deps: npm dev dependencies - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
datadog-lambda-js	9.112.0 -> 9.117.0
dd-trace	5.14.1 -> 5.25.0
hot-shots	10.0.0 -> 10.2.1

---

Release Notes

DataDog/dd-trace-js (dd-trace)

v5.25.0: 5.25.0

Compare Source

• [ff9b02b769] - (SEMVER-PATCH) update AWS payload extraction rules (Thomas Hunter II) #​4859
• [8112f6cd4a] - (SEMVER-PATCH) simplify baggage code and add test case (Ida Liu) #​4858
• [0b4dab7181] - (SEMVER-MINOR) [test visibility] Simple dynamic instrumentation - test visibility client (Juan Antonio Fernández de Alba) #​4826
• [497ff72317] - (SEMVER-MINOR) Support url.parse, url.URL.parse and new url.URL for IAST taint tracking (Ugaitz Urien) #​4836
• [5028d30503] - (SEMVER-PATCH) Onboarding tests: simple installer scenario (Roberto Montero) #​4855
• [b8af762cc9] - (SEMVER-PATCH) fix incompatibilities with node 16 for 4.49.0 release (Roch Devost) #​4854
• [f58e7461bf] - (SEMVER-MINOR) Baggage support (Ida Liu) #​4563
• [83fcef6806] - (SEMVER-MINOR) Profiling code to presume at least Node 16 (Attila Szegedi) #​4335
• [6c1c075b17] - (SEMVER-MINOR) Exploit prevention Shell injection (Ugaitz Urien) #​4792
• [c03d608753] - (SEMVER-MINOR) Fix amqp instrumentation (Piotr WOLSKI) #​4839
• [28eb9582cc] - (SEMVER-PATCH) add yarn env <plugin-name> (Bryan English) #​4852
• [1188ea24df] - (SEMVER-PATCH) add some clarity in CONTRIBUTING.md (Bryan English) #​4850
• [57f8a10ae8] - (SEMVER-PATCH) fix(ci): revert typescript 5.0 for docs tests (Sam Brenner) #​4846
• [b3e2077af7] - (SEMVER-PATCH) upgrade to latest @​azure/functions version (Ayan Khan) #​4845
• [b1a106b58b] - (SEMVER-MINOR) [MLOB-1562] feat(llmobs): add openai integration (Sam Brenner) #​4840
• [4edba95dd4] - (SEMVER-PATCH) Defend against ref being undefined (Attila Szegedi) #​4831
• [168d662c9f] - (SEMVER-PATCH) Fix header injection vulnerability detection for access-control-allow-origin (Carles Capell) #​4844
• [9e65a80db0] - (SEMVER-MINOR) add dsm for google pub sub (William Conti) #​3855
• [70ec90e19e] - (SEMVER-PATCH) update native metrics to 3.0.1 (Roch Devost) #​4838
• [91c43717be] - (SEMVER-MINOR) Add support for exit spans in Code Origin for Spans (Thomas Watson) #​4772
• [111c14a43d] - (SEMVER-PATCH) [DI] Drop snapshot if JSON payload is too large (Thomas Watson) #​4818
• [1c0958e2af] - [MLOB-1524] feat(llmobs): Introduce LLM Observability SDK (Sam Brenner) #​4773
• [e94c68220c] - (SEMVER-MINOR) [ASM] multer instrumentation (Igor Unanua) #​4781
• [49d6c584f7] - (SEMVER-PATCH) [DI] Adhere to maxFieldCount limit in snapshots (Thomas Watson) #​4829
• [2a4b80da47] - (SEMVER-MINOR) Update WAF recommended rules to v1.13.2 (Carles Capell) #​4834
