Skip to content

feat(deps): Bump the opentelemetry group with 5 updates#20884

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/opentelemetry-c44525dd0a
Open

feat(deps): Bump the opentelemetry group with 5 updates#20884
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/opentelemetry-c44525dd0a

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 14, 2026

Bumps the opentelemetry group with 5 updates:

Package From To
@opentelemetry/semantic-conventions 1.40.0 1.41.1
@opentelemetry/core 2.6.1 2.7.1
@opentelemetry/sdk-trace-base 2.6.1 2.7.1
@opentelemetry/exporter-trace-otlp-http 0.214.0 0.218.0
@opentelemetry/resources 2.6.1 2.7.1

Updates @opentelemetry/semantic-conventions from 1.40.0 to 1.41.1

Release notes

Sourced from @​opentelemetry/semantic-conventions's releases.

semconv/v1.41.1

1.41.1

🚀 Features

Note: Semantic Conventions v1.41.0 included an issue that prevented publishing a "1.41.0" version of this package.

  • feat: update semantic conventions to v1.41.1 #6695 @​trentm
    • Semantic Conventions v1.41.1: changelog v1.41.0 | changelog v1.41.1 | latest docs
    • @opentelemetry/semantic-conventions (stable) changes: 8 added exports
    • @opentelemetry/semantic-conventions/incubating (unstable) changes: 2 exported values changed, 4 newly deprecated exports, 80 added exports

Stable changes in v1.41.1

ATTR_DEPLOYMENT_ENVIRONMENT_NAME              // deployment.environment.name
  DEPLOYMENT_ENVIRONMENT_NAME_VALUE_DEVELOPMENT // "development"
  DEPLOYMENT_ENVIRONMENT_NAME_VALUE_PRODUCTION  // "production"
  DEPLOYMENT_ENVIRONMENT_NAME_VALUE_STAGING     // "staging"
  DEPLOYMENT_ENVIRONMENT_NAME_VALUE_TEST        // "test"
ATTR_OTEL_EVENT_NAME                          // otel.event.name
ATTR_TELEMETRY_DISTRO_NAME                    // telemetry.distro.name
ATTR_TELEMETRY_DISTRO_VERSION                 // telemetry.distro.version

Unstable changes in v1.41.1

METRIC_K8S_CONTAINER_CPU_LIMIT_UTILIZATION   // k8s.container.cpu.limit_utilization -> k8s.container.cpu.limit.utilization
METRIC_K8S_CONTAINER_CPU_REQUEST_UTILIZATION // k8s.container.cpu.request_utilization -> k8s.container.cpu.request.utilization
METRIC_K8S_CONTAINER_CPU_LIMIT      // k8s.container.cpu.limit: Replaced by `k8s.container.cpu.limit.desired`.
METRIC_K8S_CONTAINER_CPU_REQUEST    // k8s.container.cpu.request: Replaced by `k8s.container.cpu.request.desired`.
</tr></table>

... (truncated)

Commits
  • 013c600 chore: prepare next release (#6699)
  • b7a0c63 feat(semantic-conventions): update semantic conventions to v1.41.1 (#6695)
  • 774143b chore(renovate): add minimumReleaseAge to config (#6697)
  • e0dafe0 fix(otlp-exporter-base): remove brackets from IPv6 hostname in HTTP transport...
  • f804c93 chore(deps): update github/codeql-action digest to 68bde55 (#6682)
  • 95e48e7 refactor(sdk-logs): alias LoggerProviderConfig to LoggerProviderOptions (...
  • 907b627 feat(sdk-node): allow startNodeSDK() without an arg (#6688)
  • 0d15261 docs: Add SIG meeting info and welcoming language (#6689)
  • 0893288 chore(sdk-node): restore skipped test cases (#6685)
  • 3b5bfbd feat(configuration): show all config validation errors, if there are multiple...
  • Additional commits viewable in compare view

Updates @opentelemetry/core from 2.6.1 to 2.7.1

Release notes

Sourced from @​opentelemetry/core's releases.

v2.7.1

2.7.1

🐛 Bug Fixes

  • fix(core, api): defer trace state validation. Deprecate trace state implementation in api #6459 @​david-luna
    • important: this bug fix may be breaking for certain uses of TraceState
      • set now returns the same TraceState instance if key/value are invalid or makes the while trace state invalid.
      • unset now returns the same TraceState instance if key is not present.
      • best-effort parsing of invalid TraceStates has changed: when multiple keys with the same name are present, the most recent one will win.

🏠 Internal

v2.7.0

2.7.0

🚀 Features

  • feat(sdk-logs): implement log creation metrics #6433 @​anuraaga
  • feat(sdk-metrics): add the cardinalitySelector argument to PeriodicExportingMetricReaders #6460 @​starzlocker
  • feat(opentelemetry-core): add extra checks on internal merge function for safety #6587 @​maryliag

🐛 Bug Fixes

  • fix(opentelemetry-resources): do not discard OTEL_RESOURCE_ATTRIBUTES when it contains empty kv pairs

🏠 Internal

Changelog

Sourced from @​opentelemetry/core's changelog.

2.7.1

🐛 Bug Fixes

  • fix(core, api): defer trace state validation. Deprecate trace state implementation in api #6459 @​david-luna
    • important: this bug fix may be breaking for certain uses of TraceState
      • set now returns the same TraceState instance if key/value are invalid or makes the while trace state invalid.
      • unset now returns the same TraceState instance if key is not present.
      • best-effort parsing of invalid TraceStates has changed: when multiple keys with the same name are present, the most recent one will win.

🏠 Internal

2.7.0

🚀 Features

  • feat(sdk-logs): implement log creation metrics #6433 @​anuraaga
  • feat(sdk-metrics): add the cardinalitySelector argument to PeriodicExportingMetricReaders #6460 @​starzlocker
  • feat(opentelemetry-core): add extra checks on internal merge function for safety #6587 @​maryliag

🐛 Bug Fixes

  • fix(opentelemetry-resources): do not discard OTEL_RESOURCE_ATTRIBUTES when it contains empty kv pairs

🏠 Internal

Commits
  • 2400d83 chore: prepare next release (#6647)
  • f7a9b7c fix(otlp-transformer): pin protobufjs to 8.0.1 (#6646)
  • cb38d7f test(otlp-transformer): add metrics transfrom benchmark (#6628)
  • a28f12f fix(opentelemetry-core): defer tracestate vaidation (#6459)
  • b27c514 refactor(opentelemetry-exporter-prometheus): do not call `enforcePrometheusNa...
  • a2a8186 perf(sdk-trace-base): optimize TraceIdRatioBasedSampler hex parsing (#6284)
  • 4c0f3f1 feat(sdk-node): set TracerProvider in startNodeSDK() (#6607)
  • 417f2f1 fix(instr-xhr): do not unpatch XHR methods (#6611)
  • 47ac523 Revert "chore: allow browser maintainers to approve changelog edits" (#6627)
  • 86c621d fix(instrumentation-fetch): tolerate non-writable globalThis.fetch and fix pr...
  • Additional commits viewable in compare view

Updates @opentelemetry/sdk-trace-base from 2.6.1 to 2.7.1

Release notes

Sourced from @​opentelemetry/sdk-trace-base's releases.

v2.7.1

2.7.1

🐛 Bug Fixes

  • fix(core, api): defer trace state validation. Deprecate trace state implementation in api #6459 @​david-luna
    • important: this bug fix may be breaking for certain uses of TraceState
      • set now returns the same TraceState instance if key/value are invalid or makes the while trace state invalid.
      • unset now returns the same TraceState instance if key is not present.
      • best-effort parsing of invalid TraceStates has changed: when multiple keys with the same name are present, the most recent one will win.

🏠 Internal

v2.7.0

2.7.0

🚀 Features

  • feat(sdk-logs): implement log creation metrics #6433 @​anuraaga
  • feat(sdk-metrics): add the cardinalitySelector argument to PeriodicExportingMetricReaders #6460 @​starzlocker
  • feat(opentelemetry-core): add extra checks on internal merge function for safety #6587 @​maryliag

🐛 Bug Fixes

  • fix(opentelemetry-resources): do not discard OTEL_RESOURCE_ATTRIBUTES when it contains empty kv pairs

🏠 Internal

Changelog

Sourced from @​opentelemetry/sdk-trace-base's changelog.

