Skip to content

build(deps): Upgrade otelcollector to v0.141.0 #1368

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
azure-monitor-assistant wants to merge 2 commits into
base: main
Choose a base branch
from
Open

build(deps): Upgrade otelcollector to v0.141.0 #1368

azure-monitor-assistant wants to merge 2 commits into from

Conversation

@azure-monitor-assistant
Copy link
Contributor

@azure-monitor-assistant azure-monitor-assistant bot commented Dec 10, 2025

This PR upgrades the otelcollector to the latest version available for the opentelemetry-collector and opentelemetry-operator.

It was automatically generated by the GitHub Actions workflow.

The summary of the OSS changelog is below:

Prometheusreceiver Changes

v0.136.0 to v0.141.0

Generated on: 2025-12-10 07:07:48

v0.141.0

  • [FEATURE] receiver/prometheus: Add feature gate for extra scrape metrics in Prometheus receiver (#44181) deprecation of extra scrape metrics in Prometheus receiver will be removed eventually.
  • [FEATURE] receiver/prometheus: Support JWT Profile for Authorization Grant (RFC 7523 3.1) (#44381)

v0.140.0

  • [BREAKING] receiver/prometheus: The prometheus receiver no longer adjusts the start time of metrics by default. (#43656) Disable the receiver.prometheusreceiver.RemoveStartTimeAdjustment | feature gate to temporarily re-enable this functionality. Users that need | this functionality should migrate to the metricstarttime processor, | and use the true_reset strategy for equivalent behavior.
  • [FEATURE] receiver/prometheusremotewrite: Skip emitting empty metrics. (#44149)
  • [FEATURE] receiver/prometheusremotewrite: prometheusremotewrite receiver now accepts metric type unspcified histograms. (#41840)

v0.139.0

  • [BUG FIX] receiver/prometheus: Fix missing staleness tracking leading to missing no recorded value data points. (#43893)
  • [BUG FIX] receiver/prometheusremotewrite: Fixed a concurrency bug in the Prometheus remote write receiver where concurrent requests with identical job/instance labels would return empty responses after the first successful request. (#42159)

v0.138.0

  • [FEATURE] receiver/prometheus: added NHCB(native histogram wit custom buckets) to explicit histogram conversion (#41131)

Summary

Category Count
Breaking Changes 1
Features 5
Bug Fixes 2
Other Changes 0
Total 8

Target-allocator Changes

v0.136.0 to v0.141.0

Generated on: 2025-12-10 07:08:02

0.141.0

  • [FEATURE] target allocator: make evaluation_interval configurable for Prometheus CR watcher (#4520)

0.140.0

  • [BUG FIX] github action: Remove unused VERSION and VERSION_DATE environment variables from publish workflows (#4470) Removed the unused "Read version" step that set VERSION and VERSION_DATE environment variables in both publish-target-allocator.yaml and publish-operator-opamp-bridge.yaml workflows. These variables were never referenced anywhere in the workflows.

0.138.0

  • [BREAKING] target allocator: Remove the operator.collector.targetallocatorcr feature flag (#2422) This behavior has been enabled by default since version 0.127.0.
  • [BUG FIX] target allocator: Add missing TA ownership watches to cert-manager Certificate and Issuer (#4368)

0.137.0

  • [BREAKING] target allocator: Promote the operator.collector.targetallocatorcr feature flag to Stable (#2422) The flag can no longer be disabled. It will be completely removed in 0.138.0.
  • [BUG FIX] target allocator, opamp: Fix version not being updated after version upgrade. (#4378)
  • [BUG FIX] target-allocator: Fixed potential duplicate scrape targets caused by Prometheus relabeling. (#3617)

Summary

Category Count
Breaking Changes 2
Features 1
Bug Fixes 4
Other Changes 0
Total 7

@azure-monitor-assistant azure-monitor-assistant bot requested a review from a team as a code owner December 10, 2025 07:08
@azure-monitor-assistant
Copy link
Contributor Author

azure-monitor-assistant bot commented Dec 10, 2025

✅ Building the otelcollector and related go binaries succeeded. No breaking changes were detected.
The otelcollector was successfully upgraded to version v0.141.0.

@azure-monitor-assistant
Copy link
Contributor Author

azure-monitor-assistant bot commented Dec 10, 2025

CVE Changes Report

The following CVE changes were detected when upgrading to version v0.141.0:

=== CVE Changes Report ===
Removed CVEs:
Added CVEs:
  + CVE-2025-47914 from prometheusui with severity MEDIUM and package golang.org/x/crypto
  + CVE-2025-58181 from prometheusui with severity MEDIUM and package golang.org/x/crypto

Preserved CVEs (not scanned):
  = CVE-2025-47914 from kube-state-metrics with severity MEDIUM and package 
  = CVE-2025-4802 from kube-state-metrics with severity HIGH and package 
  = CVE-2024-33599 from kube-state-metrics with severity HIGH and package 
  = CVE-2023-4806 from kube-state-metrics with severity MEDIUM and package 
  = CVE-2023-4527 from kube-state-metrics with severity MEDIUM and package 
  = CVE-2024-33601 from kube-state-metrics with severity HIGH and package 
  = CVE-2025-58181 from kube-state-metrics with severity MEDIUM and package 
  = CVE-2024-33600 from kube-state-metrics with severity MEDIUM and package

The trivyignore file was updated to ignore the new CVEs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size/XXL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant