Skip to content

fix(security): bump go.opentelemetry.io/otel to v1.41.0#379

Merged
sairaj18 merged 2 commits into
masterfrom
security/bump-otel-cve
Jul 13, 2026
Merged

fix(security): bump go.opentelemetry.io/otel to v1.41.0#379
sairaj18 merged 2 commits into
masterfrom
security/bump-otel-cve

Conversation

@sairaj18

@sairaj18 sairaj18 commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

What: Bump go.opentelemetry.io/otel v1.40.0 → v1.41.0 (indirect). x/crypto is already v0.52.0 on master.

Why: Clears the Grype otel HIGH (GHSA-mh2q-q3fh-2475).

Clears the Grype otel HIGH (GHSA-mh2q-q3fh-2475). x/crypto is already v0.52.0
on master.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@sairaj18 sairaj18 marked this pull request as ready for review July 13, 2026 08:17
@sairaj18 sairaj18 requested a review from a team as a code owner July 13, 2026 08:17
abhishuraina
abhishuraina previously approved these changes Jul 13, 2026

@abhishuraina abhishuraina left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

release-toolkit only auto-generates dependency entries from Dependabot/Renovate
commits; these bumps are manual, so add them under Unreleased explicitly.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

@abhishuraina abhishuraina left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@sairaj18 sairaj18 merged commit 2bb2c42 into master Jul 13, 2026
14 of 15 checks passed
@sairaj18 sairaj18 deleted the security/bump-otel-cve branch July 13, 2026 08:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants