Build(deps): Bump the go_modules group across 3 directories with 7 updates by dependabot[bot] · Pull Request #2 · jrin0340-420/minikube

dependabot · 2026-05-03T02:14:51Z

Bumps the go_modules group with 2 updates in the / directory: github.com/hashicorp/go-getter and github.com/go-jose/go-jose/v4.
Bumps the go_modules group with 3 updates in the /hack directory: github.com/hashicorp/go-getter, github.com/go-jose/go-jose/v4 and golang.org/x/image.
Bumps the go_modules group with 1 update in the /hack/jenkins/test-flake-chart/report_flakes directory: google.golang.org/grpc.

Updates github.com/hashicorp/go-getter from 1.8.4 to 1.8.6

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.8.6

No release notes provided.

v1.8.5

What's Changed

[chore] : Bump the go group with 2 updates by @dependabot[bot] in hashicorp/go-getter#576

use %w to wrap error by @Ericwww in hashicorp/go-getter#475

fix: #538 http file download skipped if headResp.ContentLength is 0 by @martijnvdp in hashicorp/go-getter#539

chore: fix error message capitalization in checksum function by @ssagarverma in hashicorp/go-getter#578

[chore] : Bump the go group with 8 updates by @dependabot[bot] in hashicorp/go-getter#577

Fix git url with ambiguous ref by @nimasamii in hashicorp/go-getter#382

fix: resolve compilation errors in get_git_test.go by @CreatorHead in hashicorp/go-getter#579

[chore] : Bump the actions group with 2 updates by @dependabot[bot] in hashicorp/go-getter#582

[chore] : Bump the go group with 3 updates by @dependabot[bot] in hashicorp/go-getter#583

test that arbitrary files cannot be checksummed by @schmichael in hashicorp/go-getter#250

[chore] : Bump google.golang.org/api from 0.260.0 to 0.262.0 in the go group by @dependabot[bot] in hashicorp/go-getter#585

[chore] : Bump actions/checkout from 6.0.1 to 6.0.2 in the actions group by @dependabot[bot] in hashicorp/go-getter#586

[chore] : Bump the go group with 3 updates by @dependabot[bot] in hashicorp/go-getter#588

[chore] : Bump actions/cache from 5.0.2 to 5.0.3 in the actions group by @dependabot[bot] in hashicorp/go-getter#589

[chore] : Bump aws-actions/configure-aws-credentials from 5.1.1 to 6.0.0 in the actions group by @dependabot[bot] in hashicorp/go-getter#592

[chore] : Bump google.golang.org/api from 0.264.0 to 0.265.0 in the go group by @dependabot[bot] in hashicorp/go-getter#591

[chore] : Bump the go group with 5 updates by @dependabot[bot] in hashicorp/go-getter#593

IND-6310 - CRT Onboarding by @nasareeny in hashicorp/go-getter#584

Fix crt build path by @ssagarverma in hashicorp/go-getter#594

[chore] : Bump the go group with 3 updates by @dependabot[bot] in hashicorp/go-getter#596

fix: remove checkout action from set-product-version job by @ssagarverma in hashicorp/go-getter#598

[chore] : Bump the actions group with 4 updates by @dependabot[bot] in hashicorp/go-getter#595

fix(deps): upgrade go.opentelemetry.io/otel/sdk to v1.40.0 (GO-2026-4394) by @ssagarverma in hashicorp/go-getter#599

Prepare go-getter for v1.8.5 release by @nasareeny in hashicorp/go-getter#597

[chore] : Bump the actions group with 2 updates by @dependabot[bot] in hashicorp/go-getter#600

sec: bump go and xrepos + redact aws tokens in url by @dduzgun-security in hashicorp/go-getter#604

NOTES:

Binary Distribution Update: To streamline our release process and align with other HashiCorp tools, all release binaries will now be published exclusively to the official HashiCorp release site. We will no longer attach release assets to GitHub Releases.

New Contributors

@Ericwww made their first contribution in hashicorp/go-getter#475

@martijnvdp made their first contribution in hashicorp/go-getter#539

@nimasamii made their first contribution in hashicorp/go-getter#382

@nasareeny made their first contribution in hashicorp/go-getter#584

Full Changelog: hashicorp/go-getter@v1.8.4...v1.8.5

Commits

d23bff4 Merge pull request #608 from hashicorp/dependabot/go_modules/go-security-9c51...
2c4aba8 Merge pull request #613 from hashicorp/pull/v1.8.6
fe61ed9 Merge pull request #611 from hashicorp/SECVULN-41053
d533656 Merge pull request #606 from hashicorp/pull/CRT
388f23d Additional test for local branch and head
b7ceaa5 harden checkout ref handling and added regression tests
769cc14 Release version bump up
6086a6a Review Comments Addressed
e02063c Revert "SECVULN Fix for git checkout argument injection enables arbitrary fil...
c93084d [chore] : Bump google.golang.org/grpc
Additional commits viewable in compare view

Updates go.opentelemetry.io/otel from 1.40.0 to 1.42.0

Changelog

Sourced from go.opentelemetry.io/otel's changelog.

[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06

Added

Add go.opentelemetry.io/otel/semconv/v1.40.0 package. The package contains semantic conventions from the v1.40.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.39.0. (#7985)

Add Err and SetErr on Record in go.opentelemetry.io/otel/log to attach an error and set record exception attributes in go.opentelemetry.io/otel/log/sdk. (#7924)

Changed

TracerProvider.ForceFlush in go.opentelemetry.io/otel/sdk/trace joins errors together and continues iteration through SpanProcessors as opposed to returning the first encountered error without attempting exports on subsequent SpanProcessors. (#7856)

Fixed

Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to correctly handle HTTP2 GOAWAY frame. (#7931)

Fix semconv v1.39.0 generated metric helpers skipping required attributes when extra attributes were empty. (#7964)

Preserve W3C TraceFlags bitmask (including the random Trace ID flag) during trace context extraction and injection in go.opentelemetry.io/otel/propagation. (#7834)

Removed

Drop support for [Go 1.24]. (#7984)

[1.41.0/0.63.0/0.17.0/0.0.15] 2026-03-02

This release is the last to support [Go 1.24]. The next release will require at least [Go 1.25].

Added

Support testing of [Go 1.26]. (#7902)

Fixed

Update Baggage in go.opentelemetry.io/otel/propagation and Parse and New in go.opentelemetry.io/otel/baggage to comply with W3C Baggage specification limits. New and Parse now return partial baggage along with an error when limits are exceeded. Errors from baggage extraction are reported to the global error handler. (#7880)

Return an error when the endpoint is configured as insecure and with TLS configuration in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#7914)

Return an error when the endpoint is configured as insecure and with TLS configuration in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#7914)

Return an error when the endpoint is configured as insecure and with TLS configuration in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#7914)

Commits

a3941ff Release v1.42.0/v0.64.0/v0.18.0/v0.0.16 (#8006)
6059c47 chore(deps): update golang.org/x/telemetry digest to e526e8a (#8010)
44c7edf chore(deps): update module github.com/mgechev/revive to v1.15.0 (#8009)
de5fb3a fix(deps): update module google.golang.org/grpc to v1.79.2 (#8007)
0b82ded chore(deps): update codspeedhq/action action to v4.11.1 (#8001)
aa3660f chore(deps): update github/codeql-action action to v4.32.6 (#8004)
9be8c92 chore(deps): update dependency codespell to v2.4.2 (#8003)
c9d2015 log: add error field to Record and make SDK to emit exception attributes (#7924)
fdd1320 TracerProvider ForceFlush() Error Fix (#7856)
78f9904 chore(deps): update golang.org/x/telemetry digest to 18da590 (#8000)
Additional commits viewable in compare view

Updates go.opentelemetry.io/otel/sdk from 1.40.0 to 1.42.0

Changelog

Sourced from go.opentelemetry.io/otel/sdk's changelog.

