[Snyk] Upgrade @opentelemetry/sdk-node from 0.33.0 to 0.48.0

[aditya-opsverse]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade @opentelemetry/sdk-node from 0.33.0 to 0.48.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 21 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2024-01-26.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Cross-site Request Forgery (CSRF) SNYK-JS-FASTIFY-3136527	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SIDEWAYFORMULA-3317169	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: @opentelemetry/sdk-node

• 0.48.0 - 2024-01-26
  

  0.48.0

  💥 Breaking Change

  • fix(instrumentation)!: pin import-in-the-middle@1.7.1 #4441
    • Fixes a bug where, in some circumstances, ESM instrumentation packages would try to instrument CJS exports on ESM, causing the end-user application to crash.
    • This breaking change only affects users that are using the experimental @ opentelemetry/instrumentation/hook.mjs loader hook AND Node.js 18.19 or later:
      • This reverts back to an older version of import-in-the-middle due to DataDog/import-in-the-middle#57
      • This version does not support Node.js 18.19 or later

  🐛 (Bug Fix)

  • fix(exporter-prometheus): avoid invoking callback synchronously #4431 @ legendecas
  • fix(exporter-logs-otlp-grpc): set User-Agent header #4398 @ Vunovati
  • fix(exporter-logs-otlp-http): set User-Agent header #4398 @ Vunovati
  • fix(exporter-logs-otlp-proto): set User-Agent header #4398 @ Vunovati
  • fix(instrumentation-fetch): compatibility with Map types for fetch headers

  🏠 (Internal)

  • refactor(exporter-prometheus): promisify prometheus tests #4431 @ legendecas
• 0.47.0 - 2024-01-15
  

  0.47.0

  🚀 (Enhancement)

  • perf(otlp-transformer): skip unnecessary base64 encode of span contexts #4343 @ seemk

  💥 Breaking Change

  • fix(exporter-logs-otlp-http)!: programmatic headers take precedence over environment variables #2370 @ Vunovati
  • fix(exporter-logs-otlp-proto)!: programmatic headers take precedence over environment variables #2370 @ Vunovati
  • fix(exporter-trace-otlp-http)!: programmatic headers take precedence over environment variables #2370 @ Vunovati
  • fix(exporter-trace-otlp-proto)!: programmatic headers take precedence over environment variables #2370 @ Vunovati

  🐛 (Bug Fix)

  • fix(instrumentation): use caret range on import-in-the-middle #4380 @ pichlermarc
  • fix(instrumentation): do not import 'path' in browser runtimes #4386 @ pichlermarc
    • Fixes a bug where bundling for web would fail due to InstrumentationNodeModuleDefinition importing path
• 0.46.0 - 2023-12-14
  

  💥 Breaking Change

  • fix(exporter-metrics-otlp-grpc): programmatic headers take precedence over environment variables #2370 @ Vunovati
  • fix(exporter-metrics-otlp-http): programmatic headers take precedence over environment variables #2370 @ Vunovati
  • fix(exporter-metrics-otlp-proto): programmatic headers take precedence over environment variables #2370 @ Vunovati
  • fix(otlp-exporter-base)!: decrease default concurrency limit to 30 #4211 @ pichlermarc
    • fixes a memory leak on prolonged collector unavailability
    • this change is marked as breaking as it changes defaults

  🚀 (Enhancement)

  • feat(sdk-logs): add droppedAttributesCount field to ReadableLogRecord #4289 @ HyunnoH

  🐛 (Bug Fix)

  • fix(api-logs): allow for TimeInput type for LogRecord timestamps #4345 @ seemk
  • fix(sdk-logs): avoid map attribute set when count limit exceeded #4195 @ HyunnoH
  • fix(instrumentation-fetch): only access navigator if it is defined #4063 @ drewcorlin1
    • allows for experimental usage of this instrumentation with non-browser runtimes
  • fix(instrumentation-http): memory leak when responses are not resumed @ dyladan
  • fix(instrumentation-http): Do not mutate given headers object for outgoing http requests. Fixes aws-sdk signing error on retries. #4346 @ trentm
  • fix(instrumentation): support Node.js v18.19.0 by using import-in-the-middle@1.7.1
• 0.45.1 - 2023-11-08
• 0.45.0 - 2023-11-07
• 0.44.0 - 2023-10-10
• 0.43.0 - 2023-09-12
• 0.42.0 - 2023-09-11
• 0.41.2 - 2023-08-08
• 0.41.1 - 2023-07-24
• 0.41.0 - 2023-07-06
• 0.40.0 - 2023-06-06
• 0.39.1 - 2023-05-12
• 0.39.0 - 2023-05-11
• 0.38.0 - 2023-04-13
• 0.37.0 - 2023-03-30
• 0.36.1 - 2023-03-20
• 0.36.0 - 2023-03-13
• 0.35.1 - 2023-01-30
• 0.35.0 - 2023-01-11
• 0.34.0 - 2022-11-09
• 0.33.0 - 2022-09-16

from @opentelemetry/sdk-node GitHub release notes

Commit messages

Package name: @opentelemetry/sdk-node

• 828f2ed chore: prepare release 1.21.0/0.48.0 (#4442)
• 3711990 fix(instrumentation-fetch): compatibility with Map inputs for request headers with fetch (#4348)
• 5afbcdb docs: add observableGauge to the prometheus experimental example (#4267)
• bf4d553 refactor(exporter-prometheus): promisify prometheus tests (#4431)
• df63272 fix(exporter-logs-otlp-*): set User-Agent header (#4398)
• 8648313 fix(instrumentation)!: pin import-in-the-middle@1.7.1 (#4441)
• 0635ab1 fix(sdk-trace-base): Export processed spans while exporter failed (#4287)
• 0f6518d feat(sdk-metrics): deprecate MeterProvider.addMetricReader() in favor of 'readers' constructor option (#4427)
• 43e598e test: transpile zone.js products in test (#4423)
• 2a3c264 refactor(core): drop unnecessary assignment of HOSTNAME (#4421)
• bf8714e chore(opentelemetry-context-zone-peer-dep): support zone.js ^v0.13.0 (#4320)
• 71ef1b1 feat(SugaredTracer): add draft of sugaredTracer (#3317)
• 6898a34 fix(sdk-trace-base): ensure attribute value length limit is enforced on span creation (#4417)
• 5700853 chore: prepare release 1.20.0/0.47.0 (#4410)
• b7e3d44 chore(deps): bump follow-redirects from 1.15.3 to 1.15.4 (#4411)
• ae0a3c5 fix(exporter-logs-otlp-proto): programatic headers take precedence ov… (#4351)
• b36ab12 fix(instrumentation): do not import 'path' in browser runtimes (#4386)
• 0206181 chore(deps): update github/codeql-action action to v3 (#4391)
• f4b681d fix(instrumentation): use caret range on import-in-the-middle (#4380)
• a512494 perf: remove unnecessary base64 encode+decode from OTLP export (#4343)
• 42aaae0 chore(deps): update dependency chromedriver to v120 (#4374)
• 3cf2cf6 fix(instrumentation): bump import-in-the-middle to 1.7.2 (#4379)
• 37add77 fix(ci): ensure deploy workflow does not override benchmark data (#4376)
• 3e59291 feat(sdk-trace-base): improve log messages when dropping span events (#4223)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs