Skip to content

fix(deps): vuln major upgrades — 15 packages (major: 3 · unstable: 5 · minor: 6 · patch: 1) [integration-tests/lambda/otlp-node]#1297

Draft
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/major/npm/otlp-node/0-1783415427
Draft

fix(deps): vuln major upgrades — 15 packages (major: 3 · unstable: 5 · minor: 6 · patch: 1) [integration-tests/lambda/otlp-node]#1297
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/major/npm/otlp-node/0-1783415427

Conversation

@gh-worker-campaigns-3e9aa4

Copy link
Copy Markdown
Contributor

Summary: High-severity security update — 16 packages upgraded (MAJOR changes included)

Manifests changed:

  • integration-tests/lambda/otlp-node (npm)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.


Updates

Package From To Type Dep Type Vulnerabilities Fixed
@opentelemetry/sdk-node 0.54.2 0.220.0 unstable Direct 1 HIGH
@opentelemetry/core 1.27.0 1.30.1 minor Transitive 1 MEDIUM
@opentelemetry/exporter-trace-otlp-grpc 0.54.2 0.220.0 unstable Direct -
@opentelemetry/exporter-trace-otlp-http 0.54.2 0.220.0 unstable Direct -
@opentelemetry/exporter-trace-otlp-proto 0.54.2 0.220.0 unstable Direct -
@opentelemetry/otlp-transformer 0.54.2 0.220.0 unstable Direct -
@opentelemetry/resources 1.30.1 2.9.0 major Direct -
@opentelemetry/sdk-trace-base 1.30.1 2.9.0 major Direct -
@opentelemetry/sdk-trace-node 1.30.1 2.9.0 major Direct -
@opentelemetry/context-async-hooks 1.27.0 1.30.1 minor Transitive -
@opentelemetry/exporter-zipkin 1.27.0 1.30.1 minor Transitive -
@opentelemetry/propagator-b3 1.27.0 1.30.1 minor Transitive -
@opentelemetry/propagator-jaeger 1.27.0 1.30.1 minor Transitive -
@opentelemetry/sdk-metrics 1.27.0 1.30.1 minor Transitive -
undici-types 7.24.6 7.28.0 minor Transitive -
undici-types 7.24.6 7.24.8 patch Transitive -

Warning

Major Version Upgrade

This update includes major version changes that may contain breaking changes. Please:

  • Review the changelog/release notes for breaking changes
  • Test thoroughly in a staging environment
  • Update any code that depends on changed APIs
  • Ensure all tests pass before merging

Security Details

🚨 Critical & High Severity (1 fixed)
Package CVE Severity Summary Unsafe Version Fixed In Case
@opentelemetry/sdk-node GHSA-q7rr-3cgh-j5r3 HIGH Prometheus exporter process crash via malformed HTTP request 0.54.2 0.217.0 -
ℹ️ Other Vulnerabilities (1)
Package CVE Severity Summary Unsafe Version Fixed In Case
@opentelemetry/core GHSA-8988-4f7v-96qf MODERATE OpenTelemetry Core: Unbounded memory allocation in W3C Baggage propagation 1.27.0 2.8.0 -

Review Checklist

Extra review is recommended for this update:

  • Review changes for compatibility with your code
  • Check release notes for breaking changes
  • Run integration tests to verify service behavior
  • Test in staging environment before production
  • Monitor key metrics after deployment
  • Approve and merge this PR

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

…or: 6 · patch: 1) [integration-tests/lambda/otlp-node]
@datadog-prod-us1-5

datadog-prod-us1-5 Bot commented Jul 7, 2026

Copy link
Copy Markdown

Pipelines

Fix all issues with BitsAI

⚠️ Warnings

🚦 1 Pipeline job failed

DataDog/datadog-lambda-extension | build node lambdas   View in Datadog   GitLab

Useful? React with 👍 / 👎

This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 4cc9f91 | Docs | Datadog PR Page | Give us feedback!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants