Skip to content

build(deps): Upgrade otelcollector to v0.140.0 #1356

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
azure-monitor-assistant wants to merge 2 commits into from
Closed

build(deps): Upgrade otelcollector to v0.140.0 #1356

azure-monitor-assistant wants to merge 2 commits into from

Conversation

@azure-monitor-assistant
Copy link
Contributor

@azure-monitor-assistant azure-monitor-assistant bot commented Nov 21, 2025

This PR upgrades the otelcollector to the latest version available for the opentelemetry-collector and opentelemetry-operator.

It was automatically generated by the GitHub Actions workflow.

The summary of the OSS changelog is below:

Prometheusreceiver Changes

v0.136.0 to v0.140.0

Generated on: 2025-11-21 07:06:24

v0.140.0

  • [BREAKING] receiver/prometheus: The prometheus receiver no longer adjusts the start time of metrics by default. (#43656) Disable the receiver.prometheusreceiver.RemoveStartTimeAdjustment | feature gate to temporarily re-enable this functionality. Users that need | this functionality should migrate to the metricstarttime processor, | and use the true_reset strategy for equivalent behavior.
  • [FEATURE] receiver/prometheusremotewrite: Skip emitting empty metrics. (#44149)
  • [FEATURE] receiver/prometheusremotewrite: prometheusremotewrite receiver now accepts metric type unspcified histograms. (#41840)

v0.139.0

  • [BUG FIX] receiver/prometheus: Fix missing staleness tracking leading to missing no recorded value data points. (#43893)
  • [BUG FIX] receiver/prometheusremotewrite: Fixed a concurrency bug in the Prometheus remote write receiver where concurrent requests with identical job/instance labels would return empty responses after the first successful request. (#42159)

v0.138.0

  • [FEATURE] receiver/prometheus: added NHCB(native histogram wit custom buckets) to explicit histogram conversion (#41131)

Summary

Category Count
Breaking Changes 1
Features 3
Bug Fixes 2
Other Changes 0
Total 6

Target-allocator Changes

v0.136.0 to v0.140.0

Generated on: 2025-11-21 07:06:40

0.140.0

  • [BUG FIX] github action: Remove unused VERSION and VERSION_DATE environment variables from publish workflows (#4470) Removed the unused "Read version" step that set VERSION and VERSION_DATE environment variables in both publish-target-allocator.yaml and publish-operator-opamp-bridge.yaml workflows. These variables were never referenced anywhere in the workflows.

0.138.0

  • [BREAKING] target allocator: Remove the operator.collector.targetallocatorcr feature flag (#2422) This behavior has been enabled by default since version 0.127.0.
  • [BUG FIX] target allocator: Add missing TA ownership watches to cert-manager Certificate and Issuer (#4368)

0.137.0

  • [BREAKING] target allocator: Promote the operator.collector.targetallocatorcr feature flag to Stable (#2422) The flag can no longer be disabled. It will be completely removed in 0.138.0.
  • [BUG FIX] target allocator, opamp: Fix version not being updated after version upgrade. (#4378)
  • [BUG FIX] target-allocator: Fixed potential duplicate scrape targets caused by Prometheus relabeling. (#3617)

Summary

Category Count
Breaking Changes 2
Features 0
Bug Fixes 4
Other Changes 0
Total 6

@azure-monitor-assistant azure-monitor-assistant bot requested a review from a team as a code owner November 21, 2025 07:06
@azure-monitor-assistant
Copy link
Contributor Author

azure-monitor-assistant bot commented Nov 21, 2025

✅ Building the otelcollector and related go binaries succeeded. No breaking changes were detected.
The otelcollector was successfully upgraded to version v0.140.0.

@azure-monitor-assistant
Copy link
Contributor Author

azure-monitor-assistant bot commented Nov 21, 2025

CVE Changes Report

The following CVE changes were detected when upgrading to version v0.140.0:

=== CVE Changes Report ===
Removed CVEs:
Added CVEs:
  + CVE-2025-47914 from prometheusui with severity MEDIUM and package golang.org/x/crypto
  + CVE-2025-47914 from promconfigvalidator with severity MEDIUM and package golang.org/x/crypto
  + CVE-2025-58181 from prometheusui with severity MEDIUM and package golang.org/x/crypto
  + CVE-2025-58181 from otelcollector with severity MEDIUM and package golang.org/x/crypto
  + CVE-2025-58181 from promconfigvalidator with severity MEDIUM and package golang.org/x/crypto
  + CVE-2025-47914 from otelcollector with severity MEDIUM and package golang.org/x/crypto

Preserved CVEs (not scanned):
  = CVE-2025-4802 from kube-state-metrics with severity HIGH and package 
  = CVE-2024-33599 from kube-state-metrics with severity HIGH and package 
  = CVE-2023-4806 from kube-state-metrics with severity MEDIUM and package 
  = CVE-2023-4527 from kube-state-metrics with severity MEDIUM and package 
  = CVE-2024-33601 from kube-state-metrics with severity HIGH and package 
  = CVE-2024-33600 from kube-state-metrics with severity MEDIUM and package

The trivyignore file was updated to ignore the new CVEs.

@github-actions
Copy link
Contributor

github-actions bot commented Nov 28, 2025

This PR is stale because it has been open 7 days with no activity. Remove stale label or comment or this will be closed in 5 days.

@github-actions
Copy link
Contributor

github-actions bot commented Dec 3, 2025

This PR was closed because it has been stalled for 12 days with no activity.

@github-actions github-actions bot closed this Dec 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

no-pr-activity size/XXL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant