fix(deps): bump OpenTelemetry SDK to v1.43.0

[weshayutin]

To address CVE-2026-24051 and CVE-2026-39883

Update go.opentelemetry.io/otel/sdk and related otel packages from v1.42.0 to v1.43.0 to fix:

• CVE-2026-24051 (HIGH): Arbitrary code execution via PATH hijacking
• CVE-2026-39883 (HIGH): Arbitrary code execution via PATH hijacking on BSD/Solaris

Summary by CodeRabbit

• Chores
  • Updated core observability and communication dependencies to their latest versions. These updates include enhancements to telemetry collection, gRPC protocol improvements, and updated cloud platform integrations. No breaking changes to functionality.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 979ea2d4-6638-458f-a107-944852d885db

📥 Commits

Reviewing files that changed from the base of the PR and between 13b9de8 and dbc9ca0.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod

---

📝 Walkthrough

Walkthrough

Dependency version bumps in go.mod: OpenTelemetry core packages advance from v1.42.0 to v1.43.0, google.golang.org/grpc from v1.79.3 to v1.80.0, the GCP OTel detector from v1.30.0 to v1.31.0, and related indirect OTLP, proto, and genproto packages are refreshed to matching newer versions.

Changes

Dependency Version Bumps

Layer / File(s)	Summary
Direct dependency bumps: OTel core and gRPC go.mod	go.opentelemetry.io/otel, otel/trace, otel/sdk, and the OTLP trace gRPC exporter bumped from v1.42.0 to v1.43.0; google.golang.org/grpc bumped from v1.79.3 to v1.80.0.
Indirect dependency bumps: OTel OTLP, proto, genproto, GCP detector go.mod	opentelemetry-operations-go/detectors/gcp to v1.31.0; otel/exporters/otlp/otlptrace, otel/metric, otel/sdk/metric to v1.43.0; proto/otlp to v1.10.0; genproto/googleapis/api and .../rpc to newer 202604 pseudo-versions.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐇 Hop, hop, the versions leap,
OTel climbs while we all sleep,
gRPC and genproto too,
All bumped fresh with morning dew.
The module graph stays neat and true! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: bumping OpenTelemetry SDK to v1.43.0 to address security vulnerabilities.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch kopiacveoadpdev

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[oadp-snyk]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sseago, weshayutin

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [sseago,weshayutin]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[sseago]

/lgtm