fix(deps): pin otel/sdk to v1.43.0 to avoid semconv schema conflict#1772
Merged
jkhelil merged 1 commit intoJul 8, 2026
Merged
Conversation
Signed-off-by: Shubham Bhardwaj <shubbhar@redhat.com>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
22310ef
into
tektoncd:dependabot/go_modules/all-1e7495cff5
14 of 16 checks passed
tekton-robot
pushed a commit
that referenced
this pull request
Jul 8, 2026
…1768) * chore(deps): bump the all group across 1 directory with 21 updates Bumps the all group with 13 updates in the / directory: | Package | From | To | | --- | --- | --- | | [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.62.1` | `1.63.0` | | [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.21.5` | `0.21.7` | | [github.com/in-toto/go-witness](https://github.com/in-toto/go-witness) | `0.10.0` | `0.11.0` | | [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.10.6` | `1.10.8` | | [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.10.6` | `1.10.8` | | [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.10.6` | `1.10.8` | | [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.10.6` | `1.10.8` | | [github.com/spiffe/go-spiffe/v2](https://github.com/spiffe/go-spiffe) | `2.6.0` | `2.8.1` | | [github.com/tektoncd/pipeline](https://github.com/tektoncd/pipeline) | `1.12.0` | `1.14.0` | | [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.81.1` | `1.82.0` | | [k8s.io/api](https://github.com/kubernetes/api) | `0.36.1` | `0.36.2` | | [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.36.1` | `0.36.2` | | [k8s.io/code-generator](https://github.com/kubernetes/code-generator) | `0.36.1` | `0.36.2` | Updates `cloud.google.com/go/storage` from 1.62.1 to 1.63.0 - [Release notes](https://github.com/googleapis/google-cloud-go/releases) - [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md) - [Commits](googleapis/google-cloud-go@storage/v1.62.1...compute/v1.63.0) Updates `github.com/google/go-containerregistry` from 0.21.5 to 0.21.7 - [Release notes](https://github.com/google/go-containerregistry/releases) - [Commits](google/go-containerregistry@v0.21.5...v0.21.7) Updates `github.com/in-toto/go-witness` from 0.10.0 to 0.11.0 - [Release notes](https://github.com/in-toto/go-witness/releases) - [Commits](in-toto/go-witness@v0.10.0...v0.11.0) Updates `github.com/sigstore/sigstore` from 1.10.6 to 1.10.8 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.10.6...v1.10.8) Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.10.6 to 1.10.8 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.10.6...v1.10.8) Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.10.6 to 1.10.8 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.10.6...v1.10.8) Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.10.6 to 1.10.8 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.10.6...v1.10.8) Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.10.6 to 1.10.8 - [Release notes](https://github.com/sigstore/sigstore/releases) - [Commits](sigstore/sigstore@v1.10.6...v1.10.8) Updates `github.com/spiffe/go-spiffe/v2` from 2.6.0 to 2.8.1 - [Release notes](https://github.com/spiffe/go-spiffe/releases) - [Changelog](https://github.com/spiffe/go-spiffe/blob/main/CHANGELOG.md) - [Commits](spiffe/go-spiffe@v2.6.0...v2.8.1) Updates `github.com/tektoncd/pipeline` from 1.12.0 to 1.14.0 - [Release notes](https://github.com/tektoncd/pipeline/releases) - [Changelog](https://github.com/tektoncd/pipeline/blob/main/releases.md) - [Commits](tektoncd/pipeline@v1.12.0...v1.14.0) Updates `go.opentelemetry.io/otel` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0) Updates `go.opentelemetry.io/otel/metric` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0) Updates `go.opentelemetry.io/otel/sdk/metric` from 1.43.0 to 1.44.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0) Updates `golang.org/x/crypto` from 0.51.0 to 0.53.0 - [Commits](golang/crypto@v0.51.0...v0.53.0) Updates `golang.org/x/exp` from 0.0.0-20260312153236-7ab1446f8b90 to 0.0.0-20260410095643-746e56fc9e2f - [Commits](https://github.com/golang/exp/commits) Updates `google.golang.org/grpc` from 1.81.1 to 1.82.0 - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.81.1...v1.82.0) Updates `k8s.io/api` from 0.36.1 to 0.36.2 - [Commits](kubernetes/api@v0.36.1...v0.36.2) Updates `k8s.io/apimachinery` from 0.36.1 to 0.36.2 - [Commits](kubernetes/apimachinery@v0.36.1...v0.36.2) Updates `k8s.io/client-go` from 0.36.1 to 0.36.2 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.36.1...v0.36.2) Updates `k8s.io/code-generator` from 0.36.1 to 0.36.2 - [Commits](kubernetes/code-generator@v0.36.1...v0.36.2) Updates `knative.dev/pkg` from 0.0.0-20260318013857-98d5a706d4fd to 0.0.0-20260531000007-52dbd5ece63f - [Commits](https://github.com/knative/pkg/commits) --- updated-dependencies: - dependency-name: cloud.google.com/go/storage dependency-version: 1.63.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/google/go-containerregistry dependency-version: 0.21.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/in-toto/go-witness dependency-version: 0.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/sigstore/sigstore dependency-version: 1.10.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws dependency-version: 1.10.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure dependency-version: 1.10.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp dependency-version: 1.10.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault dependency-version: 1.10.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: github.com/spiffe/go-spiffe/v2 dependency-version: 2.8.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: github.com/tektoncd/pipeline dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: go.opentelemetry.io/otel dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: go.opentelemetry.io/otel/metric dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: go.opentelemetry.io/otel/sdk/metric dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: golang.org/x/crypto dependency-version: 0.53.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: golang.org/x/exp dependency-version: 0.0.0-20260410095643-746e56fc9e2f dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: google.golang.org/grpc dependency-version: 1.82.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: k8s.io/api dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: k8s.io/apimachinery dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: k8s.io/client-go dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: k8s.io/code-generator dependency-version: 0.36.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all - dependency-name: knative.dev/pkg dependency-version: 0.0.0-20260531000007-52dbd5ece63f dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com> * fix(deps): pin otel/sdk to v1.43.0 to avoid semconv schema conflict (#1772) Signed-off-by: Shubham Bhardwaj <shubbhar@redhat.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Shubham Bhardwaj <shubbhar@redhat.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Shubham Bhardwaj <shubbhar@redhat.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
Pin
go.opentelemetry.io/otel/sdkandotel/sdk/metricto v1.43.0 to fix controller panic on startup.Problem
PR #1768 bumped
otel/sdkfrom v1.43.0 to v1.44.0. The SDK v1.44.0 switched its internal semconv import fromv1.40.0tov1.41.0, changing the schema URL returned byresource.Default(). Meanwhile,knative.dev/pkg's semconv wrapper is still pinned tov1.40.0.When
knative.dev/pkg/observability/resource.Default()merges these two resources,resource.Mergereturns a "conflicting Schema URL" error and the code panics:This caused all 6 e2e tests to fail — the controller enters CrashLoopBackOff immediately after deployment patching.
Why other repos aren't affected
tektoncd/prunerhas the sameknative.dev/pkgandotel v1.44.0, but itsotel/sdkstayed at v1.43.0 becauseotel/sdk/metricis an indirect dependency there — dependabot only bumped the direct deps.In Chains,
otel/sdk/metricis a direct dependency (imported in metrics test files), so dependabot bumped it to v1.44.0 along with the SDK.Fix
Pin
otel/sdkandotel/sdk/metricto v1.43.0 (semconv v1.40.0), matchingknative.dev/pkg. This is the same version combination that works intektoncd/pruner.Once
knative.dev/pkgupstream updates their semconv wrapper to v1.41.0, the SDK can be bumped to v1.44.0+ without conflict.Submitter Checklist
As the author of this PR, please check off the items in this checklist:
functionality, content, code)
Release Notes