deps(backend): bump the minor-and-patch group across 1 directory with 25 updates

[dependabot]

Bumps the minor-and-patch group with 24 updates in the /backend directory:

Package	From	To
@aws-sdk/client-s3	3.957.0	3.1009.0
@aws-sdk/s3-request-presigner	3.957.0	3.1009.0
@opentelemetry/api	1.7.0	1.9.0
@opentelemetry/auto-instrumentations-node	0.40.3	0.71.0
@opentelemetry/exporter-trace-otlp-http	0.48.0	0.213.0
@opentelemetry/sdk-node	0.48.0	0.213.0
@opentelemetry/semantic-conventions	1.38.0	1.40.0
bullmq	5.66.2	5.71.0
multer	2.0.2	2.1.1
@types/multer	1.4.13	2.1.0
pdfkit	0.17.2	0.18.0
sanitize-html	2.17.0	2.17.1
@types/sanitize-html	2.16.0	2.16.1
stripe	20.1.0	20.4.1
@types/k6	1.4.0	1.6.0
@types/pdfkit	0.17.4	0.17.5
@typescript-eslint/eslint-plugin	8.50.1	8.57.0
@typescript-eslint/parser	8.50.1	8.57.0
@vitest/coverage-v8	4.0.16	4.1.0
eslint-plugin-prettier	5.5.4	5.5.5
prettier	3.7.4	3.8.1
supertest	7.1.4	7.2.2
@types/supertest	2.0.16	7.2.0
vitest	4.0.16	4.1.0

Updates @aws-sdk/client-s3 from 3.957.0 to 3.1009.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1009.0

3.1009.0(2026-03-13)

Chores

• codegen: sync for retry strategy lifecycle fix (#7842) (7bf8888b)

Documentation Changes

• client-medialive: Documents the VideoDescription.ScalingBehavior.SMART(underscore)CROP enum value. (fa49aa1b)
• client-sqs: document that SQS supports AWS Query protocol, non-default (#7847) (90772af6)
• clients: generate readme block about protocols (#7839) (21ffcafc)

New Features

• clients: update client endpoints as of 2026-03-13 (079cb594)
• client-api-gateway: API Gateway now supports an additional security policy "SecurityPolicy-TLS13-1-2-FIPS-PFS-PQ-2025-09" for REST APIs and custom domain names. The new policy is compliant with TLS 1.3, Federal Information Processing Standards (FIPS), Perfect Forward Secrecy (PFS), and post-quantum (PQ) cryptography (663ec588)
• client-gameliftstreams: Feature launch that enables customers to connect streaming sessions to their own VPCs running in AWS. (9b2dfe80)
• client-connect: Deprecating PredefinedNotificationID field (20194f10)
• client-ivs-realtime: Updates maximum reconnect window seconds from 60 to 300 for participant replication (e384ea14)
• client-glue: Add QuerySessionContext to BatchGetPartitionRequest (e39731fa)
• client-mediaconvert: This update adds support for Dolby AC-4 audio output, frame rate conversion between non-Dolby Vision inputs to Dolby Vision outputs, and clear lead CMAF HLS output. (11615b9f)
• client-quicksight: The change adds a new capability named ManageSharedFolders in Custom Permissions (cffca16f)
• client-mgn: Network Migration APIs are now publicly available for direct programmatic access. Customers can now call Network Migration APIs directly without going through AWS Transform (ATX), enabling automation, integration with existing tools, and self-service migration workflows. (2c814ea8)
• client-config-service: Fix pagination support for DescribeConformancePackCompliance, and update OrganizationConfigRule InputParameters max length to match ConfigRule. (469faf6f)

---

For list of updated packages, view updated-packages.md in assets-3.1009.0.zip

v3.1008.0

3.1008.0(2026-03-12)

Chores

• disable TypeScript detection when env var is 'true' (#7838) (b21a7826)

New Features

• clients: update client endpoints as of 2026-03-12 (c33f9da7)
• client-datasync: DataSync's 3 location types, Hadoop Distributed File System (HDFS), FSx for Windows File Server (FSx Windows), and FSx for NetApp ONTAP (FSx ONTAP) now have credentials managed via Secrets Manager, which may be encrypted with service keys or be configured to use customer-managed keys or secret. (dee9cb3e)
• client-ecr: Add Chainguard to PTC upstreamRegistry enum (4f3727d3)
• client-s3: Adds support for account regional namespaces for general purpose buckets. The account regional namespace is a reserved subdivision of the global bucket namespace where only your account can create general purpose buckets. (17910287)

Bug Fixes

• util-user-agent-node: read typescript version from app package.json (#7840) (5253141c)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1009.0 (2026-03-13)

Note: Version bump only for package @​aws-sdk/client-s3

3.1008.0 (2026-03-12)

Features

• client-s3: Adds support for account regional namespaces for general purpose buckets. The account regional namespace is a reserved subdivision of the global bucket namespace where only your account can create general purpose buckets. (1791028)

3.1007.0 (2026-03-11)

Note: Version bump only for package @​aws-sdk/client-s3

3.1006.0 (2026-03-10)

Note: Version bump only for package @​aws-sdk/client-s3

3.1005.0 (2026-03-09)

Note: Version bump only for package @​aws-sdk/client-s3

3.1004.0 (2026-03-06)

Note: Version bump only for package @​aws-sdk/client-s3

... (truncated)

Commits

• 7888030 Publish v3.1009.0
• 7bf8888 chore(codegen): sync for retry strategy lifecycle fix (#7842)
• 21ffcaf docs(clients): generate readme block about protocols (#7839)
• 543c385 Publish v3.1008.0
• 1791028 feat(client-s3): Adds support for account regional namespaces for general pur...
• 7718940 Publish v3.1007.0
• fa4dc50 Publish v3.1006.0
• 0e58193 test(snapshot-testing): error response snapshots (#7836)
• e692718 Publish v3.1005.0
• 2b96330 test(snapshot-testing): implement response snapshots (#7803)
• Additional commits viewable in compare view

Updates @aws-sdk/s3-request-presigner from 3.957.0 to 3.1009.0

Release notes

Sourced from @​aws-sdk/s3-request-presigner's releases.

v3.1009.0

3.1009.0(2026-03-13)

Chores

• codegen: sync for retry strategy lifecycle fix (#7842) (7bf8888b)

Documentation Changes

• client-medialive: Documents the VideoDescription.ScalingBehavior.SMART(underscore)CROP enum value. (fa49aa1b)
• client-sqs: document that SQS supports AWS Query protocol, non-default (#7847) (90772af6)
• clients: generate readme block about protocols (#7839) (21ffcafc)

New Features

• clients: update client endpoints as of 2026-03-13 (079cb594)
• client-api-gateway: API Gateway now supports an additional security policy "SecurityPolicy-TLS13-1-2-FIPS-PFS-PQ-2025-09" for REST APIs and custom domain names. The new policy is compliant with TLS 1.3, Federal Information Processing Standards (FIPS), Perfect Forward Secrecy (PFS), and post-quantum (PQ) cryptography (663ec588)
• client-gameliftstreams: Feature launch that enables customers to connect streaming sessions to their own VPCs running in AWS. (9b2dfe80)
• client-connect: Deprecating PredefinedNotificationID field (20194f10)
• client-ivs-realtime: Updates maximum reconnect window seconds from 60 to 300 for participant replication (e384ea14)
• client-glue: Add QuerySessionContext to BatchGetPartitionRequest (e39731fa)
• client-mediaconvert: This update adds support for Dolby AC-4 audio output, frame rate conversion between non-Dolby Vision inputs to Dolby Vision outputs, and clear lead CMAF HLS output. (11615b9f)
• client-quicksight: The change adds a new capability named ManageSharedFolders in Custom Permissions (cffca16f)
• client-mgn: Network Migration APIs are now publicly available for direct programmatic access. Customers can now call Network Migration APIs directly without going through AWS Transform (ATX), enabling automation, integration with existing tools, and self-service migration workflows. (2c814ea8)
• client-config-service: Fix pagination support for DescribeConformancePackCompliance, and update OrganizationConfigRule InputParameters max length to match ConfigRule. (469faf6f)

---

For list of updated packages, view updated-packages.md in assets-3.1009.0.zip

v3.1008.0

3.1008.0(2026-03-12)

Chores

• disable TypeScript detection when env var is 'true' (#7838) (b21a7826)

New Features

• clients: update client endpoints as of 2026-03-12 (c33f9da7)
• client-datasync: DataSync's 3 location types, Hadoop Distributed File System (HDFS), FSx for Windows File Server (FSx Windows), and FSx for NetApp ONTAP (FSx ONTAP) now have credentials managed via Secrets Manager, which may be encrypted with service keys or be configured to use customer-managed keys or secret. (dee9cb3e)
• client-ecr: Add Chainguard to PTC upstreamRegistry enum (4f3727d3)
• client-s3: Adds support for account regional namespaces for general purpose buckets. The account regional namespace is a reserved subdivision of the global bucket namespace where only your account can create general purpose buckets. (17910287)

Bug Fixes

• util-user-agent-node: read typescript version from app package.json (#7840) (5253141c)

... (truncated)

Changelog

Sourced from @​aws-sdk/s3-request-presigner's changelog.

3.1009.0 (2026-03-13)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1008.0 (2026-03-12)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1007.0 (2026-03-11)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1006.0 (2026-03-10)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1005.0 (2026-03-09)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1004.0 (2026-03-06)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.1003.0 (2026-03-05)

... (truncated)

Commits

• 7888030 Publish v3.1009.0
• 7bf8888 chore(codegen): sync for retry strategy lifecycle fix (#7842)
• 543c385 Publish v3.1008.0
• 7718940 Publish v3.1007.0
• fa4dc50 Publish v3.1006.0
• e692718 Publish v3.1005.0
• 2b96330 test(snapshot-testing): implement response snapshots (#7803)
• 7c08152 Publish v3.1004.0
• 4c36ea3 Publish v3.1003.0
• 8ddd544 chore: bump '@smithy/*' dependencies (#7822)
• Additional commits viewable in compare view

Updates @opentelemetry/api from 1.7.0 to 1.9.0

Release notes

Sourced from @​opentelemetry/api's releases.

api/v1.9.0

1.9.0

🚀 (Enhancement)

• feat(metrics): added synchronous gauge #4528 @​clintonb
• feat(api): allow adding span links after span creation #4536 @​seemk
  • This change is non-breaking for end-users, but breaking for Trace SDK implmentations in accordance with the specification as new features need to be implemented.
• feat: support node 22 #4666 @​dyladan

API v1.8.0

🚀 (Enhancement)

• feat(api): add SugaredTracer for functions not defined in the spec #3317 @​secustor

🐛 (Bug Fix)

• fix(api): fix unreachable @​opentelemetry/api/experimental entry #4446 @​legendecas

Changelog

Sourced from @​opentelemetry/api's changelog.

1.9.0

🚀 (Enhancement)

• feat(instrumentation-grpc): set net.peer.name and net.peer.port on client spans #3430
• feat(exporter-trace-otlp-proto): Add protobuf otlp trace exporter support for browser #3208 @​pkanal

🐛 (Bug Fix)

• fix(sdk-metrics): use default Resource to comply with semantic conventions #3411 @​pichlermarc
  • Metrics exported by the SDK now contain the following resource attributes by default:
    • service.name
    • telemetry.sdk.name
    • telemetry.sdk.language
    • telemetry.sdk.version
• fix(sdk-metrics): use Date.now() for instrument recording timestamps #3514 @​MisterSquishy
• fix(sdk-trace): make spans resilient to clock drift #3434 @​dyladan
• fix(selenium-tests): updated webpack version for selenium test issue #3456 @​SaumyaBhushan
• fix(sdk-metrics): collect metrics when periodic exporting metric reader flushes #3517 @​legendecas
• fix(sdk-metrics): fix duplicated registration of metrics for collectors #3488 @​legendecas
• fix(core): fix precision loss in numberToHrtime #3480 @​legendecas

🏠 (Internal)

• chore: automatically generate tsconfigs #3432 @​legendecas
• chore: enforce format with prettier #3444 @​legendecas

1.8.0

• @opentelemetry/sdk-metrics has been promoted to stable
• @opentelemetry/api-metrics has been merged into @opentelemetry/api and deprecated

