Skip to content

fix(deps): vuln minor: go.opentelemetry.io/otel, go.opentelemetry.io/otel/sdk #1076

Closed
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/go/0-1778213052
Closed

fix(deps): vuln minor: go.opentelemetry.io/otel, go.opentelemetry.io/otel/sdk #1076
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/go/0-1778213052

Conversation

@gh-worker-campaigns-3e9aa4
Copy link
Copy Markdown
Contributor

@gh-worker-campaigns-3e9aa4 gh-worker-campaigns-3e9aa4 Bot commented May 8, 2026

Summary: High-severity security update — 2 packages upgraded (MINOR changes included)

Manifests changed:

  • . (go)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package From To Type Dep Type Vulnerabilities Fixed
go.opentelemetry.io/otel v1.40.0 v1.43.0 minor Direct 1 HIGH
go.opentelemetry.io/otel/sdk v1.40.0 v1.43.0 minor Transitive 1 HIGH

Security Details

🚨 Critical & High Severity (2 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
go.opentelemetry.io/otel GHSA-mh2q-q3fh-2475 HIGH OpenTelemetry-Go: multi-value baggage header extraction causes excessive allocations (remote dos amplification) v1.40.0 1.41.0
go.opentelemetry.io/otel/sdk GHSA-hfvc-g4fc-pqhx HIGH opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking v1.40.0 1.43.0

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: Vulnerability Remediation (High)

🤖 Generated by DataDog Automated Dependency Management System

@datadog-official
Copy link
Copy Markdown

datadog-official Bot commented May 8, 2026
edited by datadog-prod-us1-4 Bot
Loading

Tests

🎉 All green!

❄️ No new flaky tests detected
🧪 All tests passed

🎯 Code Coverage (details)
Patch Coverage: 100.00%
Overall Coverage: 39.09% (+0.02%)

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 6213943 | Docs | Datadog PR Page | Give us feedback!

@aymericDD aymericDD closed this May 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-dependency-update adms-go adms-high-severity adms-minor-update adms-mode-all-vulns campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aymericDD