Skip to content

chore(deps): bump the production-deps group across 1 directory with 13 updates#21

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/production-deps-a6e3fcf02a
Closed

chore(deps): bump the production-deps group across 1 directory with 13 updates#21
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/production-deps-a6e3fcf02a

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 14, 2026
edited
Loading

Bumps the production-deps group with 13 updates in the / directory:

Package From To
@opentelemetry/context-async-hooks 2.5.0 2.6.0
@tanstack/react-query 5.90.16 5.90.21
react 19.1.0 19.2.4
react-dom 19.1.0 19.2.4
@opentelemetry/auto-instrumentations-node 0.69.0 0.71.0
@opentelemetry/exporter-trace-otlp-http 0.211.0 0.213.0
@opentelemetry/sdk-node 0.211.0 0.213.0
@sentry/node 10.38.0 10.43.0
@supabase/supabase-js 2.89.0 2.99.1
dotenv 17.2.3 17.3.1
@aws-sdk/client-kms 3.984.0 3.1009.0
ioredis 5.9.2 5.10.0
stripe 20.3.1 20.4.1

Updates @opentelemetry/context-async-hooks from 2.5.0 to 2.6.0

Release notes

Sourced from @​opentelemetry/context-async-hooks's releases.

v2.6.0

2.6.0

💥 Breaking Changes

  • fix(resources): update OTEL_RESOURCE_ATTRIBUTESopen-telemetry/opentelemetry-specification#4856#6261 @​jacksonweber
    • Important: This fix is included in the "breaking changes" section because it can be breaking for some edge case usage of OTEL_RESOURCE_ATTRIBUTES:
      • export OTEL_RESOURCE_ATTRIBUTES=foo=bar,spam will now be fully ignored, because the spam entry is invalid (missing =). Per spec, any parsing error results in ignoring the entire environment variable.
      • export OTEL_RESOURCE_ATTRIBUTES='wat=" spaces "' will now result in {"wat": "\" spaces \""} with the double-quotes included in the value. Before this change the implementation included brittle double-quoting to allow leading and trailing whitespace in the value. To support leading or trailing whitespace now, you must percent-encode the whitespace. Internal whitespace still works without encoding, e.g. export OTEL_RESOURCE_ATTRIBUTES='green=eggs and ham'.

🚀 Features

🐛 Bug Fixes

v2.5.1

2.5.1

🐛 Bug Fixes

  • fix(opentelemetry-sdk-node): the custom value from env variable for service.instance.id should take priority over random uuid as backup #6345 @​maryliag

🏠 Internal

Changelog

Sourced from @​opentelemetry/context-async-hooks's changelog.

2.6.0

💥 Breaking Changes

  • fix(resources): update OTEL_RESOURCE_ATTRIBUTESopen-telemetry/opentelemetry-specification#4856#6261 @​jacksonweber
    • Important: This fix is included in the "breaking changes" section because it can be breaking for some edge case usage of OTEL_RESOURCE_ATTRIBUTES:
      • export OTEL_RESOURCE_ATTRIBUTES=foo=bar,spam will now be fully ignored, because the spam entry is invalid (missing =). Per spec, any parsing error results in ignoring the entire environment variable.
      • export OTEL_RESOURCE_ATTRIBUTES='wat=" spaces "' will now result in {"wat": "\" spaces \""} with the double-quotes included in the value. Before this change the implementation included brittle double-quoting to allow leading and trailing whitespace in the value. To support leading or trailing whitespace now, you must percent-encode the whitespace. Internal whitespace still works without encoding, e.g. export OTEL_RESOURCE_ATTRIBUTES='green=eggs and ham'.

🚀 Features

🐛 Bug Fixes

  • fix(sdk-trace-base): enforce StatusCode precedence rules in setStatus per specification #6461 @​newbee1939
  • fix(sdk-trace-web): propagate optimised flag in getElementXPath recursion #6335 @​akkupratap323

2.5.1

🐛 Bug Fixes

  • fix(opentelemetry-sdk-node): the custom value from env variable for service.instance.id should take priority over random uuid as backup #6345 @​maryliag

🏠 Internal

Commits
  • 541e1b4 chore: prepare next release (#6464)
  • 30f94fe feat(instrumentation-http): provide http.request.header.\<key> at server spa...
  • 2ac44ad refactor(context-zone-peer-dep): remove unnecessary helper methods and use me...
  • 600e51d chore(deps): update github/codeql-action digest to c793b71 (#6458)
  • ae30abf chore(deps): update dependency @​types/jquery to v4 (#6456)
  • 6387d3c chore(release): use the HEAD commit as the target for draft GH release creati...
  • 4cd3644 fix(deps): update dependency import-in-the-middle to v3 (#6403)
  • 65c9d9f docs: fix changelog PR number typo (#6453)
  • 3db56ba fix(api-logs)!: drop lingering includeTraceContext from LoggerOptions type (#...
  • dcbead5 fix(instrumentation-fetch): handle HeadersInit tuple arrays in _addHeaders (#...
  • Additional commits viewable in compare view

Updates @tanstack/react-query from 5.90.16 to 5.90.21

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-persist-client@​5.90.21

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.91.18
    • @​tanstack/react-query@​5.90.19

@​tanstack/react-query@​5.90.21

Patch Changes

  • refactor(react-query/useQueries): remove unreachable 'willFetch' branch in suspense promise collection (#10082)

@​tanstack/react-query-persist-client@​5.90.20

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.91.17
    • @​tanstack/react-query@​5.90.18

@​tanstack/react-query@​5.90.20

Patch Changes

  • Updated dependencies [e7258c5]:
    • @​tanstack/query-core@​5.90.20

@​tanstack/react-query-persist-client@​5.90.19

Patch Changes

  • Updated dependencies []:
    • @​tanstack/query-persist-client-core@​5.91.16
    • @​tanstack/react-query@​5.90.17

@​tanstack/react-query@​5.90.19

Patch Changes

  • Updated dependencies [53fc74e]:
    • @​tanstack/query-core@​5.90.19

@​tanstack/react-query@​5.90.18

Patch Changes

  • Updated dependencies [dea1614]:
    • @​tanstack/query-core@​5.90.18

@​tanstack/react-query@​5.90.17

Patch Changes

  • Updated dependencies [269351b]:
    • @​tanstack/query-core@​5.90.17
Changelog

Sourced from @​tanstack/react-query's changelog.

5.90.21

Patch Changes

  • refactor(react-query/useQueries): remove unreachable 'willFetch' branch in suspense promise collection (#10082)

5.90.20

Patch Changes

  • Updated dependencies [e7258c5]:
    • @​tanstack/query-core@​5.90.20

5.90.19

Patch Changes

  • Updated dependencies [53fc74e]:
    • @​tanstack/query-core@​5.90.19

5.90.18

Patch Changes

  • Updated dependencies [dea1614]:
    • @​tanstack/query-core@​5.90.18

5.90.17

Patch Changes

  • Updated dependencies [269351b]:
    • @​tanstack/query-core@​5.90.17
Commits
  • 08050cb ci: Version Packages (#10115)
  • c5def66 refactor(react-query/useQueries): remove unreachable 'willFetch' branch in su...
  • da2ff5a chore(vite.config): exclude 'tests' directory from coverage reports (#10084)
  • 2a592d2 test(react-query/suspense): add test cases for 'static' staleTime with number...
  • 7e3ea62 test(react-query/QueryResetErrorBoundary): relocate 'issue-9728' test and mig...
  • dee5d3e test(react-query/ssr): add 'useMutation' and 'useMutationState' tests for SSR...
  • 7ac4e20 ci: Version Packages (#10067)
  • 9ff3de7 Upgrade to Vitest v4 (#9862)
  • 0525ad1 ci: Version Packages (#10047)
  • 53fc74e fix(query-core): fix combine not updating when queries change with stable ref...
  • Additional commits viewable in compare view

Updates react from 19.1.0 to 19.2.4

Release notes

Sourced from react's releases.

19.2.4 (January 26th, 2026)

React Server Components

19.2.3 (December 11th, 2025)

React Server Components

19.2.2 (December 11th, 2025)

React Server Components

19.2.1 (December 3rd, 2025)

React Server Components

19.2.0 (Oct 1, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

  • <Activity>: A new API to hide and restore the UI and internal state of its children.
  • useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
  • cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
  • React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

  • Added resume APIs for partial pre-rendering with Web Streams:
  • Added resume APIs for partial pre-rendering with Node Streams:
  • Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

  • React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
  • Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
  • Use underscore instead of : IDs generated by useId

All Changes

... (truncated)

Changelog

Sourced from react's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

19.2.0 (October 1st, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

  • <Activity>: A new API to hide and restore the UI and internal state of its children.
  • useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
  • cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
  • React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

  • Added resume APIs for partial pre-rendering with Web Streams:
  • Added resume APIs for partial pre-rendering with Node Streams:
  • Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

  • React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
  • Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
  • Use underscore instead of : IDs generated by useId

All Changes

React

... (truncated)

Commits

Updates react-dom from 19.1.0 to 19.2.4

Release notes

Sourced from react-dom's releases.

19.2.4 (January 26th, 2026)

React Server Components

19.2.3 (December 11th, 2025)

React Server Components

19.2.2 (December 11th, 2025)

React Server Components

19.2.1 (December 3rd, 2025)

React Server Components

19.2.0 (Oct 1, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

  • <Activity>: A new API to hide and restore the UI and internal state of its children.
  • useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
  • cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
  • React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

  • Added resume APIs for partial pre-rendering with Web Streams:
  • Added resume APIs for partial pre-rendering with Node Streams:
  • Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

  • React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
  • Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
  • Use underscore instead of : IDs generated by useId

All Changes

... (truncated)

Changelog

Sourced from react-dom's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

19.2.0 (October 1st, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

  • <Activity>: A new API to hide and restore the UI and internal state of its children.
  • useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
  • cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
  • React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

  • Added resume APIs for partial pre-rendering with Web Streams:
  • Added resume APIs for partial pre-rendering with Node Streams:
  • Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

  • React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
  • Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
  • Use underscore instead of : IDs generated by useId

All Changes

React

... (truncated)

Commits

Updates @opentelemetry/auto-instrumentations-node from 0.69.0 to 0.71.0

Release notes

Sourced from @​opentelemetry/auto-instrumentations-node's releases.

auto-instrumentations-node: v0.71.0

0.71.0 (2026-03-04)

Features

  • deps: update deps matching "@opentelemetry/*" (#3411) (7f4b776)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​opentelemetry/instrumentation-amqplib bumped from ^0.59.0 to ^0.60.0
      • @​opentelemetry/instrumentation-aws-lambda bumped from ^0.64.0 to ^0.65.0
      • @​opentelemetry/instrumentation-aws-sdk bumped from ^0.67.0 to ^0.68.0
      • @​opentelemetry/instrumentation-bunyan bumped from ^0.57.0 to ^0.58.0
      • @​opentelemetry/instrumentation-cassandra-driver bumped from ^0.57.0 to ^0.58.0
      • @​opentelemetry/instrumentation-connect bumped from ^0.55.0 to ^0.56.0
      • @​opentelemetry/instrumentation-cucumber bumped from ^0.28.0 to ^0.29.0
      • @​opentelemetry/instrumentation-dataloader bumped from ^0.29.0 to ^0.30.0
      • @​opentelemetry/instrumentation-dns bumped from ^0.55.0 to ^0.56.0
      • @​opentelemetry/instrumentation-express bumped from ^0.60.0 to ^0.61.0
      • @​opentelemetry/instrumentation-fastify bumped from ^0.56.0 to ^0.57.0
      • @​opentelemetry/instrumentation-fs bumped from ^0.31.0 to ^0.32.0
      • @​opentelemetry/instrumentation-generic-pool bumped from ^0.55.0 to ^0.56.0
      • @​opentelemetry/instrumentation-graphql bumped from ^0.60.0 to ^0.61.0
      • @​opentelemetry/instrumentation-hapi bumped from ^0.58.0 to ^0.59.0
      • @​opentelemetry/instrumentation-ioredis bumped from ^0.60.0 to ^0.61.0
      • @​opentelemetry/instrumentation-kafkajs bumped from ^0.21.0 to ^0.22.0
      • @​opentelemetry/instrumentation-knex bumped from ^0.56.0 to ^0.57.0
      • @​opentelemetry/instrumentation-koa bumped from ^0.60.0 to ^0.61.0
      • @​opentelemetry/instrumentation-lru-memoizer bumped from ^0.56.0 to ^0.57.0
      • @​opentelemetry/instrumentation-memcached bumped from ^0.55.0 to ^0.56.0
      • @​opentelemetry/instrumentation-mongodb bumped from ^0.65.0 to ^0.66.0
      • @​opentelemetry/instrumentation-mongoose bumped from ^0.58.0 to ^0.59.0
      • @​opentelemetry/instrumentation-mysql bumped from ^0.58.0 to ^0.59.0
      • @​opentelemetry/instrumentation-mysql2 bumped from ^0.58.0 to ^0.59.0
      • @​opentelemetry/instrumentation-nestjs-core bumped from ^0.58.0 to ^0.59.0
      • @​opentelemetry/instrumentation-net bumped from ^0.56.0 to ^0.57.0
      • @​opentelemetry/instrumentation-openai bumped from ^0.10.0 to ^0.11.0
      • @​opentelemetry/instrumentation-oracledb bumped from ^0.37.0 to ^0.38.0
      • @​opentelemetry/instrumentation-pg bumped from ^0.64.0 to ^0.65.0
      • @​opentelemetry/instrumentation-pino bumped from ^0.58.0 to ^0.59.0
      • @​opentelemetry/instrumentation-redis bumped from ^0.60.0 to ^0.61.0
      • @​opentelemetry/instrumentation-restify bumped from ^0.57.0 to ^0.58.0
      • @​opentelemetry/instrumentation-router bumped from ^0.56.0 to ^0.57.0
      • @​opentelemetry/instrumentation-runtime-node bumped from ^0.25.0 to ^0.26.0
      • @​opentelemetry/instrumentation-socket.io bumped from ^0.59.0 to ^0.60.0
      • @​opentelemetry/instrumentation-tedious bumped from ^0.31.0 to ^0.32.0

... (truncated)

Changelog

Sourced from @​opentelemetry/auto-instrumentations-node's changelog.

0.71.0 (2026-03-04)

Features

  • deps: update deps matching "@opentelemetry/*" (#3411) (7f4b776)

Dependencies

  • The following workspace dependencies were updated
    • dependencies
      • @​opentelemetry/instrumentation-amqplib bumped from ^0.59.0 to ^0.60.0
      • @​opentelemetry/instrumentation-aws-lambda bumped from ^0.64.0 to ^0.65.0
      • @​opentelemetry/instrumentation-aws-sdk bumped from ^0.67.0 to ^0.68.0
      • @​opentelemetry/instrumentation-bunyan bumped from ^0.57.0 to ^0.58.0
      • @​opentelemetry/instrumentation-cassandra-driver bumped from ^0.57.0 to ^0.58.0
      • @​opentelemetry/instrumentation-connect bumped from ^0.55.0 to ^0.56.0
      • @​opentelemetry/instrumentation-cucumber bumped from ^0.28.0 to ^0.29.0
      • @​opentelemetry/instrumentation-dataloader bumped from ^0.29.0 to ^0.30.0
      • @​opentelemetry/instrumentation-dns bumped from ^0.55.0 to ^0.56.0
      • @​opentelemetry/instrumentation-express bumped from ^0.60.0 to ^0.61.0
      • @​opentelemetry/instrumentation-fastify bumped from ^0.56.0 to ^0.57.0
      • @​opentelemetry/instrumentation-fs bumped from ^0.31.0 to ^0.32.0
      • @​opentelemetry/instrumentation-generic-pool bumped from ^0.55.0 to ^0.56.0
      • @​opentelemetry/instrumentation-graphql bumped from ^0.60.0 to ^0.61.0
      • @​opentelemetry/instrumentation-hapi bumped from ^0.58.0 to ^0.59.0
      • @​opentelemetry/instrumentation-ioredis bumped from ^0.60.0 to ^0.61.0
      • @​opentelemetry/instrumentation-kafkajs bumped from ^0.21.0 to ^0.22.0
      • @​opentelemetry/instrumentation-knex bumped from ^0.56.0 to ^0.57.0
      • @​opentelemetry/instrumentation-koa bumped from ^0.60.0 to ^0.61.0
      • @​opentelemetry/instrumentation-lru-memoizer bumped from ^0.56.0 to ^0.57.0
      • @​opentelemetry/instrumentation-memcached bumped from ^0.55.0 to ^0.56.0
      • @​opentelemetry/instrumentation-mongodb bumped from ^0.65.0 to ^0.66.0
      • @​opentelemetry/instrumentation-mongoose bumped from ^0.58.0 to ^0.59.0
      • @​opentelemetry/instrumentation-mysql bumped from ^0.58.0 to ^0.59.0
      • @​opentelemetry/instrumentation-mysql2 bumped from ^0.58.0 to ^0.59.0
      • @​opentelemetry/instrumentation-nestjs-core bumped from ^0.58.0 to ^0.59.0
      • @​opentelemetry/instrumentation-net bumped from ^0.56.0 to ^0.57.0
      • @​opentelemetry/instrumentation-openai bumped from ^0.10.0 to ^0.11.0
      • @​opentelemetry/instrumentation-oracledb bumped from ^0.37.0 to ^0.38.0
      • @​opentelemetry/instrumentation-pg bumped from ^0.64.0 to ^0.65.0
      • @​opentelemetry/instrumentation-pino bumped from ^0.58.0 to ^0.59.0
      • @​opentelemetry/instrumentation-redis bumped from ^0.60.0 to ^0.61.0
      • @​opentelemetry/instrumentation-restify bumped from ^0.57.0 to ^0.58.0
      • @​opentelemetry/instrumentation-router bumped from ^0.56.0 to ^0.57.0
      • @​opentelemetry/instrumentation-runtime-node bumped from ^0.25.0 to ^0.26.0
      • @​opentelemetry/instrumentation-socket.io bumped from ^0.59.0 to ^0.60.0
      • @​opentelemetry/instrumentation-tedious bumped from ^0.31.0 to ^0.32.0
      • @​opentelemetry/instrumentation-undici bumped from ^0.22.0 to ^0.23.0

... (truncated)

Commits

Updates @opentelemetry/exporter-trace-otlp-http from 0.211.0 to 0.213.0

Release notes

Sourced from @​opentelemetry/exporter-trace-otlp-http's releases.

experimental/v0.213.0

0.213.0

💥 Breaking Changes

  • fix(api-logs)!: drop lingering includeTraceContext from LoggerOptions type #6451 @​trentm

🚀 Features

  • feat(instrumentation-http): provide http.request.header.<key> at server span creation time #6396 @​vitorvasc

🐛 Bug Fixes

  • fix(instrumentation-http): guard against double-instrumentation if loaded with require('http') and import 'http' #6428 @​trentm
  • fix(otlp-exporter-base): handle response error #6412 @​pichlermarc
    • Fixes a bug where when the response header was received, but the connection was reset by the server, an unhandled error would be thrown.
  • fix(otlp-exporter-base): remove sendBeacon in favor of fetch with keepalive #6391 @​overbalance
    • (user-facing) createOtlpSendBeaconExportDelegate will be removed in a future version
  • fix(otlp-transformer): downgrade protobufjs to version ^7.0.0 #6418 @​vitorvasc
  • fix(instrumentation-fetch): handle HeadersInit tuple arrays in _addHeaders #6341 @​overbalance @​imadha

experimental/v0.212.0

0.212.0

💥 Breaking Changes

  • feat(sdk-logs)!: move environment variable configuration to @opentelemetry/sdk-node #6325 @​pichlermarc
    • (user-facing): environment variable configuration is no longer applied automatically when instantiating SDK components (LoggerProvider, BatchLogRecordProcessor) directly from @opentelemetry/sdk-logs. Please migrate to using NodeSDK from @opentelemetry/sdk-node to get automatic environment variable configuration.

🚀 Features

  • feat(configuration): add Prometheus exporter support #6400 @​MikeGoldsmith
  • feat(sampler-composite): add ComposableAnnotatingSampler and ComposableRuleBasedSampler #6305 @​trentm
  • feat(configuration): parse config for rc 3 #6304 @​maryliag
  • feat(instrumentation): use the internals: true option with import-in-the-middle hook, allowing instrumentations to hook internal files in ES modules #6344 @​trentm

🐛 Bug Fixes

  • fix(configuration): remove default propagator initialization #6399 @​MikeGoldsmith
  • fix(instrumentation-fetch): preserve Response.url, type, and redirected properties #6243 @​AnubhavPurohit691
    • The fetch instrumentation now preserves the read-only url, type, and redirected properties from the original Response object when wrapping it with a Proxy. This fixes issues where code relying on these properties (e.g., CORS type detection) would fail with instrumented fetch.
  • fix(exporter-prometheus): add missing @opentelemetry/semantic-conventions dependency #6330 @​omizha
  • fix(otlp-transformer): correctly handle Uint8Array attribute values when serializing to JSON #6348 @​pichlermarc
  • fix(otlp-exporter-base): fix unwanted instrumentation of the fetch exports when context is not propagated #6353 @​david-luna

🏠 Internal

... (truncated)

Commits
  • 541e1b4 chore: prepare next release (#6464)
  • 30f94fe feat(instrumentation-http): provide http.request.header.\<key> at server spa...
  • 2ac44ad refactor(context-zone-peer-dep): remove unnecessary helper methods and use me...
  • 600e51d chore(deps): update github/codeql-action digest to c793b71 (#6458)
  • ae30abf chore(deps): update dependency @​types/jquery to v4 (#6456)
  • 6387d3c chore(release): use the HEAD commit as the target for draft GH release creati...
  • 4cd3644 fix(deps): update dependency import-in-the-middle to v3 (#6403)
  • 65c9d9f docs: fix changelog PR number typo (

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 14, 2026

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/production-deps-a6e3fcf02a branch 3 times, most recently from cde0386 to ef76eff Compare March 18, 2026 12:15
@dependabot
chore(deps): bump the production-deps group across 1 directory with 1…
0f6520c 
…3 updates

Bumps the production-deps group with 13 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@opentelemetry/context-async-hooks](https://github.com/open-telemetry/opentelemetry-js) | `2.5.0` | `2.6.0` |
| [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.90.16` | `5.90.21` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.1.0` | `19.2.4` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.1.0` | `19.2.4` |
| [@opentelemetry/auto-instrumentations-node](https://github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/auto-instrumentations-node) | `0.69.0` | `0.71.0` |
| [@opentelemetry/exporter-trace-otlp-http](https://github.com/open-telemetry/opentelemetry-js) | `0.211.0` | `0.213.0` |
| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.211.0` | `0.213.0` |
| [@sentry/node](https://github.com/getsentry/sentry-javascript) | `10.38.0` | `10.43.0` |
| [@supabase/supabase-js](https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js) | `2.89.0` | `2.99.1` |
| [dotenv](https://github.com/motdotla/dotenv) | `17.2.3` | `17.3.1` |
| [@aws-sdk/client-kms](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-kms) | `3.984.0` | `3.1009.0` |
| [ioredis](https://github.com/luin/ioredis) | `5.9.2` | `5.10.0` |
| [stripe](https://github.com/stripe/stripe-node) | `20.3.1` | `20.4.1` |



Updates `@opentelemetry/context-async-hooks` from 2.5.0 to 2.6.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@v2.5.0...v2.6.0)

Updates `@tanstack/react-query` from 5.90.16 to 5.90.21
- [Release notes](https://github.com/TanStack/query/releases)
- [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md)
- [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.90.21/packages/react-query)

Updates `react` from 19.1.0 to 19.2.4
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.4/packages/react)

Updates `react-dom` from 19.1.0 to 19.2.4
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.4/packages/react-dom)

Updates `@opentelemetry/auto-instrumentations-node` from 0.69.0 to 0.71.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-js-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js-contrib/blob/main/packages/auto-instrumentations-node/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-js-contrib/commits/auto-instrumentations-node-v0.71.0/packages/auto-instrumentations-node)

Updates `@opentelemetry/exporter-trace-otlp-http` from 0.211.0 to 0.213.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@experimental/v0.211.0...experimental/v0.213.0)

Updates `@opentelemetry/sdk-node` from 0.211.0 to 0.213.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@experimental/v0.211.0...experimental/v0.213.0)

Updates `@sentry/node` from 10.38.0 to 10.43.0
- [Release notes](https://github.com/getsentry/sentry-javascript/releases)
- [Changelog](https://github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md)
- [Commits](getsentry/sentry-javascript@10.38.0...10.43.0)

Updates `@supabase/supabase-js` from 2.89.0 to 2.99.1
- [Release notes](https://github.com/supabase/supabase-js/releases)
- [Changelog](https://github.com/supabase/supabase-js/blob/master/packages/core/supabase-js/CHANGELOG.md)
- [Commits](https://github.com/supabase/supabase-js/commits/v2.99.1/packages/core/supabase-js)

Updates `dotenv` from 17.2.3 to 17.3.1
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v17.2.3...v17.3.1)

Updates `@aws-sdk/client-kms` from 3.984.0 to 3.1009.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-kms/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1009.0/clients/client-kms)

Updates `ioredis` from 5.9.2 to 5.10.0
- [Release notes](https://github.com/luin/ioredis/releases)
- [Changelog](https://github.com/redis/ioredis/blob/main/CHANGELOG.md)
- [Commits](redis/ioredis@v5.9.2...v5.10.0)

Updates `stripe` from 20.3.1 to 20.4.1
- [Release notes](https://github.com/stripe/stripe-node/releases)
- [Changelog](https://github.com/stripe/stripe-node/blob/master/CHANGELOG.md)
- [Commits](stripe/stripe-node@v20.3.1...v20.4.1)

---
updated-dependencies:
- dependency-name: "@opentelemetry/context-async-hooks"
  dependency-version: 2.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-deps
- dependency-name: "@tanstack/react-query"
  dependency-version: 5.90.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-deps
- dependency-name: react
  dependency-version: 19.2.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-deps
- dependency-name: react-dom
  dependency-version: 19.2.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-deps
- dependency-name: "@opentelemetry/auto-instrumentations-node"
  dependency-version: 0.71.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-deps
- dependency-name: "@opentelemetry/exporter-trace-otlp-http"
  dependency-version: 0.213.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-deps
- dependency-name: "@opentelemetry/sdk-node"
  dependency-version: 0.213.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-deps
- dependency-name: "@sentry/node"
  dependency-version: 10.43.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-deps
- dependency-name: "@supabase/supabase-js"
  dependency-version: 2.99.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-deps
- dependency-name: dotenv
  dependency-version: 17.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-deps
- dependency-name: "@aws-sdk/client-kms"
  dependency-version: 3.1009.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-deps
- dependency-name: ioredis
  dependency-version: 5.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-deps
- dependency-name: stripe
  dependency-version: 20.4.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/production-deps-a6e3fcf02a branch from ef76eff to 0f6520c Compare March 18, 2026 12:20
@techrocketlist
Copy link

techrocketlist commented Mar 18, 2026

Closing for now; major version bumps need manual testing. Will address in a future release.

1 similar comment
@federicodeponte
Copy link
Contributor

federicodeponte commented Mar 18, 2026

Closing for now; major version bumps need manual testing. Will address in a future release.

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 18, 2026

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/production-deps-a6e3fcf02a branch March 18, 2026 13:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@techrocketlist @federicodeponte