Bump io.opentelemetry:opentelemetry-bom from 1.60.1 to 1.61.0

[dependabot]

Bumps io.opentelemetry:opentelemetry-bom from 1.60.1 to 1.61.0.

Release notes

Sourced from io.opentelemetry:opentelemetry-bom's releases.

Version 1.61.0

API

• Stabilize isEnabled() on Tracer, Logger, and metric instruments (#8200)

Incubating

• BREAKING Update EnvironmentGetter and EnvironmentSetter key normalization to reflect spec changes (#8233)

SDK

Traces

• Retain propagated context when generating random trace IDs (#8263)
• Add rate-limited warning log when BatchSpanProcessor drops spans (#8167)

Metrics

• Track series start time per aggregator rather than at SdkMeterProvider creation time (#8180)
• Capture context class loader during async callback registration (#8091)
• Make include/exclude work correctly with empty (but non-null) lists (#8185)

Logs

• Fix condition for recording successful log processing metrics (#8226)

Exporters

• OTLP: add configurable bounds to response body reading (#8224, #8277)
• OTLP: only throw invalid response exception when gRPC response size < 5 bytes (#8194)
• OTLP: remove duplicate FINEST-level error logging in gRPC exporter (#8216)
• OTLP Profiles: clean up profile signal exporters for consistency (#8172)

Extensions

• BREAKING Autoconfigure: remove deprecated ComponentLoader class (use io.opentelemetry.common.ComponentLoader instead) (#8243)
• Declarative config: fix DeclarativeConfigProperties javadoc to not throw exceptions (#8079)
• Declarative config: resource attribute filtering should include attributes by default (#8177)
• Declarative config: enforce IncludedExcludeModel .included and .excluded are not empty (#8266)
• Autoconfigure: restructure SDK incubator to not depend on autoconfigure internals (#8242)

Project tooling

• Disable Gradle build cache on releases to mitigate supply chain risk (#8254)

🙇 Thank you

This release was possible thanks to the following contributors who shared their brilliant ideas and awesome pull requests:

@​adp2201

... (truncated)

Changelog

Sourced from io.opentelemetry:opentelemetry-bom's changelog.

Version 1.61.0 (2026-04-10)

API

• Stabilize isEnabled() on Tracer, Logger, and metric instruments (#8200)

Incubating

• BREAKING Update EnvironmentGetter and EnvironmentSetter key normalization to reflect spec changes (#8233)

SDK

Traces

• Retain propagated context when generating random trace IDs (#8263)
• Add rate-limited warning log when BatchSpanProcessor drops spans (#8167)

Metrics

• Track series start time per aggregator rather than at SdkMeterProvider creation time (#8180)
• Capture context class loader during async callback registration (#8091)
• Make include/exclude work correctly with empty (but non-null) lists (#8185)

Logs

• Fix condition for recording successful log processing metrics (#8226)

Exporters

• OTLP: add configurable bounds to response body reading (#8224, #8277)
• OTLP: only throw invalid response exception when gRPC response size < 5 bytes (#8194)
• OTLP: remove duplicate FINEST-level error logging in gRPC exporter (#8216)
• OTLP Profiles: clean up profile signal exporters for consistency (#8172)

Extensions

• BREAKING Autoconfigure: remove deprecated ComponentLoader class (use

... (truncated)

Commits

• 339e938 [release/v1.61.x] Prepare release 1.61.0 (#8279)
• 45496ed Prepare for 1.61.0 release (#8273)
• f3cefbd Update dependency com.google.api.grpc:proto-google-common-protos to v2.68.0 (...
• d706c80 Fix OTLP handling of identity content-encoding (#8277)
• 2e385f8 Enforce IncludedExcludeModel .included and .excluded are not empty (#8266)
• b665652 Response body bounds (#8224)
• acc2b5d Series start time (#8180)
• aa4400a retain propagated context for random trace-ids (#8263)
• 1e0ddc6 Fix equalsverifier renovate exclusion (#8268)
• ec002c3 make include/exclude easier to use with empty but not null arguments (#8185)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)