deps(backend): bump the minor-and-patch group across 1 directory with 23 updates

[dependabot]

Bumps the minor-and-patch group with 22 updates in the /backend directory:

Package	From	To
@aws-sdk/client-s3	3.957.0	3.1000.0
@aws-sdk/s3-request-presigner	3.957.0	3.1000.0
@opentelemetry/api	1.7.0	1.9.0
@opentelemetry/auto-instrumentations-node	0.40.3	0.70.1
@opentelemetry/exporter-trace-otlp-http	0.48.0	0.212.0
@opentelemetry/sdk-node	0.48.0	0.212.0
@opentelemetry/semantic-conventions	1.38.0	1.40.0
bullmq	5.66.2	5.70.1
multer	2.0.2	2.1.0
@types/multer	1.4.13	2.0.0
sanitize-html	2.17.0	2.17.1
stripe	20.1.0	20.4.0
@types/k6	1.4.0	1.6.0
@types/pdfkit	0.17.4	0.17.5
@typescript-eslint/eslint-plugin	8.50.1	8.56.1
@typescript-eslint/parser	8.50.1	8.56.1
@vitest/coverage-v8	4.0.16	4.0.18
eslint-plugin-prettier	5.5.4	5.5.5
prettier	3.7.4	3.8.1
supertest	7.1.4	7.2.2
@types/supertest	2.0.16	7.2.0
vitest	4.0.16	4.0.18

Updates @aws-sdk/client-s3 from 3.957.0 to 3.1000.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1000.0

3.1000.0(2026-02-27)

New Features

• client-arc-region-switch: Post-Recovery Workflows enable customers to maintain comprehensive disaster recovery automation. This allows customer SREs and leadership to have complete recovery orchestration from failover through post-recovery preparation, ensuring Regions remain ready for subsequent recovery events. (3abb5202)
• client-keyspacesstreams: Added support for Change Data Capture (CDC) streams with Duration DataType. (59b94328)
• client-batch: This feature allows customers to specify the minimum time (in minutes) that AWS Batch keeps instances running in a compute environment after all jobs on the instance complete (25f4947a)
• client-cognito-identity-provider: Cognito is introducing a two-secret rotation model for app clients, enabling seamless credential rotation without downtime. Dedicated APIs support passing in a custom secret. Custom secrets need to be at least 24 characters. This eliminates reconfiguration needs and reduces security risks. (582a3813)
• client-bedrock: Added four new model lifecycle date fields, startOfLifeTime, endOfLifeTime, legacyTime, and publicExtendedAccessTime. Adds support for using the Converse API with Bedrock Batch inference jobs. (29b1fe6d)
• client-odb: ODB Networking Route Management is a feature improvement which allows for implicit creation and deletion of EC2 Routes in the Peer Network Route Table designated by the customer via new optional input. This feature release is combined with Multiple App-VPC functionality for ODB Network Peering(s). (d372d85d)
• client-customer-profiles: This release introduces an optional SourcePriority parameter to the ProfileObjectType APIs, allowing you to control the precedence of object types when ingesting data from multiple sources. Additionally, WebAnalytics and Device have been added as new StandardIdentifier values. (6166dfb7)
• client-connect: Deprecate EvaluationReviewMetadata's CreatedBy and CreatedTime, add EvaluationReviewMetadata's RequestedBy and RequestedTime (df058ded)
• client-ram: Resource owners can now specify ResourceShareConfiguration request parameter for CreateResourceShare API including RetainSharingOnAccountLeaveOrganization boolean parameter (3cc0ca9d)
• client-health: Updates the regex for validating availabilityZone strings used in the describe events filters. (eded08f6)
• client-transcribe-streaming: AWS Transcribe Streaming now supports specifying a resumption window for the stream through the SessionResumeWindow parameter, allowing customers to reconnect to their streams for a longer duration beyond stream start time. (56168c57)

Tests

• clients: enable snapshots for small subset of clients (#7790) (822c995d)

---

For list of updated packages, view updated-packages.md in assets-3.1000.0.zip

v3.999.0

3.999.0(2026-02-26)