💥 Breaking Change

• feat(api): merge api-metrics into api #3374 @​legendecas

🚀 (Enhancement)

• feat(sdk-trace): re-export sdk-trace-base in sdk-trace-node and web #3319 @​legendecas
• feat: enable tree shaking #3329 @​pkanal

🐛 (Bug Fix)

• fix(sdk-trace): enforce consistent span durations #3327 @​dyladan
• fix(resources): fix EnvDetector throwing errors when attribute values contain spaces #3295
• fix(trace): fix an issue which caused negative span durations in web based spans #3359 @​dyladan
• fix(resources): strict OTEL_RESOURCE_ATTRIBUTES baggage octet decoding

... (truncated)

Commits

• 08f597f chore: release API 1.4.0 / SDK 1.9.0 / 0.35.0 (#3516)
• 969bb62 fix(tracing): make spans resilient to performance clock drift (#3434)
• 2dcc898 Document repo settings (#3519)
• 475e401 docs(sdk-metrics): fix badge and reword introductory sentence (#3484)
• 126ae93 fix(sdk-node): fix exporter to be read only OTEL_TRACES_EXPORTER is set to a ...
• c93ab9e fix(core): fix precision loss in numberToHrtime (#3480)
• 3fd6fb8 fix(sdk-metrics): fix duplicated registration of metrics for collectors (#3488)
• 93222fc fix(api): declare this parameter type in observable callbacks (#3497)
• eecb800 feat(sdk-node): configure no-op sdk with OTEL_SDK_DISABLED environment vari...
• 1c3af6c feat(api-logs): add the SeverityNumber enumeration (#3443)
• Additional commits viewable in compare view

Updates @opentelemetry/auto-instrumentations-node from 0.40.3 to 0.71.0

Release notes

Sourced from @​opentelemetry/auto-instrumentations-node's releases.

auto-instrumentations-node: v0.71.0

0.71.0 (2026-03-04)

Features

• deps: update deps matching "@opentelemetry/*" (#3411) (7f4b776)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​opentelemetry/instrumentation-amqplib bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-aws-lambda bumped from ^0.64.0 to ^0.65.0
    • @​opentelemetry/instrumentation-aws-sdk bumped from ^0.67.0 to ^0.68.0
    • @​opentelemetry/instrumentation-bunyan bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-cassandra-driver bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-connect bumped from ^0.55.0 to ^0.56.0
    • @​opentelemetry/instrumentation-cucumber bumped from ^0.28.0 to ^0.29.0
    • @​opentelemetry/instrumentation-dataloader bumped from ^0.29.0 to ^0.30.0
    • @​opentelemetry/instrumentation-dns bumped from ^0.55.0 to ^0.56.0
    • @​opentelemetry/instrumentation-express bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-fastify bumped from ^0.56.0 to ^0.57.0
    • @​opentelemetry/instrumentation-fs bumped from ^0.31.0 to ^0.32.0
    • @​opentelemetry/instrumentation-generic-pool bumped from ^0.55.0 to ^0.56.0
    • @​opentelemetry/instrumentation-graphql bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-hapi bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-ioredis bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-kafkajs bumped from ^0.21.0 to ^0.22.0
    • @​opentelemetry/instrumentation-knex bumped from ^0.56.0 to ^0.57.0
    • @​opentelemetry/instrumentation-koa bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-lru-memoizer bumped from ^0.56.0 to ^0.57.0
    • @​opentelemetry/instrumentation-memcached bumped from ^0.55.0 to ^0.56.0
    • @​opentelemetry/instrumentation-mongodb bumped from ^0.65.0 to ^0.66.0
    • @​opentelemetry/instrumentation-mongoose bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-mysql bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-mysql2 bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-nestjs-core bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-net bumped from ^0.56.0 to ^0.57.0
    • @​opentelemetry/instrumentation-openai bumped from ^0.10.0 to ^0.11.0
    • @​opentelemetry/instrumentation-oracledb bumped from ^0.37.0 to ^0.38.0
    • @​opentelemetry/instrumentation-pg bumped from ^0.64.0 to ^0.65.0
    • @​opentelemetry/instrumentation-pino bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-redis bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-restify bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-router bumped from ^0.56.0 to ^0.57.0
    • @​opentelemetry/instrumentation-runtime-node bumped from ^0.25.0 to ^0.26.0
    • @​opentelemetry/instrumentation-socket.io bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-tedious bumped from ^0.31.0 to ^0.32.0

... (truncated)

Changelog

Sourced from @​opentelemetry/auto-instrumentations-node's changelog.

0.71.0 (2026-03-04)

Features

• deps: update deps matching "@opentelemetry/*" (#3411) (7f4b776)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​opentelemetry/instrumentation-amqplib bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-aws-lambda bumped from ^0.64.0 to ^0.65.0
    • @​opentelemetry/instrumentation-aws-sdk bumped from ^0.67.0 to ^0.68.0
    • @​opentelemetry/instrumentation-bunyan bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-cassandra-driver bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-connect bumped from ^0.55.0 to ^0.56.0
    • @​opentelemetry/instrumentation-cucumber bumped from ^0.28.0 to ^0.29.0
    • @​opentelemetry/instrumentation-dataloader bumped from ^0.29.0 to ^0.30.0
    • @​opentelemetry/instrumentation-dns bumped from ^0.55.0 to ^0.56.0
    • @​opentelemetry/instrumentation-express bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-fastify bumped from ^0.56.0 to ^0.57.0
    • @​opentelemetry/instrumentation-fs bumped from ^0.31.0 to ^0.32.0
    • @​opentelemetry/instrumentation-generic-pool bumped from ^0.55.0 to ^0.56.0
    • @​opentelemetry/instrumentation-graphql bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-hapi bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-ioredis bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-kafkajs bumped from ^0.21.0 to ^0.22.0
    • @​opentelemetry/instrumentation-knex bumped from ^0.56.0 to ^0.57.0
    • @​opentelemetry/instrumentation-koa bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-lru-memoizer bumped from ^0.56.0 to ^0.57.0
    • @​opentelemetry/instrumentation-memcached bumped from ^0.55.0 to ^0.56.0
    • @​opentelemetry/instrumentation-mongodb bumped from ^0.65.0 to ^0.66.0
    • @​opentelemetry/instrumentation-mongoose bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-mysql bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-mysql2 bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-nestjs-core bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-net bumped from ^0.56.0 to ^0.57.0
    • @​opentelemetry/instrumentation-openai bumped from ^0.10.0 to ^0.11.0
    • @​opentelemetry/instrumentation-oracledb bumped from ^0.37.0 to ^0.38.0
    • @​opentelemetry/instrumentation-pg bumped from ^0.64.0 to ^0.65.0
    • @​opentelemetry/instrumentation-pino bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-redis bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-restify bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-router bumped from ^0.56.0 to ^0.57.0
    • @​opentelemetry/instrumentation-runtime-node bumped from ^0.25.0 to ^0.26.0
    • @​opentelemetry/instrumentation-socket.io bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-tedious bumped from ^0.31.0 to ^0.32.0
    • @​opentelemetry/instrumentation-undici bumped from ^0.22.0 to ^0.23.0

... (truncated)

Commits

• 39f08c3 chore: release main (#3410)
• 7f4b776 feat(deps): update deps matching "@opentelemetry/*" (#3411)
• 630937d chore: release main (#3398)
• 0b33a11 chore: release main (#3365)
• d3ac785 chore(deps): update deps matching "@opentelemetry/*" (#3383)
• 97d9ef0 fix(auto-instrumentation-node): resource detector from env should be the last...
• 7a5f3c0 chore: release main (#3342)
• a56bbdc feat(deps): update deps matching '@opentelemetry/*' (#3353)
• c84212c chore: release main (#3315)
• 2954943 feat(deps): update deps matching '@opentelemetry/*' (#3340)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​opentelemetry/auto-instrumentations-node since your current version.

Updates @opentelemetry/exporter-trace-otlp-http from 0.48.0 to 0.213.0

Release notes

Sourced from @​opentelemetry/exporter-trace-otlp-http's releases.

experimental/v0.213.0

0.213.0

💥 Breaking Changes

• fix(api-logs)!: drop lingering includeTraceContext from LoggerOptions type #6451 @​trentm

🚀 Features

• feat(instrumentation-http): provide http.request.header.<key> at server span creation time #6396 @​vitorvasc

🐛 Bug Fixes

• fix(instrumentation-http): guard against double-instrumentation if loaded with require('http') and import 'http' #6428 @​trentm
• fix(otlp-exporter-base): handle response error #6412 @​pichlermarc
  • Fixes a bug where when the response header was received, but the connection was reset by the server, an unhandled error would be thrown.
• fix(otlp-exporter-base): remove sendBeacon in favor of fetch with keepalive #6391 @​overbalance
  • (user-facing) createOtlpSendBeaconExportDelegate will be removed in a future version
• fix(otlp-transformer): downgrade protobufjs to version ^7.0.0 #6418 @​vitorvasc
• fix(instrumentation-fetch): handle HeadersInit tuple arrays in _addHeaders #6341 @​overbalance @​imadha

experimental/v0.212.0

0.212.0

💥 Breaking Changes

• feat(sdk-logs)!: move environment variable configuration to @opentelemetry/sdk-node #6325 @​pichlermarc
  • (user-facing): environment variable configuration is no longer applied automatically when instantiating SDK components (LoggerProvider, BatchLogRecordProcessor) directly from @opentelemetry/sdk-logs. Please migrate to using NodeSDK from @opentelemetry/sdk-node to get automatic environment variable configuration.

🚀 Features

• feat(configuration): add Prometheus exporter support #6400 @​MikeGoldsmith
• feat(sampler-composite): add ComposableAnnotatingSampler and ComposableRuleBasedSampler #6305 @​trentm
• feat(configuration): parse config for rc 3 #6304 @​maryliag
• feat(instrumentation): use the internals: true option with import-in-the-middle hook, allowing instrumentations to hook internal files in ES modules #6344 @​trentm

🐛 Bug Fixes

• fix(configuration): remove default propagator initialization #6399 @​MikeGoldsmith
• fix(instrumentation-fetch): preserve Response.url, type, and redirected properties #6243 @​AnubhavPurohit691
  • The fetch instrumentation now preserves the read-only url, type, and redirected properties from the original Response object when wrapping it with a Proxy. This fixes issues where code relying on these properties (e.g., CORS type detection) would fail with instrumented fetch.
• fix(exporter-prometheus): add missing @opentelemetry/semantic-conventions dependency #6330 @​omizha
• fix(otlp-transformer): correctly handle Uint8Array attribute values when serializing to JSON #6348 @​pichlermarc
• fix(otlp-exporter-base): fix unwanted instrumentation of the fetch exports when context is not propagated #6353 @​david-luna

🏠 Internal

... (truncated)

Commits

• 541e1b4 chore: prepare next release (#6464)
• 30f94fe feat(instrumentation-http): provide http.request.header.\<key> at server spa...
• 2ac44ad refactor(context-zone-peer-dep): remove unnecessary helper methods and use me...
• 600e51d chore(deps): update github/codeql-action digest to c793b71 (#6458)
• ae30abf chore(deps): update dependency @​types/jquery to v4 (#6456)
• 6387d3c chore(release): use the HEAD commit as the target for draft GH release creati...
• 4cd3644 fix(deps): update dependency import-in-the-middle to v3 (#6403)
• 65c9d9f docs: fix changelog PR number typo (#6453)
• 3db56ba fix(api-logs)!: drop lingering includeTraceContext from LoggerOptions type (#...
• dcbead5 fix(instrumentation-fetch): handle HeadersInit tuple arrays in _addHeaders (#...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​opentelemetry/exporter-trace-otlp-http since your current version.

Updates @opentelemetry/sdk-node from 0.48.0 to 0.213.0

Release notes

Sourced from @​opentelemetry/sdk-node's releases.

experimental/v0.213.0

0.213.0

💥 Breaking Changes

• fix(api-logs)!: drop lingering includeTraceContext from LoggerOptions type #6451 @​trentm

🚀 Features

• feat(instrumentation-http): provide http.request.header.<key> at server span creation time #6396 @​vitorvasc

🐛 Bug Fixes

• fix(instrumentation-http): guard against double-instrumentation if loaded with require('http') and import 'http' #6428 @​trentm
• fix(otlp-exporter-base): handle response error #6412 @​pichlermarc
  • Fixes a bug where when the response header was received, but the connection was reset by the server, an unhandled error would be thrown.
• fix(otlp-exporter-base): remove sendBeacon in favor of fetch with keepalive #6391 @​overbalance
  • (user-facing) createOtlpSendBeaconExportDelegate will be removed in a future version
• fix(otlp-transformer): downgrade protobufjs to version ^7.0.0 #6418 @​vitorvasc
• fix(instrumentation-fetch): handle HeadersInit tuple arrays in _addHeaders #6341 @​overbalance @​imadha

experimental/v0.212.0

0.212.0

💥 Breaking Changes

• feat(sdk-logs)!: move environment variable configuration to @opentelemetry/sdk-node #6325 @​pichlermarc
  • (user-facing): environment variable configuration is no longer applied automatically when instantiating SDK components (LoggerProvider, BatchLogRecordProcessor) directly from @opentelemetry/sdk-logs. Please migrate to using NodeSDK from @opentelemetry/sdk-node to get automatic environment variable configuration.

🚀 Features

• feat(configuration): add Prometheus exporter support #6400 @​MikeGoldsmith
• feat(sampler-composite): add ComposableAnnotatingSampler and ComposableRuleBasedSampler #6305 @​trentm
• feat(configuration): parse config for rc 3 #6304 @​maryliag
• feat(instrumentation): use the internals: true option with import-in-the-middle hook, allowing instrumentations to hook internal files in ES modules #6344 @​trentm

🐛 Bug Fixes

• fix(configuration): remove default propagator initialization #6399 @​MikeGoldsmith
• fix(instrumentation-fetch): preserve Response.url, type, and redirected properties #6243 @​AnubhavPurohit691
  • The fetch instrumentation now preserves the read-only url, type, and redirected properties from the original Response object when wrapping it with a Proxy. This fixes issues where code relying on these properties (e.g., CORS type detection) would fail with instrumented fetch.
• fix(exporter-prometheus): add missing @opentelemetry/semantic-conventions dependency #6330 @​omizha
• fix(otlp-transformer): correctly handle Uint8Array attribute values when serializing to JSON #6348 @​pichlermarc
• fix(otlp-exporter-base): fix unwanted instrumentation of the fetch exports when context is not propagated #6353 @​david-luna

🏠 Internal

... (truncated)

Commits

• 541e1b4 chore: prepare next release (#6464)
• 30f94fe feat(instrumentation-http): provide http.request.header.\<key> at server spa...
• 2ac44ad refactor(context-zone-peer-dep): remove unnecessary helper methods and use me...
• 600e51d chore(deps): update github/codeql-action digest to c793b71 (#6458)
• ae30abf chore(deps): update dependency @​types/jquery to v4 (#6456)
• 6387d3c chore(release): use the HEAD commit as the target for draft GH release creati...
• 4cd3644 fix(deps): update dependency import-in-the-middle to v3 (#6403)
• 65c9d9f docs: fix changelog PR number typo (#6453)
• 3db56ba fix(api-logs)!: drop lingering includeTraceContext from LoggerOptions type (#...
• dcbead5 fix(instrumentation-fetch): handle HeadersInit tuple arrays in _addHeaders (#...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​opentelemetry/sdk-node since your current version.

Updates @opentelemetry/semantic-conventions from 1.38.0 to 1.40.0

Release notes

Sourced from @​opentelemetry/semantic-conventions's releases.

semconv/v1.40.0

1.40.0

🚀 Features

• feat: update semantic conventions to v1.40.0 #6438
  • Semantic Conventions v1.40.0: changelog | latest docs
  • @opentelemetry/semantic-conventions (stable) changes: 2 added exports
  • @opentelemetry/semantic-conventions/incubating (unstable) changes: 11 newly deprecated exports, 56 added exports

Stable changes in v1....

Description has been truncated

[dependabot]

Labels

The following labels could not be found: backend, dependencies, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.