Skip to content

build(deps): bump @opentelemetry/instrumentation-express from 0.44.0 to 0.60.0#2080

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/opentelemetry/instrumentation-express-0.60.0
Open

build(deps): bump @opentelemetry/instrumentation-express from 0.44.0 to 0.60.0#2080
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/opentelemetry/instrumentation-express-0.60.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 2, 2026

Bumps @opentelemetry/instrumentation-express from 0.44.0 to 0.60.0.

Release notes

Sourced from @​opentelemetry/instrumentation-express's releases.

instrumentation-graphql: v0.60.0

0.60.0 (2026-02-25)

Features

  • instrumentation-graphql: add parent name in attributes of resolver span (#3287) (ea2a90a)

instrumentation-socket.io: v0.59.0

0.59.0 (2026-02-25)

Features

Changelog

Sourced from @​opentelemetry/instrumentation-express's changelog.

0.60.0 (2026-02-16)

Features

  • deps: update deps matching "@opentelemetry/*" (#3383) (d3ac785)

Dependencies

  • The following workspace dependencies were updated
    • devDependencies
      • @​opentelemetry/contrib-test-utils bumped from ^0.58.0 to ^0.59.0

0.59.0 (2026-01-21)

Features

  • deps: update deps matching '@opentelemetry/*' (#3353) (a56bbdc)

Dependencies

  • The following workspace dependencies were updated
    • devDependencies
      • @​opentelemetry/contrib-test-utils bumped from ^0.57.0 to ^0.58.0

0.58.0 (2026-01-14)

Features

  • deps: update deps matching '@opentelemetry/*' (#3332) (925a150)
  • deps: update deps matching '@opentelemetry/*' (#3340) (2954943)

Dependencies

  • The following workspace dependencies were updated
    • devDependencies
      • @​opentelemetry/contrib-test-utils bumped from ^0.56.0 to ^0.57.0

0.57.1 (2025-12-17)

Dependencies

  • The following workspace dependencies were updated
    • devDependencies

... (truncated)

Commits
  • 2300dc1 chore: improve test workflow and coverage reports (#2866)
  • ca26f63 chore: lint .js and .mjs files (in addition to the existing .ts file linting)...
  • 2120399 chore(deps): update dependency @​types/express to v5 (#2925)
  • 9d90781 chore: add test-services scripts per package (#2932)
  • e7960a2 chore: release main (#2931)
  • e4ab2a9 feat(deps): update deps matching '@opentelemetry/*' (#2930)
  • 17f4334 chore: rename workspace dirs to packages/${package-base-name} (#2928)
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​opentelemetry/instrumentation-express since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump @opentelemetry/instrumentation-express
f33b9c1 
Bumps [@opentelemetry/instrumentation-express](https://github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-express) from 0.44.0 to 0.60.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js-contrib/blob/main/packages/instrumentation-express/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js-contrib/commits/instrumentation-pg-v0.60.0/packages/instrumentation-express)

---
updated-dependencies:
- dependency-name: "@opentelemetry/instrumentation-express"
  dependency-version: 0.60.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 2, 2026
@dependabot dependabot bot requested a review from ryanmaclean as a code owner March 2, 2026 01:47
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 2, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Mar 2, 2026

🔒 Security Audit Results

Secret Scanning: No secrets detected
⚠️ Environment Config: Missing variables
NPM Audit: Critical/High vulnerabilities
Secret Patterns: None detected

📊 View full results: Security Audit Summary
⏱️ Duration: < 2 minutes

@github-actions
Copy link
Contributor

github-actions bot commented Mar 2, 2026

Dependency Audit Results

# npm audit report

basic-ftp  <5.2.0
Severity: critical
Basic FTP has Path Traversal Vulnerability in its downloadToDir() method - https://github.com/advisories/GHSA-5rq4-664w-9x2c
fix available via `npm audit fix`
node_modules/basic-ftp

