Skip to content

bump otel dependencies (CVE-2026-24051)#140

Merged
kcp-ci-bot merged 1 commit intomainfrom
bump-otel
Mar 4, 2026
Merged

bump otel dependencies (CVE-2026-24051)#140
kcp-ci-bot merged 1 commit intomainfrom
bump-otel

Conversation

@xrstf
Copy link
Contributor

@xrstf xrstf commented Mar 4, 2026

Summary

We have received a depdendabot alert about this dependency, so this PR updates OTEL (and only OTEL to allow for easier backports if necessary).

What Type of PR Is This?

/kind chore

Release Notes

[CVE-2026-24051] Bump opentelemetry SDK to v1.41.0

/label tide/merge-method-squash

@xrstf
bump otel dependencies (CVE-2026-24051)
cc0499d 
On-behalf-of: @SAP christoph.mewes@sap.com
@kcp-ci-bot kcp-ci-bot added kind/chore Categorizes issue or PR as related to maintenance and other usually non-code changes. release-note Denotes a PR that will be considered when it comes time to generate release notes. dco-signoff: yes Indicates the PR's author has signed the DCO. tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Mar 4, 2026
ntnn
ntnn approved these changes Mar 4, 2026
View reviewed changes
Copy link
Member

@ntnn ntnn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@kcp-ci-bot kcp-ci-bot added the lgtm Indicates that a PR is ready to be merged. label Mar 4, 2026
@kcp-ci-bot
Copy link
Contributor

kcp-ci-bot commented Mar 4, 2026

LGTM label has been added.

DetailsGit tree hash: 9229815b044e8b5fec7f8b937082061b6d41109f

@xrstf
Copy link
Contributor Author

xrstf commented Mar 4, 2026

/approve

@kcp-ci-bot
Copy link
Contributor

kcp-ci-bot commented Mar 4, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ntnn, xrstf

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kcp-ci-bot kcp-ci-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 4, 2026
@xrstf
Copy link
Contributor Author

xrstf commented Mar 4, 2026

/retest

2 similar comments
@xrstf
Copy link
Contributor Author

xrstf commented Mar 4, 2026

/retest

@xrstf
Copy link
Contributor Author

xrstf commented Mar 4, 2026

/retest

@kcp-ci-bot kcp-ci-bot merged commit 2db6919 into main Mar 4, 2026
11 checks passed
@kcp-ci-bot kcp-ci-bot deleted the bump-otel branch March 4, 2026 17:20
@xrstf
Copy link
Contributor Author

xrstf commented Mar 5, 2026

/cherrypick release-0.5

@xrstf
Copy link
Contributor Author

xrstf commented Mar 5, 2026

/cherrypick release-0.4

@kcp-ci-bot
Copy link
Contributor

kcp-ci-bot commented Mar 5, 2026

@xrstf: new pull request created: #143

Details

In response to this:

/cherrypick release-0.5

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@kcp-ci-bot kcp-ci-bot mentioned this pull request Mar 5, 2026
Merged
@kcp-ci-bot
Copy link
Contributor

kcp-ci-bot commented Mar 5, 2026

@xrstf: #140 failed to apply on top of branch "release-0.4":

Applying: bump otel dependencies (CVE-2026-24051)
Using index info to reconstruct a base tree...
M	go.mod
M	go.sum
Falling back to patching base and 3-way merge...
Auto-merging go.sum
CONFLICT (content): Merge conflict in go.sum
Auto-merging go.mod
CONFLICT (content): Merge conflict in go.mod
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config set advice.mergeConflict false"
Patch failed at 0001 bump otel dependencies (CVE-2026-24051)
Details

In response to this:

/cherrypick release-0.4

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

xrstf added a commit that referenced this pull request Mar 5, 2026
@xrstf
[release-0.4] bump otel dependencies (CVE-2026-24051) (#140)
ccc64b3 
On-behalf-of: @SAP christoph.mewes@sap.com
@xrstf xrstf mentioned this pull request Mar 5, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ntnn ntnn ntnn approved these changes

Assignees

@ntnn ntnn

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates the PR's author has signed the DCO. kind/chore Categorizes issue or PR as related to maintenance and other usually non-code changes. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. tide/merge-method-squash Denotes a PR that should be squashed by tide when it merges.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@xrstf @kcp-ci-bot @ntnn