Skip to content

chore(deps): Bump @opentelemetry/instrumentation-http from 0.214.0 to 0.216.0#842

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/opentelemetry/instrumentation-http-0.216.0
Closed

chore(deps): Bump @opentelemetry/instrumentation-http from 0.214.0 to 0.216.0#842
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/opentelemetry/instrumentation-http-0.216.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 30, 2026
edited
Loading

Bumps @opentelemetry/instrumentation-http from 0.214.0 to 0.216.0.

Release notes

Sourced from @​opentelemetry/instrumentation-http's releases.

experimental/v0.216.0

0.216.0

🚀 Features

🐛 Bug Fixes

  • fix(instrumentation-xml-http-request): avoid unwrapping XMLHttpRequest API when disabling #6611 @​david-luna
  • fix(instrumentation-fetch): tolerate non-writable globalThis.fetch and fix premature _isEnabled / _isFetchPatched flips in enable() @​brunorodmoreira
  • fix(instrumentation-xhr): resolve relative URLs before matching ignoreUrls #6551 @​Maximiliano-Zeballos
  • fix(sdk-node): fix setting of ViewOption#name from ConfigurationModel #6620 @​trentm
  • fix(web-common): add limit for timeout #6601 @​maryliag
  • fix(otlp-transformer): pin protobufjs@8.0.1 as protobufjs@8.0.3 is broken for browser use #6646

🏠 Internal

  • test(otlp-transformer): add metrics transform benchmark #6628 @​pichlermarc
  • refactor(opentelemetry-exporter-prometheus): do not call enforcePrometheusNamingConvention() multiple times per metric #6636 @​cjihrig

experimental/v0.215.0

0.215.0

💥 Breaking Changes

  • feat(sdk-logs)!: add required forceFlush() to LogRecordExporter interface #6356 @​pichlermarc
    • (user-facing): LogRecordExporter interface now requires a forceFlush() method to be implemented. Custom exporters will need to implement this method to continue working with the Logs SDK.
  • feat(api-logs, sdk-logs)!: add Logger#enabled() #6371 @​david-luna

🚀 Features

🐛 Bug Fixes

  • fix(instrumentation-fetch): preserve init overrides when input is a Request object #6421 @​akandic47
  • fix(otlp-exporter-base): limit Node.js HTTP transport response body to 4 MiB #6552 @​kartikgola
  • fix(instrumentation-fetch): avoid unwrapping fetch API when disabling #6575 @​david-luna
  • fix(web-common): add check for possible unsafe json parse #6589 @​maryliag
  • fix(otlp-transformer): add check for possible unsafe json parse #6588 @​maryliag
Commits
  • 2400d83 chore: prepare next release (#6647)
  • f7a9b7c fix(otlp-transformer): pin protobufjs to 8.0.1 (#6646)
  • cb38d7f test(otlp-transformer): add metrics transfrom benchmark (#6628)
  • a28f12f fix(opentelemetry-core): defer tracestate vaidation (#6459)
  • b27c514 refactor(opentelemetry-exporter-prometheus): do not call `enforcePrometheusNa...
  • a2a8186 perf(sdk-trace-base): optimize TraceIdRatioBasedSampler hex parsing (#6284)
  • 4c0f3f1 feat(sdk-node): set TracerProvider in startNodeSDK() (#6607)
  • 417f2f1 fix(instr-xhr): do not unpatch XHR methods (#6611)
  • 47ac523 Revert "chore: allow browser maintainers to approve changelog edits" (#6627)
  • 86c621d fix(instrumentation-fetch): tolerate non-writable globalThis.fetch and fix pr...
  • Additional commits viewable in compare view

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 30, 2026

Labels

The following labels could not be found: npm. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/opentelemetry/instrumentation-http-0.216.0 branch from 100bf1d to 3f88673 Compare May 1, 2026 20:05
@vercel
Copy link
Copy Markdown

vercel Bot commented May 1, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
website Ready Ready Preview, Comment May 3, 2026 6:02am

Request Review

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/opentelemetry/instrumentation-http-0.216.0 branch from 3f88673 to 9fc9ff4 Compare May 2, 2026 01:59
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/opentelemetry/instrumentation-http-0.216.0 branch from 9fc9ff4 to 26da384 Compare May 2, 2026 02:58
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/opentelemetry/instrumentation-http-0.216.0 branch from 26da384 to b59c14b Compare May 2, 2026 03:36
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/opentelemetry/instrumentation-http-0.216.0 branch from b59c14b to 110aecf Compare May 2, 2026 16:08
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/opentelemetry/instrumentation-http-0.216.0 branch from 110aecf to a52c686 Compare May 2, 2026 22:55
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/opentelemetry/instrumentation-http-0.216.0 branch from a52c686 to 887dc70 Compare May 3, 2026 01:56
@dependabot
chore(deps): Bump @opentelemetry/instrumentation-http
60a2b91 
Bumps [@opentelemetry/instrumentation-http](https://github.com/open-telemetry/opentelemetry-js) from 0.214.0 to 0.216.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@experimental/v0.214.0...experimental/v0.216.0)

---
updated-dependencies:
- dependency-name: "@opentelemetry/instrumentation-http"
  dependency-version: 0.216.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/opentelemetry/instrumentation-http-0.216.0 branch from 887dc70 to 60a2b91 Compare May 3, 2026 06:01
wrsmith108 added a commit that referenced this pull request May 3, 2026
@wrsmith108
ci(dependabot): SMI-4669 expand npm groups + add docker ecosystem (#897)
bd42c5b 
Adds 10 ecosystem groups under the npm block, mirroring the existing
typescript-eslint group's update-types: [minor, patch] pattern (major
bumps still surface individually for human review):

- aws-sdk    (@aws-sdk/*)
- hono       (@hono/*, hono)
- astro      (astro, @astrojs/*)
- vercel     (@vercel/*, vercel)
- smithy     (@smithy/*)
- supabase   (@supabase/*)
- octokit    (@octokit/*, octokit)
- opentelemetry (@opentelemetry/*)
- vitest     (vitest, @vitest/*)
- types      (@types/*)

Open Dependabot PRs #841, #842, #844, #845 (@octokit/*, @opentelemetry/*)
specifically would have batched into 2 PRs instead of 4 with these groups.

Adds package-ecosystem: 'docker' block on monthly cadence, mirroring the
github-actions block shape. Surfaces base-image CVEs (currently
node:22-slim per Dockerfile:20) as targeted PRs instead of accumulating
silently between manual rebuilds.

Reviewer-fatigue rationale: every Dependabot PR routes to a single named
reviewer (ryansmith108). Batching reduces PR count → reduces rubberstamp
risk on the supply-chain hardening posture established in SMI-3864/3985
(Wave 1) and SMI-4651 (vendor trust tier).

Verification:
- python yaml.safe_load → 3 ecosystem blocks, 11 npm groups, valid
- docker exec skillsmith-dev-1 npm run audit:standards → 51 pass,
  6 warnings, 0 fail (89% compliance, unchanged)
- dependabot.yml is data-only; structural verification via GitHub UI
  after merge will confirm batched PRs land on next Monday run.

Refs: SMI-4666 SMI-4669

Co-authored-by: Ryan Smith <wrsmith108@users.noreply.github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 3, 2026

Superseded by #910.

@dependabot dependabot Bot closed this May 3, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/opentelemetry/instrumentation-http-0.216.0 branch May 3, 2026 07:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants