chore(deps): bump protobufjs, @opentelemetry/auto-instrumentations-node, @opentelemetry/exporter-logs-otlp-http, @opentelemetry/exporter-metrics-otlp-http, @opentelemetry/exporter-trace-otlp-http and @opentelemetry/sdk-node

[dependabot]

Bumps protobufjs to 8.2.0 and updates ancestor dependencies protobufjs, @opentelemetry/auto-instrumentations-node, @opentelemetry/exporter-logs-otlp-http, @opentelemetry/exporter-metrics-otlp-http, @opentelemetry/exporter-trace-otlp-http and @opentelemetry/sdk-node. These dependencies need to be updated together.

Updates protobufjs from 8.0.0 to 8.2.0

Release notes

Sourced from protobufjs's releases.

protobufjs: v8.2.0

8.2.0 (2026-05-09)

Features

• Add finishInto() for zero-copy serialization into existing buffers (#2196) (657d6f1)
• Add textformat extension (#2233) (4639e29)
• cli: Add optional protoc-gen-pbjs plugin (#2231) (c9b6a2d)
• cli: Align json-module with static-module output (#2227) (a015091)
• Roundtrip unknown fields (#2209) (76fa03c)

Bug Fixes

• Accept URL-safe base64 input (#2207) (57a3821)
• Also resolve common definitions by file name (#2218) (e533950)
• Apply oneof last-value wins during decode (#2193) (cf35cdc)
• Consistently handle scalar map keys (#2186) (29b1183)
• Consistently reject truncated strings (#2205) (689e911)
• Correct parsedOptions TypeScript types (#2217) (dbe8d77)
• Decode bool values from full varints (#2192) (7b8d5c1)
• Decode fields by full wire tag (#2197) (f6264b1)
• Decode missing map message values as empty messages (#2206) (51c1a4f)
• Generate TypeScript class properties for extensions (#2187) (ec04bee)
• Harden parser input handling (#2240) (53a27fc)
• Improve Deno and Bun compatibility (#2228) (6034af8)
• Improve descriptor extension interoperability (#2232) (effbbc4)
• Make optional Node module lookups bundler-safe (#2237) (366030b)
• Merge singular message fields while decoding (#2195) (14d9df7)
• Omit proto3 implicit scalar defaults (#2208) (ea1b003)
• Read non-minimal 32-bit varints correctly (#2198) (5650a07)
• Reject malformed field tag varints (#2224) (1904533)
• Restore first-match namespace lookup (#2235) (4fb8900)
• Support proto2 extension groups (#2181) (1039194)
• Tighten key2Re regex with non-capturing group (#2225) (c87b149)
• Validate field and group tags while decoding (#2200) (c09d4f7)

Performance Improvements

• Avoid constructor setup during resolve (#2211) (1bf3c07)
• Preallocate arrays in converters (#2219) (62d2155)
• Reduce generated code overhead (#2212) (45ec503)
• Tweak reader varint32 and string cases (#2220) (4076ea8)

protobufjs: v8.0.3

8.0.3 (2026-04-27)

... (truncated)

Changelog

Sourced from protobufjs's changelog.

8.2.0 (2026-05-09)

Features

• Add finishInto() for zero-copy serialization into existing buffers (#2196) (657d6f1)
• Add textformat extension (#2233) (4639e29)
• cli: Add optional protoc-gen-pbjs plugin (#2231) (c9b6a2d)
• cli: Align json-module with static-module output (#2227) (a015091)
• Roundtrip unknown fields (#2209) (76fa03c)

Bug Fixes

• Accept URL-safe base64 input (#2207) (57a3821)
• Also resolve common definitions by file name (#2218) (e533950)
• Apply oneof last-value wins during decode (#2193) (cf35cdc)
• Consistently handle scalar map keys (#2186) (29b1183)
• Consistently reject truncated strings (#2205) (689e911)
• Correct parsedOptions TypeScript types (#2217) (dbe8d77)
• Decode bool values from full varints (#2192) (7b8d5c1)
• Decode fields by full wire tag (#2197) (f6264b1)
• Decode missing map message values as empty messages (#2206) (51c1a4f)
• Generate TypeScript class properties for extensions (#2187) (ec04bee)
• Harden parser input handling (#2240) (53a27fc)
• Improve Deno and Bun compatibility (#2228) (6034af8)
• Improve descriptor extension interoperability (#2232) (effbbc4)
• Make optional Node module lookups bundler-safe (#2237) (366030b)
• Merge singular message fields while decoding (#2195) (14d9df7)
• Omit proto3 implicit scalar defaults (#2208) (ea1b003)
• Read non-minimal 32-bit varints correctly (#2198) (5650a07)
• Reject malformed field tag varints (#2224) (1904533)
• Restore first-match namespace lookup (#2235) (4fb8900)
• Support proto2 extension groups (#2181) (1039194)
• Tighten key2Re regex with non-capturing group (#2225) (c87b149)
• Validate field and group tags while decoding (#2200) (c09d4f7)

Performance Improvements

• Avoid constructor setup during resolve (#2211) (1bf3c07)
• Preallocate arrays in converters (#2219) (62d2155)
• Reduce generated code overhead (#2212) (45ec503)
• Tweak reader varint32 and string cases (#2220) (4076ea8)

8.1.0 (skipped)

This version was skipped. Note that the 8.1.x-experimental line has diverged and should not be used.

8.0.3 (2026-04-27)

... (truncated)

Commits

• f8d5f3f chore: release master (#2194)
• 53a27fc fix: Harden parser input handling (#2240)
• c9b6a2d feat(cli): Add optional protoc-gen-pbjs plugin (#2231)
• 4639e29 feat: Add textformat extension (#2233)
• effbbc4 fix: Improve descriptor extension interoperability (#2232)
• 366030b fix: Make optional Node module lookups bundler-safe (#2237)
• 4fb8900 fix: Restore first-match namespace lookup (#2235)
• 657d6f1 feat: Add finishInto() for zero-copy serialization into existing buffers (#2196)
• 50a5c1d docs: Deprecate legacy decorators (#2238)
• cdb296c docs: Clarify json/static module and TypeScript docs (#2230)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for protobufjs since your current version.

Updates @opentelemetry/auto-instrumentations-node from 0.69.0 to 0.73.0

Changelog

Sourced from @​opentelemetry/auto-instrumentations-node's changelog.

0.73.0 (2026-04-17)

Features

• deps: update deps matching '@opentelemetry/*' (#3479) (8891261)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​opentelemetry/instrumentation-amqplib bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-aws-lambda bumped from ^0.66.0 to ^0.67.0
    • @​opentelemetry/instrumentation-aws-sdk bumped from ^0.69.0 to ^0.70.0
    • @​opentelemetry/instrumentation-bunyan bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-cassandra-driver bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-connect bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-cucumber bumped from ^0.30.0 to ^0.31.0
    • @​opentelemetry/instrumentation-dataloader bumped from ^0.31.0 to ^0.32.0
    • @​opentelemetry/instrumentation-dns bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-express bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-fs bumped from ^0.33.0 to ^0.34.0
    • @​opentelemetry/instrumentation-generic-pool bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-graphql bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-hapi bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-ioredis bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-kafkajs bumped from ^0.23.0 to ^0.24.0
    • @​opentelemetry/instrumentation-knex bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-koa bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-lru-memoizer bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-memcached bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-mongodb bumped from ^0.67.0 to ^0.68.0
    • @​opentelemetry/instrumentation-mongoose bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-mysql bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-mysql2 bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-nestjs-core bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-net bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-openai bumped from ^0.12.0 to ^0.13.0
    • @​opentelemetry/instrumentation-oracledb bumped from ^0.39.0 to ^0.40.0
    • @​opentelemetry/instrumentation-pg bumped from ^0.66.0 to ^0.67.0
    • @​opentelemetry/instrumentation-pino bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-redis bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-restify bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-router bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-runtime-node bumped from ^0.27.0 to ^0.28.0
    • @​opentelemetry/instrumentation-socket.io bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-tedious bumped from ^0.33.0 to ^0.34.0
    • @​opentelemetry/instrumentation-undici bumped from ^0.24.0 to ^0.25.0
    • @​opentelemetry/instrumentation-winston bumped from ^0.58.0 to ^0.59.0

... (truncated)

Commits

• 2801ab2 chore: release main (#3151)
• ab96334 feat(deps): update deps matching '@opentelemetry/*' (#3187)
• c352766 chore(eslint): upgrade to eslint 9 (#3001)
• d2b090e feat(auto-instrumentations-node): add OpenAI instrumentation (#3164)
• See full diff in compare view

Updates @opentelemetry/exporter-logs-otlp-http from 0.211.0 to 0.215.0

Release notes

Sourced from @​opentelemetry/exporter-logs-otlp-http's releases.

experimental/v0.215.0

0.215.0

💥 Breaking Changes

• feat(sdk-logs)!: add required forceFlush() to LogRecordExporter interface #6356 @​pichlermarc
  • (user-facing): LogRecordExporter interface now requires a forceFlush() method to be implemented. Custom exporters will need to implement this method to continue working with the Logs SDK.
• feat(api-logs, sdk-logs)!: add Logger#enabled() #6371 @​david-luna

🚀 Features

• feat(otlp-transformer): add custom protobuf logs serializer #6228 @​pichlermarc
• feat(otlp-transformer): add custom protobuf logs export response deserializer #6530 @​pichlermarc

🐛 Bug Fixes

• fix(instrumentation-fetch): preserve init overrides when input is a Request object #6421 @​akandic47
• fix(otlp-exporter-base): limit Node.js HTTP transport response body to 4 MiB #6552 @​kartikgola
• fix(instrumentation-fetch): avoid unwrapping fetch API when disabling #6575 @​david-luna
• fix(web-common): add check for possible unsafe json parse #6589 @​maryliag
• fix(otlp-transformer): add check for possible unsafe json parse #6588 @​maryliag

experimental/v0.214.0

0.214.0

💥 Breaking Changes

• feat(configuration)!: rename OTEL_EXPERIMENTAL_CONFIG_FILE to OTEL_CONFIG_FILE #6486 @​maryliag
• refactor!(otlp-grpc-exporter-base): remove headers from gRPC exporter config type, passing headers now results in a compile-time error instead of being silently ignored #6487

🚀 Features

• feat(configuration): add sampler configuration parsing support #6409 @​MikeGoldsmith
• feat(configuration): add resource detection parsing #6435 @​MikeGoldsmith
• feat(configuration): export interfaces required in other packages #6462 @​maryliag
• feat(configuration): set MeterProvider on sdk start #6463 @​maryliag
• feat(configuration): export interfaces required in other packages #6507 @​maryliag

🐛 Bug Fixes

• fix(opentelemetry-instrumentation): access require via globalThis to avoid webpack analysis #6481 @​overbalance
• fix(sdk-logs): fix inflated droppedAttributesCount when updating existing attribute keys #6479 @​overbalance
• fix(instrumentation-fetch): do not modify the returned type of fetch #6521 @​dyladan
• fix(opentelemetry-sdk-node): add missing @opentelemetry/otlp-exporter-base dependency #6520 @​gotgenes

🏠 Internal

• chore: enforce import type for type-only imports via ESLint #6467 @​overbalance

... (truncated)