[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06

Added

Add go.opentelemetry.io/otel/semconv/v1.40.0 package. The package contains semantic conventions from the v1.40.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.39.0. (#7985)

Add Err and SetErr on Record in go.opentelemetry.io/otel/log to attach an error and set record exception attributes in go.opentelemetry.io/otel/log/sdk. (#7924)

Changed

TracerProvider.ForceFlush in go.opentelemetry.io/otel/sdk/trace joins errors together and continues iteration through SpanProcessors as opposed to returning the first encountered error without attempting exports on subsequent SpanProcessors. (#7856)

Fixed

Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to correctly handle HTTP2 GOAWAY frame. (#7931)

Fix semconv v1.39.0 generated metric helpers skipping required attributes when extra attributes were empty. (#7964)

Preserve W3C TraceFlags bitmask (including the random Trace ID flag) during trace context extraction and injection in go.opentelemetry.io/otel/propagation. (#7834)

Removed

Drop support for [Go 1.24]. (#7984)

[1.41.0/0.63.0/0.17.0/0.0.15] 2026-03-02

This release is the last to support [Go 1.24]. The next release will require at least [Go 1.25].

Added

Support testing of [Go 1.26]. (#7902)

Fixed

Update Baggage in go.opentelemetry.io/otel/propagation and Parse and New in go.opentelemetry.io/otel/baggage to comply with W3C Baggage specification limits. New and Parse now return partial baggage along with an error when limits are exceeded. Errors from baggage extraction are reported to the global error handler. (#7880)

Return an error when the endpoint is configured as insecure and with TLS configuration in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#7914)

Return an error when the endpoint is configured as insecure and with TLS configuration in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#7914)

Return an error when the endpoint is configured as insecure and with TLS configuration in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#7914)

Commits

a3941ff Release v1.42.0/v0.64.0/v0.18.0/v0.0.16 (#8006)
6059c47 chore(deps): update golang.org/x/telemetry digest to e526e8a (#8010)
44c7edf chore(deps): update module github.com/mgechev/revive to v1.15.0 (#8009)
de5fb3a fix(deps): update module google.golang.org/grpc to v1.79.2 (#8007)
0b82ded chore(deps): update codspeedhq/action action to v4.11.1 (#8001)
aa3660f chore(deps): update github/codeql-action action to v4.32.6 (#8004)
9be8c92 chore(deps): update dependency codespell to v2.4.2 (#8003)
c9d2015 log: add error field to Record and make SDK to emit exception attributes (#7924)
fdd1320 TracerProvider ForceFlush() Error Fix (#7856)
78f9904 chore(deps): update golang.org/x/telemetry digest to 18da590 (#8000)
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream from 1.7.4 to 1.7.7

Commits

e155bb7 Release 2023-10-06
9d342ba Regenerated Clients
1df9914 Update SDK's smithy-go dependency to v1.15.0
32ada3a Update API model
12ba4ac Release 2023-10-05
be8a8e0 Regenerated Clients
dc38adb Update endpoints model
a52086e Update API model
1ed22c1 Release 2023-10-04
e007bcd Regenerated Clients
Additional commits viewable in compare view

Updates github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4

Release notes

Sourced from github.com/go-jose/go-jose/v4's releases.

v4.1.4

What's Changed

Fixes Panic in JWE decryption. See GHSA-78h2-9frx-2jm8

Full Changelog: go-jose/go-jose@v4.1.3...v4.1.4

Commits

0e59876 Merge commit from fork
ddffdbc Bump actions/checkout from 5 to 6 (#213)
See full diff in compare view

Updates google.golang.org/grpc from 1.79.1 to 1.79.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.3

Security

server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)

Release 1.79.2

Bug Fixes

stats: Prevent redundant error logging in health/ORCA producers by skipping stats/tracing processing when no stats handler is configured. (grpc/grpc-go#8874)

Release 1.79.1

Bug Fixes

grpc: Remove the -dev suffix from the User-Agent header. (grpc/grpc-go#8902)

Release 1.79.0

API Changes

mem: Add experimental API SetDefaultBufferPool to change the default buffer pool. (#8806)

Special Thanks: @vanja-p

experimental/stats: Update MetricsRecorder to require embedding the new UnimplementedMetricsRecorder (a no-op struct) in all implementations for forward compatibility. (#8780)

Behavior Changes

balancer/weightedtarget: Remove handling of Addresses and only handle Endpoints in resolver updates. (#8841)

New Features

experimental/stats: Add support for asynchronous gauge metrics through the new AsyncMetricReporter and RegisterAsyncReporter APIs. (#8780)

pickfirst: Add support for weighted random shuffling of endpoints, as described in gRFC A113.

This is enabled by default, and can be turned off using the environment variable GRPC_EXPERIMENTAL_PF_WEIGHTED_SHUFFLING. (#8864)

xds: Implement :authority rewriting, as specified in gRFC A81. (#8779)

balancer/randomsubsetting: Implement the random_subsetting LB policy, as specified in gRFC A68. (#8650)

Special Thanks: @marek-szews

Bug Fixes

credentials/tls: Fix a bug where the port was not stripped from the authority override before validation. (#8726)

Special Thanks: @Atul1710

xds/priority: Fix a bug causing delayed failover to lower-priority clusters when a higher-priority cluster is stuck in CONNECTING state. (#8813)

health: Fix a bug where health checks failed for clients using legacy compression options (WithDecompressor or RPCDecompressor). (#8765)

Special Thanks: @sanki92

transport: Fix an issue where the HTTP/2 server could skip header size checks when terminating a stream early. (#8769)

Special Thanks: @joybestourous

server: Propagate status detail headers, if available, when terminating a stream during request header processing. (#8754)

Special Thanks: @joybestourous

Performance Improvements

credentials/alts: Optimize read buffer alignment to reduce copies. (#8791)

mem: Optimize pooling and creation of buffer objects. (#8784)

transport: Reduce slice re-allocations by reserving slice capacity. (#8797)

... (truncated)

Commits

dda86db Change version to 1.79.3 (#8983)
72186f1 grpc: enforce strict path checking for incoming requests on the server (#8981)
97ca352 Changing version to 1.79.3-dev (#8954)
8902ab6 Change the version to release 1.79.2 (#8947)
a928670 Cherry-pick #8874 to v1.79.x (#8904)
06df363 Change version to 1.79.2-dev (#8903)
782f2de Change version to 1.79.1 (#8902)
850eccb Change version to 1.79.1-dev (#8851)
765ff05 Change version to 1.79.0 (#8850)
68804be Cherry pick #8864 to v1.79.x (#8896)
Additional commits viewable in compare view

Updates github.com/hashicorp/go-getter from 1.8.4 to 1.8.6

Release notes

Sourced from github.com/hashicorp/go-getter's releases.

v1.8.6

No release notes provided.

v1.8.5

What's Changed

[chore] : Bump the go group with 2 updates by @dependabot[bot] in hashicorp/go-getter#576

use %w to wrap error by @Ericwww in hashicorp/go-getter#475

fix: #538 http file download skipped if headResp.ContentLength is 0 by @martijnvdp in hashicorp/go-getter#539

chore: fix error message capitalization in checksum function by @ssagarverma in hashicorp/go-getter#578

[chore] : Bump the go group with 8 updates by @dependabot[bot] in hashicorp/go-getter#577

Fix git url with ambiguous ref by @nimasamii in hashicorp/go-getter#382

fix: resolve compilation errors in get_git_test.go by @CreatorHead in hashicorp/go-getter#579

[chore] : Bump the actions group with 2 updates by @dependabot[bot] in hashicorp/go-getter#582

[chore] : Bump the go group with 3 updates by @dependabot[bot] in hashicorp/go-getter#583

test that arbitrary files cannot be checksummed by @schmichael in hashicorp/go-getter#250

[chore] : Bump google.golang.org/api from 0.260.0 to 0.262.0 in the go group by @dependabot[bot] in hashicorp/go-getter#585

[chore] : Bump actions/checkout from 6.0.1 to 6.0.2 in the actions group by @dependabot[bot] in hashicorp/go-getter#586

[chore] : Bump the go group with 3 updates by @dependabot[bot] in hashicorp/go-getter#588

[chore] : Bump actions/cache from 5.0.2 to 5.0.3 in the actions group by @dependabot[bot] in hashicorp/go-getter#589

[chore] : Bump aws-actions/configure-aws-credentials from 5.1.1 to 6.0.0 in the actions group by @dependabot[bot] in hashicorp/go-getter#592

[chore] : Bump google.golang.org/api from 0.264.0 to 0.265.0 in the go group by @dependabot[bot] in hashicorp/go-getter#591

[chore] : Bump the go group with 5 updates by @dependabot[bot] in hashicorp/go-getter#593

IND-6310 - CRT Onboarding by @nasareeny in hashicorp/go-getter#584

Fix crt build path by @ssagarverma in hashicorp/go-getter#594

[chore] : Bump the go group with 3 updates by @dependabot[bot] in hashicorp/go-getter#596

fix: remove checkout action from set-product-version job by @ssagarverma in hashicorp/go-getter#598

[chore] : Bump the actions group with 4 updates by @dependabot[bot] in hashicorp/go-getter#595

fix(deps): upgrade go.opentelemetry.io/otel/sdk to v1.40.0 (GO-2026-4394) by @ssagarverma in hashicorp/go-getter#599

Prepare go-getter for v1.8.5 release by @nasareeny in hashicorp/go-getter#597

[chore] : Bump the actions group with 2 updates by @dependabot[bot] in hashicorp/go-getter#600

sec: bump go and xrepos + redact aws tokens in url by @dduzgun-security in hashicorp/go-getter#604

NOTES:

Binary Distribution Update: To streamline our release process and align with other HashiCorp tools, all release binaries will now be published exclusively to the official HashiCorp release site. We will no longer attach release assets to GitHub Releases.

New Contributors

@Ericwww made their first contribution in hashicorp/go-getter#475

@martijnvdp made their first contribution in hashicorp/go-getter#539

@nimasamii made their first contribution in hashicorp/go-getter#382

@nasareeny made their first contribution in hashicorp/go-getter#584

Full Changelog: hashicorp/go-getter@v1.8.4...v1.8.5

Commits

d23bff4 Merge pull request #608 from hashicorp/dependabot/go_modules/go-security-9c51...
2c4aba8 Merge pull request #613 from hashicorp/pull/v1.8.6
fe61ed9 Merge pull request #611 from hashicorp/SECVULN-41053
d533656 Merge pull request #606 from hashicorp/pull/CRT
388f23d Additional test for local branch and head
b7ceaa5 harden checkout ref handling and added regression tests
769cc14 Release version bump up
6086a6a Review Comments Addressed
e02063c Revert "SECVULN Fix for git checkout argument injection enables arbitrary fil...
c93084d [chore] : Bump google.golang.org/grpc
Additional commits viewable in compare view

Updates go.opentelemetry.io/otel from 1.40.0 to 1.42.0

Changelog

Sourced from go.opentelemetry.io/otel's changelog.

[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06

Added

Add go.opentelemetry.io/otel/semconv/v1.40.0 package. The package contains semantic conventions from the v1.40.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.39.0. (#7985)

Add Err and SetErr on Record in go.opentelemetry.io/otel/log to attach an error and set record exception attributes in go.opentelemetry.io/otel/log/sdk. (#7924)

Changed

TracerProvider.ForceFlush in go.opentelemetry.io/otel/sdk/trace joins errors together and continues iteration through SpanProcessors as opposed to returning the first encountered error without attempting exports on subsequent SpanProcessors. (#7856)

Fixed

Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to correctly handle HTTP2 GOAWAY frame. (#7931)

Fix semconv v1.39.0 generated metric helpers skipping required attributes when extra attributes were empty. (#7964)

Preserve W3C TraceFlags bitmask (including the random Trace ID flag) during trace context extraction and injection in go.opentelemetry.io/otel/propagation. (#7834)

Removed

Drop support for [Go 1.24]. (#7984)

[1.41.0/0.63.0/0.17.0/0.0.15] 2026-03-02

This release is the last to support [Go 1.24]. The next release will require at least [Go 1.25].

Added

Support testing of [Go 1.26]. (#7902)

Fixed

Update Baggage in go.opentelemetry.io/otel/propagation and Parse and New in go.opentelemetry.io/otel/baggage to comply with W3C Baggage specification limits. New and Parse now return partial baggage along with an error when limits are exceeded. Errors from baggage extraction are reported to the global error handler. (#7880)

Return an error when the endpoint is configured as insecure and with TLS configuration in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#7914)

Return an error when the endpoint is configured as insecure and with TLS configuration in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#7914)

Return an error when the endpoint is configured as insecure and with TLS configuration in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#7914)

Commits

a3941ff Release v1.42.0/v0.64.0/v0.18.0/v0.0.16 (#8006)
6059c47 chore(deps): update golang.org/x/telemetry digest to e526e8a (#8010)
44c7edf chore(deps): update module github.com/mgechev/revive to v1.15.0 (#8009)
de5fb3a fix(deps): update module google.golang.org/grpc to v1.79.2 (#8007)
0b82ded chore(deps): update codspeedhq/action action to v4.11.1 (#8001)
aa3660f chore(deps): update github/codeql-action action to v4.32.6 (#8004)
9be8c92 chore(deps): update dependency codespell to v2.4.2 (#8003)
c9d2015 log: add error field to Record and make SDK to emit exception attributes (#7924)
fdd1320 TracerProvider ForceFlush() Error Fix (#7856)
78f9904 chore(deps): update golang.org/x/telemetry digest to 18da590 (#8000)
Additional commits viewable in compare view

Updates go.opentelemetry.io/otel/sdk from 1.40.0 to 1.42.0

Changelog

Sourced from go.opentelemetry.io/otel/sdk's changelog.

[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06

Added

Add go.opentelemetry.io/otel/semconv/v1.40.0 package. The package contains semantic conventions from the v1.40.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.39.0. (#7985)

Add Err and SetErr on Record in go.opentelemetry.io/otel/log to attach an error and set record exception attributes in go.opentelemetry.io/otel/log/sdk. (#7924)

Changed

TracerProvider.ForceFlush in go.opentelemetry.io/otel/sdk/trace joins errors together and continues iteration through SpanProcessors as opposed to returning the first encountered error without attempting exports on subsequent SpanProcessors. (#7856)

Fixed

Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to correctly handle HTTP2 GOAWAY frame. (#7931)

Fix semconv v1.39.0 generated metric helpers skipping required attributes when extra attributes were empty. (#7964)

Preserve W3C TraceFlags bitmask (including the random Trace ID flag) during trace context extraction and injection in go.opentelemetry.io/otel/propagation. (#7834)

Removed

Drop support for [Go 1.24]. (#7984)

[1.41.0/0.63.0/0.17.0/0.0.15] 2026-03-02

This release is the last to support [Go 1.24]. The next release will require at least [Go 1.25].

Added

Support testing of [Go 1.26]. (#7902)

Fixed

Update Baggage in go.opentelemetry.io/otel/propagation and Parse and New in go.opentelemetry.io/otel/baggage to comply with W3C Baggage specification limits. New and Parse now return partial baggage along with an error when limits are exceeded. Errors from baggage extraction are reported to the global error handler. (#7880)

Return an error when the endpoint is configured as insecure and with TLS configuration in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#7914)

Return an error when the endpoint is configured as insecure and with TLS configuration in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#7914)

Return an error when the endpoint is configured as insecure and with TLS configuration in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#7914)

Commits

a3941ff Release v1.42.0/v0.64.0/v0.18.0/v0.0.16 (#8006)
6059c47 chore(deps): update golang.org/x/telemetry digest to e526e8a (#8010)
44c7edf chore(deps): update module github.com/mgechev/revive to v1.15.0 (#8009)
de5fb3a fix(deps): update module google.golang.org/grpc to v1.79.2 (#8007)
0b82ded chore(deps): update codspeedhq/action action to v4.11.1 (#8001)
aa3660f chore(deps): update github/codeql-action action to v4.32.6 (#8004)
9be8c92 chore(deps): update dependency codespell to v2.4.2 (#8003)
c9d2015 log: add error field to Record and make SDK to emit exception attributes (#7924)
fdd1320 TracerProvider ForceFlush() Error Fix (#7856)
78f9904 chore(deps): update golang.org/x/telemetry digest to 18da590 (#8000)
Additional commits viewable in compare view

Updates github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream from 1.7.4 to 1.7.7

Commits

e155bb7 Release 2023-10-06
9d342ba Regenerated Clients
1df9914 Update SDK's smithy-go dependency to v1.15.0
32ada3a Update API model
12ba4ac Release 2023-10-05
be8a8e0 Regenerated Clients
dc38adb Update endpoints model
a52086e Update API model
1ed22c1 Release 2023-10-04
e007bcd Regenerated Clients
Additional commits viewable in compare view

Updates github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4

Release notes

Sourced from github.com/go-jose/go-jose/v4's releases.

v4.1.4

What's Changed

Fixes Panic in JWE decryption. See GHSA-78h2-9frx-2jm8

Full Changelog: go-jose/go-jose@v4.1.3...v4.1.4

Commits

0e59876 Merge commit from fork
ddffdbc Bump actions/checkout from 5 to 6 (#213)
See full diff in compare view

Updates google.golang.org/grpc from 1.79.1 to 1.79.3

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.79.3

Security

server: fix an authorization bypass where malformed :path headers (missing the leading slash) could bypass path-based restricted "deny" rules in interceptors like grpc/authz. Any request with a non-canonical path is now immediately rejected with an Unimplemented error. (#8981)

Release 1.79.2

Bug Fixes

stats: Prevent redundant error logging in healt...
Description has been truncated

…dates Bumps the go_modules group with 2 updates in the / directory: [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) and [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose). Bumps the go_modules group with 3 updates in the /hack directory: [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter), [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) and [golang.org/x/image](https://github.com/golang/image). Bumps the go_modules group with 1 update in the /hack/jenkins/test-flake-chart/report_flakes directory: [google.golang.org/grpc](https://github.com/grpc/grpc-go). Updates `github.com/hashicorp/go-getter` from 1.8.4 to 1.8.6 - [Release notes](https://github.com/hashicorp/go-getter/releases) - [Commits](hashicorp/go-getter@v1.8.4...v1.8.6) Updates `go.opentelemetry.io/otel` from 1.40.0 to 1.42.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.40.0...v1.42.0) Updates `go.opentelemetry.io/otel/sdk` from 1.40.0 to 1.42.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.40.0...v1.42.0) Updates `github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream` from 1.7.4 to 1.7.7 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/m2/v1.7.4...service/m2/v1.7.7) Updates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4 - [Release notes](https://github.com/go-jose/go-jose/releases) - [Commits](go-jose/go-jose@v4.1.3...v4.1.4) Updates `google.golang.org/grpc` from 1.79.1 to 1.79.3 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.64.1...v1.79.3) Updates `github.com/hashicorp/go-getter` from 1.8.4 to 1.8.6 - [Release notes](https://github.com/hashicorp/go-getter/releases) - [Commits](hashicorp/go-getter@v1.8.4...v1.8.6) Updates `go.opentelemetry.io/otel` from 1.40.0 to 1.42.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.40.0...v1.42.0) Updates `go.opentelemetry.io/otel/sdk` from 1.40.0 to 1.42.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.40.0...v1.42.0) Updates `github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream` from 1.7.4 to 1.7.7 - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](aws/aws-sdk-go-v2@service/m2/v1.7.4...service/m2/v1.7.7) Updates `github.com/go-jose/go-jose/v4` from 4.1.3 to 4.1.4 - [Release notes](https://github.com/go-jose/go-jose/releases) - [Commits](go-jose/go-jose@v4.1.3...v4.1.4) Updates `google.golang.org/grpc` from 1.79.1 to 1.79.3 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.64.1...v1.79.3) Updates `golang.org/x/image` from 0.25.0 to 0.38.0 - [Commits](golang/image@v0.25.0...v0.38.0) Updates `google.golang.org/grpc` from 1.64.1 to 1.79.3 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.64.1...v1.79.3) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-getter dependency-version: 1.8.6 dependency-type: direct:production dependency-group: go_modules - dependency-name: go.opentelemetry.io/otel dependency-version: 1.42.0 dependency-type: direct:production dependency-group: go_modules - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.42.0 dependency-type: direct:production dependency-group: go_modules - dependency-name: github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream dependency-version: 1.7.7 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/go-jose/go-jose/v4 dependency-version: 4.1.4 dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/grpc dependency-version: 1.79.3 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/hashicorp/go-getter dependency-version: 1.8.6 dependency-type: indirect dependency-group: go_modules - dependency-name: go.opentelemetry.io/otel dependency-version: 1.42.0 dependency-type: direct:production dependency-group: go_modules - dependency-name: go.opentelemetry.io/otel/sdk dependency-version: 1.42.0 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream dependency-version: 1.7.7 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/go-jose/go-jose/v4 dependency-version: 4.1.4 dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/grpc dependency-version: 1.79.3 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/image dependency-version: 0.38.0 dependency-type: indirect dependency-group: go_modules - dependency-name: google.golang.org/grpc dependency-version: 1.79.3 dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels May 3, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build(deps): Bump the go_modules group across 3 directories with 7 updates#2

Build(deps): Bump the go_modules group across 3 directories with 7 updates#2
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/go_modules-7afea0c38c

dependabot Bot commented on behalf of github May 3, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 3, 2026

v1.8.6

v1.8.5

What's Changed

New Contributors

[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06

Added

Changed

Fixed

Removed

[1.41.0/0.63.0/0.17.0/0.0.15] 2026-03-02

Added

Fixed

[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06

Added

Changed

Fixed

Removed

[1.41.0/0.63.0/0.17.0/0.0.15] 2026-03-02

Added

Fixed

v4.1.4

What's Changed

Release 1.79.3

Security

Release 1.79.2

Bug Fixes

Release 1.79.1

Bug Fixes

Release 1.79.0

API Changes

Behavior Changes

New Features

Bug Fixes

Performance Improvements

v1.8.6

v1.8.5

What's Changed

New Contributors

[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06

Added

Changed

Fixed

Removed

[1.41.0/0.63.0/0.17.0/0.0.15] 2026-03-02

Added

Fixed

[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06

Added

Changed

Fixed

Removed

[1.41.0/0.63.0/0.17.0/0.0.15] 2026-03-02

Added

Fixed

v4.1.4

What's Changed

Release 1.79.3

Security

Release 1.79.2

Bug Fixes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants