feat(deps): bump @opentelemetry/instrumentation-http from 0.57.2 to 0.203.0

[dependabot]

Bumps @opentelemetry/instrumentation-http from 0.57.2 to 0.203.0.

Release notes

Sourced from @​opentelemetry/instrumentation-http's releases.

experimental/v0.203.0

0.203.0

💥 Breaking Changes

• feat(sdk-logs)!: Removed deprecated LoggerProvider#addLogRecordProcessor() #5764 @​svetlanabrennan
• feat(sdk-logs)!: Changed LogRecord class to be an interface #5749 @​svetlanabrennan
  • user-facing: LogRecord class is now not exported anymore. A newly exported interface SdkLogRecord is used in its place.
• feat!: Removed api-events and sdk-events #5737 @​svetlanabrennan

🏠 Internal

• chore: Regenerated certs #5752 @​svetlanabrennan
• refactor(otlp-exporter-base): remove compatibility code that was intended for now unsupported runtime Node.js v14 @​pichlermarc

experimental/v0.202.0

0.202.0

🚀 Features

• feat(exporter-otlp-*): update proto to v1.7.0
• feat(exporter-metrics-otlp-proto): Support to protobuf in browser metrics. #5710 @​YangJonghun

🐛 Bug Fixes

• fix(instrumentation): remove dependency on the shimmer module #5652 @​cjihrig

experimental/v0.201.1

0.201.1

🐛 Bug Fixes

• fix(instrumentation): Change SemconvStability export from const enum to enum to allow single-file transpilation tooling to work with code that uses SemconvStability. #5691 @​trentm

experimental/v0.201.0

0.201.0

🚀 Features

• feat(instrumentation-xml-http-request): support migration to stable HTTP semconv, v1.23.1 #5662 @​trentm
  • Configure the instrumentation with semconvStabilityOptIn: 'http' to use the new, stable semconv v1.23.1 semantics or 'http/dup' for both old (v1.7.0) and stable semantics. When semconvStabilityOptIn is not specified (or does not contain these values), it uses the old semconv v1.7.0. I.e. the default behavior is unchanged.
• feat(instrumentation-fetch): support migration to stable HTTP semconv, v1.23.1 #5651 @​trentm
  • Configure the instrumentation with semconvStabilityOptIn: 'http' to use the new, stable semconv v1.23.1 semantics or 'http/dup' for both old (v1.7.0) and stable semantics. When semconvStabilityOptIn is not specified (or does not contain these values), it uses the old semconv v1.7.0. I.e. the default behavior is unchanged.
• feat(instrumentation): New semconvStabilityFromStr() utility for semconv stability migration in instrumentations. #5684 @​trentm
  • See the utility comment.
• feat(instrumentation-grpc): support migration to stable HTTP semconv #5653 @​JamieDanielson
• feat(instrumentation-http): capture synthetic source type on requests #5488 @​JacksonWeber

... (truncated)

Commits

• 93187f0 chore: prepare next release (#5788)
• ca6ae61 chore: sync package-lock.json (#5782)
• 407c98a refactor(otlp-exporter-base): remove pre-Node.js 14 compatibility code (#5787)
• 27d5171 ci: add write permissions for secuity events (#5786)
• 7a32f86 Add minimum token permissions for all github workflow files (#5771)
• 5c4057b fix(docs): fix minimum ECMAScript language support in Readme to ES2022 (#5774)
• 553db87 refactor(sdk-node): fix eslint warning (#5400)
• 74d434e ci: remove unused label-releases workflow (#5772)
• a59d707 Standardize contributing section (#5767)
• 491ed96 feat(sdk-logs)!: Removed deprecated LoggerProvider#addLogRecordProcessor() ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[cursor]

Bug: OpenTelemetry Dependency Conflict After Upgrade

The upgrade of @opentelemetry/instrumentation-http to 0.203.0 introduces a dependency conflict. This new version requires @opentelemetry/core@2.0.1 and @opentelemetry/instrumentation@0.203.0, but the package.json still specifies older, incompatible versions (@opentelemetry/core@^1.30.1 and @opentelemetry/instrumentation@^0.57.2). This mismatch will cause multiple major versions of OpenTelemetry packages to be bundled, potentially leading to runtime errors and API incompatibilities.

packages/node/package.json#L79-L80

sentry-javascript/packages/node/package.json

Lines 79 to 80 in d9d2975

	"@opentelemetry/instrumentation-hapi": "0.45.2",
	"@opentelemetry/instrumentation-http": "0.203.0",

dev-packages/node-core-integration-tests/package.json#L32-L33

sentry-javascript/dev-packages/node-core-integration-tests/package.json

Lines 32 to 33 in d9d2975

	"@opentelemetry/instrumentation": "^0.57.2",
	"@opentelemetry/instrumentation-http": "0.203.0",

Fix in Cursor • Fix in Web

---

Was this report helpful? Give feedback by reacting with 👍 or 👎

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.