Skip to content

fix(deps): pin otel/sdk to v1.43.0 to avoid semconv schema conflict#1772

Merged
jkhelil merged 1 commit into
tektoncd:dependabot/go_modules/all-1e7495cff5from
infernus01:otel-sdk-conflict
Jul 8, 2026
Merged

fix(deps): pin otel/sdk to v1.43.0 to avoid semconv schema conflict#1772
jkhelil merged 1 commit into
tektoncd:dependabot/go_modules/all-1e7495cff5from
infernus01:otel-sdk-conflict

Conversation

@infernus01

Copy link
Copy Markdown
Member

Changes

Pin go.opentelemetry.io/otel/sdk and otel/sdk/metric to v1.43.0 to fix controller panic on startup.

Problem

PR #1768 bumped otel/sdk from v1.43.0 to v1.44.0. The SDK v1.44.0 switched its internal semconv import from v1.40.0 to v1.41.0, changing the schema URL returned by resource.Default(). Meanwhile, knative.dev/pkg's semconv wrapper is still pinned to v1.40.0.

When knative.dev/pkg/observability/resource.Default() merges these two resources, resource.Merge returns a "conflicting Schema URL" error and the code panics:

  panic: conflicting Schema URL:
    https://opentelemetry.io/schemas/1.41.0 and
    https://opentelemetry.io/schemas/1.40.0

This caused all 6 e2e tests to fail — the controller enters CrashLoopBackOff immediately after deployment patching.

Why other repos aren't affected

tektoncd/pruner has the same knative.dev/pkg and otel v1.44.0, but its otel/sdk stayed at v1.43.0 because otel/sdk/metric is an indirect dependency there — dependabot only bumped the direct deps.
In Chains, otel/sdk/metric is a direct dependency (imported in metrics test files), so dependabot bumped it to v1.44.0 along with the SDK.

Fix

Pin otel/sdk and otel/sdk/metric to v1.43.0 (semconv v1.40.0), matching knative.dev/pkg. This is the same version combination that works in tektoncd/pruner.
Once knative.dev/pkg upstream updates their semconv wrapper to v1.41.0, the SDK can be bumped to v1.44.0+ without conflict.

Submitter Checklist

As the author of this PR, please check off the items in this checklist:

  • Has Docs included if any changes are user facing
  • Has Tests included if any functionality added or changed
  • Follows the commit message standard
  • Meets the Tekton contributor standards (including
    functionality, content, code)
  • Release notes block below has been updated with any user facing changes (API changes, bug fixes, changes requiring upgrade notices or deprecation warnings)
  • Release notes contains the string "action required" if the change requires additional action from users switching to the new release

Release Notes

NONE

Signed-off-by: Shubham Bhardwaj <shubbhar@redhat.com>
@tekton-robot

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign anithapriyanatarajan after the PR has been reviewed.
You can assign the PR to them by writing /assign @anithapriyanatarajan in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Jul 8, 2026

@infernus01 infernus01 left a comment

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/kind bug

@tekton-robot tekton-robot added the kind/bug Categorizes issue or PR as related to a bug. label Jul 8, 2026
@jkhelil jkhelil merged commit 22310ef into tektoncd:dependabot/go_modules/all-1e7495cff5 Jul 8, 2026
14 of 16 checks passed
tekton-robot pushed a commit that referenced this pull request Jul 8, 2026
…1768)

* chore(deps): bump the all group across 1 directory with 21 updates

Bumps the all group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [cloud.google.com/go/storage](https://github.com/googleapis/google-cloud-go) | `1.62.1` | `1.63.0` |
| [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) | `0.21.5` | `0.21.7` |
| [github.com/in-toto/go-witness](https://github.com/in-toto/go-witness) | `0.10.0` | `0.11.0` |
| [github.com/sigstore/sigstore/pkg/signature/kms/aws](https://github.com/sigstore/sigstore) | `1.10.6` | `1.10.8` |
| [github.com/sigstore/sigstore/pkg/signature/kms/azure](https://github.com/sigstore/sigstore) | `1.10.6` | `1.10.8` |
| [github.com/sigstore/sigstore/pkg/signature/kms/gcp](https://github.com/sigstore/sigstore) | `1.10.6` | `1.10.8` |
| [github.com/sigstore/sigstore/pkg/signature/kms/hashivault](https://github.com/sigstore/sigstore) | `1.10.6` | `1.10.8` |
| [github.com/spiffe/go-spiffe/v2](https://github.com/spiffe/go-spiffe) | `2.6.0` | `2.8.1` |
| [github.com/tektoncd/pipeline](https://github.com/tektoncd/pipeline) | `1.12.0` | `1.14.0` |
| [google.golang.org/grpc](https://github.com/grpc/grpc-go) | `1.81.1` | `1.82.0` |
| [k8s.io/api](https://github.com/kubernetes/api) | `0.36.1` | `0.36.2` |
| [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.36.1` | `0.36.2` |
| [k8s.io/code-generator](https://github.com/kubernetes/code-generator) | `0.36.1` | `0.36.2` |



Updates `cloud.google.com/go/storage` from 1.62.1 to 1.63.0
- [Release notes](https://github.com/googleapis/google-cloud-go/releases)
- [Changelog](https://github.com/googleapis/google-cloud-go/blob/main/CHANGES.md)
- [Commits](googleapis/google-cloud-go@storage/v1.62.1...compute/v1.63.0)

Updates `github.com/google/go-containerregistry` from 0.21.5 to 0.21.7
- [Release notes](https://github.com/google/go-containerregistry/releases)
- [Commits](google/go-containerregistry@v0.21.5...v0.21.7)

Updates `github.com/in-toto/go-witness` from 0.10.0 to 0.11.0
- [Release notes](https://github.com/in-toto/go-witness/releases)
- [Commits](in-toto/go-witness@v0.10.0...v0.11.0)

Updates `github.com/sigstore/sigstore` from 1.10.6 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.6...v1.10.8)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/aws` from 1.10.6 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.6...v1.10.8)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/azure` from 1.10.6 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.6...v1.10.8)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/gcp` from 1.10.6 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.6...v1.10.8)

Updates `github.com/sigstore/sigstore/pkg/signature/kms/hashivault` from 1.10.6 to 1.10.8
- [Release notes](https://github.com/sigstore/sigstore/releases)
- [Commits](sigstore/sigstore@v1.10.6...v1.10.8)

Updates `github.com/spiffe/go-spiffe/v2` from 2.6.0 to 2.8.1
- [Release notes](https://github.com/spiffe/go-spiffe/releases)
- [Changelog](https://github.com/spiffe/go-spiffe/blob/main/CHANGELOG.md)
- [Commits](spiffe/go-spiffe@v2.6.0...v2.8.1)

Updates `github.com/tektoncd/pipeline` from 1.12.0 to 1.14.0
- [Release notes](https://github.com/tektoncd/pipeline/releases)
- [Changelog](https://github.com/tektoncd/pipeline/blob/main/releases.md)
- [Commits](tektoncd/pipeline@v1.12.0...v1.14.0)

Updates `go.opentelemetry.io/otel` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0)

Updates `go.opentelemetry.io/otel/metric` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0)

Updates `go.opentelemetry.io/otel/sdk/metric` from 1.43.0 to 1.44.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v1.43.0...v1.44.0)

Updates `golang.org/x/crypto` from 0.51.0 to 0.53.0
- [Commits](golang/crypto@v0.51.0...v0.53.0)

Updates `golang.org/x/exp` from 0.0.0-20260312153236-7ab1446f8b90 to 0.0.0-20260410095643-746e56fc9e2f
- [Commits](https://github.com/golang/exp/commits)

Updates `google.golang.org/grpc` from 1.81.1 to 1.82.0
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.81.1...v1.82.0)

Updates `k8s.io/api` from 0.36.1 to 0.36.2
- [Commits](kubernetes/api@v0.36.1...v0.36.2)

Updates `k8s.io/apimachinery` from 0.36.1 to 0.36.2
- [Commits](kubernetes/apimachinery@v0.36.1...v0.36.2)

Updates `k8s.io/client-go` from 0.36.1 to 0.36.2
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.36.1...v0.36.2)

Updates `k8s.io/code-generator` from 0.36.1 to 0.36.2
- [Commits](kubernetes/code-generator@v0.36.1...v0.36.2)

Updates `knative.dev/pkg` from 0.0.0-20260318013857-98d5a706d4fd to 0.0.0-20260531000007-52dbd5ece63f
- [Commits](https://github.com/knative/pkg/commits)

---
updated-dependencies:
- dependency-name: cloud.google.com/go/storage
  dependency-version: 1.63.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/google/go-containerregistry
  dependency-version: 0.21.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/in-toto/go-witness
  dependency-version: 0.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/aws
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/azure
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/gcp
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/sigstore/sigstore/pkg/signature/kms/hashivault
  dependency-version: 1.10.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: github.com/spiffe/go-spiffe/v2
  dependency-version: 2.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github.com/tektoncd/pipeline
  dependency-version: 1.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: go.opentelemetry.io/otel
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: go.opentelemetry.io/otel/metric
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: go.opentelemetry.io/otel/sdk/metric
  dependency-version: 1.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: golang.org/x/crypto
  dependency-version: 0.53.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: golang.org/x/exp
  dependency-version: 0.0.0-20260410095643-746e56fc9e2f
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: google.golang.org/grpc
  dependency-version: 1.82.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: k8s.io/api
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/client-go
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: k8s.io/code-generator
  dependency-version: 0.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: knative.dev/pkg
  dependency-version: 0.0.0-20260531000007-52dbd5ece63f
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix(deps): pin otel/sdk to v1.43.0 to avoid semconv schema conflict (#1772)

Signed-off-by: Shubham Bhardwaj <shubbhar@redhat.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Shubham Bhardwaj <shubbhar@redhat.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Shubham Bhardwaj <shubbhar@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

kind/bug Categorizes issue or PR as related to a bug. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants