chore(deps): bump import-in-the-middle, @opentelemetry/auto-instrumentations-node and @opentelemetry/sdk-node in /examples/tracetest-with-github-action-and-secrets/services/wallet-api

[dependabot[bot]]

Bumps import-in-the-middle to 1.7.4 and updates ancestor dependencies import-in-the-middle, @opentelemetry/auto-instrumentations-node and @opentelemetry/sdk-node. These dependencies need to be updated together.

Updates import-in-the-middle from 1.3.5 to 1.7.4

Release notes

Sourced from import-in-the-middle's releases.

v1.7.3

• Fix node 20 reexports #30
• Fix duplicate default exports #53

v1.7.1

• Revert "Fix loader cyclical dependency bug (DataDog/import-in-the-middle#36)" (DataDog/import-in-the-middle#48)

v1.7.0

• Fix loader cyclical dependency bug for Node.js >= v16.0.0 (#36)

v1.6.0

• Fix ESM in Node v18.19.0 (#44)
• Add extensionless support in 18.19 (#41)

v1.5.0

• Support Node.js v21 (#40)

v1.4.2

Bug Fixes

• sanitizes URLs passed to import, fixing a security vulnerability: CVE-2023-38704

v1.4.1

Warning This version of the library contains a known security vulnerability: CVE-2023-38704. We recommend upgrading immediately to at least v1.4.2.

Build Changes

• remove windows-specific test, add macos to matrix

v1.4.0

Warning This version of the library contains a known security vulnerability: CVE-2023-38704. We recommend upgrading immediately to at least v1.4.2.

Features

• add Node.js v20 support (#28)

Commits

• 00b01ff 1.7.4 (#72)
• cbac355 Use updated/renamed version of acorn-import-assertions (security fix) (#70)
• 20f2995 fix: ensure the hooked module exports has @@​toStringTag property (#66)
• c3c2c52 1.7.3 (#56)
• 6856bd9 Fix node 20 reexports (#30)
• e29c02d Clean up the test harness a bit (#55)
• 6f4aa45 Adds linting (#51)
• 3a3cd49 Fix duplicate default exports (#53)
• 8066c39 Add CI action to upload html coverage report (#54)
• ae292fb add tests for default import export and variable default export (#52)
• Additional commits viewable in compare view

Updates @opentelemetry/auto-instrumentations-node from 0.37.1 to 0.46.1

Release notes

Sourced from @​opentelemetry/auto-instrumentations-node's releases.

auto-instrumentations-node: v0.46.1

0.46.1 (2024-05-15)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​opentelemetry/instrumentation-aws-lambda bumped from ^0.41.0 to ^0.41.1
    • @​opentelemetry/instrumentation-connect bumped from ^0.36.0 to ^0.36.1
    • @​opentelemetry/instrumentation-express bumped from ^0.38.0 to ^0.39.0
    • @​opentelemetry/resource-detector-aws bumped from ^1.4.2 to ^1.5.0

instrumentation-redis: v0.39.1

0.39.1 (2024-05-02)

Bug Fixes

• instrumentation-redis: Take host and port used for connection (#2072) (3ad9fdf)
• remove unuseful patch message from instrumentations (#2161) (34f56e0)

instrumentation-pino: v0.39.0

0.39.0 (2024-05-02)

Features

• pino: support new pino version ^9.0.0 (#2163) (585b833)

Commits

• 54365a9 chore: release main (#2172)
• 330fbaa chore: update to new release-please-action (#2208)
• b432929 fix(aws-lambda): update semconv package and readme (#2181)
• feb2720 docs: remove unused semconv packages and document (#2182)
• bb5d3bb chore(instrumentation-bunyan): use strings exported for attributes (#2195)
• 416337e chore(instrumentation-net): use strings exported for attributes (#2194)
• 7795ff6 chore(instrumentation-nestjs-core): use strings exported for attributes (#2193)
• 025abda chore(instrumentation-memcached): use exported strings for attributes (#2192)
• fbbd32c chore(instrumentation-ioredis): use exported strings for attributes (#2191)
• b98e431 refactor(instr-graphql): use exported strings for attributes (#2156)
• Additional commits viewable in compare view

Updates @opentelemetry/sdk-node from 0.40.0 to 0.51.1

Release notes

Sourced from @​opentelemetry/sdk-node's releases.

Experimental v0.51.1

0.51.1

:bug: (Bug Fix)

• fix(instrumentation): update import-in-the-middle to 1.7.4

Experimental v0.51.0

0.51.0

:boom: Breaking Change

• feat(sdk-node)!: remove long deprecated methods in favor of constructor options #4606 @​pichlermarc
  • NodeSDK.configureTracerProvider(), please use constructor options instead
  • NodeSDK.configureMeterProvider(), please use constructor options instead
  • NodeSDK.configureLoggerProvider(), please use constructor options instead
  • NodeSDK.addResource(), please use constructor options instead
  • NodeSDK.detectResources(), this is not necessary anymore, resources are now auto-detected on NodeSDK.start() if the constructor option autoDetectResources is unset, undefined or true.
• feat(instrumentation): add patch and unpatch diag log messages #4641
  • Instrumentations should not log patch and unpatch messages to diag channel.
• feat!(instrumentation): remove moduleExports generic type from instrumentation registration #4598 @​blumamir
  • breaking for instrumentation authors that depend on
    • InstrumentationBase
    • InstrumentationNodeModuleDefinition
    • InstrumentationNodeModuleFile

:rocket: (Enhancement)

• refactor(instrumentation-grpc): move to use SEMATTRS #4633
• feat(otlp-transformer): consolidate scope/resource creation in transformer #4600
• feat(sdk-logs): print message when attributes are dropped due to attribute count limit #4614 @​HyunnoH
• feat(sdk-node): add usage for the detector ServiceInstanceIdDetectorSync. #4626 @​maryliag
  • The resource detector can be added to default resource detector list by adding the value serviceinstance to the list of resource detectors on the environment variable OTEL_NODE_RESOURCE_DETECTORS, e.g OTEL_NODE_RESOURCE_DETECTORS=env,host,os,serviceinstance
  • The value can be overwritten by
    • merging a resource containing the service.instance.id attribute
    • using another resource detector which writes service.instance.id

:bug: (Bug Fix)

• fix(otlp-grpc-exporter-base): avoid TypeError on exporter shutdown #4612 @​pichlermarc
• fix(instrumentation): Don't use require to load package.json files #4593 @​timfish

Experimental v0.50.0

0.50.0

:boom: Breaking Change

• fix(exporter-*-otlp-grpc)!: lazy load gRPC to improve compatibility with @opentelemetry/instrumenation-grpc #4432 @​pichlermarc
  • Fixes a bug where requiring the gRPC exporter before enabling the instrumentation from @opentelemetry/instrumentation-grpc would lead to missing telemetry

... (truncated)

Commits

• 41c2626 Merge pull request #4682 from dynatrace-oss-contrib/release/1.24.x-0.51.x-2
• 7cb72a6 chore: prepare release 1.24.1/0.51.1
• 8a6d03f chore: sync package-lock.json, adapt changelog
• dfc883c fix(exporter-metrics-otlp-grpc) Add explicit otlp-exporter-base depen… (#4678)
• 75817d7 fix(deps): update dependency import-in-the-middle to v1.7.4 (#4667)
• fe132d7 fix(core): align inconsistent behavior of getEnv() and getEnvWithoutDefaults(...
• 307e33a fix(resources): prevent circular import (resource -> detector -> resource -> ...
• 3ab4f76 chore: prepare release 1.24.0/0.51.0 (#4650)
• 31eb60d feat!(instrumentation): add patch and unpatch diag log messages (#4641)
• 99431df feat!(instrumentation): remove moduleExports generic type from instrumentatio...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/kubeshop/tracetest/network/alerts).

[vercel[bot]]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
tracetest	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 4, 2024 2:07pm