Skip to content

chore(deps): bump the npm_and_yarn group across 3 directories with 2 updates#1984

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/e2e/scenarios/ai-sdk-otel-export/npm_and_yarn-3a41327465
Open

chore(deps): bump the npm_and_yarn group across 3 directories with 2 updates#1984
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/e2e/scenarios/ai-sdk-otel-export/npm_and_yarn-3a41327465

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 12, 2026

Bumps the npm_and_yarn group with 1 update in the /e2e/scenarios/nextjs-instrumentation directory: next.
Bumps the npm_and_yarn group with 1 update in the /e2e/scenarios/turbopack-auto-instrumentation directory: next.
Bumps the npm_and_yarn group with 1 update in the /js/examples/ai-sdk/next-openai-app directory: next.

Updates next from 14.2.34 to 15.5.18

Release notes

Sourced from next's releases.

v15.5.18

This release contains security fixes for the following advisories:

High:

Moderate:

Low:

v15.5.16

This release contains security fixes for the following advisories:

High:

Moderate:

Low:

v15.5.15

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summary-of-cve-2026-23869

v15.5.14

[!NOTE]

... (truncated)

Commits
  • 9ff92ce v15.5.18
  • 00ebe23 [backport] Disable build caches for production/staging/force-preview deploys ...
  • 62c97ab v15.5.17
  • 423623a Turbopack: Match proxy matchers with webpack implementation (#93594)
  • fa78739 Turbopack: Fix middleware matcher suffix (#93590)
  • 36e62c6 [backport] Turbopack: more strict vergen setup (#93588)
  • 36589b5 [backport][test] Pin package manager to patch versions (#93596)
  • ad6fd4e v15.5.16
  • 79d7dff Ignore malformed CSP nonce headers (#103)
  • c4f6908 router-server: guard upgrade proxy against absolute-url SSRF (#77) (#102)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.


Updates next from 16.2.1 to 16.2.6

Release notes

Sourced from next's releases.

v15.5.18

This release contains security fixes for the following advisories:

High:

Moderate:

Low:

v15.5.16

This release contains security fixes for the following advisories:

High:

Moderate:

Low:

v15.5.15

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summary-of-cve-2026-23869

v15.5.14

[!NOTE]

... (truncated)

Commits
  • 9ff92ce v15.5.18
  • 00ebe23 [backport] Disable build caches for production/staging/force-preview deploys ...
  • 62c97ab v15.5.17
  • 423623a Turbopack: Match proxy matchers with webpack implementation (#93594)
  • fa78739 Turbopack: Fix middleware matcher suffix (#93590)
  • 36e62c6 [backport] Turbopack: more strict vergen setup (#93588)
  • 36589b5 [backport][test] Pin package manager to patch versions (#93596)
  • ad6fd4e v15.5.16
  • 79d7dff Ignore malformed CSP nonce headers (#103)
  • c4f6908 router-server: guard upgrade proxy against absolute-url SSRF (#77) (#102)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.


Updates @opentelemetry/exporter-prometheus from 0.205.0 to 0.217.0

Release notes

Sourced from @​opentelemetry/exporter-prometheus's releases.

experimental/v0.217.0

0.217.0

🚀 Features

  • feat(otlp-transformer): replace protobufjs trace serialization with custom implementation #6625 @​pichlermarc
  • feat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using json-schema-to-typescript and ajv #6533 @​MikeGoldsmith
  • feat(configuration, sdk-node): startNodeSDK() code path now uses log_level configuration to setup a DiagConsoleLogger #6668 @​trentm
    • Note that allowed values for log_level in a configuration YAML file are not the same set as for OTEL_LOG_LEVEL. Use log_level: trace to see all logs (equivalent of OTEL_LOG_LEVEL=ALL). Use log_level: fatal to effectively disable the SDK's internal diagnostic logger (equivalent of OTEL_LOG_LEVEL=NONE).
    • If log_level is not specified, a diagnostic console logger at "info" level will be setup.
    • An invalid YAML config file will now result in a noop OTel SDK.

