deps: bump the dev-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the dev-dependencies group with 5 updates in the / directory:

Package	From	To
@opentelemetry/api	1.9.0	1.9.1
@opentelemetry/sdk-trace-node	2.5.1	2.6.1
@types/node	25.3.3	25.5.0
lint-staged	16.3.0	16.4.0
typescript-eslint	8.56.1	8.57.2

Updates @opentelemetry/api from 1.9.0 to 1.9.1

Release notes

Sourced from @​opentelemetry/api's releases.

api/v1.9.1

1.9.1

🐛 (Bug Fix)

• fix(api): prioritize esnext export condition as it is more specific #5458
• fix(api): update diag consoleLogger to use original console methods to prevent infinite loop when a console instrumentation is present #6395
• fix(api): use Attributes instead of deprecated SpanAttributes in SpanOptions #6478 @​overbalance
• fix(diag): change types in DiagComponentLogger from any to unknown#5478 @​loganrosen
• fix(api): re-introduce fallback chain for global utils #6523 @​pichlermarc

🏠 (Internal)

• refactor(api): refactor to avoid circular deps by merging observable types into Metric.ts #6441 @​pichlermarc
• refactor(api): remove "export *" in favor of explicit named exports #4880 @​robbkidd
• chore: enable tsconfig isolatedModules #5697 @​legendecas
• chore: disallow constructor parameter property syntax #6187 @​legendecas
• refactor(api): remove platform-specific globalThis, use globalThis directly #6208 @​overbalance
• chore(api): mark ProxyTracerProvider as deprecated #6328 @​cjihrig
• chore: enforce import type for type-only imports via ESLint #6467 @​overbalance
• perf(api): improve isValidSpanId, isValidTraceId performance #5714 @​seemk

Changelog

Sourced from @​opentelemetry/api's changelog.

1.9.1

🐛 (Bug Fix)

• fix: avoid grpc types dependency #3551 @​flarna
• fix(otlp-proto-exporter-base): Match Accept header with Content-Type in the proto exporter #3562 @​scheler
• fix: include tracestate in export #3569 @​flarna

🏠 (Internal)

• chore: fix cross project links and missing implicitly exported types #3533 @​legendecas
• feat(sdk-metrics): add exponential histogram mapping functions #3504 @​mwear

Commits

• 279458e Release 1.9.1 / 0.35.1 (#3573)
• 4978743 fix(http): remove outgoing headers normalization (#3557)
• d1f9594 chore(deps): update dependency rimraf to v4 (#3532)
• e0abcc0 fix: remove JSON syntax error and regenerate tsconfig files (#3566)
• a90c558 fix(sdk-node): register instrumentations early (#3502)
• 5b070b8 fix: include TraceState in trace exports (#3569)
• dcb09b7 chore(deps): update dependency gh-pages to v5 (#3571)
• 3bc93a9 feat: exponential histogram - part 1 - mapping functions (#3504)
• 3670071 fix: avoid grpc types dependency (#3551)
• b5ef0e4 chore: fix proto generation (#3567)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​opentelemetry/api since your current version.

Updates @opentelemetry/sdk-trace-node from 2.5.1 to 2.6.1

Release notes

Sourced from @​opentelemetry/sdk-trace-node's releases.

v2.6.1

2.6.1

🐛 Bug Fixes

• fix(opentelemetry-instrumentation): improve _warnOnPreloadedModules function not to show warning logs when the module is not marked as loaded #6095 @​rlj1202
• fix(sdk-trace-base): derive internal SpanOptions from API type to prevent drift #6478 @​overbalance
• fix(span): enforce attributePerEventCountLimit, attributePerLinkCountLimit, linkCountLimit, and attributeValueLengthLimit for event/link attributes #6479 @​overbalance

🏠 Internal

• chore: enforce import type for type-only imports via ESLint #6467 @​overbalance
• perf(sdk-trace-base): avoid Object.entries in Span.setAttributes #6514 @​daniellockyer
• perf(sdk-trace-base): optimize Span.{addEvent,addLink} performance #6516 @​daniellockyer
• test(bundlers): broaden bundler test coverage and assert known protobuf dynamic-require failures #6482 @​overbalance

v2.6.0

2.6.0

💥 Breaking Changes

• fix(resources): update OTEL_RESOURCE_ATTRIBUTESopen-telemetry/opentelemetry-specification#4856#6261 @​jacksonweber
  • Important: This fix is included in the "breaking changes" section because it can be breaking for some edge case usage of OTEL_RESOURCE_ATTRIBUTES:
    • export OTEL_RESOURCE_ATTRIBUTES=foo=bar,spam will now be fully ignored, because the spam entry is invalid (missing =). Per spec, any parsing error results in ignoring the entire environment variable.
    • export OTEL_RESOURCE_ATTRIBUTES='wat=" spaces "' will now result in {"wat": "\" spaces \""} with the double-quotes included in the value. Before this change the implementation included brittle double-quoting to allow leading and trailing whitespace in the value. To support leading or trailing whitespace now, you must percent-encode the whitespace. Internal whitespace still works without encoding, e.g. export OTEL_RESOURCE_ATTRIBUTES='green=eggs and ham'.

🚀 Features

• feat(sdk-trace): implement span start/end metrics #6213 @​anuraaga

🐛 Bug Fixes

• fix(sdk-trace-web): propagate optimised flag in getElementXPath recursion #6335 @​akkupratap323

Changelog

Sourced from @​opentelemetry/sdk-trace-node's changelog.

2.6.1

🐛 Bug Fixes

• fix(opentelemetry-instrumentation): improve _warnOnPreloadedModules function not to show warning logs when the module is not marked as loaded #6095 @​rlj1202
• fix(sdk-trace-base): derive internal SpanOptions from API type to prevent drift #6478 @​overbalance
• fix(span): enforce attributePerEventCountLimit, attributePerLinkCountLimit, linkCountLimit, and attributeValueLengthLimit for event/link attributes #6479 @​overbalance
• fix(context-zone): guard onCancelTask against terminal-state tasks to prevent infinite loop with rc-align (Ant Design) in React 16 dev mode #6512 @​Renegade2345

🏠 Internal

• chore: enforce import type for type-only imports via ESLint #6467 @​overbalance
• perf(sdk-trace-base): avoid Object.entries in Span.setAttributes #6514 @​daniellockyer
• perf(sdk-trace-base): optimize Span.{addEvent,addLink} performance #6516 @​daniellockyer
• test(bundlers): broaden bundler test coverage and assert known protobuf dynamic-require failures #6482 @​overbalance

2.6.0

💥 Breaking Changes

• fix(resources): update OTEL_RESOURCE_ATTRIBUTESopen-telemetry/opentelemetry-specification#4856#6261 @​jacksonweber
  • Important: This fix is included in the "breaking changes" section because it can be breaking for some edge case usage of OTEL_RESOURCE_ATTRIBUTES:
    • export OTEL_RESOURCE_ATTRIBUTES=foo=bar,spam will now be fully ignored, because the spam entry is invalid (missing =). Per spec, any parsing error results in ignoring the entire environment variable.
    • export OTEL_RESOURCE_ATTRIBUTES='wat=" spaces "' will now result in {"wat": "\" spaces \""} with the double-quotes included in the value. Before this change the implementation included brittle double-quoting to allow leading and trailing whitespace in the value. To support leading or trailing whitespace now, you must percent-encode the whitespace. Internal whitespace still works without encoding, e.g. export OTEL_RESOURCE_ATTRIBUTES='green=eggs and ham'.

🚀 Features

• feat(sdk-trace): implement span start/end metrics #6213 @​anuraaga

🐛 Bug Fixes

• fix(sdk-trace-base): enforce StatusCode precedence rules in setStatus per specification #6461 @​newbee1939
• fix(sdk-trace-web): propagate optimised flag in getElementXPath recursion #6335 @​akkupratap323

Commits

• 7e74509 chore: prepare next release (#6510)
• c846919 fix(instrumentation-fetch): do not modify the returned type of fetch (#6521)
• 99fb3fb fix(api): re-introduce fallback chain for global utils (#6523)
• b842717 test(bundlers): add node webpack tests, expand edge coverage, assert known pr...
• b5a6b12 fix(opentelemetry-sdk-node): add missing @​opentelemetry/otlp-exporter-base de...
• dc93ed4 perf(sdk-trace-base): optimize Span.{addEvent,addLink} performance (#6516)
• e9831e7 perf(sdk-trace-base): avoid Object.entries in Span.setAttributes (#6514)
• d56af69 chore(deps): lock file maintenance (#6517)
• f3a10ab chore(deps): update github/codeql-action digest to 3869755 (#6513)
• 2f73776 chore(deps): update github/codeql-action digest to c6f9311 (#6511)
• Additional commits viewable in compare view

Updates @types/node from 25.3.3 to 25.5.0

Commits

• See full diff in compare view

Updates lint-staged from 16.3.0 to 16.4.0

Release notes

Sourced from lint-staged's releases.

v16.4.0

Minor Changes

• #1739 687fc90 Thanks @​hyperz111! - Replace micromatch with picomatch to reduce dependencies.

v16.3.4

Patch Changes

• #1742 9d6e827 Thanks @​iiroj! - Update dependencies, including tinyexec@1.0.4 to make sure local node_modules/.bin are preferred to global locations (released in tinyexec@1.0.3).

v16.3.3

Patch Changes

• #1740 0109e8d Thanks @​iiroj! - Make sure Git's warning about CRLF line-endings doesn't interfere with creating initial backup stash.

v16.3.2

Patch Changes

• #1735 2adaf6c Thanks @​iiroj! - Hide the extra cmd window on Windows by spawning tasks without the detached option.

v16.3.1

Patch Changes

• #1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

Changelog

Sourced from lint-staged's changelog.

16.4.0

Minor Changes

• #1739 687fc90 Thanks @​hyperz111! - Replace micromatch with picomatch to reduce dependencies.

16.3.4

Patch Changes

• #1742 9d6e827 Thanks @​iiroj! - Update dependencies, including tinyexec@1.0.4 to make sure local node_modules/.bin are preferred to global locations (released in tinyexec@1.0.3).

16.3.3

Patch Changes

• #1740 0109e8d Thanks @​iiroj! - Make sure Git's warning about CRLF line-endings doesn't interfere with creating initial backup stash.

16.3.2

Patch Changes

• #1735 2adaf6c Thanks @​iiroj! - Hide the extra cmd window on Windows by spawning tasks without the detached option.

16.3.1

Patch Changes

• #1729 cd5d762 Thanks @​iiroj! - Remove nano-spawn as a dependency from package.json as it was replaced with tinyexec and is no longer used.

Commits

• 445f9dd chore(changeset): release
• d91be60 docs: update readme to use picomatch
• b392a9f refactor: extract matchFiles and add unit tests
• 687fc90 refactor: replace micromatch with picomatch
• 26dadf9 chore(changeset): release
• 9d6e827 build(deps): update dependencies
• 8aea986 chore(changeset): release
• 0109e8d fix: strip Git CRLF warning from output
• dfd6a7a chore(changeset): release
• 2adaf6c fix(Windows): do not spawn tasks as detached since it opens a cmd window on ...
• Additional commits viewable in compare view

Updates typescript-eslint from 8.56.1 to 8.57.2

Release notes

Sourced from typescript-eslint's releases.

v8.57.2

8.57.2 (2026-03-23)

🩹 Fixes

• eslint-plugin: [prefer-optional-chain] remove dangling closing parenthesis (#11865)
• eslint-plugin: [array-type] ignore Array and ReadonlyArray without type arguments (#11971)
• eslint-plugin: [no-restricted-types] flag banned generics in extends or implements (#12120)
• eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)
• eslint-plugin: [no-unsafe-return] false positive on unwrapping generic (#12125)
• eslint-plugin: [no-useless-default-assignment] skip reporting false positives for unresolved type parameters (#12127)
• eslint-plugin: [prefer-readonly-parameter-types] preserve type alias infomation (#11954)
• typescript-estree: skip createIsolatedProgram fallback for projectService (#12066, #12065)

❤️ Thank You

• Kirk Waiblinger @​kirkwaiblinger
• Konv Suu
• mdm317
• Newton Yuan @​NewtonYuan
• RyoheiYamamoto
• SungHyun627 @​SungHyun627
• Tamashoo @​Tamashoo

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.1

8.57.1 (2026-03-16)

🩹 Fixes

• eslint-plugin: [prefer-optional-chain] no report for property on intersection type (#12126)

❤️ Thank You

• Newton Yuan @​NewtonYuan

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

v8.57.0

8.57.0 (2026-03-09)

🚀 Features

• eslint-plugin: [no-unnecessary-condition] allow literal loop conditions in for/do loops (#12080)

... (truncated)

Changelog

Sourced from typescript-eslint's changelog.

8.57.2 (2026-03-23)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.1 (2026-03-16)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

8.57.0 (2026-03-09)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• be4d54d chore(release): publish 8.57.2
• c7c38aa chore(release): publish 8.57.1
• 2c6aeee chore(release): publish 8.57.0
• f696dad chore: use pnpm catalog (#12047)
• a09921e chore: update vitest to 4.x (#12071)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.