2.7.1

🐛 Bug Fixes

  • fix(core, api): defer trace state validation. Deprecate trace state implementation in api #6459 @​david-luna
    • important: this bug fix may be breaking for certain uses of TraceState
      • set now returns the same TraceState instance if key/value are invalid or makes the while trace state invalid.
      • unset now returns the same TraceState instance if key is not present.
      • best-effort parsing of invalid TraceStates has changed: when multiple keys with the same name are present, the most recent one will win.

🏠 Internal

2.7.0

🚀 Features

  • feat(sdk-logs): implement log creation metrics #6433 @​anuraaga
  • feat(sdk-metrics): add the cardinalitySelector argument to PeriodicExportingMetricReaders #6460 @​starzlocker
  • feat(opentelemetry-core): add extra checks on internal merge function for safety #6587 @​maryliag

🐛 Bug Fixes

  • fix(opentelemetry-resources): do not discard OTEL_RESOURCE_ATTRIBUTES when it contains empty kv pairs

🏠 Internal

Commits
  • 2400d83 chore: prepare next release (#6647)
  • f7a9b7c fix(otlp-transformer): pin protobufjs to 8.0.1 (#6646)
  • cb38d7f test(otlp-transformer): add metrics transfrom benchmark (#6628)
  • a28f12f fix(opentelemetry-core): defer tracestate vaidation (#6459)
  • b27c514 refactor(opentelemetry-exporter-prometheus): do not call `enforcePrometheusNa...
  • a2a8186 perf(sdk-trace-base): optimize TraceIdRatioBasedSampler hex parsing (#6284)
  • 4c0f3f1 feat(sdk-node): set TracerProvider in startNodeSDK() (#6607)
  • 417f2f1 fix(instr-xhr): do not unpatch XHR methods (#6611)
  • 47ac523 Revert "chore: allow browser maintainers to approve changelog edits" (#6627)
  • 86c621d fix(instrumentation-fetch): tolerate non-writable globalThis.fetch and fix pr...
  • Additional commits viewable in compare view

Updates @opentelemetry/exporter-trace-otlp-http from 0.214.0 to 0.218.0

Release notes

Sourced from @​opentelemetry/exporter-trace-otlp-http's releases.

experimental/v0.218.0

0.218.0

🚀 Features

  • feat(otlp-transformer): replace protobufjs metrics serialization with custom implementation #6625 @​pichlermarc
  • feat(configuration): show all config validation errors, if there are multiple #6683 @​trentm
  • feat(sdk-node): allow startNodeSDK() without an arg #6688 @​trentm

🏠 Internal

  • refactor(sdk-logs): alias LoggerProviderConfig to LoggerProviderOptions #6691 @​david-luna
  • refactor(sdk-logs): use Logger.enabled() within Logger.emit() implementation #6680 @​david-luna

experimental/v0.217.0

0.217.0

🚀 Features

  • feat(otlp-transformer): replace protobufjs trace serialization with custom implementation #6625 @​pichlermarc
  • feat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using json-schema-to-typescript and ajv #6533 @​MikeGoldsmith
  • feat(configuration, sdk-node): startNodeSDK() code path now uses log_level configuration to setup a DiagConsoleLogger #6668 @​trentm
    • Note that allowed values for log_level in a configuration YAML file are not the same set as for OTEL_LOG_LEVEL. Use log_level: trace to see all logs (equivalent of OTEL_LOG_LEVEL=ALL). Use log_level: fatal to effectively disable the SDK's internal diagnostic logger (equivalent of OTEL_LOG_LEVEL=NONE).
    • If log_level is not specified, a diagnostic console logger at "info" level will be setup.
    • An invalid YAML config file will now result in a noop OTel SDK.

🐛 Bug Fixes

  • fix(configuration): do not validate OTEL_CONFIG_FILE value before using it for file config #6643 @​trentm
  • fix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types #6650 @​trentm
  • fix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing #6657 @​trentm
  • fix(configuration): improve handling of enums in generated types #6659 @​trentm
  • fix(configuration): improve the technique for removing '| null' on types the JSON Schema #6662 @​trentm
  • fix(sampler-jaeger-remote): add missing axios dep #6656 @​trentm
  • fix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler #6674 @​homanp

experimental/v0.216.0

0.216.0

🚀 Features

🐛 Bug Fixes

  • fix(instrumentation-xml-http-request): avoid unwrapping XMLHttpRequest API when disabling #6611 @​david-luna
  • fix(instrumentation-fetch): tolerate non-writable globalThis.fetch and fix premature _isEnabled / _isFetchPatched flips in enable() @​brunorodmoreira

... (truncated)

Commits
  • 06ad0ea chore: prepare next release (#6703)
  • 38ca257 feat(otlp-transformer): replace protobufjs metrics serialization with custom ...
  • 013c600 chore: prepare next release (#6699)
  • b7a0c63 feat(semantic-conventions): update semantic conventions to v1.41.1 (#6695)
  • 774143b chore(renovate): add minimumReleaseAge to config (#6697)
  • e0dafe0 fix(otlp-exporter-base): remove brackets from IPv6 hostname in HTTP transport...
  • f804c93 chore(deps): update github/codeql-action digest to 68bde55 (#6682)
  • 95e48e7 refactor(sdk-logs): alias LoggerProviderConfig to LoggerProviderOptions (...
  • 907b627 feat(sdk-node): allow startNodeSDK() without an arg (#6688)
  • 0d15261 docs: Add SIG meeting info and welcoming language (#6689)
  • Additional commits viewable in compare view

Updates @opentelemetry/resources from 2.6.1 to 2.7.1

Release notes

Sourced from @​opentelemetry/resources's releases.

v2.7.1

2.7.1

🐛 Bug Fixes

  • fix(core, api): defer trace state validation. Deprecate trace state implementation in api #6459 @​david-luna
    • important: this bug fix may be breaking for certain uses of TraceState
      • set now returns the same TraceState instance if key/value are invalid or makes the while trace state invalid.
      • unset now returns the same TraceState instance if key is not present.
      • best-effort parsing of invalid TraceStates has changed: when multiple keys with the same name are present, the most recent one will win.

🏠 Internal

v2.7.0

2.7.0

🚀 Features

  • feat(sdk-logs): implement log creation metrics #6433 @​anuraaga
  • feat(sdk-metrics): add the cardinalitySelector argument to PeriodicExportingMetricReaders #6460 @​starzlocker
  • feat(opentelemetry-core): add extra checks on internal merge function for safety #6587 @​maryliag

🐛 Bug Fixes

  • fix(opentelemetry-resources): do not discard OTEL_RESOURCE_ATTRIBUTES when it contains empty kv pairs

🏠 Internal

Changelog

Sourced from @​opentelemetry/resources's changelog.

2.7.1

🐛 Bug Fixes

  • fix(core, api): defer trace state validation. Deprecate trace state implementation in api #6459 @​david-luna
    • important: this bug fix may be breaking for certain uses of TraceState
      • set now returns the same TraceState instance if key/value are invalid or makes the while trace state invalid.
      • unset now returns the same TraceState instance if key is not present.
      • best-effort parsing of invalid TraceStates has changed: when multiple keys with the same name are present, the most recent one will win.

🏠 Internal

2.7.0

🚀 Features

  • feat(sdk-logs): implement log creation metrics #6433 @​anuraaga
  • feat(sdk-metrics): add the cardinalitySelector argument to PeriodicExportingMetricReaders #6460 @​starzlocker
  • feat(opentelemetry-core): add extra checks on internal merge function for safety #6587 @​maryliag

🐛 Bug Fixes

  • fix(opentelemetry-resources): do not discard OTEL_RESOURCE_ATTRIBUTES when it contains empty kv pairs

🏠 Internal

Commits
  • 2400d83 chore: prepare next release (#6647)
  • f7a9b7c fix(otlp-transformer): pin protobufjs to 8.0.1 (#6646)
  • cb38d7f test(otlp-transformer): add metrics transfrom benchmark (#6628)
  • a28f12f fix(opentelemetry-core): defer tracestate vaidation (#6459)
  • b27c514 refactor(opentelemetry-exporter-prometheus): do not call `enforcePrometheusNa...
  • a2a8186 perf(sdk-trace-base): optimize TraceIdRatioBasedSampler hex parsing (#6284)
  • 4c0f3f1 feat(sdk-node): set TracerProvider in startNodeSDK() (#6607)
  • 417f2f1 fix(instr-xhr): do not unpatch XHR methods (#6611)
  • 47ac523 Revert "chore: allow browser maintainers to approve changelog edits" (#6627)
  • 86c621d fix(instrumentation-fetch): tolerate non-writable globalThis.fetch and fix pr...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
feat(deps): Bump the opentelemetry group with 5 updates
e28e993 
Bumps the opentelemetry group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [@opentelemetry/semantic-conventions](https://github.com/open-telemetry/opentelemetry-js) | `1.40.0` | `1.41.1` |
| [@opentelemetry/core](https://github.com/open-telemetry/opentelemetry-js) | `2.6.1` | `2.7.1` |
| [@opentelemetry/sdk-trace-base](https://github.com/open-telemetry/opentelemetry-js) | `2.6.1` | `2.7.1` |
| [@opentelemetry/exporter-trace-otlp-http](https://github.com/open-telemetry/opentelemetry-js) | `0.214.0` | `0.218.0` |
| [@opentelemetry/resources](https://github.com/open-telemetry/opentelemetry-js) | `2.6.1` | `2.7.1` |


Updates `@opentelemetry/semantic-conventions` from 1.40.0 to 1.41.1
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@semconv/v1.40.0...semconv/v1.41.1)

Updates `@opentelemetry/core` from 2.6.1 to 2.7.1
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@v2.6.1...v2.7.1)

Updates `@opentelemetry/sdk-trace-base` from 2.6.1 to 2.7.1
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@v2.6.1...v2.7.1)

Updates `@opentelemetry/exporter-trace-otlp-http` from 0.214.0 to 0.218.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@experimental/v0.214.0...experimental/v0.218.0)

Updates `@opentelemetry/resources` from 2.6.1 to 2.7.1
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@v2.6.1...v2.7.1)

---
updated-dependencies:
- dependency-name: "@opentelemetry/semantic-conventions"
  dependency-version: 1.41.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: "@opentelemetry/core"
  dependency-version: 2.7.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: "@opentelemetry/sdk-trace-base"
  dependency-version: 2.7.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: "@opentelemetry/exporter-trace-otlp-http"
  dependency-version: 0.218.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
- dependency-name: "@opentelemetry/resources"
  dependency-version: 2.7.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: opentelemetry
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 14, 2026
@dependabot dependabot Bot requested review from a team as code owners May 14, 2026 15:27
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 14, 2026
cursor[bot]
cursor Bot reviewed May 14, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit e28e993. Configure here.

Comment thread packages/opentelemetry/package.json
"@opentelemetry/core": "^2.6.1",
"@opentelemetry/sdk-trace-base": "^2.6.1",
"@opentelemetry/semantic-conventions": "^1.40.0"
"@opentelemetry/core": "^2.7.1",
Copy link
Copy Markdown

@cursor cursor Bot May 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TraceState key validation may silently drop Sentry data

High Severity

Bumping @opentelemetry/core to v2.7.1 introduces a TraceState.set() behavior change: it now returns the same instance if key/value are invalid per W3C spec. Sentry uses dot-containing keys like sentry.dsc, sentry.sampled_not_recording, sentry.sample_rand, etc., but dots are not valid characters in W3C tracestate keys (only a-z, 0-9, _, -, *, / are allowed). If the new validation rejects these keys, all Sentry trace state data — including DSC propagation and sampling decisions — would be silently dropped with no error.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit e28e993. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants