chore(deps): bump the dependencies group across 1 directory with 20 updates

[dependabot]

Bumps the dependencies group with 20 updates in the / directory:

Package	From	To
@nestjs/common	11.1.18	11.1.19
@nestjs/core	11.1.18	11.1.19
@nestjs/platform-express	11.1.18	11.1.19
@nestjs/swagger	11.2.6	11.3.0
@opentelemetry/auto-instrumentations-node	0.72.0	0.73.0
@opentelemetry/exporter-metrics-otlp-http	0.214.0	0.215.0
@opentelemetry/exporter-trace-otlp-http	0.214.0	0.215.0
@opentelemetry/exporter-trace-otlp-proto	0.214.0	0.215.0
@opentelemetry/resources	2.6.1	2.7.0
@opentelemetry/sdk-metrics	2.6.1	2.7.0
@opentelemetry/sdk-node	0.214.0	0.215.0
axios	1.14.0	1.15.1
dotenv	17.4.1	17.4.2
@nestjs/cli	11.0.18	11.0.21
@nestjs/schematics	11.0.10	11.1.0
eslint	9.39.2	9.39.4
globals	17.4.0	17.5.0
prettier	3.8.1	3.8.3
typedoc	0.28.18	0.28.19
typescript-eslint	8.58.0	8.58.2

Updates @nestjs/common from 11.1.18 to 11.1.19

Release notes

Sourced from @​nestjs/common's releases.

v11.1.19 (2026-04-13)

Bug fixes

• microservices
  • #16762 fix(microservices): use backing field for consumer CRASH event listener (@​burhanharoon)
  • #16764 fix(microservices): prevent stack overflow in jsonsocket.handledata() (@​kamilmysliwiec)

Committers: 2

• Burhan Haroon⚡ (@​burhanharoon)
• Kamil Mysliwiec (@​kamilmysliwiec)

Commits

• 6730995 chore(release): publish v11.1.19 release
• See full diff in compare view

Updates @nestjs/core from 11.1.18 to 11.1.19

Release notes

Sourced from @​nestjs/core's releases.

v11.1.19 (2026-04-13)

Bug fixes

• microservices
  • #16762 fix(microservices): use backing field for consumer CRASH event listener (@​burhanharoon)
  • #16764 fix(microservices): prevent stack overflow in jsonsocket.handledata() (@​kamilmysliwiec)

Committers: 2

• Burhan Haroon⚡ (@​burhanharoon)
• Kamil Mysliwiec (@​kamilmysliwiec)

Commits

• 6730995 chore(release): publish v11.1.19 release
• See full diff in compare view

Updates @nestjs/platform-express from 11.1.18 to 11.1.19

Release notes

Sourced from @​nestjs/platform-express's releases.

v11.1.19 (2026-04-13)

Bug fixes

• microservices
  • #16762 fix(microservices): use backing field for consumer CRASH event listener (@​burhanharoon)
  • #16764 fix(microservices): prevent stack overflow in jsonsocket.handledata() (@​kamilmysliwiec)

Committers: 2

• Burhan Haroon⚡ (@​burhanharoon)
• Kamil Mysliwiec (@​kamilmysliwiec)

Commits

• 6730995 chore(release): publish v11.1.19 release
• See full diff in compare view

Updates @nestjs/swagger from 11.2.6 to 11.3.0

Release notes

Sourced from @​nestjs/swagger's releases.

Release 11.3.0

11.3.0 (2026-04-15)

Bug fixes

• #3826 fix: support nullable field in @​ApiResponse decorator (@​Nedunchezhiyan-M)
• #3784 fix(schema): include type field when nullable is used with allOf (@​maruthang)
• #3774 fix enum issue (@​SupunGeethanjana)
• #3798 fix(plugin): normalize workspace package import paths in metadata generator (@​maruthang)
• #3821 fix(plugin): handle same-file type references in SWC readonly metadata generation (@​maruthang)
• #3822 fix(type-helpers): eagerly apply plugin metadata properties in mapped type helpers (@​maruthang)
• #3840 fix: use child class type when re-declaring an inherited @​ApiProperty (@​Nedunchezhiyan-M)

Enhancements

• #3449 feat(api-header): add example property to ApiHeader decorator (@​leemhoon00)
• #3787 feat(decorators): support RegExp instances in @​ApiProperty({ pattern }) (@​temrjan)
• #3699 feat(api-body): add support for encoding in ApiBody decorator (@​lamuertepeluda)
• #3824 feat: support async patchDocumentOnRequest hook (@​Nedunchezhiyan-M)
• #3834 feat: expose generateSchema utility for programmatic schema access (@​Nedunchezhiyan-M)
• #3836 feat(plugin): add autoFillEnumName option to suppress duplicate enum schemas (@​Nedunchezhiyan-M)
• #3837 feat: merge descriptions when multiple decorators share the same HTTP status code (@​Nedunchezhiyan-M)
• #3839 feat: add excludeDynamicDefaults option to strip runtime-evaluated schema defaults (@​Nedunchezhiyan-M)
• #3841 feat: add DeepPartialType mapped-type helper for recursive optional properties (@​Nedunchezhiyan-M)

Dependencies

• #3850 fix(deps): update dependency swagger-ui-dist to v5.32.4 (@​renovate[bot])

Committers: 7

• JongHun Lim (@​leemhoon00)
• Maruthan G (@​maruthang)
• Rajasekar Janakiraman (@​rajasekar33)
• Supun Geethanjana Jayasinghe (@​SupunGeethanjana)
• Temrjan (@​temrjan)
• Vito Macchia (@​lamuertepeluda)
• @​Nedunchezhiyan-M

11.2.7

What's Changed

• fix(deps): update dependency lodash to v4.18.1 [security] by @​renovate[bot] in nestjs/swagger#3808
• fix(deps): update dependency @​nestjs/mapped-types to v2.1.1 by @​renovate[bot] in nestjs/swagger#3791
• fix(plugin): support TypeScript project references in ReadonlyVisitor by @​maruthang in nestjs/swagger#3804
• fix(plugin): skip auto-generated response decorator when Api*Response already present by @​maruthang in nestjs/swagger#3803
• fix(schema): handle const enum objects from SWC compiler metadata by @​maruthang in nestjs/swagger#3802
• fix(deps): update dependency path-to-regexp to v8.4.2 by @​renovate[bot] in nestjs/swagger#3815
• fix(swagger-explorer): prevent enum schema mutation across multiple document generations by @​maruthang in nestjs/swagger#3799
• fix(decorators): do not crash on Controller getter by @​robbtraister in nestjs/swagger#3788
• fix(plugin): handle non-ASCII characters in project paths by @​maruthang in nestjs/swagger#3786
• fix(explorer): pass version to operationIdFactory for all versioning types by @​maruthang in nestjs/swagger#3783
• chore(deps): update dependency class-validator to v0.15.1 by @​renovate[bot] in nestjs/swagger#3753
• fix(deps): update dependency swagger-ui-dist to v5.32.2 by @​renovate[bot] in nestjs/swagger#3738

... (truncated)

Commits

• 0106583 chore(): release v11.3.0
• 473b26f chore: add rxjs as dev dependency
• 5b0b014 test: regenerate api-spec
• 410d6a7 Merge pull request #3826 from Nedunchezhiyan-M/fix/api-response-nullable
• b1e16e6 Merge pull request #3849 from nestjs/renovate/release-it-20.x
• 71d9f7a chore(deps): update dependency release-it to v20
• fa96c15 Merge pull request #3625 from rajasekar33/feat/add-api-level-extensions
• 672a40d Merge pull request #3449 from leemhoon00/feat-apiheader-example
• b0f01d5 Merge pull request #3784 from maruthang/fix/nullable-type-field-3274
• 4063d94 Merge pull request #3774 from SupunGeethanjana/issue/3772
• Additional commits viewable in compare view

