Update dependencies and fix OpenTelemetry alignment issues#809
Merged
Conversation
Bumps [property-information](https://github.com/wooorm/property-information) from 7.1.0 to 7.2.0. - [Release notes](https://github.com/wooorm/property-information/releases) - [Commits](wooorm/property-information@7.1.0...7.2.0) --- updated-dependencies: - dependency-name: property-information dependency-version: 7.2.0 dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
… protobufjs - Add overrides for @opentelemetry/core ^2.8.0, @opentelemetry/resources ^2.8.0, @opentelemetry/sdk-logs ^0.219.0, @opentelemetry/sdk-metrics ^2.8.0, @opentelemetry/sdk-trace-base ^2.8.0 to fix GHSA-8988-4f7v-96qf (unbounded memory allocation in W3C Baggage propagation) - Add override for dompurify ^3.4.11 to lock the already-patched version - Run npm audit fix to update protobufjs past 7.6.2 (GHSA-f38q-mgvj-vph7) - Reduces vulnerabilities from 48 (6 high, 42 moderate) to 9 (all high) - Remaining 9 are all from GHSA-q7rr-3cgh-j5r3 inside genkit's internal telemetry stack; fix requires breaking genkit downgrade (not viable) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01UkMpcRMpCk7V8jdSGZTXpz
…ignment Code review of PR #804 identified that the direct dependency @opentelemetry/winston-transport was still on ^0.28.0 while the overrides enforce the rest of the otel stack at 2.x. Bumping to ^0.29.0 keeps the direct dep consistent with the forced transitive versions. All 60 tests pass, typecheck clean, npm audit unchanged at 9 high. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01UkMpcRMpCk7V8jdSGZTXpz
…ities-z146wr fix: resolve Dependabot security vulnerabilities (protobufjs + OpenTelemetry)
Consolidates the implementable Dependabot dependency-update PRs onto one branch. Verified together: typecheck, lint, and unit tests (60) all pass. npm dependencies: - googleapis ^171.0.0 -> ^173.0.0 (#772) - date-fns ^4.1.0 -> ^4.4.0 (#773) - react-hook-form ^7.76.1 -> ^7.80.0 (#766, forms group) - next 16.2.6 -> 16.2.9, react/react-dom ^19.2.6 -> ^19.2.7, eslint-config-next ^16.2.6 -> ^16.2.9 (#764, nextjs group) - dev-dependencies group (#803): @playwright/test ^1.61.1, @typescript-eslint/parser ^8.62.0, eslint ^10.5.0, vitest ^4.1.9 (plus transitive members incl. baseline-browser-mapping #771, property-information #768) GitHub Actions: - actions/checkout v4 -> v6 (#763) - actions/setup-node v4 -> v6 (#761) - softprops/action-gh-release v2 -> v3 (#762) Held back as breaking (CI fails, need dedicated code changes): - typescript 5.9 -> 6.0 (#765): new type errors - react-day-picker 9 -> 10 (#774): v10 changes the classNames/Chevron API used in src/components/ui/calendar.tsx Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Ajz6jNVsbUicrdijeYyopu
…-iopwvx chore: update dependencies and GitHub Actions versions
Bumps [actions/checkout](https://github.com/actions/checkout) from 6 to 7. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v6...v7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [react-day-picker](https://github.com/gpbl/react-day-picker/tree/HEAD/packages/react-day-picker) from 9.14.0 to 10.0.1. - [Release notes](https://github.com/gpbl/react-day-picker/releases) - [Changelog](https://github.com/gpbl/react-day-picker/blob/main/packages/react-day-picker/CHANGELOG.md) - [Commits](https://github.com/gpbl/react-day-picker/commits/v10.0.1/packages/react-day-picker) --- updated-dependencies: - dependency-name: react-day-picker dependency-version: 10.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
The production build failed with "Export hexToBinary doesn't exist in target module @opentelemetry/core". The stable OTel packages were pinned to the 2.x line via overrides, but the experimental exporter/transformer/ sdk-node chain pulled in by Genkit was still resolving to 0.52.1/1.25.1, which imports hexToBinary (removed from core in 2.x). Extend the overrides to align the experimental packages to 0.219.0 and the remaining stale stable packages to 2.8.0, so the whole OTel tree resolves to one consistent release set. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_015J9vKLd3c2eWiebFKD9Lgg
… 1 directory with 17 updates Bumps the development-dependencies group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [axe-core](https://github.com/dequelabs/axe-core) | `4.11.4` | `4.12.1` | | [axios](https://github.com/axios/axios) | `1.16.1` | `1.18.1` | | [browserslist](https://github.com/browserslist/browserslist) | `4.28.2` | `4.28.4` | | [chardet](https://github.com/runk/node-chardet) | `2.1.1` | `2.2.0` | | [enhanced-resolve](https://github.com/webpack/enhanced-resolve) | `5.22.1` | `5.24.1` | | [es-iterator-helpers](https://github.com/es-shims/iterator-helpers) | `1.3.2` | `1.3.3` | | [es-to-primitive](https://github.com/ljharb/es-to-primitive) | `1.3.0` | `1.3.4` | | [expect-type](https://github.com/mmkal/expect-type) | `1.3.0` | `1.4.0` | | [function.prototype.name](https://github.com/es-shims/Function.prototype.name) | `1.1.8` | `1.2.0` | | [obug](https://github.com/sxzz/obug) | `2.1.1` | `2.1.3` | | [openapi3-ts](https://github.com/metadevpro/openapi3-ts) | `4.5.0` | `4.6.0` | | [string.prototype.trim](https://github.com/es-shims/String.prototype.trim) | `1.2.10` | `1.2.11` | | [string.prototype.trimend](https://github.com/es-shims/String.prototype.trimEnd) | `1.0.9` | `1.0.10` | | [tinyexec](https://github.com/tinylibs/tinyexec) | `1.2.2` | `1.2.4` | | [tsx](https://github.com/privatenumber/tsx) | `4.22.3` | `4.22.4` | | [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.60.0` | `8.62.0` | | [which-typed-array](https://github.com/inspect-js/which-typed-array) | `1.1.21` | `1.1.22` | Updates `axe-core` from 4.11.4 to 4.12.1 - [Release notes](https://github.com/dequelabs/axe-core/releases) - [Changelog](https://github.com/dequelabs/axe-core/blob/develop/CHANGELOG.md) - [Commits](dequelabs/axe-core@v4.11.4...v4.12.1) Updates `axios` from 1.16.1 to 1.18.1 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.16.1...v1.18.1) Updates `browserslist` from 4.28.2 to 4.28.4 - [Release notes](https://github.com/browserslist/browserslist/releases) - [Changelog](https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md) - [Commits](browserslist/browserslist@4.28.2...4.28.4) Updates `chardet` from 2.1.1 to 2.2.0 - [Release notes](https://github.com/runk/node-chardet/releases) - [Commits](runk/node-chardet@v2.1.1...v2.2.0) Updates `enhanced-resolve` from 5.22.1 to 5.24.1 - [Release notes](https://github.com/webpack/enhanced-resolve/releases) - [Changelog](https://github.com/webpack/enhanced-resolve/blob/main/CHANGELOG.md) - [Commits](webpack/enhanced-resolve@v5.22.1...v5.24.1) Updates `es-iterator-helpers` from 1.3.2 to 1.3.3 - [Changelog](https://github.com/es-shims/iterator-helpers/blob/main/CHANGELOG.md) - [Commits](es-shims/iterator-helpers@v1.3.2...v1.3.3) Updates `es-to-primitive` from 1.3.0 to 1.3.4 - [Changelog](https://github.com/ljharb/es-to-primitive/blob/main/CHANGELOG.md) - [Commits](ljharb/es-to-primitive@v1.3.0...v1.3.4) Updates `expect-type` from 1.3.0 to 1.4.0 - [Release notes](https://github.com/mmkal/expect-type/releases) - [Commits](mmkal/expect-type@v1.3.0...v1.4.0) Updates `function.prototype.name` from 1.1.8 to 1.2.0 - [Changelog](https://github.com/es-shims/Function.prototype.name/blob/main/CHANGELOG.md) - [Commits](es-shims/Function.prototype.name@v1.1.8...v1.2.0) Updates `obug` from 2.1.1 to 2.1.3 - [Release notes](https://github.com/sxzz/obug/releases) - [Commits](sxzz/obug@v2.1.1...v2.1.3) Updates `openapi3-ts` from 4.5.0 to 4.6.0 - [Release notes](https://github.com/metadevpro/openapi3-ts/releases) - [Changelog](https://github.com/metadevpro/openapi3-ts/blob/master/Changelog.md) - [Commits](https://github.com/metadevpro/openapi3-ts/commits/v.4.6.0) Updates `string.prototype.trim` from 1.2.10 to 1.2.11 - [Changelog](https://github.com/es-shims/String.prototype.trim/blob/main/CHANGELOG.md) - [Commits](es-shims/String.prototype.trim@v1.2.10...v1.2.11) Updates `string.prototype.trimend` from 1.0.9 to 1.0.10 - [Changelog](https://github.com/es-shims/String.prototype.trimEnd/blob/main/CHANGELOG.md) - [Commits](es-shims/String.prototype.trimEnd@v1.0.9...v1.0.10) Updates `tinyexec` from 1.2.2 to 1.2.4 - [Release notes](https://github.com/tinylibs/tinyexec/releases) - [Commits](tinylibs/tinyexec@1.2.2...1.2.4) Updates `tsx` from 4.22.3 to 4.22.4 - [Release notes](https://github.com/privatenumber/tsx/releases) - [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs) - [Commits](privatenumber/tsx@v4.22.3...v4.22.4) Updates `typescript-eslint` from 8.60.0 to 8.62.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.0/packages/typescript-eslint) Updates `which-typed-array` from 1.1.21 to 1.1.22 - [Changelog](https://github.com/inspect-js/which-typed-array/blob/main/CHANGELOG.md) - [Commits](inspect-js/which-typed-array@v1.1.21...v1.1.22) --- updated-dependencies: - dependency-name: axe-core dependency-version: 4.12.1 dependency-type: indirect update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: axios dependency-version: 1.18.1 dependency-type: indirect update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: browserslist dependency-version: 4.28.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: chardet dependency-version: 2.2.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: enhanced-resolve dependency-version: 5.24.1 dependency-type: indirect update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: es-iterator-helpers dependency-version: 1.3.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: es-to-primitive dependency-version: 1.3.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: expect-type dependency-version: 1.4.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: function.prototype.name dependency-version: 1.2.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: obug dependency-version: 2.1.3 dependency-type: indirect update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: openapi3-ts dependency-version: 4.6.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: string.prototype.trim dependency-version: 1.2.11 dependency-type: indirect update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: string.prototype.trimend dependency-version: 1.0.10 dependency-type: indirect update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: tinyexec dependency-version: 1.2.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: tsx dependency-version: 4.22.4 dependency-type: indirect update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: typescript-eslint dependency-version: 8.62.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: which-typed-array dependency-version: 1.1.22 dependency-type: indirect update-type: version-update:semver-patch dependency-group: development-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
Add OpenTelemetry instrumentation and exporters
…tions/checkout-6 ci(deps): bump actions/checkout from 6 to 7
…lopment-dependencies-fe72432931 chore(deps)(deps-dev): bump the development-dependencies group across 1 directory with 17 updates
…erty-information-7.2.0 chore(deps)(deps): bump property-information from 7.1.0 to 7.2.0
…ith 3 updates Bumps the typescript group with 3 updates in the / directory: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node), [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) and [typescript](https://github.com/microsoft/TypeScript). Updates `@types/node` from 25.9.1 to 26.0.1 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) Updates `@types/react` from 19.2.15 to 19.2.17 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react) Updates `typescript` from 5.9.3 to 6.0.3 - [Release notes](https://github.com/microsoft/TypeScript/releases) - [Commits](microsoft/TypeScript@v5.9.3...v6.0.3) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 26.0.1 dependency-type: direct:development update-type: version-update:semver-major dependency-group: typescript - dependency-name: "@types/react" dependency-version: 19.2.17 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: typescript - dependency-name: typescript dependency-version: 6.0.3 dependency-type: direct:development update-type: version-update:semver-major dependency-group: typescript ... Signed-off-by: dependabot[bot] <support@github.com>
TypeScript 6.0 errors (TS5097) on import paths ending in .ts unless allowImportingTsExtensions is enabled. Drop the extensions to match the rest of the codebase, where flow imports are extensionless. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
react-day-picker 10 removed the deprecated `initialFocus` prop in favor of `autoFocus`. Update the date-picker call sites in the report pages. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…script-3b08f3a2a4 chore(deps)(deps-dev): bump the typescript group across 1 directory with 3 updates
…t-day-picker-10.0.1 chore(deps)(deps): bump react-day-picker from 9.14.0 to 10.0.1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.