Open
Conversation
Contributor
Author
ℹ️ Artifact update noticeFile name: go.modIn order to perform the update(s) described in the table above, Renovate ran the
Details:
|
renovate
bot
force-pushed
the
renovate/all
branch
9 times, most recently
from
bdca8fa to
01acc69
Compare
renovate
bot
force-pushed
the
renovate/all
branch
15 times, most recently
from
da25553 to
835f06f
Compare
renovate
bot
force-pushed
the
renovate/all
branch
4 times, most recently
from
4cde8df to
2c98be6
Compare
renovate
bot
force-pushed
the
renovate/all
branch
from
2c98be6 to
9879175
Compare
renovate
bot
force-pushed
the
renovate/all
branch
from
9879175 to
c83d244
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.34.0→0.35.01.19.3→1.20.001e550f→f512d81v0.144.0→v0.146.0v1.50.0→v1.53.0v1.50.0→v1.53.0v1.50.0→v1.53.0v1.50.0→v1.53.0v0.142.0→v0.147.0v0.142.0→v0.147.0v1.50.0→v1.53.0v0.142.0→v0.147.01.26.0-alpine3.22→1.26.1-alpine3.222.10.1→2.11.3v0.35.1→v0.35.2v0.35.1→v0.35.2v0.35.1→v0.35.20.105.1→0.107.0v0.22.5→v0.23.3Release Notes
aquasecurity/trivy-action (aquasecurity/trivy-action)
v0.35.0Compare Source
What's Changed
Full Changelog: aquasecurity/trivy-action@0.34.2...0.35.0
v0.34.2Compare Source
What's Changed
New Contributors
Full Changelog: aquasecurity/trivy-action@0.34.1...0.34.2
v0.34.1Compare Source
What's Changed
Full Changelog: aquasecurity/trivy-action@0.34.0...0.34.1
cert-manager/cert-manager (cert-manager/cert-manager)
v1.20.0Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
v1.20.0 adds alpha support for the new ListenerSet resource, adds support for Azure Private DNS; parentRefs are no longer required when using ACME with Gateway API, and OtherNames was promoted to Beta.
Changes by Kind
Feature
imagePullSecretsin thestartupapicheck-jobHelm template to enable pulling images from private registries. (#8186, @mathieu-clnk)parentRefoverride annotations on the Certificate resource. (#8518, @hjoshi123)venafi.cert-manager.io/custom-fieldsannotation on Issuer/ClusterIssuer and use it as base with override/append capabilities on Certificate level. (#8301, @k0da)acme.cert-manager.io/http01-ingress-ingressclassnameto overridehttp01.ingress.ingressClassNamefield in HTTP-01 challenge solvers. (#8244, @lunarwhite)global.nodeSelectorto helm chart to perform amergeand allow for a singlenodeSelectorto be set across all services. (#8195, @StingRayZA)XListenerSetsfeature gate (#8394, @hjoshi123)Documentation
Bug or Regression
Add full detailed DNS-01 errors to the events attached to the Challenge, for easier debugging (#8221, @wallrj-cyberark)
v1.25.5to fixCVE-2025-61727andCVE-2025-61729(#8290, @octo-sts[bot])cert-manager. Previously, it was set depending on various factors (namespace cert-manager is installed in and/or Helm release name). (#8162, @LiquidPL)Other (Cleanup or Flake)
XListenerSetsfeature gate toListenerSets(#8501, @hjoshi123)v1.19.4Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
v1.19.4 is a simple patch release to fix some reported vulnerabilities - notably CVE-2026-24051 and CVE-2025-68121. All users should upgrade.
Changes by Kind
Bug or Regression
open-telemetry/opentelemetry-operator (github.com/open-telemetry/opentelemetry-operator)
v0.146.0Compare Source
0.146.0
💡 Enhancements 💡
target allocator: Expose missing Prometheus CR fields in the Operator API (#1934)Added
podMonitorNamespaceSelector,serviceMonitorNamespaceSelector,scrapeConfigNamespaceSelector,probeNamespaceSelector,evaluationInterval, andscrapeProtocolsto theprometheusCRconfiguration within the
TargetAllocatorandOpenTelemetryCollectorAPIs to achieve feature parity with the underlying Target Allocator.
collector: Add the hostUsers field to OpenTelemetryCommonFields to enable toggling support for isolating pod processes under a separate user namespace (#4366)auto-instrumentation: Add support for initContainers to instrumentation injector (#3308)Add support for instrumenting init containers.
Init container support is available for Java, Python, Node.js, .NET and SDK-only, and works using the same annotation as for regular containers.
operator, collector: Allow operator to get TLS settings from OpenShiftAPIServerCR and configure operands TLS settings. (#4669)Added operator flag
--tls-cluster-profilewhich obtains the TLS min version and cipher suites from the OpenShiftAPIServerclustercustom resource (CR).It overrides the
--tls-min-versionand--tls-cipher-suitesflags if set.The flags is disabled by default on Kubernetes and enabled on OpenShift.
Added operator flag
--tls-configure-operandswhich configures operands TLS settings (min version, cipher suites)based on the supplied operator TLS flags (
--tls-cipher-suitesand--tls-min-version) or from the OpenShiftAPIServerCRif
--tls-cluster-profileis enabled.The flag is disabled by default on Kubernetes and enabled on OpenShift.
The
--tls-min-versiondefaults toTLSv1.2which matches the collector's default.The
--tls-cipher-suitesis empty by default which matches the collector's default.Therefore enabling
--tls-configure-operandswith the default TLS flags should not change the collector's behavior.operator: Add webhook server readiness check to the operator's /readyz endpoint so the pod is not marked ready before the webhook server is listening. (#3772)Previously the readiness probe used only healthz.Ping, causing a race where CRs
created right after deployment could hit "connection refused" from the webhook.
Now the readyz endpoint includes a check using controller-runtime's
StartedChecker which verifies the webhook TLS listener is actually accepting connections.
🧰 Bug fixes 🧰
collector: Remove legacy finalizer from OpenTelemetryCollector CR when RBAC not available. (#4769)Finalizer usage was restricted to cluster scoped resources only. Legacy finalizer added by OpenTelemetry Operator
<= v0.141.0 still blocks namespace deletion if the operator is removed first. The change removes finalizer with
cluster-level RBAC availability.
Components
v0.145.0Compare Source
0.145.0
🛑 Breaking changes 🛑
collector: Remove operator.collector.default.config feature gate (#4473)🚀 New components 🚀
clusterObservability: Inital implementation of ClusterObservability CRD (#3820)This change provides an initial implementation of the Cluster Observability CRD and operator control loop.
Reconcilation is disabled by default.
Currently, the CRD is not included in the operator bundle and must be installed manually.
To enable reconciliation, enable the
--feature-gates=+operator.clusterobservabilityfeature gate.💡 Enhancements 💡
target allocator: Add readiness and liveness probe configurations for target allocator CRD (#4639)target allocator: Make the least-weighted target allocation strategy take job name into account. (#3128)Uses job name instead of "first match" to when number of targets is equal. The effect is to spread out targets with the same job name across collectors.
🧰 Bug fixes 🧰
target allocator: Fix TLS certificate hot-reload for mTLS connections (#4368)The Target Allocator now automatically reloads TLS certificates when they are renewed
by cert-manager. Previously, certificate renewals required a pod restart because
certificates were only loaded once at startup. The fix uses fsnotify to watch the
certificate directory and dynamically reloads certificates via the GetCertificate
callback, enabling seamless certificate rotation without downtime.
collector: Configure collector to reload client certificate periodically (#4657)When the collector connects to the target allocator over mTLS, certificates were not automatically reloaded after expiration. This adds reload_interval to the TLS configuration, enabling the Prometheus receiver to periodically reload certificates from disk.
The default interval of 5 minutes provides a good balance between picking up renewed certificates promptly and avoiding unnecessary overhead.
operator: Set Kubernetes API server egress network policy port dynamically. (#4411)The operator network policy egress rule for the Kubernetes API server was hardcoded to port 6443.
This PR uses uses
endpointslices.discovery.k8s.io -n default kubernetesto get the port and IP addresses of the Kubernetes API serverfor the operator egress network policy.
Components
open-telemetry/opentelemetry-collector (go.opentelemetry.io/collector/component)
v1.53.0💡 Enhancements 💡
exporter/debug: Output bucket counts for exponential histogram data points in normal verbosity. (#10463)pkg/exporterhelper: Addmetadata_keysconfiguration tosending_queue.batch.partitionto partition batches by client metadata (#14139)The
metadata_keysconfiguration option is now available in thesending_queue.batch.partitionsection for all exporters.When specified, batches are partitioned based on the values of the listed metadata keys, allowing separate batching per metadata partition. This feature
is automatically configured when using
exporterhelper.WithQueue().🧰 Bug fixes 🧰
cmd/builder: Fix duplicate error output when CLI command execution fails in the builder tool. (#14436)cmd/mdatagen: Fix duplicate error output when CLI command execution fails in the mdatagen tool. (#14436)cmd/mdatagen: Fix semconv URL validation for metrics with underscores in their names (#14583)Metrics like
system.disk.io_timenow correctly validate against semantic convention URLs containing underscores in the anchor tag.extension/memory_limiter: Use ChainUnaryInterceptor instead of UnaryInterceptor to allow multiple interceptors. (#14634)If multiple extensions that use the UnaryInterceptor are set the binary panics at start time.
extension/memory_limiter: Add support for streaming services. (#14634)pkg/config/configmiddleware: Add context.Context to HTTP middleware interface constructors. (#14523)This is a breaking API change for components that implement or use extensionmiddleware.
pkg/confmap: Fix another issue where configs could fail to decode when using interpolated values in string fields. (#14034)For example, a resource attribute can be set via an environment variable to a string that is parseable as a number, e.g.
1234.(A similar bug was fixed in a previous release: that one was triggered when the field was nested in a struct,
whereas this one is triggered when the field internally has type "pointer to string" rather than "string".)
pkg/otelcol: The featuregate subcommand now rejects extra positional arguments instead of silently ignoring them. (#14554)pkg/queuebatch: Fix data race in partition_batcher where resetTimer() was called outside mutex, causing concurrent timer.Reset() calls and unpredictable batch flush timing under load. (#14491)pkg/scraperhelper: Log scrapers now emit log-appropriate receiver telemetry (#14654)Log scrapers previously emitted the same receiver telemetry as metric scrapers,
such as the otelcol_receiver_accepted_metric_points metric (instead of otelcol_receiver_accepted_log_records),
or spans named receiver/myreceiver/MetricsReceived (instead of receiver/myreceiver/LogsReceived).
This did not affect scraper-specific spans and metrics.
processor/batch: Fixes a bug where the batch processor would not copySchemaUrlmetadata from resource and scope containers during partial batch splits. (#12279, #14620)v1.52.0v1.51.0💡 Enhancements 💡
pkg/scraperhelper: ScraperID has been added to the logs for metrics, logs, and profiles (#14461)🧰 Bug fixes 🧰
exporter/otlp_grpc: Fix the OTLP exporter balancer to use round_robin by default, as intended. (#14090)pkg/config/configoptional: FixUnmarshalmethods not being called when config is wrapped insideOptional(#14500)This bug notably manifested in the fact that the
sending_queue::batch::sizerconfig for exportersstopped defaulting to
sending_queue::sizer, which sometimes caused the wrong units to be usedwhen configuring
sending_queue::batch::min_sizeandmax_size.As part of the fix,
xconfmapexposes a newxconfmap.WithForceUnmarshaleroption, to be used in theUnmarshalmethodsof wrapper types like
configoptional.Optionalto make sure theUnmarshalmethod of the inner type is called.The default behavior remains that calling
conf.Unmarshalon theconfmap.Confpassed as argument to anUnmarshalmethod will skip any top-level
Unmarshalmethods to avoid infinite recursion in standard use cases.pkg/confmap: Fix an issue where configs could fail to decode when using interpolated values in string fields. (#14413)For example, a header can be set via an environment variable to a string that is parseable as a number, e.g.
1234pkg/service: Don't error on startup when process metrics are enabled on unsupported OSes (e.g. AIX) (#14307)golangci/golangci-lint (golangci/golangci-lint)
v2.11.3Compare Source
Released on 2026-03-10
gosec: from v2.24.7 to619ce21v2.11.2Compare Source
Released on 2026-03-07
fmt: fix error when using thefmtcommand with explicit paths.v2.11.1Compare Source
Released on 2026-03-06
Due to an error related to AUR, some artifacts of the v2.11.0 release have not been published.
This release contains the same things as v2.11.0.
v2.11.0Compare Source
Released on 2026-03-06
errcheck: from 1.9.0 to 1.10.0 (excludecrypto/rand.Readby default)gosec: from 2.23.0 to 2.24.6 (new rules:G113,G118,G119,G120,G121,G122,G123,G408,G707)noctx: from 0.4.0 to 0.5.0 (new detection:httptest.NewRequestWithContext)prealloc: from 1.0.2 to 1.1.0revive: from 1.14.0 to 1.15.0 (var-namingto a new rulepackage-naming)gocognit: from 1.2.0 to 1.2.1gosec: from 2.24.6 to 2.24.7unqueryvet: from 1.5.3 to 1.5.4kubernetes/api (k8s.io/api)
v0.35.2Compare Source
kubernetes/apimachinery (k8s.io/apimachinery)
v0.35.2Compare Source
kubernetes/client-go (k8s.io/client-go)
v0.35.2Compare Source
open-telemetry/opentelemetry-helm-charts (opentelemetry-operator)
v0.107.0Compare Source
OpenTelemetry Operator Helm chart for Kubernetes
What's Changed
Full Changelog: open-telemetry/opentelemetry-helm-charts@opentelemetry-collector-0.147.0...opentelemetry-operator-0.107.0
opentelemetry-operator 0.107.0
What's Changed
This release updates the opentelemetry-operator to version 0.146.0.
OpenTelemetry Release Notes
Chart Information
v0.106.0Compare Source
OpenTelemetry Operator Helm chart for Kubernetes
What's Changed
New Contributors
Full Changelog: open-telemetry/opentelemetry-helm-charts@opentelemetry-collector-0.146.0...opentelemetry-operator-0.106.0
opentelemetry-operator 0.106.0
What's Changed
This release updates the opentelemetry-operator to version 0.145.0.
OpenTelemetry Release Notes
Chart Information
kubernetes-sigs/controller-runtime (sigs.k8s.io/controller-runtime)
v0.23.3Compare Source
What's Changed
Full Changelog: kubernetes-sigs/controller-runtime@v0.23.2...v0.23.3
v0.23.2Compare Source
What's Changed
Full Changelog: kubernetes-sigs/controller-runtime@v0.23.1...v0.23.2
v0.23.1Compare Source
What's Changed
Full Changelog: kubernetes-sigs/controller-runtime@v0.23.0...v0.23.1
v0.23.0Compare Source
🔆 Highlights
GetEventRecorderForrequires updating your rbac for events to use theevents.k8s.ioapiGroup rather than the `` (core) apiGroupbuilder.WebhookManagedBy(mgr).For(&corev1.Deployment{})has to be changed tobuilder.WebhookManagedBy(mgr, &appsv1.Deployment{})runtime.Object, for example fromValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error)toValidateCreate(ctx context.Context, obj *appsv1.Deployment) (admission.Warnings, error)✨ Features
🐛 Bugfixes
waitermanipulation by @fossedihelm in #3368🌱 Other
sorttoslicespackage by @dongjiang1989 in #3370📖 Documentation
Configuration
📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) in timezone Etc/UTC, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.