build (deps): upgrade opentelemetry to 1.62.0 to patch CVE-2026-45292#13304
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the OpenTelemetry version to 1.62.0 across several Maven configuration files. It also introduces a dummy comment in LoggingUtils.java to trigger the CI pipeline. The feedback advises removing this dummy comment to avoid unnecessary noise in the codebase, suggesting cleaner alternatives like empty git commits to trigger CI.
blakeli0
force-pushed
the
security/upgrade-opentelemetry-cve-2026-45292
branch
from
1612acd to
e1d2817
Compare
blakeli0
force-pushed
the
security/upgrade-opentelemetry-cve-2026-45292
branch
from
e1d2817 to
342a513
Compare
blakeli0
changed the title
|
Do we care about this sample's version? |
I don't think it matters much but it is more of a best practice to make all versions update together. Separately, I also briefly looks into if we can remove the version from bigquery samples as well. I think we probably can because it is not used in between the region tags. Do you have more info about how it is used (not in scope of this PR)? |
3 participants
Upgrades opentelemetry.version to 1.62.0 to address CVE-2026-45292 (GHSA-rcgg-9c38-7xpx). This repo is actually NOT affected by this vulnerability but it is a good practice to upgrade it so it does not show up in customers' reports.
Separately, removed unnecessary version declaration of opentelemetry in Spanner.