Skip to content

chore: upgrade @opentelemetry/* packages to latest minor versions#33

Merged
mattpodwysocki merged 1 commit intomainfrom
chore/upgrade-otel-deps
May 5, 2026
Merged

chore: upgrade @opentelemetry/* packages to latest minor versions#33
mattpodwysocki merged 1 commit intomainfrom
chore/upgrade-otel-deps

Conversation

@mattpodwysocki
Copy link
Copy Markdown
Contributor

@mattpodwysocki mattpodwysocki commented May 5, 2026

Summary

  • Bumps 6 @opentelemetry/* packages 1–2 minor versions to latest: auto-instrumentations-node ^0.74.0, exporter-trace-otlp-http ^0.216.0, instrumentation ^0.216.0, resources ^2.7.1, sdk-node ^0.216.0, sdk-trace-base ^2.7.1
  • Resolves the transitive protobufjs CRITICAL CVE (GHSA-xq3m-2v4x-88gg) that was present in the older OTEL exporter packages
  • @opentelemetry/api and @opentelemetry/semantic-conventions are unchanged (already at latest)

Test plan

  • npm test — all 74 tests pass
  • npm audit — protobufjs CVE no longer present; remaining findings are unrelated transitive deps in dev/test tooling (hono, flatted, picomatch, postcss, smol-toml, yaml)

🤖 Generated with Claude Code

@mattpodwysocki @claude
chore: upgrade @opentelemetry/* packages to latest minor versions
da75388 
Bumps all OTEL packages 1-2 minor versions to latest. Resolves the
transitive protobufjs CRITICAL CVE (GHSA-xq3m-2v4x-88gg) that was
present via the older OTEL exporter packages.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@mattpodwysocki mattpodwysocki requested a review from a team as a code owner May 5, 2026 13:55
@mattpodwysocki mattpodwysocki merged commit 6eb9f07 into main May 5, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ctufts ctufts ctufts approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mattpodwysocki @ctufts