build(deps): bump go.opentelemetry.io/otel/sdk from 1.38.0 to 1.40.0 in /cmd/firmware-action

[dependabot]

Bumps go.opentelemetry.io/otel/sdk from 1.38.0 to 1.40.0.

Changelog

Sourced from go.opentelemetry.io/otel/sdk's changelog.

[1.40.0/0.62.0/0.16.0] 2026-02-02

Added

• Add AlwaysRecord sampler in go.opentelemetry.io/otel/sdk/trace. (#7724)
• Add Enabled method to all synchronous instrument interfaces (Float64Counter, Float64UpDownCounter, Float64Histogram, Float64Gauge, Int64Counter, Int64UpDownCounter, Int64Histogram, Int64Gauge,) in go.opentelemetry.io/otel/metric. This stabilizes the synchronous instrument enabled feature, allowing users to check if an instrument will process measurements before performing computationally expensive operations. (#7763)
• Add go.opentelemetry.io/otel/semconv/v1.39.0 package. The package contains semantic conventions from the v1.39.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.38.0. (#7783, #7789)

Changed

• Improve the concurrent performance of HistogramReservoir in go.opentelemetry.io/otel/sdk/metric/exemplar by 4x. (#7443)
• Improve the concurrent performance of FixedSizeReservoir in go.opentelemetry.io/otel/sdk/metric/exemplar. (#7447)
• Improve performance of concurrent histogram measurements in go.opentelemetry.io/otel/sdk/metric. (#7474)
• Improve performance of concurrent synchronous gauge measurements in go.opentelemetry.io/otel/sdk/metric. (#7478)
• Add experimental observability metrics in go.opentelemetry.io/otel/exporters/stdout/stdoutmetric. (#7492)
• Exporter in go.opentelemetry.io/otel/exporters/prometheus ignores metrics with the scope go.opentelemetry.io/contrib/bridges/prometheus. This prevents scrape failures when the Prometheus exporter is misconfigured to get data from the Prometheus bridge. (#7688)
• Improve performance of concurrent exponential histogram measurements in go.opentelemetry.io/otel/sdk/metric. (#7702)
• The rpc.grpc.status_code attribute in the experimental metrics emitted from go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc is replaced with the rpc.response.status_code attribute to align with the semantic conventions. (#7854)
• The rpc.grpc.status_code attribute in the experimental metrics emitted from go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc is replaced with the rpc.response.status_code attribute to align with the semantic conventions. (#7854)

Fixed

• Fix bad log message when key-value pairs are dropped because of key duplication in go.opentelemetry.io/otel/sdk/log. (#7662)
• Fix DroppedAttributes on Record in go.opentelemetry.io/otel/sdk/log to not count the non-attribute key-value pairs dropped because of key duplication. (#7662)
• Fix SetAttributes on Record in go.opentelemetry.io/otel/sdk/log to not log that attributes are dropped when they are actually not dropped. (#7662)
• Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to correctly handle HTTP/2 GOAWAY frame. (#7794)
• WithHostID detector in go.opentelemetry.io/otel/sdk/resource to use full path for ioreg command on Darwin (macOS). (#7818)

Deprecated

• Deprecate go.opentelemetry.io/otel/exporters/zipkin. For more information, see the OTel blog post deprecating the Zipkin exporter. (#7670)

[1.39.0/0.61.0/0.15.0/0.0.14] 2025-12-05

Added

• Greatly reduce the cost of recording metrics in go.opentelemetry.io/otel/sdk/metric using hashing for map keys. (#7175)
• Add WithInstrumentationAttributeSet option to go.opentelemetry.io/otel/log, go.opentelemetry.io/otel/metric, and go.opentelemetry.io/otel/trace packages. This provides a concurrent-safe and performant alternative to WithInstrumentationAttributes by accepting a pre-constructed attribute.Set. (#7287)
• Add experimental observability for the Prometheus exporter in go.opentelemetry.io/otel/exporters/prometheus. Check the go.opentelemetry.io/otel/exporters/prometheus/internal/x package documentation for more information. (#7345)
• Add experimental observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc. (#7353)
• Add temporality selector functions DeltaTemporalitySelector, CumulativeTemporalitySelector, LowMemoryTemporalitySelector to go.opentelemetry.io/otel/sdk/metric. (#7434)
• Add experimental observability metrics for simple log processor in go.opentelemetry.io/otel/sdk/log. (#7548)
• Add experimental observability metrics in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc. (#7459)

... (truncated)

Commits

• a3a5317 Release v1.40.0 (#7859)
• 77785da chore(deps): update github/codeql-action action to v4.32.1 (#7858)
• 56fa1c2 chore(deps): update module github.com/clipperhouse/uax29/v2 to v2.5.0 (#7857)
• 298cbed Upgrade semconv use to v1.39.0 (#7854)
• 3264bf1 refactor: modernize code (#7850)
• fd5d030 chore(deps): update module github.com/grpc-ecosystem/grpc-gateway/v2 to v2.27...
• 8d3b4cb chore(deps): update actions/cache action to v5.0.3 (#7847)
• 91f7cad chore(deps): update github.com/timakin/bodyclose digest to 73d1f95 (#7845)
• fdad1eb chore(deps): update module github.com/grpc-ecosystem/grpc-gateway/v2 to v2.27...
• c46d3ba chore(deps): update golang.org/x/telemetry digest to fcf36f6 (#7843)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

✅⚠️MegaLinter analysis: Success with warnings

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	15		0	0	0.62s
✅ BASH	bash-exec	10		0	0	0.03s
✅ BASH	shellcheck	9		0	0	0.13s
✅ BASH	shfmt	9		0	0	0.0s
✅ DOCKERFILE	hadolint	5		0	0	0.38s
✅ EDITORCONFIG	editorconfig-checker	227		0	0	0.27s
✅ GO	revive	31		0	0	37.17s
✅ JSON	jsonlint	14		0	0	0.11s
✅ JSON	prettier	14		0	0	1.05s
✅ JSON	v8r	14		0	0	5.57s
✅ MARKDOWN	markdownlint	32		0	0	5.36s
⚠️ PYTHON	black	20		1	0	2.56s
✅ PYTHON	flake8	20		0	0	1.07s
✅ PYTHON	isort	20		0	0	1.86s
✅ PYTHON	mypy	20		0	0	10.64s
✅ PYTHON	pylint	20		0	0	10.96s
✅ PYTHON	pyright	20		0	0	1.1s
✅ PYTHON	ruff	20		0	0	0.1s
✅ REPOSITORY	checkov	yes		no	no	29.17s
✅ REPOSITORY	gitleaks	yes		no	no	6.64s
✅ REPOSITORY	git_diff	yes		no	no	0.04s
✅ REPOSITORY	grype	yes		no	no	81.86s
✅ REPOSITORY	secretlint	yes		no	no	1.58s
✅ REPOSITORY	syft	yes		no	no	22.83s
✅ REPOSITORY	trivy	yes		no	no	18.62s
✅ REPOSITORY	trivy-sbom	yes		no	no	6.23s
✅ REPOSITORY	trufflehog	yes		no	no	7.51s
✅ SPELL	cspell	227		0	0	6.19s
⚠️ YAML	prettier	35		1	2	4.28s
✅ YAML	v8r	35		0	0	15.54s
✅ YAML	yamllint	35		0	0	14.66s

Detailed Issues

⚠️ PYTHON / black - 1 error

--- .dagger-ci/daggerci/lib/cli.py	2026-03-01 10:58:43.558312+00:00
+++ .dagger-ci/daggerci/lib/cli.py	2026-03-01 10:59:33.218234+00:00
@@ -32,17 +32,15 @@
         action="store_true",
     )
     parser.add_argument(
         "-d",
         "--dockerfile",
-        help=textwrap.dedent(
-            """\
+        help=textwrap.dedent("""\
                 select which dockerfile to build
                 - enter name from docker-compose
                 - multiple entries are possible
-                - by default tries to build all"""
-        ),
+                - by default tries to build all"""),
         nargs="+",
     )
     parser.add_argument(
         "-p",
         "--publish",
would reformat .dagger-ci/daggerci/lib/cli.py
--- .dagger-ci/daggerci/main.py	2026-03-01 10:58:43.558312+00:00
+++ .dagger-ci/daggerci/main.py	2026-03-01 10:59:33.378439+00:00
@@ -1,9 +1,10 @@
 #!/usr/bin/python
 """
 Python script to build and test Docker containers for coreboot and EDK2 compilation
 """
+
 # mypy: disable-error-code="import"
 
 # Logging
 # https://docs.python.org/3/howto/logging.html
 # DEBUG, INFO, WARNING, ERROR, CRITICAL
would reformat .dagger-ci/daggerci/main.py
--- .dagger-ci/daggerci/tests/conftest.py	2026-03-01 10:58:43.558312+00:00
+++ .dagger-ci/daggerci/tests/conftest.py	2026-03-01 10:59:33.975101+00:00
@@ -88,63 +88,55 @@
 @pytest.fixture(name="dockerfile")
 def fixture_dockerfile():
     """
     Generic Dockerfile content
     """
-    return textwrap.dedent(
-        """\
+    return textwrap.dedent("""\
         FROM ubuntu:22.04 AS base
         ARG TARGETARCH=amd64\
-        """
-    )
+        """)
 
 
 @pytest.fixture
 def dockerfile_dummy_tests_success():
     """
     Dockerfile content specifically for executing tests inside docker
     """
-    return textwrap.dedent(
-        """\
+    return textwrap.dedent("""\
         FROM ubuntu:22.04 AS base
         ARG TARGETARCH=amd64
         ARG CONTEXT=dummy
         ARG VARIANT=success
         ENV VERIFICATION_TEST=./tests/test_${CONTEXT}_${VARIANT}.sh
         RUN echo 'hello world'\
-        """
-    )
+        """)
 
 
 @pytest.fixture
 def dockerfile_dummy_tests_fail():
     """
     Dockerfile content specifically for executing tests inside docker
     """
-    return textwrap.dedent(
-        """\
+    return textwrap.dedent("""\
         FROM ubuntu:22.04 AS base
         ARG TARGETARCH=amd64
         ARG CONTEXT=dummy
         ARG VARIANT=fail
         ENV VERIFICATION_TEST=./tests/test_${CONTEXT}_${VARIANT}.sh
         RUN echo 'hello world'\
-        """
-    )
+        """)
 
 
 @pytest.fixture
 def dockerfile_broken():
     """
     Dockerfile content which should fail to build
     """
-    return textwrap.dedent(
-        """\
+    return textwrap.dedent("""\
         FROM ubuntu:22.04 AS base
         RUN false\
-        """
-    )
+        """)
 
 
 # ===========================
 #
 #  Docker Compose fixtures
would reformat .dagger-ci/daggerci/tests/conftest.py

Oh no! 💥 💔 💥
3 files would be reformatted, 17 files would be left unchanged.

⚠️ YAML / prettier - 1 error

Checking formatting...
[warn] .github/workflows/go-test.yml
[warn] Code style issues found in the above file. Run Prettier with --write to fix.

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.4.0 --custom-flavor-setup --custom-flavor-linters PYTHON_PYLINT,PYTHON_BLACK,PYTHON_FLAKE8,PYTHON_ISORT,PYTHON_MYPY,PYTHON_PYRIGHT,PYTHON_RUFF,ACTION_ACTIONLINT,BASH_EXEC,BASH_SHELLCHECK,BASH_SHFMT,DOCKERFILE_HADOLINT,EDITORCONFIG_EDITORCONFIG_CHECKER,GO_REVIVE,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,SPELL_CSPELL,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

Show us your support by starring ⭐ the repository

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 53.22%. Comparing base (eefa5d1) to head (ca31d4a).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #855   +/-   ##
=======================================
  Coverage   53.22%   53.22%           
=======================================
  Files          17       17           
  Lines        1997     1997           
=======================================
  Hits         1063     1063           
  Misses        841      841           
  Partials       93       93           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.