Skip to content

chore(deps): bump io.opentelemetry:opentelemetry-api from 1.14.0 to 1.62.0 in /java#1246

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/java/io.opentelemetry-opentelemetry-api-1.62.0
Open

chore(deps): bump io.opentelemetry:opentelemetry-api from 1.14.0 to 1.62.0 in /java#1246
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/maven/java/io.opentelemetry-opentelemetry-api-1.62.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 14, 2026

Copy link
Copy Markdown
Contributor

Bumps io.opentelemetry:opentelemetry-api from 1.14.0 to 1.62.0.

Release notes

Sourced from io.opentelemetry:opentelemetry-api's releases.

Version 1.62.0

API

Context

  • Fix GHSA-rcgg-9c38-7xpx: Apply limits to baggage entries for W3CBaggagePropagator, OtTracePropagator, JaegerPropagator (#8378)

SDK

Traces

  • Avoid parentContext allocation on span start for the common case (#8332)

Metrics

  • Add setMaxExportBatchSize to PeriodicMetricReaderBuilder (#8296)
  • Fix PeriodicMetricReader shutdown race that could drop the final flush (#8299)

Exporters

  • BREAKING Prometheus: Change default server host from 0.0.0.0 to localhost (#8298)
  • BREAKING Prometheus: Stop converting unit "1" to "ratio" (#8252)
  • OTLP: Fix null input handling in StringEncoder (#8312)
  • OTLP: Align proto field types and wire tag names in marshalers (#8293)
  • OTLP: Fix MarshalerUtil sizeRepeatedString calculation (#8284)
  • OTLP: Bound JdkHttpSender thread pool size to prevent unbounded thread creation (#8276)
  • OTLP Profiles: Split profiles data model into separate sdk-profiles and JFR shim modules (#8207)
  • OTLP Profiles: Publish alpha release of opentelemetry-sdk-profiles and opentelemetry-exporter-otlp-profiles (#8351)

Extensions

  • BREAKING Declarative config: Extract to new opentelemetry-sdk-extension-declarative-config artifact with new package io.opentelemetry.sdk.autoconfigure.declarativeconfig (#8265)
  • Autoconfigure: Add file size validation in OtlpConfigUtil to avoid unsafe cast to int (#8287)
  • Declarative config: Fix collection fields to not be initialized to empty by default (#8356)
  • Incubator: Add EventToSpanEventBridge to bridge log-based events to span events (#8372)

Testing

  • Add @Nullable to equalTo value argument in OpenTelemetryAssertions (#8301)
  • Add hasValueSatisfying to LongPointAssert and DoublePointAssert for fuzzy value matching (#8328)
  • Add containsPointsSatisfying to metric data asserts for "each given assertion must be satisfied by at least one point, extras allowed" checks on sum, gauge, histogram, exponential histogram, and summary data (#8329)

Project tooling

  • Add initial OSGi support (#7964)
  • Promote ApiUsageLogger to opentelemetry-common public API (#8318)
  • Establish exception logging guidelines and fix inconsistent patterns across exporters and SDK (#8231)
  • Add *.impl.* package naming convention for internal code with japicmp compatibility (#8325)
  • Add Sonatype dependency audit to build (#8365)

... (truncated)

Changelog

Sourced from io.opentelemetry:opentelemetry-api's changelog.

Version 1.62.0 (2026-05-08)

API

Context

  • Fix GHSA-rcgg-9c38-7xpx: Apply limits to baggage entries for W3CBaggagePropagator, OtTracePropagator, JaegerPropagator (#8378)

SDK

Traces

  • Avoid parentContext allocation on span start for the common case (#8332)

Metrics

  • Add setMaxExportBatchSize to PeriodicMetricReaderBuilder (#8296)
  • Fix PeriodicMetricReader shutdown race that could drop the final flush (#8299)

Exporters

  • BREAKING Prometheus: Change default server host from 0.0.0.0 to localhost (#8298)
  • BREAKING Prometheus: Stop converting unit "1" to "ratio" (#8252)
  • OTLP: Fix null input handling in StringEncoder (#8312)
  • OTLP: Align proto field types and wire tag names in marshalers (#8293)
  • OTLP: Fix MarshalerUtil sizeRepeatedString calculation (#8284)
  • OTLP: Bound JdkHttpSender thread pool size to prevent unbounded thread creation (#8276)
  • OTLP Profiles: Split profiles data model into separate sdk-profiles and JFR shim modules (#8207)
  • OTLP Profiles: Publish alpha release of opentelemetry-sdk-profiles and opentelemetry-exporter-otlp-profiles (#8351)

Extensions

  • BREAKING Declarative config: Extract to new opentelemetry-sdk-extension-declarative-config artifact with new package io.opentelemetry.sdk.autoconfigure.declarativeconfig (#8265)
  • Autoconfigure: Add file size validation in OtlpConfigUtil to avoid unsafe cast to int (#8287)

... (truncated)

Commits
  • d03621f [release/v1.62.x] Prepare release 1.62.0 (#8385)
  • 3a62b7a Prepare 1.62.0 (#8378)
  • 893910b docs: Expand SIG meeting welcoming language (#8383)
  • 03837d3 Apply baggage limits (#8380)
  • cdadad6 Update dependency org.osgi:org.osgi.test.bom to v1.3.0 (#8376)
  • 8e0f196 Update error-prone monorepo to v2.49.0 (#8259)
  • 2923430 Add initial OSGi support (#7964)
  • 3f3780c Add guidance for null checking, promote ApiUsageLogger to opentelemetry-commo...
  • e224e19 Port event span event bridge from contrib (#8372)
  • b29f3df Update dependency com.google.api.grpc:proto-google-common-protos to v2.71.0 (...
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [io.opentelemetry:opentelemetry-api](https://github.com/open-telemetry/opentelemetry-java) from 1.14.0 to 1.62.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-java/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-java/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-java@v1.14.0...v1.62.0)

---
updated-dependencies:
- dependency-name: io.opentelemetry:opentelemetry-api
  dependency-version: 1.62.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file Java labels May 14, 2026

@oss-sentinel-ai oss-sentinel-ai left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review: Approved ✅

PR: #1246 — chore(deps): bump io.opentelemetry:opentelemetry-api from 1.14.0 to 1.62.0
Type: Dependency update (1 file, +1/-1)

Assessment

Dependabot dependency bump for OpenTelemetry API within the 1.x series. The change is a single version update in java/pom.xml. Since this stays within the same major version (1.x), backward compatibility is expected per OpenTelemetry's semver policy.

Verdict

Routine dependency update. No concerns.


🤖 Automated review by oss-sentinel-ai

@RockteMQ-AI RockteMQ-AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review by github-manager-bot

Summary

Dependabot bump of io.opentelemetry:opentelemetry-api from 1.14.0 to 1.62.0 in the Java client module. This is a major version jump spanning ~2 years of releases.

Findings

  • [Critical] Breaking changes in the release notes that may affect this client:

    • Prometheus exporter: default server host changed from 0.0.0.0 to localhost
    • Prometheus exporter: unit "1" no longer converted to "ratio"
    • Declarative config: extracted to new artifact with new package
    • Multiple internal API changes across the 48 minor versions

    These are primarily in the SDK/exporter layer, not the API. Since this client likely only uses the API (not the SDK), the risk may be low — but it needs verification.

  • [Warning] The version gap is very large (1.14.0 → 1.62.0, 48 minor versions). Consider whether an incremental upgrade path would be safer, or at minimum verify:

    1. All OTel API calls in the Java client still compile and work correctly
    2. No deprecated APIs used by the client have been removed
    3. CI passes with the new version
  • [Info] The diff is minimal (1 line in pom.xml). If CI passes, the API compatibility is likely maintained since OTel follows semver for the API module.

Suggestions

  1. Verify CI passes, especially any OTel-related tests.
  2. Check if any @Deprecated APIs used in the client code have been removed between 1.14 and 1.62.
  3. Consider whether this should be reviewed by someone familiar with the OTel integration in the Java client.

Automated review by github-manager-bot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file Java

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants