Update request for vulnerable package: go.opentelemetry.io/otel/sdk

[mandvipande]

As reported in PRISMA issue CVE-2026-24051
There is a security vulnerability which IBM cloud is facing for cluster autoscaler versions 1.28, 1.29, 1.30, 1.31, 1.32, 1.33 and 1.34
Below are the details and suggested remedy for the issue.
Can this be resolved in upcoming release?

Details:

OpenTelemetry OpenTelemetry-Go could allow a local authenticated attacker to execute arbitrary code on the system, caused by a Path Hijacking (Untrusted Search Paths) flaw on macOS/Darwin systems.

Remedy:

Upgrade to the latest version of OpenTelemetry-Go (1.40.0 or later), available from the OpenTelemetry-Go GIT Repository. See References.

Kindly have a look at the issue.

[karolba]

Doesn't autoscaler though run in a containers (where both $PATH and the filesystem in general is trusted) and doesn't really run on macos?