Upgrade opentelemetry-api to 1.62.0 due to CVE-2026-45292

[adarshhm6]

Search before reporting

• I searched in the issues and found nothing similar.

Motivation

opentelemetry-api reporting for vulnerability CVE-2026-45292

https://nvd.nist.gov/vuln/detail/CVE-2026-45292

Solution

Upgrade opentelemetry to 1.62.0 in pulsar-4.0

Alternatives

No response

Anything else?

No response

Are you willing to submit a PR?

• I'm willing to submit a PR!

[adarshhm6]

@lhotari Please let me know if this can be accomodated for pulsar 4.0

[lhotari]

@lhotari Please let me know if this can be accomodated for pulsar 4.0

The severity is 5.3/medium. The OTel library upgrades most likely contains minor breaking changes which impact BookKeeper OTel integration so the BK release would have to happen first before upgrading.

[adarshhm6]

@lhotari Please let me know if this can be accomodated for pulsar 4.0

The severity is 5.3/medium. The OTel library upgrades most likely contains minor breaking changes which impact BookKeeper OTel integration so the BK release would have to happen first before upgrading.

Thanks for the response. Will raise a separate git issue for BK release