Chores

• validate codegen changes using yarn generate-clients (#7780) (b7c1aa20)
• packages: reapply eslint rules (#7789) (ab81c738)

New Features

• client-securityhub: Security Hub added EXTENDED PLAN integration type to DescribeProductsV2 and added metadata.product.vendor name GroupBy support to GetFindingStatisticsV2 (1d1c9825)
• client-ec2: Add c8id, m8id and hpc8a instance types. (f49cb0c1)
• client-ecs: Adding support for Capacity Reservations for ECS Managed Instances by introducing a new "capacityOptionType" value of "RESERVED" and new field "capacityReservations" for CreateCapacityProvider and UpdateCapacityProvider APIs. (4a7cfd05)
• client-marketplace-entitlement-service: Added License Arn as a new optional filter for GetEntitlements and LicenseArn field in each entitlement in the response. (b884b35b)
• client-marketplace-metering: Added LicenseArn to ResolveCustomer response and BatchMeterUsage usage records. BatchMeterUsage now accepts LicenseArn in each UsageRecord to report usage at the license level. Added InvalidLicenseException error response for invalid license parameters. (f5f5c096)
• client-backup-gateway: This release updates GetGateway API to include deprecationDate and softwareVersion in the response, enabling customers to track gateway software versions and upcoming deprecation dates. (9dd68ddc)
• util-user-agent-node: populate typescript version in user agent when available (#7786) (0a5ab579)

---

For list of updated packages, view updated-packages.md in assets-3.999.0.zip

v3.998.0

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1000.0 (2026-02-27)

Note: Version bump only for package @​aws-sdk/client-s3

3.999.0 (2026-02-26)

Note: Version bump only for package @​aws-sdk/client-s3

3.998.0 (2026-02-25)

Note: Version bump only for package @​aws-sdk/client-s3

3.997.0 (2026-02-24)

Note: Version bump only for package @​aws-sdk/client-s3

3.996.0 (2026-02-23)

Note: Version bump only for package @​aws-sdk/client-s3

3.995.0 (2026-02-20)

Note: Version bump only for package @​aws-sdk/client-s3

3.994.0 (2026-02-19)

... (truncated)

Commits

• e373aa8 Publish v3.1000.0
• 822c995 test(clients): enable snapshots for small subset of clients (#7790)
• cd1d49d Publish v3.999.0
• adb02cd Publish v3.998.0
• ae4f994 chore(codegen): sync for checksum algorithm extensions (#7781)
• 637dcf0 Publish v3.997.0
• 3f776c3 chore(packages): use open version range for additional packages (#7774)
• 14fc571 chore(codegen): sync for checksum stream backpressure (#7776)
• a6a6912 Publish v3.996.0
• e8dc4f2 Publish v3.995.0
• Additional commits viewable in compare view

Updates @aws-sdk/s3-request-presigner from 3.957.0 to 3.1000.0

Release notes

Sourced from @​aws-sdk/s3-request-presigner's releases.

v3.1000.0

3.1000.0(2026-02-27)

New Features

• client-arc-region-switch: Post-Recovery Workflows enable customers to maintain comprehensive disaster recovery automation. This allows customer SREs and leadership to have complete recovery orchestration from failover through post-recovery preparation, ensuring Regions remain ready for subsequent recovery events. (3abb5202)
• client-keyspacesstreams: Added support for Change Data Capture (CDC) streams with Duration DataType. (59b94328)
• client-batch: This feature allows customers to specify the minimum time (in minutes) that AWS Batch keeps instances running in a compute environment after all jobs on the instance complete (25f4947a)
• client-cognito-identity-provider: Cognito is introducing a two-secret rotation model for app clients, enabling seamless credential rotation without downtime. Dedicated APIs support passing in a custom secret. Custom secrets need to be at least 24 characters. This eliminates reconfiguration needs and reduces security risks. (582a3813)
• client-bedrock: Added four new model lifecycle date fields, startOfLifeTime, endOfLifeTime, legacyTime, and publicExtendedAccessTime. Adds support for using the Converse API with Bedrock Batch inference jobs. (29b1fe6d)
• client-odb: ODB Networking Route Management is a feature improvement which allows for implicit creation and deletion of EC2 Routes in the Peer Network Route Table designated by the customer via new optional input. This feature release is combined with Multiple App-VPC functionality for ODB Network Peering(s). (d372d85d)
• client-customer-profiles: This release introduces an optional SourcePriority parameter to the ProfileObjectType APIs, allowing you to control the precedence of object types when ingesting data from multiple sources. Additionally, WebAnalytics and Device have been added as new StandardIdentifier values. (6166dfb7)
• client-connect: Deprecate EvaluationReviewMetadata's CreatedBy and CreatedTime, add EvaluationReviewMetadata's RequestedBy and RequestedTime (df058ded)
• client-ram: Resource owners can now specify ResourceShareConfiguration request parameter for CreateResourceShare API including RetainSharingOnAccountLeaveOrganization boolean parameter (3cc0ca9d)
• client-health: Updates the regex for validating availabilityZone strings used in the describe events filters. (eded08f6)
• client-transcribe-streaming: AWS Transcribe Streaming now supports specifying a resumption window for the stream through the SessionResumeWindow parameter, allowing customers to reconnect to their streams for a longer duration beyond stream start time. (56168c57)

Tests

• clients: enable snapshots for small subset of clients (#7790) (822c995d)

---

For list of updated packages, view updated-packages.md in assets-3.1000.0.zip

v3.999.0

3.999.0(2026-02-26)

Chores

• validate codegen changes using yarn generate-clients (#7780) (b7c1aa20)
• packages: reapply eslint rules (#7789) (ab81c738)

New Features

• client-securityhub: Security Hub added EXTENDED PLAN integration type to DescribeProductsV2 and added metadata.product.vendor name GroupBy support to GetFindingStatisticsV2 (1d1c9825)
• client-ec2: Add c8id, m8id and hpc8a instance types. (f49cb0c1)
• client-ecs: Adding support for Capacity Reservations for ECS Managed Instances by introducing a new "capacityOptionType" value of "RESERVED" and new field "capacityReservations" for CreateCapacityProvider and UpdateCapacityProvider APIs. (4a7cfd05)
• client-marketplace-entitlement-service: Added License Arn as a new optional filter for GetEntitlements and LicenseArn field in each entitlement in the response. (b884b35b)
• client-marketplace-metering: Added LicenseArn to ResolveCustomer response and BatchMeterUsage usage records. BatchMeterUsage now accepts LicenseArn in each UsageRecord to report usage at the license level. Added InvalidLicenseException error response for invalid license parameters. (f5f5c096)
• client-backup-gateway: This release updates GetGateway API to include deprecationDate and softwareVersion in the response, enabling customers to track gateway software versions and upcoming deprecation dates. (9dd68ddc)
• util-user-agent-node: populate typescript version in user agent when available (#7786) (0a5ab579)

---

For list of updated packages, view updated-packages.md in assets-3.999.0.zip

v3.998.0

... (truncated)

Changelog

Sourced from @​aws-sdk/s3-request-presigner's changelog.

3.1000.0 (2026-02-27)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.999.0 (2026-02-26)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.998.0 (2026-02-25)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.997.0 (2026-02-24)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.996.0 (2026-02-23)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.995.0 (2026-02-20)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.994.0 (2026-02-19)

... (truncated)

Commits

• e373aa8 Publish v3.1000.0
• cd1d49d Publish v3.999.0
• ab81c73 chore(packages): reapply eslint rules (#7789)
• adb02cd Publish v3.998.0
• ae4f994 chore(codegen): sync for checksum algorithm extensions (#7781)
• 637dcf0 Publish v3.997.0
• 3f776c3 chore(packages): use open version range for additional packages (#7774)
• 14fc571 chore(codegen): sync for checksum stream backpressure (#7776)
• a6a6912 Publish v3.996.0
• e8dc4f2 Publish v3.995.0
• Additional commits viewable in compare view

Updates @opentelemetry/api from 1.7.0 to 1.9.0

Release notes

Sourced from @​opentelemetry/api's releases.

api/v1.9.0

1.9.0

🚀 (Enhancement)

• feat(metrics): added synchronous gauge #4528 @​clintonb
• feat(api): allow adding span links after span creation #4536 @​seemk
  • This change is non-breaking for end-users, but breaking for Trace SDK implmentations in accordance with the specification as new features need to be implemented.
• feat: support node 22 #4666 @​dyladan

API v1.8.0

🚀 (Enhancement)

• feat(api): add SugaredTracer for functions not defined in the spec #3317 @​secustor

🐛 (Bug Fix)

• fix(api): fix unreachable @​opentelemetry/api/experimental entry #4446 @​legendecas

Changelog

Sourced from @​opentelemetry/api's changelog.

1.9.0

🚀 (Enhancement)

• feat(instrumentation-grpc): set net.peer.name and net.peer.port on client spans #3430
• feat(exporter-trace-otlp-proto): Add protobuf otlp trace exporter support for browser #3208 @​pkanal

🐛 (Bug Fix)

• fix(sdk-metrics): use default Resource to comply with semantic conventions #3411 @​pichlermarc
  • Metrics exported by the SDK now contain the following resource attributes by default:
    • service.name
    • telemetry.sdk.name
    • telemetry.sdk.language
    • telemetry.sdk.version
• fix(sdk-metrics): use Date.now() for instrument recording timestamps #3514 @​MisterSquishy
• fix(sdk-trace): make spans resilient to clock drift #3434 @​dyladan
• fix(selenium-tests): updated webpack version for selenium test issue #3456 @​SaumyaBhushan
• fix(sdk-metrics): collect metrics when periodic exporting metric reader flushes #3517 @​legendecas
• fix(sdk-metrics): fix duplicated registration of metrics for collectors #3488 @​legendecas
• fix(core): fix precision loss in numberToHrtime #3480 @​legendecas

🏠 (Internal)

• chore: automatically generate tsconfigs #3432 @​legendecas
• chore: enforce format with prettier #3444 @​legendecas

1.8.0

• @opentelemetry/sdk-metrics has been promoted to stable
• @opentelemetry/api-metrics has been merged into @opentelemetry/api and deprecated

💥 Breaking Change

• feat(api): merge api-metrics into api #3374 @​legendecas

🚀 (Enhancement)

• feat(sdk-trace): re-export sdk-trace-base in sdk-trace-node and web #3319 @​legendecas
• feat: enable tree shaking #3329 @​pkanal

🐛 (Bug Fix)

• fix(sdk-trace): enforce consistent span durations #3327 @​dyladan
• fix(resources): fix EnvDetector throwing errors when attribute values contain spaces #3295
• fix(trace): fix an issue which caused negative span durations in web based spans #3359 @​dyladan
• fix(resources): strict OTEL_RESOURCE_ATTRIBUTES baggage octet decoding

... (truncated)

Commits

• 08f597f chore: release API 1.4.0 / SDK 1.9.0 / 0.35.0 (#3516)
• 969bb62 fix(tracing): make spans resilient to performance clock drift (#3434)
• 2dcc898 Document repo settings (#3519)
• 475e401 docs(sdk-metrics): fix badge and reword introductory sentence (#3484)
• 126ae93 fix(sdk-node): fix exporter to be read only OTEL_TRACES_EXPORTER is set to a ...
• c93ab9e fix(core): fix precision loss in numberToHrtime (#3480)
• 3fd6fb8 fix(sdk-metrics): fix duplicated registration of metrics for collectors (#3488)
• 93222fc fix(api): declare this parameter type in observable callbacks (#3497)
• eecb800 feat(sdk-node): configure no-op sdk with OTEL_SDK_DISABLED environment vari...
• 1c3af6c feat(api-logs): add the SeverityNumber enumeration (#3443)
• Additional commits viewable in compare view

Updates @opentelemetry/auto-instrumentations-node from 0.40.3 to 0.70.1

Release notes

Sourced from @​opentelemetry/auto-instrumentations-node's releases.

auto-instrumentations-node: v0.70.1

0.70.1 (2026-02-25)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​opentelemetry/instrumentation-cucumber bumped from ^0.27.0 to ^0.28.0
    • @​opentelemetry/instrumentation-graphql bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-socket.io bumped from ^0.58.0 to ^0.59.0

plugin-react-load: v0.44.0

0.44.0 (2026-02-16)

Features

• deps: update deps matching "@opentelemetry/*" (#3383) (d3ac785)

instrumentation-user-interaction: v0.56.0

0.56.0 (2026-02-16)

Features

• deps: update deps matching "@opentelemetry/*" (#3383) (d3ac785)

instrumentation-long-task: v0.56.0

0.56.0 (2026-02-16)

Features

• deps: update deps matching "@opentelemetry/*" (#3383) (d3ac785)

instrumentation-document-load: v0.57.0

0.57.0 (2026-02-16)

Features

• deps: update deps matching "@opentelemetry/*" (#3383) (d3ac785)

instrumentation-winston: v0.56.0

0.56.0 (2026-02-16)

Features

... (truncated)

Changelog

Sourced from @​opentelemetry/auto-instrumentations-node's changelog.

0.70.1 (2026-02-25)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​opentelemetry/instrumentation-cucumber bumped from ^0.27.0 to ^0.28.0
    • @​opentelemetry/instrumentation-graphql bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-socket.io bumped from ^0.58.0 to ^0.59.0

0.70.0 (2026-02-16)

Features

• deps: update deps matching "@opentelemetry/*" (#3383) (d3ac785)

Bug Fixes

• auto-instrumentation-node: resource detector from env should be the last detector (#3363) (97d9ef0)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​opentelemetry/instrumentation-amqplib bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-aws-lambda bumped from ^0.63.0 to ^0.64.0
    • @​opentelemetry/instrumentation-aws-sdk bumped from ^0.66.0 to ^0.67.0
    • @​opentelemetry/instrumentation-bunyan bumped from ^0.56.0 to ^0.57.0
    • @​opentelemetry/instrumentation-cassandra-driver bumped from ^0.56.0 to ^0.57.0
    • @​opentelemetry/instrumentation-connect bumped from ^0.54.0 to ^0.55.0
    • @​opentelemetry/instrumentation-cucumber bumped from ^0.26.0 to ^0.27.0
    • @​opentelemetry/instrumentation-dataloader bumped from ^0.28.0 to ^0.29.0
    • @​opentelemetry/instrumentation-dns bumped from ^0.54.0 to ^0.55.0
    • @​opentelemetry/instrumentation-express bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-fastify bumped from ^0.55.0 to ^0.56.0
    • @​opentelemetry/instrumentation-fs bumped from ^0.30.0 to ^0.31.0
    • @​opentelemetry/instrumentation-generic-pool bumped from ^0.54.0 to ^0.55.0
    • @​opentelemetry/instrumentation-graphql bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-hapi bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-ioredis bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-kafkajs bumped from ^0.20.0 to ^0.21.0
    • @​opentelemetry/instrumentation-knex bumped from ^0.55.0 to ^0.56.0
    • @​opentelemetry/instrumentation-koa bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-lru-memoizer bumped from ^0.55.0 to ^0.56.0
    • @​opentelemetry/instrumentation-memcached bumped from ^0.54.0 to ^0.55.0
    • @​opentelemetry/instrumentation-mongodb bumped from ^0.64.0 to ^0.65.0

... (truncated)

Commits

• 630937d chore: release main (#3398)
• 0b33a11 chore: release main (#3365)
• d3ac785 chore(deps): update deps matching "@opentelemetry/*" (#3383)
• 97d9ef0 fix(auto-instrumentation-node): resource detector from env should be the last...
• 7a5f3c0 chore: release main (#3342)
• a56bbdc feat(deps): update deps matching '@opentelemetry/*' (#3353)
• c84212c chore: release main (#3315)
• 2954943 feat(deps): update deps matching '@opentelemetry/*' (#3340)
• 925a150 feat(deps): update deps matching '@opentelemetry/*' (#3332)
• 66935ac chore: release main (#3264)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​opentelemetry/auto-instrumentations-node since your current version.

Updates @opentelemetry/exporter-trace-otlp-http from 0.48.0 to 0.212.0

Release notes

Sourced from @​opentelemetry/exporter-trace-otlp-http's releases.

experimental/v0.212.0

0.212.0

💥 Breaking Changes

• feat(sdk-logs)!: move environment variable configuration to @opentelemetry/sdk-node #6325 @​pichlermarc
  • (user-facing): environment variable configuration is no longer applied automatically when instantiating SDK components (LoggerProvider, BatchLogRecordProcessor) directly from @opentelemetry/sdk-logs. Please migrate to using NodeSDK from @opentelemetry/sdk-node to get automatic environment variable configuration.

🚀 Features

• feat(configuration): add Prometheus exporter support #6400 @​MikeGoldsmith
• feat(sampler-composite): add ComposableAnnotatingSampler and ComposableRuleBasedSampler #6305 @​trentm
• feat(configuration): parse config for rc 3 #6304 @​maryliag
• feat(instrumentation): use the internals: true option with import-in-the-middle hook, allowing instrumentations to hook internal files in ES modules #6344 @​trentm

🐛 Bug Fixes

• fix(configuration): remove default propagator initialization #6399 @​MikeGoldsmith
• fix(instrumentation-fetch): preserve Response.url, type, and redirected properties #6243 @​AnubhavPurohit691
  • The fetch instrumentation now preserves the read-only url, type, and redirected properties from the original Response object when wrapping it with a Proxy. This fixes issues where code relying on these properties (e.g., CORS type detection) would fail with instrumented fetch.
• fix(exporter-prometheus): add missing @opentelemetry/semantic-conventions dependency #6330 @​omizha
• fix(otlp-transformer): correctly handle Uint8Array attribute values when serializing to JSON #6348 @​pichlermarc
• fix(otlp-exporter-base): fix unwanted instrumentation of the fetch exports when context is not propagated #6353 @​david-luna

🏠 Internal

• perf(otlp-transformer): optimize toAnyValue performance #6287 @​AbhiPrasad

experimental/v0.211.0

0.211.0

💥 Breaking Changes

• fix(otlp-exporter-base)!: remove xhr transport #6317 @​cjihrig
  • (user-facing) The deprecated XHR-based transport has been removed and replaced with fetch(). This change affects users who relied on XmlHttpRequest instead of fetch() for sending headers with OTLP exports. To maintain compatibility on browsers without a fetch() implementation, include a fetch() polyfill.
• chore(api-logs)!: remove ProxyLoggerProvider export #6322 @​david-luna

🚀 Features

• feat(sdk-logs): export event name from ConsoleLogRecordExporter #6310 @​aicest

🐛 Bug Fixes

• fix(sdk-logs): allow AnyValue attributes for logs and handle circular references #6210 @​david-luna
  • based on #5765 from @​alec2435
• fix(browser-detector): use window feature detection to avoid false positives in Node.js 21+ and Bun #6271 @​fiyinfoluwa001 @​overbalance

... (truncated)

Commits

• ad92be4 chore: prepare next release (#6402)
• 3e68499 feat(configuration): add prometheus exporter support (#6400)
• b743747 fix(configuration): remove default propagator initialization (#6399)
• 48e2fb4 chore(deps): update fossas/fossa-action action to v1.8.0 (#6405)
• 90d1afa ci: allow different release bumps for groups (#6397)
• c1d0543 fix(deps): update dependency axios to v1.13.5 [security] (#6398)
• a78d112 fix(deps): update dependency @​grpc/grpc-js to v1.8.22 [security] (#6366)
• fcafab5 chore: fix lint (#6388)
• a0d5c14 fix(otlp-exporter-base): avoid use of a wrapped fetch (#6353)
• 819ebb2 chore(deps): update dependency webpack-merge to v6 (#6364)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​opentelemetry/exporter-trace-otlp-http since your current version.

