800
Subject: [PATCH] opentelemetry-collector: fix GHSA-cfpf-hrx2-8rv6 by updating
 expr to v1.17.7

---
 opentelemetry-collector.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/opentelemetry-collector.yaml b/opentelemetry-collector.yaml
index 9a37ef31fc1..4df9c2c3455 100644
--- a/opentelemetry-collector.yaml
+++ b/opentelemetry-collector.yaml
@@ -1,7 +1,7 @@
 package:
   name: opentelemetry-collector
   version: "0.142.0"
-  epoch: 0 # CVE-2025-61729
+  epoch: 1 # GHSA-cfpf-hrx2-8rv6
   description: OpenTelemetry Collector
   copyright:
     - license: Apache-2.0
@@ -29,6 +29,10 @@ pipeline:
       tag: v${{package.version}}
       expected-commit: b579eb1cd7f4334b0f460eb05a81373e5635942f
 
+  - uses: go/bump
+    with:
+      deps: github.com/expr-lang/expr@v1.17.7
+
   - uses: go/build
     with:
       packages: .