Bump otel collector dependencies to 0.148.0

[VihasMakwana]

Bump otel collector dependencies to 0.148.0.

Also updates grpc dependency as there was a critical vulnerability: #49578 (comment)

[github-actions]

🤖 GitHub comments

Just comment with:

• run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

[elasticmachine]

Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 27e6572f-4ae2-4c89-9f0b-75efc40238ed

📥 Commits

Reviewing files that changed from the base of the PR and between ffdf98b and 75555e9.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (2)

• NOTICE.txt
• go.mod

✅ Files skipped from review due to trivial changes (1)

• NOTICE.txt

---

📝 Walkthrough

Walkthrough

This change adds a changelog fragment declaring an enhancement to update OpenTelemetry Collector components to v0.148.0 and updates Go module versions and NOTICE.txt entries accordingly. Multiple OpenTelemetry, OpenTelemetry Collector, AWS SDK v2, gRPC, Prometheus, golang.org/x/, google.golang.org/, and other direct and transitive dependencies are bumped. No exported APIs or package code were modified.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

• 🛠️ Update Documentation: Commit on current branch
• 🛠️ Update Documentation: Create PR

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

CodeRabbit can generate a title for your PR based on the changes with custom instructions.

Set the reviews.auto_title_instructions setting to generate a title for your PR based on the changes in the PR with custom instructions.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@go.mod`:
- Line 135: Update the vulnerable module declaration for google.golang.org/grpc
in go.mod to v1.79.3 (or newer) and re-resolve modules; specifically change the
module version string "google.golang.org/grpc" to "v1.79.3" (or a later safe
release) and run the Go module commands (e.g., go get
google.golang.org/grpc@v1.79.3 and go mod tidy) to update go.sum and vendor
state so the dependency is pinned to a non-vulnerable release.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 615854a3-b705-45d4-b744-8cdf216fa3dd

📥 Commits

Reviewing files that changed from the base of the PR and between eff0889 and ffdf98b.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (2)

• changelog/fragments/1773943383-bump-otel-148.yaml
• go.mod