Description of the patch:
This update for alloy fixes the following issues
Security issues:
- CVE-2026-4427: github.com/jackc/pgproto3/v2: improper validation of field length allows a malicious PostgreSQL server
to crash a client application via a DataRow message (bsc#1259919).
- CVE-2026-25934: github.com/go-git/go-git/v5: improper verification of data integrity values for .pack and .idx files
can lead to the consumption of corrupted files (bsc#1258099).
- CVE-2026-26958: filippo.io/edwards25519: failure to initialize receiver in MultiScalarMult can produce invalid results
and lead to undefined behavior (bsc#1258609).
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo-
header (bsc#1260317).
- CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key can lead to a denial of
service (bsc#1262955).
- CVE-2026-41602: github.com/apache/thrift: TFramedTransport frame size headers can lead to a uint32 integer overflow
(bsc#1263530).
Non security issue:
- Use systemd tmpfiles.d to create /var/lib/alloy hierarchy (jsc#PED-14815).
- Update to version 1.16.1
- Bug Fixes
logging: Fix startup deadlock when components log before
logging config is evaluated
Update to Beyla 3.9.8
Migrate from Docker to Moby
- Use latest openSUSE Tumbleweed image for building web UI assets
- Install nvm to set node version specified upstream
- update to 1.16.0:
- Add clustering for loki.source.kubernetes_events (#6027)
(3dbf587) (@petewall)
- Add otelcol.auth.google client auth provider (#5526)
(da99a66) (@dashpole, @clayton-cornell)
- beyla.ebpf: Bump to v3.7.0 (#5966) (5126c2e) (@marctc)
- database_observability: Add support for GCP Cloud SQL
metadata (#5875) (5d23245) (@cristiangreco, @clayton-cornell)
- database_observability: Make targets optional (#5924)
(54664b2) (@matthewnolf)
- database_observability: Update default excluded schemas and
users...