Updates @opentelemetry/sdk-node from 0.48.0 to 0.212.0

Release notes

Sourced from @​opentelemetry/sdk-node's releases.

experimental/v0.212.0

0.212.0

💥 Breaking Changes

• feat(sdk-logs)!: move environment variable configuration to @opentelemetry/sdk-node #6325 @​pichlermarc
  • (user-facing): environment variable configuration is no longer applied automatically when instantiating SDK components (LoggerProvider, BatchLogRecordProcessor) directly from @opentelemetry/sdk-logs. Please migrate to using NodeSDK from @opentelemetry/sdk-node to get automatic environment variable configuration.

🚀 Features

• feat(configuration): add Prometheus exporter support #6400 @​MikeGoldsmith
• feat(sampler-composite): add ComposableAnnotatingSampler and ComposableRuleBasedSampler #6305 @​trentm
• feat(configuration): parse config for rc 3 #6304 @​maryliag
• feat(instrumentation): use the internals: true option with import-in-the-middle hook, allowing instrumentations to hook internal files in ES modules #6344 @​trentm

🐛 Bug Fixes

• fix(configuration): remove default propagator initialization #6399 @​MikeGoldsmith
• fix(instrumentation-fetch): preserve Response.url, type, and redirected properties #6243 @​AnubhavPurohit691
  • The fetch instrumentation now preserves the read-only url, type, and redirected properties from the original Response object when wrapping it with a Proxy. This fixes issues where code relying on these properties (e.g., CORS type detection) would fail with instrumented fetch.
• fix(exporter-prometheus): add missing @opentelemetry/semantic-conventions dependency #6330 @​omizha
• fix(otlp-transformer): correctly handle Uint8Array attribute values when serializing to JSON #6348 @​pichlermarc
• fix(otlp-exporter-base): fix unwanted instrumentation of the fetch exports when context is not propagated #6353 @​david-luna

🏠 Internal

• perf(otlp-transformer): optimize toAnyValue performance #6287 @​AbhiPrasad

experimental/v0.211.0

0.211.0

💥 Breaking Changes

• fix(otlp-exporter-base)!: remove xhr transport #6317 @​cjihrig
  • (user-facing) The deprecated XHR-based transport has been removed and replaced with fetch(). This change affects users who relied on XmlHttpRequest instead of fetch() for sending headers with OTLP exports. To maintain compatibility on browsers without a fetch() implementation, include a fetch() polyfill.
• chore(api-logs)!: remove ProxyLoggerProvider export #6322 @​david-luna

🚀 Features

• feat(sdk-logs): export event name from ConsoleLogRecordExporter #6310 @​aicest

🐛 Bug Fixes

• fix(sdk-logs): allow AnyValue attributes for logs and handle circular references #6210 @​david-luna
  • based on #5765 from @​alec2435
• fix(browser-detector): use window feature detection to avoid false positives in Node.js 21+ and Bun #6271 @​fiyinfoluwa001 @​overbalance

... (truncated)

Commits

• ad92be4 chore: prepare next release (#6402)
• 3e68499 feat(configuration): add prometheus exporter support (#6400)
• b743747 fix(configuration): remove default propagator initialization (#6399)
• 48e2fb4 chore(deps): update fossas/fossa-action action to v1.8.0 (#6405)
• 90d1afa ci: allow different release bumps for groups (#6397)
• c1d0543 fix(deps): update dependency axios to v1.13.5 [security] (#6398)
• a78d112 fix(deps): update dependency @​grpc/grpc-js to v1.8.22 [security] (#6366)
• fcafab5 chore: fix lint (#6388)
• a0d5c14 fix(otlp-exporter-base): avoid use of a wrapped fetch (#6353)
• 819ebb2 chore(deps): update dependency webpack-merge...

  Description has been truncated

[dependabot]

Labels

The following labels could not be found: backend, dependencies, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.