Skip to content

Bump go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp from 0.14.0 to 0.19.0#1601

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot-go_modules-go.opentelemetry.io-otel-exporters-otlp-otlplog-otlploghttp-0.19.0
Closed

Bump go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp from 0.14.0 to 0.19.0#1601
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot-go_modules-go.opentelemetry.io-otel-exporters-otlp-otlplog-otlploghttp-0.19.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 8, 2026
edited
Loading

Bumps go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp from 0.14.0 to 0.19.0.

Release notes

Sourced from go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp's releases.

Release v0.19.0

Added

  • Added Marshaler config option to otlphttp to enable otlp over json or protobufs. (#1586)
  • A ForceFlush method to the "go.opentelemetry.io/otel/sdk/trace".TracerProvider to flush all registered SpanProcessors. (#1608)
  • Added WithSampler and WithSpanLimits to tracer provider. (#1633, #1702)
  • "go.opentelemetry.io/otel/trace".SpanContext now has a remote property, and IsRemote() predicate, that is true when the SpanContext has been extracted from remote context data. (#1701)
  • A Valid method to the "go.opentelemetry.io/otel/attribute".KeyValue type. (#1703)

Changed

  • trace.SpanContext is now immutable and has no exported fields. (#1573)
    • trace.NewSpanContext() can be used in conjunction with the trace.SpanContextConfig struct to initialize a new SpanContext where all values are known.
  • Update the ForceFlush method signature to the "go.opentelemetry.io/otel/sdk/trace".SpanProcessor to accept a context.Context and return an error. (#1608)
  • Update the Shutdown method to the "go.opentelemetry.io/otel/sdk/trace".TracerProvider return an error on shutdown failure. (#1608)
  • The SimpleSpanProcessor will now shut down the enclosed SpanExporter and gracefully ignore subsequent calls to OnEnd after Shutdown is called. (#1612)
  • "go.opentelemetry.io/sdk/metric/controller.basic".WithPusher is replaced with WithExporter to provide consistent naming across project. (#1656)
  • Added non-empty string check for trace Attribute keys. (#1659)
  • Add description to SpanStatus only when StatusCode is set to error. (#1662)
  • Jaeger exporter falls back to resource.Default's service.name if the exported Span does not have one. (#1673)
  • Jaeger exporter populates Jaeger's Span Process from Resource. (#1673)
  • Renamed the LabelSet method of "go.opentelemetry.io/otel/sdk/resource".Resource to Set. (#1692)
  • Changed WithSDK to WithSDKOptions to accept variadic arguments of TracerProviderOption type in go.opentelemetry.io/otel/exporters/trace/jaeger package. (#1693)
  • Changed WithSDK to WithSDKOptions to accept variadic arguments of TracerProviderOption type in go.opentelemetry.io/otel/exporters/trace/zipkin package. (#1693)
  • "go.opentelemetry.io/otel/sdk/resource".NewWithAttributes will now drop any invalid attributes passed. (#1703)
  • "go.opentelemetry.io/otel/sdk/resource".StringDetector will now error if the produced attribute is invalid. (#1703)

Removed

  • Removed serviceName parameter from Zipkin exporter and uses resource instead. (#1549)
  • Removed WithConfig from tracer provider to avoid overriding configuration. (#1633)
  • Removed the exported SimpleSpanProcessor and BatchSpanProcessor structs. These are now returned as a SpanProcessor interface from their respective constructors. (#1638)
  • Removed WithRecord() from trace.SpanOption when creating a span. (#1660)
  • Removed setting status to Error while recording an error as a span event in RecordError. (#1663)
  • Removed jaeger.WithProcess configuration option. (#1673)
  • Removed ApplyConfig method from "go.opentelemetry.io/otel/sdk/trace".TracerProvider and the now unneeded Config struct. (#1693)

Fixed

  • Jaeger Exporter: Ensure mapping between OTEL and Jaeger span data complies with the specification. (#1626)
  • SamplingResult.TraceState is correctly propagated to a newly created span's SpanContext. (#1655)
  • The otel-collector example now correctly flushes metric events prior to shutting down the exporter. (#1678)
  • Do not set span status message in SpanStatusFromHTTPStatusCode if it can be inferred from http.status_code. (#1681)
  • Synchronization issues in global trace delegate implementation. (#1686)
  • Reduced excess memory usage by global TracerProvider. (#1687)

Raw changes made between v0.18.0 and v0.19.0

... (truncated)

Changelog

Sourced from go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp's changelog.

[1.43.0/0.65.0/0.19.0] 2026-04-02

Added

  • Add IsRandom and WithRandom on TraceFlags, and IsRandom on SpanContext in go.opentelemetry.io/otel/trace for W3C Trace Context Level 2 Random Trace ID Flag support. (#8012)
  • Add service detection with WithService in go.opentelemetry.io/otel/sdk/resource. (#7642)
  • Add DefaultWithContext and EnvironmentWithContext in go.opentelemetry.io/otel/sdk/resource to support plumbing context.Context through default and environment detectors. (#8051)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#8038)
  • Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (#8038)
  • Add support for per-series start time tracking for cumulative metrics in go.opentelemetry.io/otel/sdk/metric. Set OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true to enable. (#8060)
  • Add WithCardinalityLimitSelector for metric reader for configuring cardinality limits specific to the instrument kind. (#7855)

Changed

  • Introduce the EMPTY Type in go.opentelemetry.io/otel/attribute to reflect that an empty value is now a valid value, with INVALID remaining as a deprecated alias of EMPTY. (#8038)
  • Improve slice handling in go.opentelemetry.io/otel/attribute to optimize short slice values with fixed-size fast paths. (#8039)
  • Improve performance of span metric recording in go.opentelemetry.io/otel/sdk/trace by returning early if self-observability is not enabled. (#8067)
  • Improve formatting of metric data diffs in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (#8073)

Deprecated

  • Deprecate INVALID in go.opentelemetry.io/otel/attribute. Use EMPTY instead. (#8038)

Fixed

  • Return spec-compliant TraceIdRatioBased description. This is a breaking behavioral change, but it is necessary to make the implementation spec-compliant. (#8027)
  • Fix a race condition in go.opentelemetry.io/otel/sdk/metric where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (#8056)
  • Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108)
  • Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108)
  • Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108)
  • WithHostID detector in go.opentelemetry.io/otel/sdk/resource to use full path for kenv command on BSD. (#8113)
  • Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp to correctly handle HTTP2 GOAWAY frame. (#8096)

[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06

Added

  • Add go.opentelemetry.io/otel/semconv/v1.40.0 package. The package contains semantic conventions from the v1.40.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.39.0. (#7985)

... (truncated)

Commits
  • 2b4fa96 Release v0.19.0 (#1710)
  • 4beb704 sdk/trace: removing ApplyConfig and Config (#1693)
  • 1d42be1 Rename WithDefaultSampler TracerProvider option to WithSampler and update doc...
  • 860d5d8 Add flag to determine whether SpanContext is remote (#1701)
  • 0fe65e6 Comply with OpenTelemetry attributes specification (#1703)
  • 8888435 Bump google.golang.org/api from 0.40.0 to 0.41.0 in /exporters/trace/jaeger (...
  • 345f264 breaking(zipkin): removes servicName from zipkin exporter. (#1697)
  • 62cbf0f Populate Jaeger's Span.Process from Resource (#1673)
  • 28eaaa9 Add a test to prove the Tracer is safe for concurrent calls (#1665)
  • 8b1be11 Rename resource pkg label vars and methods (#1692)
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies go Pull requests that update Go code labels Apr 8, 2026
@dependabot dependabot bot requested a review from a team as a code owner April 8, 2026 19:25
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 8, 2026
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ❌ 1 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA f55b914.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

go.mod

PackageVersionLicenseIssue Type
gonum.org/v1/gonum0.17.0BSD-3-Clause AND CC0-1.0 AND LicenseRef-scancode-public-domain AND LicenseRef-scancode-w3c-03-bsd-license AND MITIncompatible License
github.com/grpc-ecosystem/grpc-gateway/v22.28.0NullUnknown License
Allowed Licenses: Apache-1.1, Apache-2.0, BSD-2-Clause, BSD-3-Clause, BSL-1.0, ISC, MIT, MPL-2.0, NCSA, OpenSSL, Python-2.0, X11, CC0-1.0, CC-BY-4.0, LicenseRef-scancode-google-patent-license-golang
Excluded from license check: pkg:githubactions/fossas/fossa-action, pkg:githubactions/opentofu/setup-opentofu, pkg:golang/github.com/shoenig/go-m1cpu, pkg:pypi/pytest-metadata

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
gomod/github.com/grpc-ecosystem/grpc-gateway/v2 2.28.0 UnknownUnknown
gomod/go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp 0.19.0 🟢 9.3
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 10all changesets reviewed
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices🟢 5badge detected: Passing
Signed-Releases🟢 85 out of the last 5 releases have a total of 5 signed artifacts.
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST🟢 9SAST tool detected but not run on all commits
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Security-Policy🟢 10security policy file detected
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 42 contributing companies or organizations
gomod/go.opentelemetry.io/otel/log 0.19.0 🟢 9.3
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 10all changesets reviewed
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices🟢 5badge detected: Passing
Signed-Releases🟢 85 out of the last 5 releases have a total of 5 signed artifacts.
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST🟢 9SAST tool detected but not run on all commits
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Security-Policy🟢 10security policy file detected
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 42 contributing companies or organizations
gomod/go.opentelemetry.io/otel/sdk/log 0.19.0 🟢 9.3
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 10all changesets reviewed
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices🟢 5badge detected: Passing
Signed-Releases🟢 85 out of the last 5 releases have a total of 5 signed artifacts.
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST🟢 9SAST tool detected but not run on all commits
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Security-Policy🟢 10security policy file detected
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 42 contributing companies or organizations
gomod/go.opentelemetry.io/proto/otlp 1.10.0 🟢 7.9
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 8 contributing companies or organizations
gomod/golang.org/x/crypto 0.49.0 UnknownUnknown
gomod/golang.org/x/mod 0.33.0 UnknownUnknown
gomod/golang.org/x/net 0.52.0 UnknownUnknown
gomod/golang.org/x/oauth2 0.35.0 UnknownUnknown
gomod/golang.org/x/sync 0.20.0 UnknownUnknown
gomod/golang.org/x/telemetry 0.0.0-20260209163413-e7419c687ee4 UnknownUnknown
gomod/golang.org/x/text 0.35.0 UnknownUnknown
gomod/golang.org/x/tools 0.42.0 UnknownUnknown
gomod/gonum.org/v1/gonum 0.17.0 🟢 5.7
Details
CheckScoreReason
Maintained🟢 52 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 5
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
gomod/google.golang.org/genproto/googleapis/api 0.0.0-20260401024825-9d38bb4040a9 🟢 6.7
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST🟢 5SAST tool is not run on all commits -- score normalized to 5
gomod/google.golang.org/genproto/googleapis/rpc 0.0.0-20260401024825-9d38bb4040a9 🟢 6.7
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 8branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST🟢 5SAST tool is not run on all commits -- score normalized to 5
gomod/google.golang.org/grpc 1.80.0 🟢 8.5
Details
CheckScoreReason
Security-Policy🟢 9security policy file detected
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST🟢 7SAST tool detected but not run on all commits

Scanned Files

  • go.mod

@dependabot dependabot bot force-pushed the dependabot-go_modules-go.opentelemetry.io-otel-exporters-otlp-otlplog-otlploghttp-0.19.0 branch from 3d004ef to 23b9dda Compare April 9, 2026 13:48
@aphralG aphralG mentioned this pull request Apr 9, 2026
Closed
6 tasks
@dependabot dependabot bot force-pushed the dependabot-go_modules-go.opentelemetry.io-otel-exporters-otlp-otlplog-otlploghttp-0.19.0 branch from 23b9dda to fdbd649 Compare April 10, 2026 09:44
@aphralG
Copy link
Copy Markdown
Contributor

aphralG commented Apr 10, 2026

@dependabot rebase

@dependabot
Bump go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp
f55b914 
Bumps [go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp](https://github.com/open-telemetry/opentelemetry-go) from 0.14.0 to 0.19.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-go@v0.14.0...v0.19.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp
  dependency-version: 0.19.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot-go_modules-go.opentelemetry.io-otel-exporters-otlp-otlplog-otlploghttp-0.19.0 branch from fdbd649 to f55b914 Compare April 10, 2026 13:38
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Apr 10, 2026

Looks like go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp is up-to-date now, so this is no longer needed.

@dependabot dependabot bot closed this Apr 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies go Pull requests that update Go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aphralG