fast-xml-parser  <5.3.8
fast-xml-parser has stack overflow in XMLBuilder with preserveOrder - https://github.com/advisories/GHSA-fj3w-jwp8-x2g3
fix available via `npm audit fix --force`
Will install @aws-sdk/client-s3@3.893.0, which is a breaking change
node_modules/fast-xml-parser
  @aws-sdk/xml-builder  >=3.894.0
  Depends on vulnerable versions of fast-xml-parser
  node_modules/@aws-sdk/xml-builder
    @aws-sdk/core  >=3.894.0
    Depends on vulnerable versions of @aws-sdk/xml-builder
    node_modules/@aws-sdk/core
      @aws-sdk/client-s3  >=3.894.0
      Depends on vulnerable versions of @aws-sdk/core
      Depends on vulnerable versions of @aws-sdk/credential-provider-node
      Depends on vulnerable versions of @aws-sdk/middleware-flexible-checksums
      Depends on vulnerable versions of @aws-sdk/middleware-sdk-s3
      Depends on vulnerable versions of @aws-sdk/middleware-user-agent
      Depends on vulnerable versions of @aws-sdk/signature-v4-multi-region
      Depends on vulnerable versions of @aws-sdk/util-user-agent-node
      node_modules/@aws-sdk/client-s3
      @aws-sdk/credential-provider-env  >=3.894.0
      Depends on vulnerable versions of @aws-sdk/core
      node_modules/@aws-sdk/credential-provider-env
      @aws-sdk/credential-provider-http  >=3.894.0
      Depends on vulnerable versions of @aws-sdk/core
      node_modules/@aws-sdk/credential-provider-http
        @aws-sdk/credential-provider-node  >=3.894.0
        Depends on vulnerable versions of @aws-sdk/credential-provider-env
        Depends on vulnerable versions of @aws-sdk/credential-provider-http
        Depends on vulnerable versions of @aws-sdk/credential-provider-ini
        Depends on vulnerable versions of @aws-sdk/credential-provider-process
        Depends on vulnerable versions of @aws-sdk/credential-provider-sso
        Depends on vulnerable versions of @aws-sdk/credential-provider-web-identity
        node_modules/@aws-sdk/credential-provider-node
      @aws-sdk/credential-provider-ini  >=3.894.0
      Depends on vulnerable versions of @aws-sdk/core
      Depends on vulnerable versions of @aws-sdk/credential-provider-env
      Depends on vulnerable versions of @aws-sdk/credential-provider-http
      Depends on vulnerable versions of @aws-sdk/credential-provider-login
      Depends on vulnerable versions of @aws-sdk/credential-provider-process
      Depends on vulnerable versions of @aws-sdk/credential-provider-sso
      Depends on vulnerable versions of @aws-sdk/credential-provider-web-identity
      Depends on vulnerable versions of @aws-sdk/nested-clients
      node_modules/@aws-sdk/credential-provider-ini
      @aws-sdk/credential-provider-login  *
      Depends on vulnerable versions of @aws-sdk/core
      Depends on vulnerable versions of @aws-sdk/nested-clients
      node_modules/@aws-sdk/credential-provider-login
      @aws-sdk/credential-provider-process  >=3.894.0
      Depends on vulnerable versions of @aws-sdk/core
      node_modules/@aws-sdk/credential-provider-process
      @aws-sdk/credential-provider-sso  >=3.894.0
      Depends on vulnerable versions of @aws-sdk/core
      Depends on vulnerable versions of @aws-sdk/nested-clients
      Depends on vulnerable versions of @aws-sdk/token-providers
      node_modules/@aws-sdk/credential-provider-sso
      @aws-sdk/credential-provider-web-identity  >=3.894.0
      Depends on vulnerable versions of @aws-sdk/core
      Depends on vulnerable versions of @aws-sdk/nested-clients
      node_modules/@aws-sdk/credential-provider-web-identity
      @aws-sdk/middleware-flexible-checksums  >=3.894.0
      Depends on vulnerable versions of @aws-sdk/core
      node_modules/@aws-sdk/middleware-flexible-checksums
      @aws-sdk/middleware-sdk-s3  >=3.894.0
      Depends on vulnerable versions of @aws-sdk/core
      node_modules/@aws-sdk/middleware-sdk-s3
        @aws-sdk/signature-v4-multi-region  >=3.894.0
        Depends on vulnerable versions of @aws-sdk/middleware-sdk-s3
        node_modules/@aws-sdk/signature-v4-multi-region
      @aws-sdk/middleware-user-agent  >=3.894.0
      Depends on vulnerable versions of @aws-sdk/core
      node_modules/@aws-sdk/middleware-user-agent
        @aws-sdk/util-user-agent-node  >=3.894.0
        Depends on vulnerable versions of @aws-sdk/middleware-user-agent
        node_modules/@aws-sdk/util-user-agent-node
      @aws-sdk/nested-clients  >=3.894.0
      Depends on vulnerable versions of @aws-sdk/core
      Depends on vulnerable versions of @aws-sdk/middleware-user-agent
      Depends on vulnerable versions of @aws-sdk/util-user-agent-node
      node_modules/@aws-sdk/nested-clients
      @aws-sdk/token-providers  >=3.894.0
      Depends on vulnerable versions of @aws-sdk/core
      Depends on vulnerable versions of @aws-sdk/nested-clients
      node_modules/@aws-sdk/token-providers

hono  4.12.0 - 4.12.1
Severity: high
Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo - https://github.com/advisories/GHSA-xh87-mx6m-69f3
fix available via `npm audit fix`
node_modules/hono

serialize-javascript  <=7.0.2
Severity: high
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() - https://github.com/advisories/GHSA-5c6j-r48x-rmvq
No fix available
node_modules/serialize-javascript
  terser-webpack-plugin  *
  Depends on vulnerable versions of serialize-javascript
  node_modules/terser-webpack-plugin

23 vulnerabilities (19 low, 3 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

@github-actions
Copy link
Contributor

github-actions bot commented Mar 2, 2026

Build Status ✅ Build successful

✅ Build completed successfully!

@github-actions
Copy link
Contributor

github-actions bot commented Mar 2, 2026

Quick Checks Results

Check Status
ESLint
TypeScript

✅ All quick checks passed!

@github-actions
Copy link
Contributor

github-actions bot commented Mar 2, 2026

PR Analysis 📊

Changed Files Summary:

  • JavaScript/TypeScript files: 0
  • Test files: 0
  • Documentation files: 0
  • Configuration files: 1

CI Status: Running automated checks...

@github-actions
Copy link
Contributor

github-actions bot commented Mar 2, 2026

Test Results ✅ Passed

Test Suites: 57 failed, 5 skipped, 488 passed, 545 of 550 total
Tests: 380 failed, 104 skipped, 30 todo, 10665 passed, 11179 total

✅ All tests passed! Ready for review.

View test output

Check the Actions tab for detailed test output.

@github-actions
Copy link
Contributor

github-actions bot commented Mar 2, 2026

PR Status Summary

Check Status
Quick Checks ✅ Passed
Tests ✅ Passed
Build ✅ Passed

All checks passed! This PR is ready to merge. 🎉

@ryanmaclean ryanmaclean enabled auto-merge (squash) March 2, 2026 06:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ryanmaclean ryanmaclean Awaiting requested review from ryanmaclean ryanmaclean is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants