chore(deps): bump 3 dependencies

[alaudabot]

🔒 Security Updates

This pull request updates dependencies to fix security vulnerabilities identified by Trivy scanning.

Dependencies

• []github.com/moby/spdystream(/tmp/dependabot-clone-3889552842/pkg): → v0.5.1
• []go.opentelemetry.io/otel/sdk(/tmp/dependabot-clone-3889552842/pkg): → v1.43.0
• []go.opentelemetry.io/otel(/tmp/dependabot-clone-3889552842/pkg): → v1.41.0

📊 Update Summary

• Total packages updated: 3

🤖 Automated by DependaBot

This PR was automatically created by DependaBot based on Trivy security scan results.
Please review the changes and merge if everything looks good.

[danielfbm]

PR Assist Bot — Owner Approval Needed

This PR targets release branch release-0.14. Per policy, release-branch merges require explicit owner approval before the bot proceeds.

PR: AlaudaDevops/pkg#27
Branch: release-0.14
Type: Security / Dependency update (Renovate)

Please reply with /approve-merge or provide explicit approval for the bot to merge this PR on the next sweep.

[alaudabot]

/retest

[alaudabot]

/retest

[alaudabot]

/retest

[alaudabot]

[pr-assist-bot] Repeated CI Failure Analysis — retest limit reached (3+ retests)

Failed check: `Pipelines as Code CI / alaudadevops-pkg` (18m run)

This security dependency update (go.opentelemetry.io/otel/sdk → v1.43.0) has failed the `alaudadevops-pkg` pipeline 3+ times. This pattern suggests either a genuine compatibility issue with the updated package or a persistent CI environment problem.

Recommended action: A maintainer should check the `alaudadevops-pkg` pipeline logs for compilation or test errors that could indicate a breaking API change in the otel/sdk update.

PR: AlaudaDevops/pkg#27

[alaudabot]

PR Assist Bot Analysis

Failure Type: Unknown (logs unavailable)
Failed Checks: Pipelines as Code CI / alaudadevops-pkg (18m duration)
Retest attempts: 3 — stopping (same check failing, no progress)
Root Cause: PipelineRun alaudadevops-pkg-vwm77 GC'd from cluster and not indexed in Tekton Results — unable to retrieve step-level logs for root cause analysis.
Recommendation: Manual investigation needed. Check the alaudadevops-pkg pipeline logs directly in the Alauda console. The otel/sdk v1.43.0 bump itself is a standard dependency update; the CI environment may have an issue.