Skip to content

[Snyk] Upgrade @opentelemetry/auto-instrumentations-node from 0.32.1 to 0.41.1 #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
aditya-opsverse wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade @opentelemetry/auto-instrumentations-node from 0.32.1 to 0.41.1 #6

aditya-opsverse wants to merge 1 commit into from

Conversation

@aditya-opsverse
Copy link
Contributor

@aditya-opsverse aditya-opsverse commented Mar 12, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade @opentelemetry/auto-instrumentations-node from 0.32.1 to 0.41.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 24 versions ahead of your current version.
  • The recommended version was released a month ago, on 2024-02-06.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 Proof of Concept
Cross-site Request Forgery (CSRF)
SNYK-JS-FASTIFY-3136527		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SIDEWAYFORMULA-3317169		 482/1000
Why? Proof of Concept exploit, CVSS 7.5		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: @opentelemetry/auto-instrumentations-node
  • 0.41.1 - 2024-02-06
  • 0.41.0 - 2024-01-29

    0.41.0 (2024-03-11)

    ⚠ BREAKING CHANGES

    • instrumentation-mongodb: temporarily reduce supported range to mongodb <6.4 (#1984)

    Bug Fixes

    • instrumentation-mongodb: temporarily reduce supported range to mongodb <6.4 (#1984) (2d3bb52)
  • 0.40.3 - 2024-01-04
  • 0.40.2 - 2023-12-07
  • 0.40.1 - 2023-11-22
  • 0.40.0 - 2023-11-13
  • 0.39.4 - 2023-10-16
  • 0.39.3 - 2023-10-11
  • 0.39.2 - 2023-08-31
  • 0.39.1 - 2023-08-17

    0.39.1 (2024-03-11)

    Bug Fixes

    • instrumentation-pg: prevent net.peer.port from being NaN (#1982) (3b2090b)
  • 0.39.0 - 2023-08-14
  • 0.38.0 - 2023-07-12
  • 0.37.1 - 2023-06-12
  • 0.37.0 - 2023-05-16
  • 0.36.6 - 2023-04-25
  • 0.36.5 - 2023-04-06
  • 0.36.4 - 2023-03-05
  • 0.36.3 - 2023-02-14
  • 0.36.2 - 2023-02-10
  • 0.36.1 - 2023-02-07

    0.36.1 (2024-03-11)

    Bug Fixes

    • instr-express: normalize paths with double slashes (#1995) (65a9553)
  • 0.36.0 - 2022-12-30
  • 0.35.0 - 2022-11-18
  • 0.34.0 - 2022-11-02
  • 0.33.1 - 2022-09-29
  • 0.32.1 - 2022-09-15
from @opentelemetry/auto-instrumentations-node GitHub release notes
Commit messages
Package name: @opentelemetry/auto-instrumentations-node
  • 39c34df chore: release main (#1924)
  • 7895306 fix(instr-aws-sdk): @ smithy/middleware-stack@2.1.0 change broke aws-sdk-v3 instrumentation (#1913)
  • 84e1a6b docs(graphql-instrumentation): add documentation for ignoreResolveSpans (#1912)
  • 497a3c3 chore(deps): update release-please to v4 (#1901)
  • 32204a3 chore: release main (#1890)
  • 9624486 chore(deps): update otel-js to 1.21.0/0.48.0 (#1914)
  • 12834d5 fix(example-fastify): update example to use latest versions (#1899)
  • fce7d3b fix(instrumentation-redis-4): fix multi.exec() instrumentation for redis >=4.6.12 (#1904)
  • f65f2f1 fix: span emit warnings on express instrumentation (#1891)
  • 3156c94 chore: Update deprecations in instrumentation-express/examples (#1842)
  • c8bebc7 chore(renovate): use full list of experimental packages (#1897)
  • c365375 feat(instrumentation-graphql): add option to ignore resolver spans (#1858)
  • c54e9b6 fix(mongodb-example): Ensure instrumentation is setup before mongoDB client is import (#1851)
  • 577a291 fix(instrumentation-aws-sdk): make empty context when SQS message has no propagation fields (#1889)
  • c0d873c fix(instrumentation-pg): remove `@ opentelemetry/core` from dependencies (#1895)
  • 1e90a40 fix(host-metrics)!: fix process.cpu.* metrics (#1785)
  • 33b31d0 feat: Allow configuring pino to log with different keys (#1867)
  • bb1ba31 ci: automatically map component labels to PRs (#1879)
  • 9092823 chore: release main (#1855)
  • 006c963 fix: Fix Azure Fns Detector When Running with App Service Detector (#1884)
  • 2d11b69 chore(deps): update dependency test-all-versions to v6 (#1877)
  • ec7125b chore: update guidelines (#1882)
  • cf57292 ci: Add maintainer for the React plugin (#1876)
  • c60e8bc chore(deps): update github/codeql-action action to v3 (#1878)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aditya-opsverse @snyk-bot