lightstep
[Snyk] Security upgrade @opentelemetry/auto-instrumentations-node from 0.37.1 to 0.38.0
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
691/1000 Why? Recently disclosed, Has a fix available, CVSS 8.1 |
Arbitrary Code Execution SNYK-JS-IMPORTINTHEMIDDLE-5826054 |
No | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: @opentelemetry/auto-instrumentations-node
The new version differs by 24 commits.- f81f8a7 chore: release main (#1539)
- 8d9687d feat(fastify): Skip update HTTP's span name and update RpcMetadata's route instead (#1569)
- bf25eb1 chore(renovate): change strategy for @ opentelemetry/api, run experimental update every weekday (#1578)
- 3139dbf chore: update renovate.json (#1575)
- 273993b chore: re-enable instrumentation-fastify unit test on node@18 (#1568)
- 84a2377 fix(deps): update otel core experimental to ^0.41.0 (#1566)
- ffb45fe chore(renovate): split patch and minor rules (#1572)
- 8e2f518 feat(express): Skip update HTTP's span name and update RpcMetadata's route instead (#1557)
- 774d254 fix(document-load): compatibility issue with @ opentelemetry/[email protected] (#1565)
- a18b074 docs: document merge reqiurements (#1553)
- 784a422 fix(instrumentation-fastify): fix fastify typescript compilation issue (#1556)
- 05c4e9e feat(mongodb): support v5 (#1451)
- 8777cbd feat(lambda): add OTEL_LAMBDA_DISABLE_AWS_CONTEXT_PROPAGATION environment variable (#1227)
- 7c7294c feat(opentelemetry-instrumentation-document-load): Add access to performance resource timing object for custom attributes (#1529)
- 8499b16 fix(connect): Skip update HTTP's span name and update RpcMetadata's route instead (#1534)
- f7c4324 feat(opentelemetry-instrumentation-aws-sdk): add missing spec-defined DynamoDB attributes (#1524)
- de17f77 feat(aws-ecs): add cloud resource attributes for fargate (#1543)
- 65f612e feat(minification): Add importHelpers and tslib as a dependency (#1545)
- 32fde65 chore: Update component owners for the Document Load web instrumentation (#1550)
- 4514522 fix(ci): use npx to run lerna (#1546)
- 856c252 feat: add sqlcommenter comment to mysql2 queries (#1523)
- 476f3ce chore(ci): pin lerna in github workflows (#1541)
- 86d38fb chore(deps): update dependency cross-env to v7 (#1540)
- fec1799 fix(nestjs): update dependency @ nestjs/x to v9 (#1538)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
Codecov Report
Merging #75 (1fbf6eb) into main (41a2446) will not change coverage. Report is 1 commits behind head on main. The diff coverage is
n/a.
:exclamation: Current head 1fbf6eb differs from pull request most recent head bae0d8a. Consider uploading reports for the commit bae0d8a to get more accurate results
Additional details and impacted files
@@ Coverage Diff @@
## main #75 +/- ##
=======================================
Coverage 93.12% 93.12%
=======================================
Files 2 2
Lines 131 131
Branches 31 31
=======================================
Hits 122 122
Misses 9 9
