bump: update dependencies for backend, storage, and OpenAPI packages

[matthyx]

Summary by CodeRabbit

• Chores
  • Updated multiple underlying library dependencies to latest compatible versions, including database drivers, telemetry components, and core framework packages, to maintain compatibility and stability.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Multiple Go module dependencies have been updated across require and indirect blocks, including kubescape components, OpenTelemetry libraries, MongoDB driver, and various utilities. A replace directive for inspektor-gadget fork has been added.

Changes

Cohort / File(s)	Summary
Module Dependencies go.mod	Bumped versions for kubescape (backend v0.0.25→v0.0.37, storage v0.0.221→v0.0.227), OpenTelemetry libraries (v1.x versions aligned to v1.38.0+), uptrace-go (v1.35.1→v1.38.0), MongoDB driver (v1.17.1→v1.17.4), google.golang.org/genproto utilities, and go-openapi components. Added inspektor-gadget fork replace directive.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 Hops through dependencies with glee,
Versions bumped in harmony!
OpenTelemetry springs and bounds,
MongoDB driver dances around,
Fresh updates make the modules sing! 🎉

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: updating multiple dependency versions in go.mod, with specific mention of the primary packages (backend, storage, OpenAPI) that were bumped.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

go.mod (1)

445-445: Document the reason for the forked inspektor-gadget replace and plan for upstream integration.

The fork points to github.com/matthyx/inspektor-gadget, maintained by a core project maintainer (Matthias Bertschy). While this mitigates supply-chain risk compared to a third-party fork, the reason for using this fork should still be documented in go.mod or in project documentation. Consider adding a comment explaining:

• Why this fork is necessary (performance fixes, pending upstream features, etc.)
• When/how this can be removed (e.g., after upstream PR is merged)

🤖 Fix all issues with AI agents

In `@go.mod`:
- Line 363: Upgrade verification: confirm OpenTelemetry/uptrace compatibility
after bumping github.com/uptrace/uptrace-go to v1.38.0 by checking the logger
initialization in cmd/main.go (the go-logger/OpenTelemetry setup) and running
the app/unit/integration tests to ensure no import or runtime errors; verify
your go.mod "go" directive and CI toolchain meet the minimum Go version required
(v1.23 is last supported by uptrace v1.38.0) and update it if you plan to
require a newer Go; also run a smoke trace locally (exercise the tracer/exporter
init paths referenced in cmd/main.go and the custom exporters in pkg/exporters/)
to validate spans are exported and fix any API changes or import adjustments
uncovered by tests or build failures.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# First, let's understand the repository structure
echo "=== Repository structure ==="
git ls-files | head -20

echo ""
echo "=== go.mod content around line 363 ==="
sed -n '360,370p' go.mod

echo ""
echo "=== Search for uptrace-related imports and usage ==="
rg "uptrace" --type go -A 2 -B 2

Repository: kubescape/node-agent

Length of output: 1330

---

🏁 Script executed:

#!/bin/bash
# Search for tracing-related setup, exporters, middleware
echo "=== Search for tracer, exporter, middleware ==="
rg "(tracer|exporter|middleware|tracing|telemetry)" --type go -l | head -20

echo ""
echo "=== Search for otel/opentelemetry usage ==="
rg "opentelemetry|otel" --type go -l | head -20

Repository: kubescape/node-agent

Length of output: 938

---

🏁 Script executed:

#!/bin/bash
# Check if test files exist with patterns matching the suggested test filter
echo "=== Test files with Trace/Telemetry/Uptrace patterns ==="
find . -name "*test.go" -type f | xargs grep -l "Trace\|Telemetry\|Uptrace" 2>/dev/null | head -20

echo ""
echo "=== All test files in the repo (count) ==="
find . -name "*test.go" -type f | wc -l

Repository: kubescape/node-agent

Length of output: 1091

---

🏁 Script executed:

#!/bin/bash
echo "=== OpenTelemetry setup in cmd/main.go ==="
cat -n cmd/main.go | head -100

echo ""
echo "=== Search for uptrace-go direct imports/usage ==="
rg "uptrace-go" --type go -A 3 -B 1

echo ""
echo "=== Search for opentelemetry imports in cmd ==="
rg "opentelemetry|otel" cmd/main.go -A 2 -B 1

Repository: kubescape/node-agent

Length of output: 5710

---

🏁 Script executed:

#!/bin/bash
# Check what tests would actually be matched by the suggested filter
echo "=== Test names matching Trace|Telemetry|Uptrace filter ==="
find . -name "*test.go" -type f | xargs grep -E "^func (Test|Bench).*\(Trace|Telemetry|Uptrace\)" 2>/dev/null

echo ""
echo "=== Test functions with these keywords ==="
find . -name "*test.go" -type f -exec grep -l "func Test.*Trace\|func Test.*Telemetry\|func Test.*Uptrace" {} \;

Repository: kubescape/node-agent

Length of output: 215

---

🏁 Script executed:

#!/bin/bash
# Check if there are exported/main functions using OpenTelemetry/uptrace
echo "=== Check exporters package for OpenTelemetry usage ==="
cat -n pkg/exporters/exporters_bus.go | head -50

echo ""
echo "=== Check if any exporter uses uptrace ==="
rg "uptrace|opentelemetry" pkg/exporters/ --type go

Repository: kubescape/node-agent

Length of output: 2440

---

🌐 Web query:

uptrace-go v1.38.0 breaking changes release notes

💡 Result:

uptrace-go v1.38.0 (released Sep 22, 2025): breaking changes / release notes

• Breaking changes: None called out for uptrace-go itself in the v1.38.0 release (the release PR is just a version/dependency bump). [1][2]
• What changed in v1.38.0 (uptrace-go):
  • Version bumped 1.37.0 → 1.38.0 (uptrace/version.go). [2]
  • Examples updated to use go.opentelemetry.io/otel v1.38.0 and related contrib modules (for example, otelhttp v0.63.0). [2]
• Upstream note (OpenTelemetry Go v1.38.0): OTel Go’s v1.38.0 release notes state it’s the last release supporting Go 1.23 (next release requires Go 1.24). [3]

Sources: uptrace-go tags/release commit (v1.38.0) [1], v1.38.0 release PR diff [2], OpenTelemetry Go v1.38.0 release notes [3].

---

Verify OpenTelemetry integration compatibility with v1.38.0.

The upgrade to v1.38.0 contains no breaking changes in uptrace-go itself—it's a dependency version bump aligned with OpenTelemetry Go v1.38.0. However, verify that the OpenTelemetry setup via go-logger (initialized in cmd/main.go) works correctly with the updated upstream dependencies. Note that v1.38.0 is the last release supporting Go 1.23; confirm your Go version requirements are compatible going forward.

The custom exporters in pkg/exporters/ handle alert distribution and don't directly depend on uptrace-go, so they should remain unaffected.

🤖 Prompt for AI Agents

In `@go.mod` at line 363, Upgrade verification: confirm OpenTelemetry/uptrace
compatibility after bumping github.com/uptrace/uptrace-go to v1.38.0 by checking
the logger initialization in cmd/main.go (the go-logger/OpenTelemetry setup) and
running the app/unit/integration tests to ensure no import or runtime errors;
verify your go.mod "go" directive and CI toolchain meet the minimum Go version
required (v1.23 is last supported by uptrace v1.38.0) and update it if you plan
to require a newer Go; also run a smoke trace locally (exercise the
tracer/exporter init paths referenced in cmd/main.go and the custom exporters in
pkg/exporters/) to validate spans are exported and fix any API changes or import
adjustments uncovered by tests or build failures.