Commits

• a0476ee chore: prepare next release (#6603)
• 6bc69c7 fix(instr-fetch): avoid unwrap fetch API (#6575)
• 840f3d4 chore: re-arrange misplaced changelog entries (#6604)
• 2da8d39 feat(configuration): refactoring config loader to print warning message for b...
• 401af13 fix(deps): update dependency protobufjs to v8 (#6602)
• 36e2a9a fix(opentelemetry-core): add extra checks on internal merge function for safe...
• 8ee2a8b fix(web-common): add check for possible unsafe json parse (#6589)
• f40fd24 fix(otlp-transformer): add check for possible unsafe json parse (#6588)
• 394eeb0 chore: update changelog script (#6586)
• 36ce569 feat(sdk-metrics): adds the cardinalitySelector argument to PeriodicExporting...
• Additional commits viewable in compare view

Updates @opentelemetry/exporter-metrics-otlp-http from 0.211.0 to 0.215.0

Release notes

Sourced from @​opentelemetry/exporter-metrics-otlp-http's releases.

experimental/v0.215.0

0.215.0

💥 Breaking Changes

• feat(sdk-logs)!: add required forceFlush() to LogRecordExporter interface #6356 @​pichlermarc
  • (user-facing): LogRecordExporter interface now requires a forceFlush() method to be implemented. Custom exporters will need to implement this method to continue working with the Logs SDK.
• feat(api-logs, sdk-logs)!: add Logger#enabled() #6371 @​david-luna

🚀 Features

• feat(otlp-transformer): add custom protobuf logs serializer #6228 @​pichlermarc
• feat(otlp-transformer): add custom protobuf logs export response deserializer #6530 @​pichlermarc

🐛 Bug Fixes

• fix(instrumentation-fetch): preserve init overrides when input is a Request object #6421 @​akandic47
• fix(otlp-exporter-base): limit Node.js HTTP transport response body to 4 MiB #6552 @​kartikgola
• fix(instrumentation-fetch): avoid unwrapping fetch API when disabling #6575 @​david-luna
• fix(web-common): add check for possible unsafe json parse #6589 @​maryliag
• fix(otlp-transformer): add check for possible unsafe json parse #6588 @​maryliag

experimental/v0.214.0

0.214.0

💥 Breaking Changes

• feat(configuration)!: rename OTEL_EXPERIMENTAL_CONFIG_FILE to OTEL_CONFIG_FILE #6486 @​maryliag
• refactor!(otlp-grpc-exporter-base): remove headers from gRPC exporter config type, passing headers now results in a compile-time error instead of being silently ignored #6487

🚀 Features

• feat(configuration): add sampler configuration parsing support #6409 @​MikeGoldsmith
• feat(configuration): add resource detection parsing #6435 @​MikeGoldsmith
• feat(configuration): export interfaces required in other packages #6462 @​maryliag
• feat(configuration): set MeterProvider on sdk start #6463 @​maryliag
• feat(configuration): export interfaces required in other packages #6507 @​maryliag

🐛 Bug Fixes

• fix(opentelemetry-instrumentation): access require via globalThis to avoid webpack analysis #6481 @​overbalance
• fix(sdk-logs): fix inflated droppedAttributesCount when updating existing attribute keys #6479 @​overbalance
• fix(instrumentation-fetch): do not modify the returned type of fetch #6521 @​dyladan
• fix(opentelemetry-sdk-node): add missing @opentelemetry/otlp-exporter-base dependency #6520 @​gotgenes

🏠 Internal

• chore: enforce import type for type-only imports via ESLint #6467 @​overbalance

... (truncated)

Commits

• a0476ee chore: prepare next release (#6603)
• 6bc69c7 fix(instr-fetch): avoid unwrap fetch API (#6575)
• 840f3d4 chore: re-arrange misplaced changelog entries (#6604)
• 2da8d39 feat(configuration): refactoring config loader to print warning message for b...
• 401af13 fix(deps): update dependency protobufjs to v8 (#6602)
• 36e2a9a fix(opentelemetry-core): add extra checks on internal merge function for safe...
• 8ee2a8b fix(web-common): add check for possible unsafe json parse (#6589)
• f40fd24 fix(otlp-transformer): add check for possible unsafe json parse (#6588)
• 394eeb0 chore: update changelog script (#6586)
• 36ce569 feat(sdk-metrics): adds the cardinalitySelector argument to PeriodicExporting...
• Additional commits viewable in compare view

Updates @opentelemetry/exporter-trace-otlp-http from 0.211.0 to 0.215.0

Release notes

Sourced from @​opentelemetry/exporter-trace-otlp-http's releases.

experimental/v0.215.0

0.215.0

💥 Breaking Changes

• feat(sdk-logs)!: add required forceFlush() to LogRecordExporter interface #6356 @​pichlermarc
  • (user-facing): LogRecordExporter interface now requires a forceFlush() method to be implemented. Custom exporters will need to implement this method to continue working with the Logs SDK.
• feat(api-logs, sdk-logs)!: add Logger#enabled() #6371 @​david-luna

🚀 Features

• feat(otlp-transformer): add custom protobuf logs serializer #6228 @​pichlermarc
• feat(otlp-transformer): add custom protobuf logs export response deserializer #6530 @​pichlermarc

🐛 Bug Fixes

• fix(instrumentation-fetch): preserve init overrides when input is a Request object #6421 @​akandic47
• fix(otlp-exporter-base): limit Node.js HTTP transport response body to 4 MiB #6552 @​kartikgola
• fix(instrumentation-fetch): avoid unwrapping fetch API when disabling #6575 @​david-luna
• fix(web-common): add check for possible unsafe json parse #6589 @​maryliag
• fix(otlp-transformer): add check for possible unsafe json parse #6588 @​maryliag

experimental/v0.214.0

0.214.0

💥 Breaking Changes

• feat(configuration)!: rename OTEL_EXPERIMENTAL_CONFIG_FILE to OTEL_CONFIG_FILE #6486 @​maryliag
• refactor!(otlp-grpc-exporter-base): remove headers from gRPC exporter config type, passing headers now results in a compile-time error instead of being silently ignored #6487

🚀 Features

• feat(configuration): add sampler configuration parsing support #6409 @​MikeGoldsmith
• feat(configuration): add resource detection parsing #6435 @​MikeGoldsmith
• feat(configuration): export interfaces required in other packages #6462 @​maryliag
• feat(configuration): set MeterProvider on sdk start #6463 @​maryliag
• feat(configuration): export interfaces required in other packages #6507 @​maryliag

🐛 Bug Fixes

• fix(opentelemetry-instrumentation): access require via globalThis to avoid webpack analysis #6481 @​overbalance
• fix(sdk-logs): fix inflated droppedAttributesCount when updating existing attribute keys #6479 @​overbalance
• fix(instrumentation-fetch): do not modify the returned type of fetch #6521 @​dyladan
• fix(opentelemetry-sdk-node): add missing @opentelemetry/otlp-exporter-base dependency #6520 @​gotgenes

🏠 Internal

• chore: enforce import type for type-only imports via ESLint #6467 @​overbalance

... (truncated)

Commits

• a0476ee chore: prepare next release (#6603)
• 6bc69c7 fix(instr-fetch): avoid unwrap fetch API (#6575)
• 840f3d4 chore: re-arrange misplaced changelog entries (#6604)
• 2da8d39 feat(configuration): refactoring config loader to print warning message for b...
• 401af13 fix(deps): update dependency protobufjs to v8 (#6602)
• 36e2a9a fix(opentelemetry-core): add extra checks on internal merge function for safe...
• 8ee2a8b fix(web-common): add check for possible unsafe json parse (#6589)
• f40fd24 fix(otlp-transformer): add check for possible unsafe json parse (#6588)
• 394eeb0 chore: update changelog script (#6586)
• 36ce569 feat(sdk-metrics): adds the cardinalitySelector argument to PeriodicExporting...
• Additional commits viewable in compare view

Updates @opentelemetry/sdk-node from 0.211.0 to 0.215.0

Release notes

Sourced from @​opentelemetry/sdk-node's releases.

experimental/v0.215.0

0.215.0

💥 Breaking Changes

• feat(sdk-logs)!: add required forceFlush() to LogRecordExporter interface #6356 @​pichlermarc
  • (user-facing): LogRecordExporter interface now requires a forceFlush() method to be implemented. Custom exporters will need to implement this method to continue working with the Logs SDK.
• feat(api-logs, sdk-logs)!: add Logger#enabled() #6371 @​david-luna

🚀 Features

• feat(otlp-transformer): add custom protobuf logs serializer #6228 @​pichlermarc
• feat(otlp-transformer): add custom protobuf logs export response deserializer #6530 @​pichlermarc

🐛 Bug Fixes

• fix(instrumentation-fetch): preserve init overrides when input is a Request object #6421 @​akandic47
• fix(otlp-exporter-base): limit Node.js HTTP transport response body to 4 MiB #6552 @​kartikgola
• fix(instrumentation-fetch): avoid unwrapping fetch API when disabling #6575 @​david-luna
• fix(web-common): add check for possible unsafe json parse #6589 @​maryliag
• fix(otlp-transformer): add check for possible unsafe json parse #6588 @​maryliag

experimental/v0.214.0

0.214.0

💥 Breaking Changes

• feat(configuration)!: rename OTEL_EXPERIMENTAL_CONFIG_FILE to OTEL_CONFIG_FILE #6486 @​maryliag
• refactor!(otlp-grpc-exporter-base): remove headers from gRPC exporter config type, passing headers now results in a compile-time error instead of being silently ignored #6487

🚀 Features

• feat(configuration): add sampler configuration parsing support #6409 @​MikeGoldsmith
• feat(configuration): add resource detection parsing #6435 @​MikeGoldsmith
• feat(configuration): export interfaces required in other packages #6462 @​maryliag
• feat(configuration): set MeterProvider on sdk start #6463 @​maryliag
• feat(configuration): export interfaces required in other packages #6507 @​maryliag

🐛 Bug Fixes

• fix(opentelemetry-instrumentation): access require via globalThis to avoid webpack analysis #6481 @​overbalance
• fix(sdk-logs): fix inflated droppedAttributesCount when updating existing attribute keys #6479 @​overbalance
• fix(instrumentation-fetch): do not modify the returned type of fetch #6521 @​dyladan
• fix(opentelemetry-sdk-node): add missing @opentelemetry/otlp-exporter-base dependency #6520 @​gotgenes

🏠 Internal

• chore: enforce import type for type-only imports via ESLint #6467 @​overbalance

... (truncated)

Commits

• a0476ee chore: prepare next release (#6603)
• 6bc69c7 fix(instr-fetch): avoid unwrap fetch API (#6575)
• 840f3d4 chore: re-arrange misplaced changelog entries (#6604)
• 2da8d39 feat(configuration): refactoring config loader to print warning message for b...
• 401af13 fix(deps): update dependency protobufjs to v8 (#6602)
• 36e2a9a fix(opentelemetry-core): add extra checks on internal merge function for safe...
• 8ee2a8b fix(web-common): add check for possible unsafe json parse (#6589)
• f40fd24 fix(otlp-transformer): add check for possible unsafe json parse (#6588)
• 394eeb0 chore: update changelog script (#6586)
• 36ce569 feat(sdk-metrics): adds the cardinalitySelector argument to PeriodicExporting...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

Dependency Review

The following issues were found:

• ❌ 3 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.
• ⚠️ 2 packages with OpenSSF Scorecard issues.

View full job summary

[dependabot]

Superseded by #61.