Updates @opentelemetry/auto-instrumentations-node from 0.72.0 to 0.73.0

Release notes

Sourced from @​opentelemetry/auto-instrumentations-node's releases.

auto-instrumentations-node: v0.73.0

0.73.0 (2026-04-17)

Features

• deps: update deps matching '@opentelemetry/*' (#3479) (8891261)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​opentelemetry/instrumentation-amqplib bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-aws-lambda bumped from ^0.66.0 to ^0.67.0
    • @​opentelemetry/instrumentation-aws-sdk bumped from ^0.69.0 to ^0.70.0
    • @​opentelemetry/instrumentation-bunyan bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-cassandra-driver bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-connect bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-cucumber bumped from ^0.30.0 to ^0.31.0
    • @​opentelemetry/instrumentation-dataloader bumped from ^0.31.0 to ^0.32.0
    • @​opentelemetry/instrumentation-dns bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-express bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-fs bumped from ^0.33.0 to ^0.34.0
    • @​opentelemetry/instrumentation-generic-pool bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-graphql bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-hapi bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-ioredis bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-kafkajs bumped from ^0.23.0 to ^0.24.0
    • @​opentelemetry/instrumentation-knex bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-koa bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-lru-memoizer bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-memcached bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-mongodb bumped from ^0.67.0 to ^0.68.0
    • @​opentelemetry/instrumentation-mongoose bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-mysql bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-mysql2 bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-nestjs-core bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-net bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-openai bumped from ^0.12.0 to ^0.13.0
    • @​opentelemetry/instrumentation-oracledb bumped from ^0.39.0 to ^0.40.0
    • @​opentelemetry/instrumentation-pg bumped from ^0.66.0 to ^0.67.0
    • @​opentelemetry/instrumentation-pino bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-redis bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-restify bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-router bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-runtime-node bumped from ^0.27.0 to ^0.28.0
    • @​opentelemetry/instrumentation-socket.io bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-tedious bumped from ^0.33.0 to ^0.34.0
    • @​opentelemetry/instrumentation-undici bumped from ^0.24.0 to ^0.25.0

... (truncated)

Changelog

Sourced from @​opentelemetry/auto-instrumentations-node's changelog.

0.73.0 (2026-04-17)

Features

• deps: update deps matching '@opentelemetry/*' (#3479) (8891261)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​opentelemetry/instrumentation-amqplib bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-aws-lambda bumped from ^0.66.0 to ^0.67.0
    • @​opentelemetry/instrumentation-aws-sdk bumped from ^0.69.0 to ^0.70.0
    • @​opentelemetry/instrumentation-bunyan bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-cassandra-driver bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-connect bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-cucumber bumped from ^0.30.0 to ^0.31.0
    • @​opentelemetry/instrumentation-dataloader bumped from ^0.31.0 to ^0.32.0
    • @​opentelemetry/instrumentation-dns bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-express bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-fs bumped from ^0.33.0 to ^0.34.0
    • @​opentelemetry/instrumentation-generic-pool bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-graphql bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-hapi bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-ioredis bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-kafkajs bumped from ^0.23.0 to ^0.24.0
    • @​opentelemetry/instrumentation-knex bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-koa bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-lru-memoizer bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-memcached bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-mongodb bumped from ^0.67.0 to ^0.68.0
    • @​opentelemetry/instrumentation-mongoose bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-mysql bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-mysql2 bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-nestjs-core bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-net bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-openai bumped from ^0.12.0 to ^0.13.0
    • @​opentelemetry/instrumentation-oracledb bumped from ^0.39.0 to ^0.40.0
    • @​opentelemetry/instrumentation-pg bumped from ^0.66.0 to ^0.67.0
    • @​opentelemetry/instrumentation-pino bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-redis bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-restify bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-router bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-runtime-node bumped from ^0.27.0 to ^0.28.0
    • @​opentelemetry/instrumentation-socket.io bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-tedious bumped from ^0.33.0 to ^0.34.0
    • @​opentelemetry/instrumentation-undici bumped from ^0.24.0 to ^0.25.0
    • @​opentelemetry/instrumentation-winston bumped from ^0.58.0 to ^0.59.0

... (truncated)

Commits

• bd017c8 chore: release main (#3451)
• 8891261 feat(deps): update deps matching '@opentelemetry/*' (#3479)
• 36a030c chore: switch to short license header (#3476)
• See full diff in compare view

Updates @opentelemetry/exporter-metrics-otlp-http from 0.214.0 to 0.215.0

Release notes

Sourced from @​opentelemetry/exporter-metrics-otlp-http's releases.

experimental/v0.215.0

0.215.0

💥 Breaking Changes

• feat(sdk-logs)!: add required forceFlush() to LogRecordExporter interface #6356 @​pichlermarc
  • (user-facing): LogRecordExporter interface now requires a forceFlush() method to be implemented. Custom exporters will need to implement this method to continue working with the Logs SDK.
• feat(api-logs, sdk-logs)!: add Logger#enabled() #6371 @​david-luna

🚀 Features

• feat(otlp-transformer): add custom protobuf logs serializer #6228 @​pichlermarc
• feat(otlp-transformer): add custom protobuf logs export response deserializer #6530 @​pichlermarc

🐛 Bug Fixes

• fix(instrumentation-fetch): preserve init overrides when input is a Request object #6421 @​akandic47
• fix(otlp-exporter-base): limit Node.js HTTP transport response body to 4 MiB #6552 @​kartikgola
• fix(instrumentation-fetch): avoid unwrapping fetch API when disabling #6575 @​david-luna
• fix(web-common): add check for possible unsafe json parse #6589 @​maryliag
• fix(otlp-transformer): add check for possible unsafe json parse #6588 @​maryliag

Commits

• a0476ee chore: prepare next release (#6603)
• 6bc69c7 fix(instr-fetch): avoid unwrap fetch API (#6575)
• 840f3d4 chore: re-arrange misplaced changelog entries (#6604)
• 2da8d39 feat(configuration): refactoring config loader to print warning message for b...
• 401af13 fix(deps): update dependency protobufjs to v8 (#6602)
• 36e2a9a fix(opentelemetry-core): add extra checks on internal merge function for safe...
• 8ee2a8b fix(web-common): add check for possible unsafe json parse (#6589)
• f40fd24 fix(otlp-transformer): add check for possible unsafe json parse (#6588)
• 394eeb0 chore: update changelog script (#6586)
• 36ce569 feat(sdk-metrics): adds the cardinalitySelector argument to PeriodicExporting...
• Additional commits viewable in compare view

Updates @opentelemetry/exporter-trace-otlp-http from 0.214.0 to 0.215.0

Release notes

Sourced from @​opentelemetry/exporter-trace-otlp-http's releases.

experimental/v0.215.0

0.215.0

💥 Breaking Changes

• feat(sdk-logs)!: add required forceFlush() to LogRecordExporter interface #6356 @​pichlermarc
  • (user-facing): LogRecordExporter interface now requires a forceFlush() method to be implemented. Custom exporters will need to implement this method to continue working with the Logs SDK.
• feat(api-logs, sdk-logs)!: add Logger#enabled() #6371 @​david-luna

🚀 Features

• feat(otlp-transformer): add custom protobuf logs serializer #6228 @​pichlermarc
• feat(otlp-transformer): add custom protobuf logs export response deserializer #6530 @​pichlermarc

🐛 Bug Fixes

• fix(instrumentation-fetch): preserve init overrides when input is a Request object #6421 @​akandic47
• fix(otlp-exporter-base): limit Node.js HTTP transport response body to 4 MiB #6552 @​kartikgola
• fix(instrumentation-fetch): avoid unwrapping fetch API when disabling #6575 @​david-luna
• fix(web-common): add check for possible unsafe json parse #6589 @​maryliag
• fix(otlp-transformer): add check for possible unsafe json parse #6588 @​maryliag

Commits

• a0476ee chore: prepare next release (#6603)
• 6bc69c7 fix(instr-fetch): avoid unwrap fetch API (#6575)
• 840f3d4 chore: re-arrange misplaced changelog entries (#6604)
• 2da8d39 feat(configuration): refactoring config loader to print warning message for b...
• 401af13 fix(deps): update dependency protobufjs to v8 (#6602)
• 36e2a9a fix(opentelemetry-core): add extra checks on internal merge function for safe...
• 8ee2a8b fix(web-common): add check for possible unsafe json parse (#6589)
• f40fd24 fix(otlp-transformer): add check for possible unsafe json parse (#6588)
• 394eeb0 chore: update changelog script (#6586)
• 36ce569 feat(sdk-metrics): adds the cardinalitySelector argument to PeriodicExporting...
• Additional commits viewable in compare view

Updates @opentelemetry/exporter-trace-otlp-proto from 0.214.0 to 0.215.0

Release notes

Sourced from @​opentelemetry/exporter-trace-otlp-proto's releases.

experimental/v0.215.0

0.215.0

💥 Breaking Changes

• feat(sdk-logs)!: add required forceFlush() to LogRecordExporter interface #6356 @​pichlermarc
  • (user-facing): LogRecordExporter interface now requires a forceFlush() method to be implemented. Custom exporters will need to implement this method to continue working with the Logs SDK.
• feat(api-logs, sdk-logs)!: add Logger#enabled() #6371 @​david-luna

🚀 Features

• feat(otlp-transformer): add custom protobuf logs serializer #6228 @​pichlermarc
• feat(otlp-transformer): add custom protobuf logs export response deserializer #6530 @​pichlermarc

🐛 Bug Fixes

• fix(instrumentation-fetch): preserve init overrides when input is a Request object #6421 @​akandic47
• fix(otlp-exporter-base): limit Node.js HTTP transport response body to 4 MiB #6552 @​kartikgola
• fix(instrumentation-fetch): avoid unwrapping fetch API when disabling #6575 @​david-luna
• fix(web-common): add check for possible unsafe json parse #6589 @​maryliag
• fix(otlp-transformer): add check for possible unsafe json parse #6588 @​maryliag

Commits

• a0476ee chore: prepare next release (#6603)
• 6bc69c7 fix(instr-fetch): avoid unwrap fetch API (#6575)
• 840f3d4 chore: re-arrange misplaced changelog entries (#6604)
• 2da8d39 feat(configuration): refactoring config loader to print warning message for b...
• 401af13 fix(deps): update dependency protobufjs to v8 (#6602)
• 36e2a9a fix(opentelemetry-core): add extra checks on internal merge function for safe...
• 8ee2a8b fix(web-common): add check for possible unsafe json parse (#6589)
• f40fd24 fix(otlp-transformer): add check for possible unsafe json parse (#6588)
• 394eeb0 chore: update changelog script (#6586)
• 36ce569 feat(sdk-metrics): adds the cardinalitySelector argument to PeriodicExporting...
• Additional commits viewable in compare view

Updates @opentelemetry/resources from 2.6.1 to 2.7.0

Release notes

Sourced from @​opentelemetry/resources's releases.

v2.7.0

2.7.0

🚀 Features

• feat(sdk-logs): implement log creation metrics #6433 @​anuraaga
• feat(sdk-metrics): add the cardinalitySelector argument to PeriodicExportingMetricReaders #6460 @​starzlocker
• feat(opentelemetry-core): add extra checks on internal merge function for safety #6587 @​maryliag

🐛 Bug Fixes

• fix(opentelemetry-resources): do not discard OTEL_RESOURCE_ATTRIBUTES when it contains empty kv pairs

🏠 Internal

• test(exporter-zipkin): fix broken browser test assertions and add missing coverage #6566 @​overbalance
• fix(sdk-metrics): repair ExponentialHistogram tests #6565 @​overbalance

Changelog

Sourced from @​opentelemetry/resources's changelog.

2.7.0

🚀 Features

• feat(sdk-logs): implement log creation metrics #6433 @​anuraaga
• feat(sdk-metrics): add the cardinalitySelector argument to PeriodicExportingMetricReaders #6460 @​starzlocker
• feat(opentelemetry-core): add extra checks on internal merge function for safety #6587 @​maryliag

🐛 Bug Fixes

• fix(opentelemetry-resources): do not discard OTEL_RESOURCE_ATTRIBUTES when it contains empty kv pairs

🏠 Internal

• test(exporter-zipkin): fix broken browser test assertions and add missing coverage #6566 @​overbalance
• fix(sdk-metrics): repair ExponentialHistogram tests #6565 @​overbalance

Commits

• a0476ee chore: prepare next release (#6603)
• 6bc69c7 fix(instr-fetch): avoid unwrap fetch API (#6575)
• 840f3d4 chore: re-arrange misplaced changelog entries (#6604)
• 2da8d39 feat(configuration): refactoring config loader to print warning message for b...
• 401af13 fix(deps): update dependency protobufjs to v8 (#6602)
• 36e2a9a fix(opentelemetry-core): add extra checks on internal merge function for safe...
• 8ee2a8b fix(web-common): add check for possible unsafe json parse (#6589)
• f40fd24 fix(otlp-transformer): add check for possible unsafe json parse (#6588)
• 394eeb0 chore: update changelog script (#6586)
• 36ce569 feat(sdk-metrics): adds the cardinalitySelector argument to PeriodicExporting...
• Additional commits viewable in compare view

Updates @opentelemetry/sdk-metrics from 2.6.1 to 2.7.0

Release notes

Sourced from @​opentelemetry/sdk-metrics's releases.

v2.7.0

2.7.0

🚀 Features

• feat(sdk-logs): implement log creation metrics #6433 @​anuraaga
• feat(sdk-metrics): add the cardinalitySelector argument to PeriodicExportingMetricReaders #6460 @​starzlocker
• feat(opentelemetry-core): add extra checks on internal merge function for safety #6587 @​maryliag

🐛 Bug Fixes

• fix(opentelemetry-resources): do not discard OTEL_RESOURCE_ATTRIBUTES when it contains empty kv pairs

🏠 Internal

• test(exporter-zipkin): fix broken browser test assertions and add missing coverage #6566 @​overbalance
• fix(sdk-metrics): repair ExponentialHistogram tests #6565 @​overbalance

Changelog

Sourced from @​opentelemetry/sdk-metrics's changelog.

2.7.0

🚀 Features

• feat(sdk-logs): implement log creation metrics #6433 @​anuraaga
• feat(sdk-metrics): add the cardinalitySelector argument to PeriodicExportingMetricReaders #6460 @​starzlocker
• feat(opentelemetry-core): add extra checks on internal merge function for safety #6587 @​maryliag

🐛 Bug Fixes

• fix(opentelemetry-resources): do not discard OTEL_RESOURCE_ATTRIBUTES when it contains empty kv pairs

🏠 Internal

• test(exporter-zipkin): fix broken browser test assertions and add missing coverage #6566 @​overbalance
• fix(sdk-metrics): repair ExponentialHistogram tests #6565 @​overbalance

Commits

• a0476ee chore: prepare next release (#6603)
• 6bc69c7 fix(instr-fetch): avoid unwrap fetch API (#6575)
• 840f3d4 chore: re-arrange misplaced changelog entries (#6604)
• 2da8d39 feat(configuration): refactoring config loader to print warning message for b...
• 401af13 fix(deps): update dependency protobufjs to v8 (#6602)
• 36e2a9a fix(opentelemetry-core): add extra checks on internal merge function for safe...
• 8ee2a8b fix(web-common): add check for possible unsafe json parse (#6589)
• f40fd24 fix(otlp-transformer): add check for possible unsafe json parse (#6588)
• 394eeb0 chore: update changelog script (#6586)
• 36ce569 feat(sdk-metrics): adds the cardinalitySelector argument to PeriodicExporting...
• Additional commits viewable in compare view

Updates @opentelemetry/sdk-node from 0.214.0 to 0.215.0

Release notes

Sourced from @​opentelemetry/sdk-node's releases.

experimental/v0.215.0

0.215.0

💥 Breaking Changes

• feat(sdk-logs)!: add required forceFlush() to LogRecordExporter interface #6356 @​pichlermarc
  • (user-facing): LogRecordExporter interface now requires a forceFlush() method to be implemented. Custom exporters will need to implement this method to continue working with the Logs SDK.
• feat(api-logs, sdk-logs)!: add Logger#enabled() #6371 @​david-luna

🚀 Features

• feat(otlp-transformer): add custom protobuf logs serializer #6228 @​pichlermarc
• feat(otlp-transformer): add custom protobuf logs export response deserializer #6530 @​pichlermarc

🐛 Bug Fixes

• fix(instrumentation-fetch): preserve init overrides when input is a Request object #6421 @​akandic47
• fix(otlp-exporter-base): limit Node.js HTTP transport response body to 4 MiB #6552 @​kartikgola
• fix(instrumentation-fetch): avoid unwrapping fetch API when disabling #6575 @​david-luna
• fix(web-common): add check for possible unsafe json parse #6589 @​maryliag
• fix(otlp-transformer): add check for possible unsafe json parse #6588 @​maryliag

Commits

• a0476ee chore: prepare next release (#6603)
• 6bc69c7 fix(instr-fetch): avoid unwrap fetch API (#6575)
• 840f3d4 chore: re-arrange misplaced changelog entries (#6604)
• 2da8d39 feat(configuration): refactoring config loader to print warning message for b...
• 401af13 fix(deps): update dependency protobufjs to v8 (#6602)
• 36e2a9a fix(opentelemetry-core): add extra checks on internal merge function for safe...
• 8ee2a8b fix(web-common): add check for possible unsafe json parse (#6589)
• f40fd24 fix(otlp-transformer): add check for possible unsafe json parse (#6588)
• 394eeb0 chore: update changelog script (#6586)
• 36ce569 feat(sdk-metrics): adds the cardinalitySelector argument to PeriodicExporting...
• Additional commits viewable in compare view

Updates axios from 1.14.0 to 1.15.1

Release notes

Sourced from axios's releases.

v1.15.1

This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.

🔒 Security Fixes

• Header Injection Hardening: Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (#10749)
• CRLF Stripping in Multipart Headers: Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (#10758)
• Prototype Pollution / Auth Bypass: Replaced unsafe in checks with hasOwnProperty to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (#10761, #10760)
• withXSRFToken Truthy Bypass: Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (#10762)
• maxBodyLength With Zero Redirects: Enforces maxBodyLength even when maxRedirects is set to 0, closing a bypass path for oversized request bodies. (#10753)
• Streamed Response maxContentLength Bypass: Applies maxContentLength to streamed responses that previously bypassed the cap. (#10754)
• Follow-up CVE Completion: Completes an earlier incomplete CVE fix to fully close the regression window. (#10755)

🚀 New Features

• AI-Based Docs Translations: Initial scaffold for AI-assisted translations of the documentation site. (<...

  Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.