🐛 Bug Fixes

  • fix(configuration): do not validate OTEL_CONFIG_FILE value before using it for file config #6643 @​trentm
  • fix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types #6650 @​trentm
  • fix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing #6657 @​trentm
  • fix(configuration): improve handling of enums in generated types #6659 @​trentm
  • fix(configuration): improve the technique for removing '| null' on types the JSON Schema #6662 @​trentm
  • fix(sampler-jaeger-remote): add missing axios dep #6656 @​trentm
  • fix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler #6674 @​homanp

experimental/v0.216.0

0.216.0

🚀 Features

🐛 Bug Fixes

  • fix(instrumentation-xml-http-request): avoid unwrapping XMLHttpRequest API when disabling #6611 @​david-luna
  • fix(instrumentation-fetch): tolerate non-writable globalThis.fetch and fix premature _isEnabled / _isFetchPatched flips in enable() @​brunorodmoreira
  • fix(instrumentation-xhr): resolve relative URLs before matching ignoreUrls #6551 @​Maximiliano-Zeballos
  • fix(sdk-node): fix setting of ViewOption#name from ConfigurationModel #6620 @​trentm
  • fix(web-common): add limit for timeout #6601 @​maryliag
  • fix(otlp-transformer): pin protobufjs@8.0.1 as protobufjs@8.0.3 is broken for browser use #6646

🏠 Internal

  • test(otlp-transformer): add metrics transform benchmark #6628 @​pichlermarc
  • refactor(opentelemetry-exporter-prometheus): do not call enforcePrometheusNamingConvention() multiple times per metric #6636 @​cjihrig

experimental/v0.215.0

0.215.0

💥 Breaking Changes

... (truncated)

Commits
  • 74cde1b chore: prepare next release (#6675)
  • e8f439a fix: handle malformed URLs in Prometheus exporter request handler (#6674)
  • ab3a2e2 feat(sdk-node, configuration): diag log handling updates for startNodeSDK(), ...
  • d5b7d1e fix(deps): update dependency axios to v1.15.2 [security] (#6670)
  • c163618 chore(deps): update github/codeql-action digest to e46ed2c (#6661)
  • ec2bfbe chore(configuration): move config generation scripts into the configuration p...
  • acc9ecd chore(configuration): cosmetic changes to generated types.ts (#6663)
  • 8f008ec chore: Move inactive members to emeritus (#6649)
  • 435431e fix(configuration): improve the technique for removing '| null' on types due ...
  • 4222024 fix(configuration): improve handling of enums in generated types (#6659)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​opentelemetry/exporter-prometheus since your current version.


Updates next from 15.5.14 to 15.5.18

Release notes

Sourced from next's releases.

v15.5.18

This release contains security fixes for the following advisories:

High:

Moderate:

Low:

v15.5.16

This release contains security fixes for the following advisories:

High:

Moderate:

Low:

v15.5.15

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summary-of-cve-2026-23869

v15.5.14

[!NOTE]

... (truncated)

Commits
  • 9ff92ce v15.5.18
  • 00ebe23 [backport] Disable build caches for production/staging/force-preview deploys ...
  • 62c97ab v15.5.17
  • 423623a Turbopack: Match proxy matchers with webpack implementation (#93594)
  • fa78739 Turbopack: Fix middleware matcher suffix (#93590)
  • 36e62c6 [backport] Turbopack: more strict vergen setup (#93588)
  • 36589b5 [backport][test] Pin package manager to patch versions (#93596)
  • ad6fd4e v15.5.16
  • 79d7dff Ignore malformed CSP nonce headers (#103)
  • c4f6908 router-server: guard upgrade proxy against absolute-url SSRF (#77) (#102)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump the npm_and_yarn group across 3 directories with 2 …
b3ff433 
…updates

Bumps the npm_and_yarn group with 1 update in the /e2e/scenarios/nextjs-instrumentation directory: [next](https://github.com/vercel/next.js).
Bumps the npm_and_yarn group with 1 update in the /e2e/scenarios/turbopack-auto-instrumentation directory: [next](https://github.com/vercel/next.js).
Bumps the npm_and_yarn group with 1 update in the /js/examples/ai-sdk/next-openai-app directory: [next](https://github.com/vercel/next.js).


Updates `next` from 14.2.34 to 15.5.18
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.34...v15.5.18)

Updates `next` from 16.2.1 to 16.2.6
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.34...v15.5.18)

Updates `@opentelemetry/exporter-prometheus` from 0.205.0 to 0.217.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@experimental/v0.205.0...experimental/v0.217.0)

Updates `next` from 15.5.14 to 15.5.18
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v14.2.34...v15.5.18)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 15.5.18
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 16.2.6
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@opentelemetry/exporter-prometheus"
  dependency-version: 0.217.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: next
  dependency-version: 15.5.18
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 12, 2026
@dependabot dependabot Bot mentioned this pull request May 12, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants