fix(deps): update gomod dependencies

[red-hat-konflux-kflux-prd-rh02]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change	Age	Confidence
github.com/99designs/go-keychain	indirect	digest	8e49817 → 9cf53c8
github.com/openshift/api	require	digest	05673ba → d22a47a
github.com/openshift/backplane-api	require	digest	4598563 → d6466a2
github.com/openshift/installer	indirect	minor	v1.4.21-pre2.0.20260112230456-1c2444827f23 → v1.14.16-dcf8320c8c4e
github.com/pelletier/go-toml/v2	indirect	minor	v2.3.1 → v2.4.0
github.com/tektoncd/pipeline	indirect	minor	v1.12.1 → v1.13.1
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc	indirect	minor	v1.42.0 → v1.44.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp	indirect	minor	v1.43.0 → v1.44.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace	indirect	minor	v1.43.0 → v1.44.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc	indirect	minor	v1.42.0 → v1.44.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	indirect	minor	v1.43.0 → v1.44.0
go.opentelemetry.io/otel/exporters/prometheus	indirect	minor	v0.64.0 → v0.66.0
go.opentelemetry.io/otel/exporters/stdout/stdouttrace	indirect	minor	v1.42.0 → v1.44.0
go.opentelemetry.io/otel/sdk	indirect	minor	v1.43.0 → v1.44.0
go.opentelemetry.io/otel/sdk/metric	indirect	minor	v1.43.0 → v1.44.0
k8s.io/api	require	minor	v0.35.6 → v0.36.2
k8s.io/apiextensions-apiserver	indirect	minor	v0.35.6 → v0.36.2
k8s.io/apimachinery	require	minor	v0.35.6 → v0.36.2
k8s.io/cli-runtime	indirect	minor	v0.35.6 → v0.36.2
k8s.io/client-go	require	minor	v0.35.6 → v0.36.2
k8s.io/component-helpers	indirect	minor	v0.35.6 → v0.36.2
k8s.io/kubectl	require	minor	v0.35.6 → v0.36.2
knative.dev/pkg	require	digest	98d5a70 → 6300c57
sigs.k8s.io/controller-runtime	require	minor	v0.23.3 → v0.24.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

openshift/installer (github.com/openshift/installer)

v1.14.16-dcf8320c8c4e

Compare Source

v1.5.0-alpha.0

Compare Source

v1.4.22-ec5

Compare Source

pelletier/go-toml (github.com/pelletier/go-toml/v2)

v2.4.0

Compare Source

What's Changed

What's new

• Support TOML v1.1.0 by @​jcmfernandes, @​pelletier in #​1068

Performance

• Reimplementation of the parser, decoder, and encoder by @​pelletier Fable 5 in #​1067
• New benchmarks from dependent projects in #​1067

Fixed bugs

• Populate DecodeError.Key() on type mismatch errors by @​leno23 in #​1064
• Contextualize redefinition errors as DecodeError by @​leno23, @​pelletier in #​1069
• Report quoted string requirement for unquoted values by @​leno23 in #​1063

Documentation

• Explain omitempty behavior for time.Time fields by @​leno23 in #​1061
• Remove "Migrating from v1" section from README by @​pelletier in #​1070

New Contributors

• @​leno23 made their first contribution in #​1064
• @​jcmfernandes made their first contribution in #​1068

Full Changelog: pelletier/go-toml@v2.3.1...v2.4.0

tektoncd/pipeline (github.com/tektoncd/pipeline)

v1.13.1: Tekton Pipeline release v1.13.1 "Pixie-bob Project 2501"

Compare Source

-Docs @​ v1.13.1
-Examples @​ v1.13.1

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.13.1/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677a85ce425ccafc0d84ae54b26fb57ec6dce775f05aa9b92b99e84371ddcbad2a77

Obtain the attestation:

REKOR_UUID=108e9186e8c5677a85ce425ccafc0d84ae54b26fb57ec6dce775f05aa9b92b99e84371ddcbad2a77
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.13.1/release.yaml
REKOR_UUID=108e9186e8c5677a85ce425ccafc0d84ae54b26fb57ec6dce775f05aa9b92b99e84371ddcbad2a77

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.13.1@​sha256:" + .digest.sha256')

# Download the release file
curl -L "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Changes

Features

Fixes

• 🐛 [cherry-pick: release-v1.13.x] fix(resolvers): Allow ResolutionRequests to resolve all Tekton kinds (#​10251)

Before this change, ResolutionRequests could only resolve Pipelines, Tasks, and StepActions. After this change, ResolutionRequests can resolve PipelineRuns, Pipelines, TaskRuns, Tasks, Runs, CustomRuns, and StepActions.

