chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp from 0.17.0 to 0.19.0

[dependabot]

Bumps go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp from 0.17.0 to 0.19.0.

Release notes

Sourced from go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp's releases.

Release v0.19.0

Added

• Added Marshaler config option to otlphttp to enable otlp over json or protobufs. (#1586)
• A ForceFlush method to the "go.opentelemetry.io/otel/sdk/trace".TracerProvider to flush all registered SpanProcessors. (#1608)
• Added WithSampler and WithSpanLimits to tracer provider. (#1633, #1702)
• "go.opentelemetry.io/otel/trace".SpanContext now has a remote property, and IsRemote() predicate, that is true when the SpanContext has been extracted from remote context data. (#1701)
• A Valid method to the "go.opentelemetry.io/otel/attribute".KeyValue type. (#1703)

Changed

• trace.SpanContext is now immutable and has no exported fields. (#1573)
  • trace.NewSpanContext() can be used in conjunction with the trace.SpanContextConfig struct to initialize a new SpanContext where all values are known.
• Update the ForceFlush method signature to the "go.opentelemetry.io/otel/sdk/trace".SpanProcessor to accept a context.Context and return an error. (#1608)
• Update the Shutdown method to the "go.opentelemetry.io/otel/sdk/trace".TracerProvider return an error on shutdown failure. (#1608)
• The SimpleSpanProcessor will now shut down the enclosed SpanExporter and gracefully ignore subsequent calls to OnEnd after Shutdown is called. (#1612)
• "go.opentelemetry.io/sdk/metric/controller.basic".WithPusher is replaced with WithExporter to provide consistent naming across project. (#1656)
• Added non-empty string check for trace Attribute keys. (#1659)
• Add description to SpanStatus only when StatusCode is set to error. (#1662)
• Jaeger exporter falls back to resource.Default's service.name if the exported Span does not have one. (#1673)
• Jaeger exporter populates Jaeger's Span Process from Resource. (#1673)
• Renamed the LabelSet method of "go.opentelemetry.io/otel/sdk/resource".Resource to Set. (#1692)
• Changed WithSDK to WithSDKOptions to accept variadic arguments of TracerProviderOption type in go.opentelemetry.io/otel/exporters/trace/jaeger package. (#1693)
• Changed WithSDK to WithSDKOptions to accept variadic arguments of TracerProviderOption type in go.opentelemetry.io/otel/exporters/trace/zipkin package. (#1693)
• "go.opentelemetry.io/otel/sdk/resource".NewWithAttributes will now drop any invalid attributes passed. (#1703)
• "go.opentelemetry.io/otel/sdk/resource".StringDetector will now error if the produced attribute is invalid. (#1703)

Removed

• Removed serviceName parameter from Zipkin exporter and uses resource instead. (#1549)
• Removed WithConfig from tracer provider to avoid overriding configuration. (#1633)
• Removed the exported SimpleSpanProcessor and BatchSpanProcessor structs. These are now returned as a SpanProcessor interface from their respective constructors. (#1638)
• Removed WithRecord() from trace.SpanOption when creating a span. (#1660)
• Removed setting status to Error while recording an error as a span event in RecordError. (#1663)
• Removed jaeger.WithProcess configuration option. (#1673)
• Removed ApplyConfig method from "go.opentelemetry.io/otel/sdk/trace".TracerProvider and the now unneeded Config struct. (#1693)

Fixed

• Jaeger Exporter: Ensure mapping between OTEL and Jaeger span data complies with the specification. (#1626)
• SamplingResult.TraceState is correctly propagated to a newly created span's SpanContext. (#1655)
• The otel-collector example now correctly flushes metric events prior to shutting down the exporter. (#1678)
• Do not set span status message in SpanStatusFromHTTPStatusCode if it can be inferred from http.status_code. (#1681)
• Synchronization issues in global trace delegate implementation. (#1686)
• Reduced excess memory usage by global TracerProvider. (#1687)

---

Raw changes made between v0.18.0 and v0.19.0

... (truncated)

Changelog

Sourced from go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp's changelog.

[1.43.0/0.65.0/0.19.0] 2026-04-02

Added

• Add IsRandom and WithRandom on TraceFlags, and IsRandom on SpanContext in go.opentelemetry.io/otel/trace for W3C Trace Context Level 2 Random Trace ID Flag support. (#8012)
• Add service detection with WithService in go.opentelemetry.io/otel/sdk/resource. (#7642)
• Add DefaultWithContext and EnvironmentWithContext in go.opentelemetry.io/otel/sdk/resource to support plumbing context.Context through default and environment detectors. (#8051)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc. (#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp. (#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp. (#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp. (#8038)
• Support attributes with empty value (attribute.EMPTY) in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (#8038)
• Add support for per-series start time tracking for cumulative metrics in go.opentelemetry.io/otel/sdk/metric. Set OTEL_GO_X_PER_SERIES_START_TIMESTAMPS=true to enable. (#8060)
• Add WithCardinalityLimitSelector for metric reader for configuring cardinality limits specific to the instrument kind. (#7855)

Changed

• Introduce the EMPTY Type in go.opentelemetry.io/otel/attribute to reflect that an empty value is now a valid value, with INVALID remaining as a deprecated alias of EMPTY. (#8038)
• Improve slice handling in go.opentelemetry.io/otel/attribute to optimize short slice values with fixed-size fast paths. (#8039)
• Improve performance of span metric recording in go.opentelemetry.io/otel/sdk/trace by returning early if self-observability is not enabled. (#8067)
• Improve formatting of metric data diffs in go.opentelemetry.io/otel/sdk/metric/metricdata/metricdatatest. (#8073)

Deprecated

• Deprecate INVALID in go.opentelemetry.io/otel/attribute. Use EMPTY instead. (#8038)

Fixed

• Return spec-compliant TraceIdRatioBased description. This is a breaking behavioral change, but it is necessary to make the implementation spec-compliant. (#8027)
• Fix a race condition in go.opentelemetry.io/otel/sdk/metric where the lastvalue aggregation could collect the value 0 even when no zero-value measurements were recorded. (#8056)
• Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108)
• Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108)
• Limit HTTP response body to 4 MiB in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp to mitigate excessive memory usage caused by a misconfigured or malicious server. Responses exceeding the limit are treated as non-retryable errors. (#8108)
• WithHostID detector in go.opentelemetry.io/otel/sdk/resource to use full path for kenv command on BSD. (#8113)
• Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp to correctly handle HTTP2 GOAWAY frame. (#8096)

[1.42.0/0.64.0/0.18.0/0.0.16] 2026-03-06

Added

• Add go.opentelemetry.io/otel/semconv/v1.40.0 package. The package contains semantic conventions from the v1.40.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.39.0. (#7985)

... (truncated)

Commits

• 2b4fa96 Release v0.19.0 (#1710)
• 4beb704 sdk/trace: removing ApplyConfig and Config (#1693)
• 1d42be1 Rename WithDefaultSampler TracerProvider option to WithSampler and update doc...
• 860d5d8 Add flag to determine whether SpanContext is remote (#1701)
• 0fe65e6 Comply with OpenTelemetry attributes specification (#1703)
• 8888435 Bump google.golang.org/api from 0.40.0 to 0.41.0 in /exporters/trace/jaeger (...
• 345f264 breaking(zipkin): removes servicName from zipkin exporter. (#1697)
• 62cbf0f Populate Jaeger's Span.Process from Resource (#1673)
• 28eaaa9 Add a test to prove the Tracer is safe for concurrent calls (#1665)
• 8b1be11 Rename resource pkg label vars and methods (#1692)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Note

Medium Risk
Dependency-only change, but it upgrades core OpenTelemetry, gRPC, and x/* networking libraries, which can subtly change telemetry/exporter behavior and runtime compatibility.

Overview
Upgrades the OpenTelemetry Go stack (including go.opentelemetry.io/otel 1.41.0→1.43.0 and otlploghttp 0.17.0→0.19.0), along with aligned SDK/log/metric/trace module versions.

Also bumps several transitive/runtime dependencies (google.golang.org/grpc 1.79.3→1.80.0, golang.org/x/net/x/sys/x/crypto/x/term, and Google genproto packages), updating go.sum accordingly.

^{Reviewed by Cursor Bugbot for commit 0fd860a. Bugbot is set up for automated code reviews on this repo. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix prepared a fix for the issue found in the latest run.

• ✅ Fixed: Pre-stable OTel log exporter version skew risk
  • I confirmed the skew risk was real and updated both otlploggrpc and stdoutlog in go.mod from v0.17.0 to v0.19.0 to align all OTel log packages.

Or push these changes by commenting:

@cursor push c7083a368e

Preview (c7083a368e)

diff --git a/go.mod b/go.mod
--- a/go.mod
+++ b/go.mod
@@ -320,7 +320,7 @@
 	go.opentelemetry.io/contrib/propagators/jaeger v1.41.0 // indirect
 	go.opentelemetry.io/contrib/samplers/jaegerremote v0.35.0 // indirect
 	go.opentelemetry.io/otel/exporters/jaeger v1.17.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.17.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.19.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.19.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.41.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.41.0 // indirect
@@ -328,7 +328,7 @@
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.41.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.41.0 // indirect
 	go.opentelemetry.io/otel/exporters/prometheus v0.63.0 // indirect
-	go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.17.0 // indirect
+	go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.19.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.41.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.41.0 // indirect
 	go.opentelemetry.io/otel/log v0.19.0 // indirect

_{You can send follow-ups to the cloud agent here.}

^{Reviewed by Cursor Bugbot for commit 0fd860a. Configure here.}

[cursor]

Pre-stable OTel log exporter version skew risk

Medium Severity

The otlploghttp exporter is bumped to v0.19.0, which pulls otel/log and otel/sdk/log up to v0.19.0, but sibling packages otlploggrpc (line 323) and stdoutlog (line 331) remain at v0.17.0. These pre-stable (v0.x) packages are released in lockstep by the OpenTelemetry project (v1.43.0/v0.65.0/v0.19.0) and have no backward-compatibility guarantee. The v0.17.0 exporters will now be compiled against v0.19.0 of otel/log and otel/sdk/log — a combination that was never tested upstream. Both otlploggrpc and stdoutlog need to be bumped to v0.19.0 to match.

Additional Locations (1)

• go.mod#L330-L331

 

^{Reviewed by Cursor Bugbot for commit 0fd860a. Configure here.}

[simonswine]

Superseded by #5037 which consolidates all otel v1.43.0 updates.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.