chore(deps): update opentelemetry-api requirement from >=1.37.0 to >=1.41.0#218
chore(deps): update opentelemetry-api requirement from >=1.37.0 to >=1.41.0#218dependabot[bot] wants to merge 1 commit into
Conversation
Updates the requirements on [opentelemetry-api](https://github.com/open-telemetry/opentelemetry-python) to permit the latest version. - [Release notes](https://github.com/open-telemetry/opentelemetry-python/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-python/blob/main/CHANGELOG.md) - [Commits](open-telemetry/opentelemetry-python@v1.37.0...v1.41.0) --- updated-dependencies: - dependency-name: opentelemetry-api dependency-version: 1.41.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| "opentelemetry-sdk>=1.37.0", | ||
| "opentelemetry-exporter-otlp-proto-http>=1.37.0", | ||
| "opentelemetry-api>=1.37.0", | ||
| "opentelemetry-api>=1.41.0", |
There was a problem hiding this comment.
opentelemetry-sdk and opentelemetry-exporter-otlp-proto-http still declare >=1.37.0 while opentelemetry-api is now >=1.41.0. These three packages are released in lockstep and the SDK/exporter packages declare a pinned or narrowly-bounded dependency on the API at the same version. SDK 1.37.x requires API ~1.37.x, so a resolver that satisfies the minimum floors could produce an irresolvable set — or, in a constrained environment, install an SDK that refuses to load against API 1.41.0. All three minimum bounds should move together.
| "opentelemetry-sdk>=1.37.0", | |
| "opentelemetry-exporter-otlp-proto-http>=1.37.0", | |
| "opentelemetry-api>=1.37.0", | |
| "opentelemetry-api>=1.41.0", | |
| "opentelemetry-sdk>=1.41.0", | |
| "opentelemetry-exporter-otlp-proto-http>=1.41.0", | |
| "opentelemetry-api>=1.41.0", |
Updates the requirements on opentelemetry-api to permit the latest version.
Changelog
Sourced from opentelemetry-api's changelog.
... (truncated)
Commits
1a178fc[release/v1.41.x-0.62bx] Prepare release 1.41.0/0.62b0 (#5064)37dea4bfeat: add experimental logger configurator (#4980)7c860camisc: update version for codegen-json and proto-json packages (#5061)b3d98b3[chore]: update readme (#5060)dbbd1bcfeat(config): Add MeterProvider support for declarative config (#4987)6faa58cfeat(config): add host resource detector support for declarative config (#5002)c0cbfbdfeat(config): wire container resource detector via entry point loading (#5004)f764e45feat(config): Add TracerProvider support for declarative config (#4985)e301732Add MikeGoldsmith to approvers (#5038)8783a58introducealls-greenaction for required checks (#4988)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Greptile Summary
This Dependabot PR raises the minimum
opentelemetry-apifloor from>=1.37.0to>=1.41.0, but leavesopentelemetry-sdkandopentelemetry-exporter-otlp-proto-httpunchanged at>=1.37.0. Because all three packages are released in lockstep and each SDK/exporter release pins its API dependency to the same minor version, the mismatched floors risk a dependency resolution failure or a runtime incompatibility in constrained environments.opentelemetry-sdkandopentelemetry-exporter-otlp-proto-httpminimums should also be bumped to>=1.41.0to stay consistent with the API bump.BatchLogRecordProcessordefaultschedule_delay_millischanges from 5000 ms to 1000 ms in 1.41.0 — logs will be flushed 5× more frequently by default, which may increase exporter traffic.Confidence Score: 4/5
Not safe to merge as-is — the version floor mismatch between opentelemetry-api (>=1.41.0) and opentelemetry-sdk/exporter (>=1.37.0) can cause dependency resolution failures.
A single P1 finding remains: the three tightly-coupled OpenTelemetry packages have inconsistent minimum version floors, which risks an irresolvable dependency set or a runtime incompatibility in constrained environments. The fix is a one-line change to each of the two lagging entries.
pyproject.toml — the opentelemetry-sdk and opentelemetry-exporter-otlp-proto-http minimum versions need to be raised to match the new opentelemetry-api floor.
Important Files Changed
Flowchart
%%{init: {'theme': 'neutral'}}%% flowchart TD A[pip install creditnexus] --> B{Resolve opentelemetry-api} B --> C[opentelemetry-api >= 1.41.0\nresolved to 1.41.0+] A --> D{Resolve opentelemetry-sdk} D --> E[opentelemetry-sdk >= 1.37.0\ncould resolve to 1.37.x] E --> F{SDK 1.37.x requires\nopentelemetry-api ~= 1.37.x} C --> G{API 1.41.x incompatible\nwith SDK 1.37.x constraint} F --> G G --> H[Resolution failure or\nruntime incompatibility] G --> I[OR: pip forces SDK to 1.41.x\nignoring declared >=1.37.0 floor]Reviews (1): Last reviewed commit: "chore(deps): update opentelemetry-api re..." | Re-trigger Greptile