• [4a711d9a23] - (SEMVER-MINOR) Replace manual.keep tag usage with an specific method to keep the trace (Igor Unanua) #​4739
• [564795fbe9] - (SEMVER-MINOR) [test visibility] Add dynamic instrumentation logs writer for test visibility (Juan Antonio Fernández de Alba) #​4821
• [a8721751e4] - (SEMVER-MINOR) Profiler shouldn't retry some HTTP requests when sending profiles (Attila Szegedi) #​4823
• [24e846e35a] - (SEMVER-PATCH) [DI] Refactor integration tests (Thomas Watson) #​4817
• [a0816597f2] - (SEMVER-MINOR) feat(kafkajs): add kafka cluster id to spans and dsm metrics (William Conti) #​4808
• [c0073549cf] - (SEMVER-MINOR) Update @​datadog/native-iast-taint-tracking (Ugaitz Urien) #​4824
• [fcecd865bf] - (SEMVER-MINOR) Separating Plugin Tests to Their Own CI Run (Crystal Magloire) #​4822
• [c53c395706] - (SEMVER-PATCH) Protect some lines in text_map.js (Ugaitz Urien) #​4820
• [2387d265be] - (SEMVER-MINOR) Support Node 23 in the profiler (Attila Szegedi) #​4815
• [aff335da1d] - (SEMVER-PATCH) [DI] Guard against invalid probe config and related edge-cases (Thomas Watson) #​4816
• [81d6947b53] - (SEMVER-MINOR) [test visibility] Add errors in retried tests in mocha (Juan Antonio Fernández de Alba) #​4813
• [31ab8e5af2] - (SEMVER-MINOR) Add support for Azure App Services tags in profiler (Attila Szegedi) #​4803
• [a16a051592] - (SEMVER-PATCH) add requirements json with native deps and denylist (Roch Devost) #​4753
• [15ab272a70] - (SEMVER-MINOR) Add Support For Overriding GRPC Error Statuses (Ayan Khan) #​4800
• [c4e39793dd] - (SEMVER-MINOR) refactor system tests (William Conti) #​4811
• [e7edfcffaf] - (SEMVER-PATCH) [DI] Adhere to maxCollectionSize limit in snapshots (Thomas Watson) #​4780
• [7f812e19e2] - (SEMVER-MINOR) Update native-appsec to 8.2.1 (Ugaitz Urien) #​4810
• [c8be435751] - (SEMVER-PATCH) also audit devDependencies (Bryan English) #​4807
• [145b41c79c] - (SEMVER-PATCH) Fix yarn.lock (Thomas Watson) #​4809
• [31dc1ec543] - (SEMVER-PATCH) [CI] Enable Fastify suite.js (Thomas Watson) #​4771
• [1522a483bd] - (SEMVER-MINOR) Implement Config Consistency (Ayan Khan) #​4725
• [597d7c5741] - (SEMVER-PATCH) Fix: esbuild plugin when requiring esm files (Crystal Magloire) #​4774
• [6e21f9af90] - (SEMVER-MINOR) Identify span metrics from OpenTelemetry libraries with 'otel.library' tag (Stuart McCulloch) #​4724
• [5e4900d794] - (SEMVER-PATCH) don't update waf version if it dosn't exist (simon-id) #​4801
• [4f62b5ad9f] - (SEMVER-PATCH) [ASM] Ssrf handle request options (Igor Unanua) #​4791
• [83468b8d82] - (SEMVER-PATCH) fix WAF update rules version (simon-id) #​4798

v5.24.0

Compare Source

• [89619bdf46] - (SEMVER-PATCH) update body-parser (Bryan English) #​4790
• [d7b1dad805] - (SEMVER-PATCH) pin latest to 22 (Bryan English) #​4793
• [f8515ec28b] - (SEMVER-PATCH) Remove old debug option from docs (simon-id) #​4786
• [59eb9a724a] - (SEMVER-PATCH) Don't stop the profiler if encoding a profile fails (Attila Szegedi) #​4779
• [8969e05336] - (SEMVER-PATCH) vendor jsonpath-plus (Bryan English) #​4785
• [501ff2fbfb] - (SEMVER-MINOR) Suspicious request blocking - Express Path Parameters (Carles Capell) #​4769
• [e4532439c2] - (SEMVER-PATCH) Upgrading jsonpath-plus to v10 to resolve CVE-2024-21534 (Thomas Watson) #​4782
• [944f57d5d4] - (SEMVER-PATCH) [DI] Refactor unit tests (Thomas Watson) #​4777
• [f62cbfadc7] - (SEMVER-PATCH) Unsubscribe NextJS body and query channels on appsec disable (Carles Capell) #​4776
• [c085df1eae] - (SEMVER-MINOR) Add support for Fastify entry spans for Code Origin for Spans (Thomas Watson) #​4449
• [bd4aff563f] - (SEMVER-MINOR) Update waf rules to 1.13.1 (Ugaitz Urien) #​4768
• [5a113b2bcd] - (SEMVER-MINOR) Add Plugin for @​azure/functions (Duncan Harvey) #​4716
• [ce0bdcea6e] - (SEMVER-MINOR) Fix capability identifier (Igor Unanua) #​4767
• [60529442d2] - (SEMVER-MINOR) Use static vulnerability hash source when the cookie name is too long (Ugaitz Urien) #​4764
• [5eea208392] - (SEMVER-MINOR) [test visibility] Add option to automatically report logs within tests when using winston (Juan Antonio Fernández de Alba) #​4762
• [2d175d30d5] - (SEMVER-MINOR) Keep a profiling context object in spans (Attila Szegedi) #​4763
• [a2b318df27] - (SEMVER-MINOR) [ASM] Add support for attacker fingerprinting (Carles Capell) #​4698
• [111a156693] - (SEMVER-PATCH) Exploit Prevention LFI (Igor Unanua) #​4715
• [a11a1fd20e] - (SEMVER-MINOR) Upgrade iast rewriter to 2.5.0 (Igor Unanua) #​4761
• [7f93d36b79] - (SEMVER-PATCH) use AsyncLocalStorage instead of our home-grown solutions (Bryan English) #​4201
• [bba5f3ddb3] - (SEMVER-MINOR) feat(dsm): implement avro schemas for avsc package (William Conti) #​4726
• [08525d4c3c] - (SEMVER-MINOR) feat(tracing): implement protobufjs DSM schema support (William Conti) #​4701
• [d024777515] - (SEMVER-MINOR) [DI] Add ability to take state snapshot feature (Thomas Watson) #​4549
• [a00c9c8361] - (SEMVER-MINOR) Sql injection Exploit Prevention implementation for mysql2 library (Ugaitz Urien) #​4712
• [d1abcab7a1] - (SEMVER-MINOR) [DI] Add hostname to probe result (Thomas Watson) #​4756
• [d1f29dba99] - (SEMVER-PATCH) Fix appsec rate limiter flaky test (Ugaitz Urien) #​4754
• [eef6711411] - (SEMVER-PATCH) Fix child process not maintaining previous parent span after execution (Ugaitz Urien) #​4752
• [c700341689] - (SEMVER-PATCH) prefix system-tests env var names (William Conti) #​4746
• [f988e003bf] - (SEMVER-MINOR) [DI] Add GitHub repo and SHA tags to probe results (Thomas Watson) #​4751
• [e09305d366] - (SEMVER-PATCH) [DI] Fix probe.location.lines to be string[] instead of number[] (Thomas Watson) #​4750
• [748ef616c3] - (SEMVER-PATCH) [DI] Switch unit tests to Mocha instead of Tap (Thomas Watson) #​4728
• [70d5591d9b] - (SEMVER-MINOR) [test visibility] Read pull_request and pull_request_target event info from GHA (Juan Antonio Fernández de Alba) #​4745
• [4d2f5b86a0] - (SEMVER-PATCH) Don't use deprecated url.parse function (Thomas Watson) #​4743
• [92515a65e3] - (SEMVER-MINOR) [DI] Add stack trace to log probe results (Thomas Watson) #​4727

v5.23.1

Compare Source

Fixes

• [29c42f1] Update workflows to fix release process (https://github.com/DataDog/dd-trace-js/pull/4747)

v5.23.0

Compare Source

Fixes

• [f229d64] - aws payload tagging (Thomas Hunter II) https://github.com/DataDog/dd-trace-js/pull/4309
• [d20f8b6] - fix(openai): content and tool calls in streamed responses do not error (Sam Brenner) https://github.com/DataDog/dd-trace-js/pull/4651
• [1c16c5e] - fix(openai): do not add usage tags or emit usage metrics if they are not returned (Sam Brenner) https://github.com/DataDog/dd-trace-js/pull/4706
• [381aa7b] - [test visibility] Fix cucumber@11 (Juan Fernández de Alba)https://github.com/DataDog/dd-trace-js/pull/46666
• [8b5b271] - [test visibility] Fix [email protected] (Juan Fernández de Alba)https://github.com/DataDog/dd-trace-js/pull/46822
• [7073ef3] - [test visibility] Fix @​jest/test-sequencer instrumentation (Juan Fernández de Alba) https://github.com/DataDog/dd-trace-js/pull/4678
• [754abe0] - Pin import-in-the-middle to 1.11.0 (Juan Fernández de Alba) https://github.com/DataDog/dd-trace-js/pull/4732
• [75b606b] - Bump path-to-regexp dependency to v0.1.10 (Thomas Watson) https://github.com/DataDog/dd-trace-js/pull/4664
• [aa35dac] - [waf] Check context disposal before calling WAF run (Carles Capell)https://github.com/DataDog/dd-trace-js/pull/46533
• [bd85572] - Add rasp capabilities in RC (Ugaitz Urien) https://github.com/DataDog/dd-trace-js/pull/4672)
• [fcd3ab8] - fix: still set dsm consume checkpoint when no DSM parent context is available (William Conti) https://github.com/DataDog/dd-trace-js/pull/4741

Features

• [9949796] - Add test session name (Juan Fernández de Alba) https://github.com/DataDog/dd-trace-js/pull/4621
• [4d1b9e1] - feat(kafka): add datastreams monitoring support for kafkajs batches (William Conti) https://github.com/DataDog/dd-trace-js/pull/4645
• [14ebf97] - Exploit prevention SQLi in pg (Ugaitz Urien) https://github.com/DataDog/dd-trace-js/pull/4566
• [a4b588a] - [test visibility] Add test source file to test suites (Juan Fernández de Alba)https://github.com/DataDog/dd-trace-js/pull/46777
• [4d1b9e1] - feat(dsm): add datastreams monitoring schema tracking (William Conti) https://github.com/DataDog/dd-trace-js/pull/4687
• [c03632f] - [test visibility] Early Flake Detection for vitest (Juan Fernández de Alba)https://github.com/DataDog/dd-trace-js/pull/47144
• [65d50b4] - [test visibility] Early flake detection for mocha (parallel mode) (Juan Fernández de Alba)https://github.com/DataDog/dd-trace-js/pull/47233
• [ae76c38] - [test visibility] Support early flake detection for cucumber (Juan Fernández de Alba)https://github.com/DataDog/dd-trace-js/pull/47333

Improvements

• [34a651e] - PROF-10339: Review Error-throwing sites for SSI impact (Attila Szegedi) https://github.com/DataDog/dd-trace-js/pull/4627
• [b079c6f] - [test visibility] Remove beta flag from manual test API (Juan Fernández de Alba)https://github.com/DataDog/dd-trace-js/pull/47055
• [cb81b82] - Add span IDs to timeline DNS and TCP events (Attila Szegedi) https://github.com/DataDog/dd-trace-js/pull/4655
• [59e7fc5] - [waf] Filter addresses before calling to waf to prevent running without knownAddresses (Ugaitz Urien)https://github.com/DataDog/dd-trace-js/pull/46566

v5.22.0

Compare Source

Fixes

• [ab80d70] - fix(lambda): gate timeout spans and add missing clear (jordan gonzález) https://github.com/DataDog/dd-trace-js/pull/4446
• [1f2914f] - chore(w3c): avoid setting _dd.parent_id to 16 zeros (Munir Abdinur)https://github.com/DataDog/dd-trace-js/pull/45766
• [683df27] - fix(openai): tracing occurs in correct async context (Sam Brenner) https://github.com/DataDog/dd-trace-js/pull/4583
• [b19b382] - Rename rasp metrics (Igor Unanua) https://github.com/DataDog/dd-trace-js/pull/4635
• [f4ecee9] - Fix AppSec manual blocking parameters (Ugaitz Urien) https://github.com/DataDog/dd-trace-js/pull/4606

Features

• [bc2d6a1] - Bump @datadog/native-appsec to 8.1.1 (Carles Capell) https://github.com/DataDog/dd-trace-js/pull/4630
• [1a2aaed] - [test visibility] Add configuration flags to auto test retries (Juan Antonio Fernández de Alba)https://github.com/DataDog/dd-trace-js/pull/46099

Improvements

• [e568fe3] - PROF-10330: Emit SSI information in the profile system info (Attila Szegedi)
• [a04ba3f] - hapi: migrate from AsyncResource to TracingChannel, see #​4597 (Thomas Hunter II) https://github.com/DataDog/dd-trace-js/pull/4622
• [69aedbc] - Safer shimming (Bryan English) https://github.com/DataDog/dd-trace-js/pull/4585

v5.21.0

Compare Source

v5.20.0

Compare Source

v5.19.0

Compare Source

v5.18.0

Compare Source

v5.17.0

Compare Source

Improvements

• core: RecordException api now supports adding exceptions as span events (#​4386)
• appsec: Allows AppSec to replace status code, headers, and body when an attack is detected (#​3837)

Features

• core: Add support for span events (#​4036 )
• core: Add automatic instrumentation support for Undici (#​4293)

v5.16.0

Compare Source

Improvements

• graphql: fix graphql.resolve span durations (#​4387)
• otel: remaps http status tag to meet ddog convention for otel(#​4384)

Bug Fixes

• ci: test OCI system-tests scenarios on every commit (#​4371)
• otel: pin otel api version in integration test (#​4388)
• core: send original config value to telemetry (#​4378)
• core: fix RC support for sampling rules patch (#​4381)

v5.15.0

Compare Source

Improvements

• Remove outdated polyfills #​4009
• Update native-appsec module to 8.0.1 #​4347
• profiler supports activation through single-step instrumentation #​4375

Features

• [ci-visibility] Support mocha parallel mode #​4314

Bug fixes

• [ci-visibility] Fix EFD with jest and jsdom #​4323
• [ci-visibility] Fix selenium when run outside of a supported test framework #​4330

brightcove/hot-shots (hot-shots)

v10.2.1

Compare Source

• @​thiago-negri Add 'includeDataDogTags' property to 'ClientOptions' type

v10.2.0

Compare Source

• @​thiago-negri Add option 'includeDataDogTags'
• @​bdeitte Upgrade dependencies for security warning and a few README updates

v10.1.1

Compare Source

• @​matteosb Handle synchronous socket.send error in sendUsingDnsCache

v10.1.0

Compare Source

• @​lachlankidson Add gaugeDelta function
• @​bdeitte Various dev library updates
• @​bdeitte Add Node 20 testing

---

Configuration

📅 Schedule: Branch creation - "after 3:00 am and before 6:00 am every 2 weeks on Tuesday" in timezone Australia/Melbourne, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.