chore(deps): bump @opentelemetry/exporter-prometheus, @opentelemetry/auto-instrumentations-node and @opentelemetry/sdk-node in /backend

[dependabot]

Bumps @opentelemetry/exporter-prometheus, @opentelemetry/auto-instrumentations-node and @opentelemetry/sdk-node. These dependencies needed to be updated together.
Updates @opentelemetry/exporter-prometheus from 0.208.0 to 0.217.0

Release notes

Sourced from @​opentelemetry/exporter-prometheus's releases.

experimental/v0.217.0

0.217.0

🚀 Features

• feat(otlp-transformer): replace protobufjs trace serialization with custom implementation #6625 @​pichlermarc
• feat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using json-schema-to-typescript and ajv #6533 @​MikeGoldsmith
• feat(configuration, sdk-node): startNodeSDK() code path now uses log_level configuration to setup a DiagConsoleLogger #6668 @​trentm
  • Note that allowed values for log_level in a configuration YAML file are not the same set as for OTEL_LOG_LEVEL. Use log_level: trace to see all logs (equivalent of OTEL_LOG_LEVEL=ALL). Use log_level: fatal to effectively disable the SDK's internal diagnostic logger (equivalent of OTEL_LOG_LEVEL=NONE).
  • If log_level is not specified, a diagnostic console logger at "info" level will be setup.
  • An invalid YAML config file will now result in a noop OTel SDK.

🐛 Bug Fixes

• fix(configuration): do not validate OTEL_CONFIG_FILE value before using it for file config #6643 @​trentm
• fix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types #6650 @​trentm
• fix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing #6657 @​trentm
• fix(configuration): improve handling of enums in generated types #6659 @​trentm
• fix(configuration): improve the technique for removing '| null' on types the JSON Schema #6662 @​trentm
• fix(sampler-jaeger-remote): add missing axios dep #6656 @​trentm
• fix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler #6674 @​homanp

experimental/v0.216.0

0.216.0

🚀 Features

• feat(sdk-node): wire attribute_keys from declarative configuration to ViewOptions.attributesProcessors #6427 @​ravitheja4531-cell
• feat(sdk-node): set TracerProvider in startNodeSDK() #6607 @​maryliag

🐛 Bug Fixes

• fix(instrumentation-xml-http-request): avoid unwrapping XMLHttpRequest API when disabling #6611 @​david-luna
• fix(instrumentation-fetch): tolerate non-writable globalThis.fetch and fix premature _isEnabled / _isFetchPatched flips in enable() @​brunorodmoreira
• fix(instrumentation-xhr): resolve relative URLs before matching ignoreUrls #6551 @​Maximiliano-Zeballos
• fix(sdk-node): fix setting of ViewOption#name from ConfigurationModel #6620 @​trentm
• fix(web-common): add limit for timeout #6601 @​maryliag
• fix(otlp-transformer): pin protobufjs@8.0.1 as protobufjs@8.0.3 is broken for browser use #6646

🏠 Internal

• test(otlp-transformer): add metrics transform benchmark #6628 @​pichlermarc
• refactor(opentelemetry-exporter-prometheus): do not call enforcePrometheusNamingConvention() multiple times per metric #6636 @​cjihrig

experimental/v0.215.0

0.215.0

💥 Breaking Changes

... (truncated)

Commits

• 74cde1b chore: prepare next release (#6675)
• e8f439a fix: handle malformed URLs in Prometheus exporter request handler (#6674)
• ab3a2e2 feat(sdk-node, configuration): diag log handling updates for startNodeSDK(), ...
• d5b7d1e fix(deps): update dependency axios to v1.15.2 [security] (#6670)
• c163618 chore(deps): update github/codeql-action digest to e46ed2c (#6661)
• ec2bfbe chore(configuration): move config generation scripts into the configuration p...
• acc9ecd chore(configuration): cosmetic changes to generated types.ts (#6663)
• 8f008ec chore: Move inactive members to emeritus (#6649)
• 435431e fix(configuration): improve the technique for removing '| null' on types due ...
• 4222024 fix(configuration): improve handling of enums in generated types (#6659)
• Additional commits viewable in compare view

Updates @opentelemetry/auto-instrumentations-node from 0.67.2 to 0.75.0

Release notes

Sourced from @​opentelemetry/auto-instrumentations-node's releases.

auto-instrumentations-node: v0.75.0

0.75.0 (2026-05-06)

Features

• deps: update deps matching '@opentelemetry/*' (#3507) (e1ef3d1)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​opentelemetry/instrumentation-amqplib bumped from ^0.63.0 to ^0.64.0
    • @​opentelemetry/instrumentation-aws-lambda bumped from ^0.68.0 to ^0.69.0
    • @​opentelemetry/instrumentation-aws-sdk bumped from ^0.71.0 to ^0.72.0
    • @​opentelemetry/instrumentation-bunyan bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-cassandra-driver bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-connect bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-cucumber bumped from ^0.32.0 to ^0.33.0
    • @​opentelemetry/instrumentation-dataloader bumped from ^0.33.0 to ^0.34.0
    • @​opentelemetry/instrumentation-dns bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-express bumped from ^0.64.0 to ^0.65.0
    • @​opentelemetry/instrumentation-fs bumped from ^0.35.0 to ^0.36.0
    • @​opentelemetry/instrumentation-generic-pool bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-graphql bumped from ^0.64.0 to ^0.65.0
    • @​opentelemetry/instrumentation-hapi bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-ioredis bumped from ^0.64.0 to ^0.65.0
    • @​opentelemetry/instrumentation-kafkajs bumped from ^0.25.0 to ^0.26.0
    • @​opentelemetry/instrumentation-knex bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-koa bumped from ^0.64.0 to ^0.65.0
    • @​opentelemetry/instrumentation-lru-memoizer bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-memcached bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-mongodb bumped from ^0.69.0 to ^0.70.0
    • @​opentelemetry/instrumentation-mongoose bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-mysql bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-mysql2 bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-nestjs-core bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-net bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-openai bumped from ^0.14.0 to ^0.15.0
    • @​opentelemetry/instrumentation-oracledb bumped from ^0.41.0 to ^0.42.0
    • @​opentelemetry/instrumentation-pg bumped from ^0.68.0 to ^0.69.0
    • @​opentelemetry/instrumentation-pino bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-redis bumped from ^0.64.0 to ^0.65.0
    • @​opentelemetry/instrumentation-restify bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-router bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-runtime-node bumped from ^0.29.0 to ^0.30.0
    • @​opentelemetry/instrumentation-socket.io bumped from ^0.63.0 to ^0.64.0
    • @​opentelemetry/instrumentation-tedious bumped from ^0.35.0 to ^0.36.0
    • @​opentelemetry/instrumentation-undici bumped from ^0.26.0 to ^0.27.0

... (truncated)

Changelog

Sourced from @​opentelemetry/auto-instrumentations-node's changelog.

0.75.0 (2026-05-06)

Features

• deps: update deps matching '@opentelemetry/*' (#3507) (e1ef3d1)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​opentelemetry/instrumentation-amqplib bumped from ^0.63.0 to ^0.64.0
    • @​opentelemetry/instrumentation-aws-lambda bumped from ^0.68.0 to ^0.69.0
    • @​opentelemetry/instrumentation-aws-sdk bumped from ^0.71.0 to ^0.72.0
    • @​opentelemetry/instrumentation-bunyan bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-cassandra-driver bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-connect bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-cucumber bumped from ^0.32.0 to ^0.33.0
    • @​opentelemetry/instrumentation-dataloader bumped from ^0.33.0 to ^0.34.0
    • @​opentelemetry/instrumentation-dns bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-express bumped from ^0.64.0 to ^0.65.0
    • @​opentelemetry/instrumentation-fs bumped from ^0.35.0 to ^0.36.0
    • @​opentelemetry/instrumentation-generic-pool bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-graphql bumped from ^0.64.0 to ^0.65.0
    • @​opentelemetry/instrumentation-hapi bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-ioredis bumped from ^0.64.0 to ^0.65.0
    • @​opentelemetry/instrumentation-kafkajs bumped from ^0.25.0 to ^0.26.0
    • @​opentelemetry/instrumentation-knex bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-koa bumped from ^0.64.0 to ^0.65.0
    • @​opentelemetry/instrumentation-lru-memoizer bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-memcached bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-mongodb bumped from ^0.69.0 to ^0.70.0
    • @​opentelemetry/instrumentation-mongoose bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-mysql bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-mysql2 bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-nestjs-core bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-net bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-openai bumped from ^0.14.0 to ^0.15.0
    • @​opentelemetry/instrumentation-oracledb bumped from ^0.41.0 to ^0.42.0
    • @​opentelemetry/instrumentation-pg bumped from ^0.68.0 to ^0.69.0
    • @​opentelemetry/instrumentation-pino bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-redis bumped from ^0.64.0 to ^0.65.0
    • @​opentelemetry/instrumentation-restify bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-router bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-runtime-node bumped from ^0.29.0 to ^0.30.0
    • @​opentelemetry/instrumentation-socket.io bumped from ^0.63.0 to ^0.64.0
    • @​opentelemetry/instrumentation-tedious bumped from ^0.35.0 to ^0.36.0
    • @​opentelemetry/instrumentation-undici bumped from ^0.26.0 to ^0.27.0
    • @​opentelemetry/instrumentation-winston bumped from ^0.60.0 to ^0.61.0

... (truncated)

Commits

• b68fb6d chore: release main (#3498)
• e1ef3d1 feat(deps): update deps matching '@opentelemetry/*' (#3507)
• 03ed3a3 chore: release main (#3481)
• a91133a feat(deps): update deps matching '@opentelemetry/*' (#3497)
• bd017c8 chore: release main (#3451)
• 8891261 feat(deps): update deps matching '@opentelemetry/*' (#3479)
• 36a030c chore: switch to short license header (#3476)
• ed97091 chore: release main (#3415)
• c8df394 feat(deps): update deps matching '@opentelemetry/*' (#3450)
• ac26e9a feat(auto-instrumentations-node, instrumentation-fastify)!: remove instrument...
• Additional commits viewable in compare view

Updates @opentelemetry/sdk-node from 0.208.0 to 0.217.0

Release notes

Sourced from @​opentelemetry/sdk-node's releases.

experimental/v0.217.0

0.217.0

🚀 Features

• feat(otlp-transformer): replace protobufjs trace serialization with custom implementation #6625 @​pichlermarc
• feat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using json-schema-to-typescript and ajv #6533 @​MikeGoldsmith
• feat(configuration, sdk-node): startNodeSDK() code path now uses log_level configuration to setup a DiagConsoleLogger #6668 @​trentm
  • Note that allowed values for log_level in a configuration YAML file are not the same set as for OTEL_LOG_LEVEL. Use log_level: trace to see all logs (equivalent of OTEL_LOG_LEVEL=ALL). Use log_level: fatal to effectively disable the SDK's internal diagnostic logger (equivalent of OTEL_LOG_LEVEL=NONE).
  • If log_level is not specified, a diagnostic console logger at "info" level will be setup.
  • An invalid YAML config file will now result in a noop OTel SDK.

🐛 Bug Fixes

• fix(configuration): do not validate OTEL_CONFIG_FILE value before using it for file config #6643 @​trentm
• fix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types #6650 @​trentm
• fix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing #6657 @​trentm
• fix(configuration): improve handling of enums in generated types #6659 @​trentm
• fix(configuration): improve the technique for removing '| null' on types the JSON Schema #6662 @​trentm
• fix(sampler-jaeger-remote): add missing axios dep #6656 @​trentm
• fix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler #6674 @​homanp

experimental/v0.216.0

0.216.0

🚀 Features

• feat(sdk-node): wire attribute_keys from declarative configuration to ViewOptions.attributesProcessors #6427 @​ravitheja4531-cell
• feat(sdk-node): set TracerProvider in startNodeSDK() #6607 @​maryliag

🐛 Bug Fixes

• fix(instrumentation-xml-http-request): avoid unwrapping XMLHttpRequest API when disabling #6611 @​david-luna
• fix(instrumentation-fetch): tolerate non-writable globalThis.fetch and fix premature _isEnabled / _isFetchPatched flips in enable() @​brunorodmoreira
• fix(instrumentation-xhr): resolve relative URLs before matching ignoreUrls #6551 @​Maximiliano-Zeballos
• fix(sdk-node): fix setting of ViewOption#name from ConfigurationModel #6620 @​trentm
• fix(web-common): add limit for timeout #6601 @​maryliag
• fix(otlp-transformer): pin protobufjs@8.0.1 as protobufjs@8.0.3 is broken for browser use #6646

🏠 Internal

• test(otlp-transformer): add metrics transform benchmark #6628 @​pichlermarc
• refactor(opentelemetry-exporter-prometheus): do not call enforcePrometheusNamingConvention() multiple times per metric #6636 @​cjihrig

experimental/v0.215.0

0.215.0

💥 Breaking Changes

... (truncated)

Commits

• 74cde1b chore: prepare next release (#6675)
• e8f439a fix: handle malformed URLs in Prometheus exporter request handler (#6674)
• ab3a2e2 feat(sdk-node, configuration): diag log handling updates for startNodeSDK(), ...
• d5b7d1e fix(deps): update dependency axios to v1.15.2 [security] (#6670)
• c163618 chore(deps): update github/codeql-action digest to e46ed2c (#6661)
• ec2bfbe chore(configuration): move config generation scripts into the configuration p...
• acc9ecd chore(configuration): cosmetic changes to generated types.ts (#6663)
• 8f008ec chore: Move inactive members to emeritus (#6649)
• 435431e fix(configuration): improve the technique for removing '| null' on types due ...
• 4222024 fix(configuration): improve handling of enums in generated types (#6659)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Summary by cubic

Upgrade OpenTelemetry in the backend to align with the 0.217 SDK and 0.75 auto-instrumentations for better compatibility and recent fixes. Includes improved Prometheus exporter robustness and startNodeSDK() log level handling from declarative config.

• Dependencies

  • @opentelemetry/exporter-prometheus: 0.208.0 → 0.217.0
  • @opentelemetry/auto-instrumentations-node: 0.67.2 → 0.75.0
  • @opentelemetry/sdk-node: 0.208.0 → 0.217.0

• Migration

  • If using OTel declarative config, review log_level values used by startNodeSDK() (defaults to info; invalid YAML now results in a noop SDK).

^{Written for commit 6c8e5f1. Summary will update on new commits.}

[cubic-dev-ai]

1 issue found across 2 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="backend/package.json">

<violation number="1" location="backend/package.json:52">
P2: This update introduces experimental OpenTelemetry version skew (`sdk-node`/prometheus at `0.217.x` while OTLP exporters remain `0.208.x`). Align all `@opentelemetry/*` experimental packages to the same release line to avoid mismatched runtime behavior.</violation>
</file>

_{Tip: cubic can generate docs of your entire codebase and keep them up to date. Try it here.}

[cubic-dev-ai]

P2: This update introduces experimental OpenTelemetry version skew (sdk-node/prometheus at 0.217.x while OTLP exporters remain 0.208.x). Align all @opentelemetry/* experimental packages to the same release line to avoid mismatched runtime behavior.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At backend/package.json, line 52:

<comment>This update introduces experimental OpenTelemetry version skew (`sdk-node`/prometheus at `0.217.x` while OTLP exporters remain `0.208.x`). Align all `@opentelemetry/*` experimental packages to the same release line to avoid mismatched runtime behavior.</comment>

<file context>
@@ -43,13 +43,13 @@
     "@opentelemetry/resources": "^2.2.0",
     "@opentelemetry/sdk-metrics": "^2.2.0",
-    "@opentelemetry/sdk-node": "^0.208.0",
+    "@opentelemetry/sdk-node": "^0.217.0",
     "@opentelemetry/sdk-trace-base": "^2.2.0",
     "@prisma/client": "^5.7.0",
</file context>