• 🐛 [cherry-pick: release-v1.13.x] fix: TaskRun stuck in Running when init container is OOMKilled with enableKubernetesSidecar (#​10183)

Fix: TaskRun no longer gets stuck in Running when an init container (e.g. prepare) is OOMKilled while enableKubernetesSidecar is enabled. The TaskRun is now correctly marked as Failed immediately.

• 🐛 [cherry-pick: release-v1.13.x] fix: avoid spurious termination parse warning (#​10182)

Fixed spurious step log warnings about parsing existing termination messages when termination message compression is disabled.

• 🐛 [cherry-pick: release-v1.13.x] fix: make internal container resources opt-in (#​10173)

Action required: Tekton no longer applies default resource requests or limits to internal containers (prepare, place-scripts, working-dir-initializer, and sidecar-tekton-log-results) when default-container-resource-requirements is unset. Clusters that rely on these defaults for ResourceQuota compatibility must configure explicit internal container resources in the config-defaults ConfigMap.

• 🐛 [release-v1.13.x] fix: replace symlinks with subpath params and fix Rekor UUID in release pipeline (#​10217)

Misc

Docs

Thanks

Thanks to these contributors who contributed to v1.13.1!

• ❤️ @​tekton-robot
• ❤️ @​vdemeester
• ❤️ @​waveywaves

Extra shout-out for awesome release notes:

• 😍 @​tekton-robot
• 😍 @​waveywaves

v1.13.0: Tekton Pipeline release v1.13.0 "Pixie-bob Project 2501"

Compare Source

🎉 Squeezing more out of every pipeline: compressed results & timeout fixes 🎉

• Docs @​ v1.13.0
• Examples @​ v1.13.0

Installation one-liner

kubectl apply -f https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.13.0/release.yaml

Attestation

The Rekor UUID for this release is 108e9186e8c5677accee6fa1065e378221444c30175152ffea8d8c6f5c0d7d5890d31edeaa3ac031

Obtain the attestation:

REKOR_UUID=108e9186e8c5677accee6fa1065e378221444c30175152ffea8d8c6f5c0d7d5890d31edeaa3ac031
rekor-cli get --uuid $REKOR_UUID --format json | jq -r .Attestation | jq .

Verify that all container images in the attestation are in the release file:

RELEASE_FILE=https://infra.tekton.dev/tekton-releases/pipeline/previous/v1.13.0/release.yaml
REKOR_UUID=108e9186e8c5677accee6fa1065e378221444c30175152ffea8d8c6f5c0d7d5890d31edeaa3ac031

# Obtains the list of images with sha from the attestation
REKOR_ATTESTATION_IMAGES=$(rekor-cli get --uuid "$REKOR_UUID" --format json | jq -r .Attestation | jq -r '.subject[]|.name + ":v1.13.0@​sha256:" + .digest.sha256')

# Download the release file
curl -L "$RELEASE_FILE" > release.yaml

# For each image in the attestation, match it to the release file
for image in $REKOR_ATTESTATION_IMAGES; do
  printf $image; grep -q $image release.yaml && echo " ===> ok" || echo " ===> no match";
done

Upgrade Notices

• 🚨 Resolvers can only resolve Tekton objects (#​9588)

Tekton Resolvers are now only permitted to resolve StepActions, Tasks, and Pipelines. Custom resolvers or ResolutionRequests which use the Resolver API for other object types will no longer function.

Changes

Features

• ✨ feat(tracing): add spans to TaskRun notifications controller (#​9912)

Added OpenTelemetry tracing to the TaskRun notification reconciliation path.
Spans now cover ReconcileKind, ReconcileRunObject, and EmitCloudEvents,
enabling operators to trace CloudEvent delivery latency end-to-end.

• ✨ [TEP-0137] Activate formats field in config-events (#​9776)

The formats field in config-events is now active. The default value is
tektonv1, which preserves existing behaviour. Setting an invalid or
unrecognised format value logs a warning and suppresses event emission
for that format.

• ✨ feat: compress termination messages to fit more results in 4KB limit (#​9682)

Added optional termination message compression (alpha feature flag
enable-termination-message-compression) that uses flate compression to fit
approximately 5.7x more results in the 4KB Kubernetes termination message limit.
The parser auto-detects compressed messages for full backward compatibility.
Zero new dependencies — uses Go stdlib only.

Fixes

• 🐛 fix(events): reduce TaskRun notification identifier logging and document trace exposure (#​10117)

Reduced default log verbosity in the TaskRun notification path introduced
by #​9912. Identifier logs (TaskRun name/namespace) are now emitted at debug
level only. Added documentation warning that exported traces may include
Kubernetes resource identifiers and that trace backends should be treated
as trusted observability systems.

• 🐛 fix(resolvers): skip re-resolution when ResolutionRequest data is already present (#​10114)

Skip re-resolution of ResolutionRequests when Status.Data is already present, preventing hundreds of redundant reconciliations under load.

• 🐛 fix: preserve previous condition context when TaskRun is cancelled or times out (#​10076)

Preserve previous TaskRun condition context (reason + message) when a TaskRun is cancelled or times out due to a PipelineRun timeout, so diagnostic information like ExceededResourceQuota is no longer lost.

• 🐛 Fix gen-crd-api-reference-docs require to use fetchable version (#​9999)

ix gen-crd-api-reference-docs go.mod require to use a fetchable upstream version (v0.3.0), fixing module resolution failures for downstream consumers.

• 🐛 fix(pipelinerun): use generateName for anonymous pipeline label (#​9826)

Previously, TaskRuns' tekton.dev/pipeline label for anonymous Pipelines would use their PipelineRun's name in their tekton.dev/pipeline label and pipeline metrics tag. After this change, TaskRun and PipelineRun which are created from anonymous Pipelines now reference a sanitized metadata.generateName, when present, for the label tekton.dev/pipeline. Similarly, these TaskRruns and PipelineRuns will populate their respective metrics' pipeline tag with the sanitized generateName instead of using anonymous.

• 🐛 fix: truncate affinity assistant volume names to 63 characters (#​9752)

Affinity assistant StatefulSet no longer fails when workspace volumeClaimTemplate names exceed 63 characters. Long volume names are now automatically truncated with a hash suffix to stay within the Kubernetes limit.

• 🐛 fix: allow finally tasks to run when tasks timeout is exceeded (#​9709)

Fix a bug where finally tasks were not executed when the tasks timeout
(either explicit via timeouts.tasks or calculated as timeouts.pipeline - timeouts.finally) was exceeded. The PipelineRun was immediately marked as
Failed without giving finally tasks a chance to run. Now the pipeline
continues running with reason PipelineRunTimeoutRunningFinally until
finally tasks complete.

• 🐛 fix: respect per-resolver TTL override in cache (#​9625)

Resolver cache now respects per-resolver TTL values set in individual
resolver ConfigMaps (e.g., bundleresolver-config, git-resolver-config),
instead of always using the global resolver-cache-config TTL.

• 🐛 fix(resolvers): validate data is Tekton object in resolver framework (#​9588)

Fixes a bug which lets Tekton Resolvers resolve non-tekton objects and arbitrary data. After this change, resolving a non-tekton object causes the ResolutionRequest to fail.
Action Required: Tekton Resolvers are now only permitted to resolve StepActions, Tasks, and Pipelines. Custom resolvers or ResolutionRequest which use the Resolver API for other object types will no longer function.

• 🐛 fix: resolve goroutine leak from unbuffered channels in resolver reconciler (#​10098)
• 🐛 Fix dependabot-regen workflow commit author and sign-off (#​9958)
• 🐛 Fix dependabot-regen workflow push credentials (#​9956)
• 🐛 Fix PipelineRun premature failure when TaskRun recovers after pod eviction (#​9640)

Misc

• 🔨 build: bump go directive to 1.26 (#​10026)
• 🔨 perf(taskrun): skip sidecar teardown when status shows no running sidecars (#​9755) (#​9760)
• 🔨 ci: Skip most e2e tests on draft PRs to save CI resources (#​9708)
• 🔨 chore: bump OpenTelemetry semconv to match SDK version (#​9697)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​10126)
• 🔨 build(deps): bump golangci/golangci-lint-action from 9.2.0 to 9.2.1 (#​10125)
• 🔨 build(deps): bump go.opentelemetry.io/otel/trace from 1.43.0 to 1.44.0 (#​10118)
• 🔨 build(deps): bump golang.org/x/crypto from 0.51.0 to 0.52.0 (#​10095)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​10085)
• 🔨 build(deps): bump github/codeql-action from 4.35.4 to 4.35.5 (#​10084)
• 🔨 build(deps): bump step-security/harden-runner from 2.19.2 to 2.19.4 (#​10083)
• 🔨 build(deps): bump zizmorcore/zizmor-action from 0.5.3 to 0.5.6 (#​10082)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.10.5 to 1.10.6 (#​10081)
• 🔨 build(deps): bump github.com/spiffe/spire-api-sdk from 1.14.6 to 1.15.0 (#​10080)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.10.5 to 1.10.6 (#​10060)
• 🔨 build(deps): bump github.com/google/go-containerregistry from 0.21.5 to 0.21.6 (#​10058)
• 🔨 build(deps): bump github.com/sigstore/sigstore from 1.10.5 to 1.10.6 (#​10057)
• 🔨 build(deps): bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.10.5 to 1.10.6 (#​10047)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​10039)
• 🔨 build(deps): bump step-security/harden-runner from 2.19.1 to 2.19.2 (#​10038)
• 🔨 build(deps): bump actions/dependency-review-action from 4.9.0 to 5.0.0 (#​10037)
• 🔨 build(deps): bump google.golang.org/grpc from 1.81.0 to 1.81.1 (#​10036)
• 🔨 build(deps): bump k8s.io/apiextensions-apiserver from 0.35.4 to 0.35.5 (#​10033)
• 🔨 build(deps): bump github.com/jenkins-x/go-scm from 1.15.21 to 1.15.22 (#​10032)
• 🔨 build(deps): bump github.com/google/cel-go from 0.28.0 to 0.28.1 (#​10012)
• 🔨 build(deps): bump k8s.io/client-go from 0.35.4 to 0.35.5 (#​10011)
• 🔨 build(deps): bump k8s.io/code-generator from 0.35.4 to 0.35.5 (#​10010)
• 🔨 build(deps): bump k8s.io/client-go from 0.35.4 to 0.35.5 in /test/custom-task-ctrls/wait-task-beta (#​10009)
• 🔨 build(deps): bump golang.org/x/crypto from 0.50.0 to 0.51.0 (#​10005)
• 🔨 build(deps): bump github/codeql-action from 4.35.2 to 4.35.4 (#​9992)
• 🔨 build(deps): bump chainguard/go from 7ec9277 to a4477c3 in /tekton in the all group (#​9991)
• 🔨 build(deps): bump step-security/harden-runner from 2.19.0 to 2.19.1 (#​9978)
• 🔨 build(deps): bump chainguard-dev/actions from 1.6.17 to 1.6.19 (#​9977)
• 🔨 build(deps): bump the all group in /tekton with 4 updates (#​9975)
• 🔨 Regenerate dependabot.yml configuration (#​9960)
• 🔨 build(deps): bump google.golang.org/grpc from 1.80.0 to 1.81.0 (#​9954)
• 🔨 build(deps): bump github.com/tektoncd/pipeline from 1.11.1 to 1.12.0 in /test/custom-task-ctrls/wait-task-beta (#​9953)
• 🔨 build(deps): bump actions/setup-go from 5.2.0 to 6.4.0 (#​9856)
• 🔨 build(deps): bump the all group across 1 directory with 4 updates (#​9854)
• 🔨 ci: fix setup-go version comment in codeql-analysis.yml (#​9695)

Docs

• 📖 chore(release docs): fix release cheat sheet instructions typo (#​9966)
• 📖 docs: update releases.md for v1.12.0 (#​9951)
• 📖 docs: clarify retry-count substitution requires taskSpec (#​9820)
• 📖 docs: add testing best practices for t.Fatalf vs t.Errorf (#​9688)

Thanks

Thanks to these contributors who contributed to v1.13.0!

• ❤️ @​Paramesh324
• ❤️ @​Umesh-Mallipudi
• ❤️ @​aThorp96
• ❤️ @​ab-ghosh
• ❤️ @​afrittoli
• ❤️ @​alliasgher
• ❤️ @​aniruddhajadhav7
• ❤️ @​app/dependabot
• ❤️ @​infernus01
• ❤️ @​mathur07
• ❤️ @​ngelman1
• ❤️ @​tekton-robot
• ❤️ @​twoGiants
• ❤️ @​vdemeester
• ❤️ @​waveywaves

Extra shout-out for awesome release notes:

• 😍 @​aThorp96
• 😍 @​afrittoli
• 😍 @​aniruddhajadhav7
• 😍 @​mathur07
• 😍 @​ngelman1
• 😍 @​twoGiants
• 😍 @​vdemeester
• 😍 @​waveywaves

open-telemetry/opentelemetry-go (go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc)

v1.44.0: /v0.66.0/v0.20.0/v0.0.17

Compare Source

Added

• Add ByteSlice and ByteSliceValue functions for new BYTESLICE attribute type in go.opentelemetry.io/otel/attribute. (#​7948)
• Apply attribute value limit to the KindBytes attribute type in go.opentelemetry.io/otel/sdk/log. (#​7990)
• Apply attribute value limit to the BYTESLICE attribute type in go.opentelemetry.io/otel/sdk/trace. (#​7990)
• Support BYTESLICE attributes in go.opentelemetry.io/otel/trace. (#​8153)
• Support BYTESLICE attributes in go.opentelemetry.io/otel/exporters/otlp/otlptrace. (#​8153)
• Support BYTESLICE attributes in go.opentelemetry.io/otel/exporters/otlp/otlplog. (#​8153)
• Support BYTESLICE attributes in go.opentelemetry.io/otel/exporters/otlp/otlpmetric. (#​8153)
• Support BYTESLICE attributes in go.opentelemetry.io/otel/exporters/zipkin. (#​8153)
• Add String method for Value type in go.opentelemetry.io/otel/attribute. (#​8142)
• Add Slice and SliceValue functions for new SLICE attribute type in go.opentelemetry.io/otel/attribute. (#​8166)
• Support SLICE attributes in go.opentelemetry.io/otel/exporters/otlp/otlptrace. (#​8216)
• Support SLICE attributes in go.opentelemetry.io/otel/exporters/otlp/otlplog. (#​8216)
• Support SLICE attributes in go.opentelemetry.io/otel/exporters/otlp/otlpmetric. (#​8216)
• Support SLICE attributes in go.opentelemetry.io/otel/exporters/zipkin. (#​8216)
• Apply AttributeValueLengthLimit to attribute.SLICE type attribute values in go.opentelemetry.io/otel/sdk/trace, recursively truncating contained string values. (#​8217)
• Add Error field on Record type in go.opentelemetry.io/otel/log/logtest. (#​8148)
• Add WithMaxRequestSize option in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (#​8157)
• Add WithMaxRequestSize option in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#​8157)
• Add WithMaxRequestSize option in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. (#​8157)
• Add WithMaxRequestSize option in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#​8157)
• Add WithMaxRequestSize option in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (#​8157)
• Add WithMaxRequestSize option in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#​8157)
• Add Settable to go.opentelemetry.io/otel/metric/x to allow reusing attribute options. (#​8178)
• Add experimental support for splitting metric data across multiple batches in go.opentelemetry.io/otel/sdk/metric.
  Set OTEL_GO_X_METRIC_EXPORT_BATCH_SIZE=<max_size> to enable for all periodic readers.
  See go.opentelemetry.io/otel/sdk/metric/internal/x for feature documentation. (#​8071)
• Add experimental self-observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc.
  Enable with OTEL_GO_X_SELF_OBSERVABILITY=true environment variable.
  See go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc/internal/x for feature documentation. (#​8192)
• Add experimental self-observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp.
  Enable with OTEL_GO_X_SELF_OBSERVABILITY=true environment variable.
  See go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp/internal/x for feature documentation. (#​8194)
• Add experimental self-observability metrics in go.opentelemetry.io/otel/exporters/stdout/stdoutlog.
  Enable with OTEL_GO_X_SELF_OBSERVABILITY=true environment variable.
  See go.opentelemetry.io/otel/stdout/stdoutlog/internal/x for feature documentation. (#​8263)
• Add WithDefaultAttributes to go.opentelemetry.io/otel/metric/x to support setting default attributes on instruments. (#​8135)
• Add go.opentelemetry.io/otel/semconv/v1.41.0 package.
  The package contains semantic conventions from the v1.41.0 version of the OpenTelemetry Semantic Conventions.
  See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.40.0. (#​8324)
• Add Observable variants of instruments to go.opentelemetry.io/otel/semconv/v1.41.0 package. (#​8350)
• Generate explicit histogram bucket boundaries from weaver configuration for HTTP and RPC duration instruments in go.opentelemetry.io/otel/semconv/v1.41.0. (#​8002)

Changed

• ⚠️ Breaking Change: go.opentelemetry.io/otel/sdk/metric now applies a default cardinality limit of 2000 to comply with the Metrics SDK specification recommendation.
  New attribute sets are dropped when the cardinality limit is reached. The measurement of these sets are aggregated into a special attribute set containing attribute.Bool("otel.metric.overflow", true).
  This can break users who relied on the previous unlimited default.
  Set WithCardinalityLimit(0) or the deprecated OTEL_GO_X_CARDINALITY_LIMIT=0 environment variable to preserve unlimited cardinality.
  Note that support for OTEL_GO_X_CARDINALITY_LIMIT may be removed in a future release. (#​8247)
• ErrorType in go.opentelemetry.io/otel/semconv now unwraps errors created with fmt.Errorf when deriving the error.type attribute. (#​8133)
• go.opentelemetry.io/otel/sdk/log now unwraps error chains created with fmt.Errorf when deriving the error.type attribute from errors on log records. (#​8133)
• Set.MarshalLog method in go.opentelemetry.io/otel/attribute now uses Value.String formatting following the OpenTelemetry AnyValue representation for non-OTLP protocols. (#​8169)
• Optimize go.opentelemetry.io/otel/sdk/metric to return a drop reservoir and short-circuit Offer calls to the exemplar reservoir when exemplar.AlwaysOffFilter is configured. (#​8211) (#​8267)
• Optimize go.opentelemetry.io/otel/sdk/metric to return a drop reservoir for asynchronous instruments when exemplar.TraceBasedFilter is configured. (#​8286)

Deprecated

• Deprecate Value.Emit method in go.opentelemetry.io/otel/attribute.
  Use Value.String instead. (#​8176)

Fixed

• Limit OTLP request size to 64 MiB by default in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc.
  The limit applies before compression, oversized requests are treated as non-retryable errors, and the limit can be configured with the new WithMaxRequestSize option. (#​8157, #​8365)
• Limit OTLP request size to 64 MiB by default in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp.
  The limit applies before compression, oversized requests are treated as non-retryable errors, and the limit can be configured with the new WithMaxRequestSize option. (#​8157, #​8365)
• Limit OTLP request size to 64 MiB by default in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc.
  The limit applies before compression, oversized requests are treated as non-retryable errors, and the limit can be configured with the new WithMaxRequestSize option. (#​8157, #​8365)
• Limit OTLP request size to 64 MiB by default in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp.
  The limit applies before compression, oversized requests are treated as non-retryable errors, and the limit can be configured with the new WithMaxRequestSize option. (#​8157, #​8365)
• Limit OTLP request size to 64 MiB by default in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc.
  The limit applies before compression, oversized requests are treated as non-retryable errors, and the limit can be configured with the new WithMaxRequestSize option. (#​8157, #​8365)
• Limit OTLP request size to 64 MiB by default in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp.
  The limit applies before compression, oversized requests are treated as non-retryable errors, and the limit can be configured with the new WithMaxRequestSize option. (#​8157, #​8365)
• Fix gzipped request body replay on redirect in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#​8135)
• Fix gzipped request body replay on redirect in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#​8152)
• go.opentelemetry.io/otel/exporters/prometheus now uses Value.String formatting for label values following the OpenTelemetry AnyValue representation for non-OTLP protocols. (#​8170)
• Propagate errors from the exporter when calling Shutdown on BatchSpanProcessor in go.opentelemetry.io/otel/sdk/trace. (#​8197)
• Fix stale status code reporting on self-observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp and go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#​8226)
• Fix a concurrent Collect data race and potential panic in go.opentelemetry.io/otel/exporters/prometheus when WithResourceAsConstantLabels option is used. (#​8227)
• Fix race condition in FixedSizeReservoir in go.opentelemetry.io/otel/sdk/metric/exemplar by reverting #​7447. (#​8249)
• Fix FixedSizeReservoir in go.opentelemetry.io/otel/sdk/metric/exemplar to safely handle zero size.
  A capacity check in the constructor initializes the reservoir safely and skips initialization for zero-cap; early returns in Offer() and Collect() ensure no-op behavior. (#​8295)
• Fix counting of spans and logs in self-observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc, go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp, go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc, and go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#​8254)
• Drop conflicting scope attributes named name, version, or schema_url from metric labels in go.opentelemetry.io/otel/exporters/prometheus, preserving the dedicated otel_scope_name, otel_scope_version, and otel_scope_schema_url labels. (#​8264)
• Close schema files opened by ParseFile in go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1. (GHSA-995v-fvrw-c78m)
• Enforce the 8192-byte baggage size limit during extraction/parsing, changing behavior when the limit is exceeded in go.opentelemetry.io/otel/baggage and go.opentelemetry.io/otel/propagation. (#​8222)
• Fix go.opentelemetry.io/otel/semconv/v1.41.0 to include Attr* helper methods for required attributes on observable instruments. (#​8361)
• Limit baggage extraction error reporting in go.opentelemetry.io/otel/propagation to prevent malformed or oversized baggage headers from flooding logs. (GHSA-5wrp-cwcj-q835)

What's Changed

• Document how to implement experimental features by @​dashpole in #​8124
• Add support for experimental options in the metrics API by @​dashpole in #​8111
• fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to e5db982 by @​renovate[bot] in #​8136
• fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to 32cd848 by @​renovate[bot] in #​8141
• fix(deps): update googleapis to 6f92a3b by @​renovate[bot] in #​8140
• chore(deps): update module github.com/jgautheron/goconst to v1.10.0 by @​renovate[bot] in #​8134
• attribute: add BYTESLICE type support by @​NesterovYehor in #​7948
• unwrap error chains created with fmt.Errorf by @​pellared in #​8133
• log/logtest: add Error field to Record type by @​pellared in #​8148
• attribute: add String method for Value type by @​pellared in #​8142
• fix(deps): update module golang.org/x/sys to v0.43.0 by @​renovate[bot] in #​8156
• chore(deps): update codspeedhq/action action to v4.13.1 by @​renovate[bot] in #​8155
• fix(otlploghttp): replay gzipped bodies on redirect by @​MrAlias in #​8152
• Improve test coverage for exponential histogram edge cases by @​dashpole in #​8129
• Add example test for the prometheus exporter by @​dashpole in #​8137
• chore(deps): update golang.org/x/telemetry digest to 93c7c8a by @​renovate[bot] in #​8158
• chore(deps): update module github.com/mattn/go-runewidth to v0.0.23 by @​renovate[bot] in #​8161
• chore(deps): update module github.com/mattn/go-isatty to v0.0.21 by @​renovate[bot] in #​8159
• fix(deps): update github.com/opentracing-contrib/go-grpc/test digest to 6b4d2bc by @​renovate[bot] in #​8160
• Add experimental support for batching in periodic reader by @​dashpole in #​8071
• chore(deps): update golang.org/x by @​renovate[bot] in #​8165
• Support BYTESLICE attributes across trace and exporter paths by @​MrAlias in #​8153
• chore(deps): update golang.org/x by @​renovate[bot] in #​8171
• fix(deps): update module golang.org/x/tools to v0.44.0 by @​renovate[bot] in [

---

Configuration

📅 Schedule: Branch creation - Between 02:00 AM and 04:59 AM, Monday through Friday ( * 2-4 * * 1-5 ) in timezone UTC, Automerge - Between 02:00 AM and 04:59 AM, Monday through Friday ( * 2-4 * * 1-5 ) in timezone UTC.

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux-kflux-prd-rh02]

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.25.9 -> 1.26.0
google.golang.org/genproto/googleapis/api	v0.0.0-20260414002931-afd174a4e478 -> v0.0.0-20260526163538-3dc84a4a5aaa

[openshift-ci]

Hi @red-hat-konflux-kflux-prd-rh02[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: red-hat-konflux-kflux-prd-rh02[bot]

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: red-hat-konflux-kflux-prd-rh02[bot]

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: red-hat-konflux-kflux-prd-rh02[bot]

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD 0bcd8eb and 2 for PR HEAD e2616a5 in total

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD 75e5894 and 1 for PR HEAD e2616a5 in total

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD 8b04176 and 0 for PR HEAD e2616a5 in total

[openshift-ci]

@red-hat-konflux-kflux-prd-rh02[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/lint	e2616a5	link	true	/test lint
ci/prow/test	e2616a5	link	true	/test test
ci/prow/coverage	e2616a5	link	true	/test coverage

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-merge-bot]

/hold

Revision e2616a5 was retested 3 times: holding