Skip to content

Bump the npm-dependencies group across 1 directory with 3 updates #113

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

Bump the npm-dependencies group across 1 directory with 3 updates #113

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 8, 2025
edited
Loading

Bumps the npm-dependencies group with 3 updates in the /cloud-run-functions/node directory: @google-cloud/functions-framework, dd-trace and winston.

Updates @google-cloud/functions-framework from 4.0.0 to 4.0.1

Release notes

Sourced from @​google-cloud/functions-framework's releases.

v4.0.1

4.0.1 (2025-11-20)

Bug Fixes

  • add release-assets.githubusercontent.com to allowed domains (#713) (4cd1b2b)
  • update microsoft/api-extractor to 7.55.0 (#712) (8e565c8)
Changelog

Sourced from @​google-cloud/functions-framework's changelog.

4.0.1 (2025-11-20)

Bug Fixes

  • add release-assets.githubusercontent.com to allowed domains (#713) (4cd1b2b)
  • update microsoft/api-extractor to 7.55.0 (#712) (8e565c8)
Commits
  • 34e75c8 chore(main): release 4.0.1 (#714)
  • 8390d9c chore(deps): update body-parser to v2 and fix tests (#716)
  • 1488662 chore: update dependency express to v5 (#715)
  • f1ff02b chore(deps): update actions/checkout action to v5 (#707)
  • 3165c3b chore(deps): update dependency cloudevents to v10 (#702)
  • c04114c chore(deps): update dependency node to v24 (#698)
  • e93beb0 chore(deps): bump form-data from 4.0.1 to 4.0.4 (#699)
  • 8b1577d chore(deps): update all non-major dependencies (#701)
  • 14ce6c1 chore(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (#710)
  • 6cdeef5 chore(deps): update actions/setup-node action to v6 (#708)
  • Additional commits viewable in compare view

Updates dd-trace from 5.67.0 to 5.80.0

Release notes

Sourced from dd-trace's releases.

5.80.0

  • [31a05d6f67] - (SEMVER-PATCH) [test optimization] Fix disable logic in playwright (Juan Antonio Fernández de Alba) #6954
  • [2fd9b1d434] - (SEMVER-PATCH) fix(llmobs): make sure all sdk methods are on the no-op sdk as well (Sam Brenner) #6949
  • [f04d912d95] - (SEMVER-PATCH) chore(iast): Fix overhead controller integration flaky test (Ugaitz Urien) #6926
  • [4dccc16abe] - (SEMVER-PATCH) [DB plugins] trigger sampling of span before injecting the trace parent comment (Naji Astier) #6653
  • [f87e8d630b] - (SEMVER-PATCH) chore: introduce jsdoc linter (Ruben Bridgewater) #6899
  • [ca4a561e7a] - (SEMVER-PATCH) fix: log plugin name in case the handler throws (Ruben Bridgewater) #6947
  • [26e740268f] - (SEMVER-PATCH) fix: instrument latest aws-sdk response headers (Sam Brenner) #6911
  • [d2208fc6d6] - (SEMVER-PATCH) fix(openai, llmobs): update openai integration consistency (Sam Brenner) #6932
  • [80ea153922] - (SEMVER-PATCH) chore(llmobs): move span processing hook to on span finish instead of core processor (Sam Brenner) #6875
  • [e760b3b973] - (SEMVER-PATCH) fix: Azure Service Bus batching memory leak (Jordan Storms) #6917
  • [16081ded18] - (SEMVER-PATCH) chore: update lockfile (2025-11-18) (Bryan English) #6942
  • [fb3452b595] - (SEMVER-PATCH) chore: add the tags returned by the service to the ai_guard span (Manuel Álvarez Álvarez) #6892
  • [4955d6dc9b] - (SEMVER-MINOR) allow providing a custom timeout to openfeature datadog provider (Leo Romanovsky) #6930
  • [fb4be89d55] - (SEMVER-PATCH) chore(refactor): rename some files and classes for ease of understanding (Thomas Hunter II) #6934
  • [b55ffd260d] - (SEMVER-PATCH) chore: add openfeature paths to codeowners by @​datadog/feature-flagging (Leo Romanovsky) #6931
  • [5887f9eb27] - (SEMVER-MINOR) ci: update .gitlab/one-pipeline.locked.yml (Pawel Chojnacki) #6936
  • [3e3e87f450] - (SEMVER-PATCH) chore(deps): bump openai (dependabot[bot]) #6938
  • [4cac035b9f] - (SEMVER-MINOR) feat(llmobs): add boolean evaluation metric support (Sam Brenner) #6919

5.79.0

  • [19a7bfcf87] - (SEMVER-MINOR) [test optimization] feat: support multiple docblocks (Ruben Bridgewater) #6925
  • [df0ee1ed44] - (SEMVER-PATCH) chore(ci): Use runner:apm-k8s-m7i-metal for microbenchmarking (Dmytro Yurchenko) #6928
  • [0ecbf369a0] - (SEMVER-PATCH) [test optimization] Migrate cucumber plugin tests to integration tests (Juan Antonio Fernández de Alba) #6923
  • [d5805b314f] - (SEMVER-PATCH) [test optimization] Do not report jest test suites as failed if a module import failed (Juan Antonio Fernández de Alba) #6924
  • [4ff4de84f1] - (SEMVER-PATCH) chore: add types to the debugger session object (Thomas Watson) #6922
  • [8378ffd840] - (SEMVER-MINOR) [Appsec] AAP Requirements - Activation Origin (Carles Capell) #6896
  • [e098151c67] - (SEMVER-PATCH) Upgrade to latest node-server openfeature SDK and provider timeout test (Tyler Potter) #6907
  • [6d86211a45] - (SEMVER-PATCH) fix: add openfeature integration test to CI and fix tests (Tyler Potter) #6906

5.78.0

  • [f6c929e0ab] - (SEMVER-PATCH) [test optimization] Fix test suite error handling in jest (Juan Antonio Fernández de Alba) #6913
  • [b4d004d7ce] - (SEMVER-MINOR) [AppSec] esbuild support for IAST (esm) (Carles Capell) #6821

5.77.0

  • [315020a61a] - (SEMVER-PATCH) fix(express): 2 crashes when router[method]() is used with no handler (Ilyas Shabi) #6908
  • [e5e826e0e5] - (SEMVER-PATCH) chore(ci): merge release workflow into one file (simon-id) #6909
  • [ba308d4e90] - (SEMVER-PATCH) fix(iast): Fix stack traces when iast is enabled and application has --enable-source-maps (Ugaitz Urien) #6828
  • [ebd99f4b41] - (SEMVER-PATCH) [test optimization] Improve cypress flakiness (Juan Antonio Fernández de Alba) #6893
  • [80880d5f53] - (SEMVER-MINOR) feat(aap&iast): Detect vulnerability or attack on res.render in express (Ugaitz Urien) #6739
  • [532cf7f00f] - (SEMVER-MINOR) fix: propagate otel span kind to span.kind tag (Munir Abdinur) #6904
  • [5e2ed3d9aa] - (SEMVER-PATCH) chore: add ESM tests for instrumentations missing them (Pablo Erhard) #6814
  • [4c15f1231f] - (SEMVER-PATCH) fix(debugger): abort on unknown Debugger.paused reason (Thomas Watson) #6901
  • [72cd9aa74c] - (SEMVER-PATCH) chore(debugger): add comment about thread paused time being approximate (Thomas Watson) #6900
  • [28d8867e2b] - (SEMVER-PATCH) chore: add types to the debugger logger (Thomas Watson) #6889
  • [6c8d20325d] - (SEMVER-PATCH) chore: refactor config class to a singleton (Ruben Bridgewater) #6803
  • [8c5ec436fa] - (SEMVER-PATCH) chore(debugger): change CODEOWNERS for Debugger team (Thomas Watson) #6902
  • [81a2bc0e82] - (SEMVER-PATCH) test(debugger): handle Node 24.11.1+ ArrayBuffer inspector change (Thomas Watson) #6898
  • [e5c0194d10] - (SEMVER-PATCH) [test optimization] Move plugin jest tests to integration tests (Juan Antonio Fernández de Alba) #6837
  • [a5cf5d3b2c] - (SEMVER-PATCH) chore: reduce runtime metric flakiness and remove type warnings (Ruben Bridgewater) #6867

... (truncated)

Commits
  • 60d9796 v5.80.0
  • e069e89 [test optimization] Fix disable logic in playwright (#6954)
  • 6137779 fix(llmobs): make sure all sdk methods are on the no-op sdk as well (#6949)
  • 2e49551 chore(iast): Fix overhead controller integration flaky test (#6926)
  • c0d091e [DB plugins] trigger sampling of span before injecting the trace parent comme...
  • 02b5640 chore: introduce jsdoc linter (#6899)
  • 3310e8d fix: log plugin name in case the handler throws (#6947)
  • 405d4d0 fix: instrument latest aws-sdk response headers (#6911)
  • 10f70e1 fix(openai, llmobs): update openai integration consistency (#6932)
  • ba25f9b chore(llmobs): move span processing hook to on span finish instead of core pr...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for dd-trace since your current version.


Updates winston from 3.18.3 to 3.19.0

Release notes

Sourced from winston's releases.

v3.19.0

  • Run npm audit fix e7ccdc4
  • Don't include jest.config.js in npm package 5a63c8c
  • fix: append error cause when using logger.child() (#2467) e74a7ae
  • Bump rimraf from 5.0.1 to 5.0.10 (#2517) 8a956fd
  • fix: ensure File transport flushes all data before emitting finish (#2594) 86c890f
  • Bump actions/setup-node from 4 to 6 (#2589) 3b8be02
  • Bump @​babel/core from 7.28.0 to 7.28.5 (#2591) f4c3e2c
  • Bump actions/checkout from 4 to 6 (#2593) dd7906e
  • chore: migrate test runner from mocha to jest (#2567) 2e9eb18

winstonjs/winston@v3.18.3...v3.19.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the npm-dependencies group across 1 directory with 3 updates
f99f810 
Bumps the npm-dependencies group with 3 updates in the /cloud-run-functions/node directory: [@google-cloud/functions-framework](https://github.com/GoogleCloudPlatform/functions-framework-nodejs), [dd-trace](https://github.com/DataDog/dd-trace-js) and [winston](https://github.com/winstonjs/winston).


Updates `@google-cloud/functions-framework` from 4.0.0 to 4.0.1
- [Release notes](https://github.com/GoogleCloudPlatform/functions-framework-nodejs/releases)
- [Changelog](https://github.com/GoogleCloudPlatform/functions-framework-nodejs/blob/main/CHANGELOG.md)
- [Commits](GoogleCloudPlatform/functions-framework-nodejs@v4.0.0...v4.0.1)

Updates `dd-trace` from 5.67.0 to 5.80.0
- [Release notes](https://github.com/DataDog/dd-trace-js/releases)
- [Commits](DataDog/dd-trace-js@v5.67.0...v5.80.0)

Updates `winston` from 3.18.3 to 3.19.0
- [Release notes](https://github.com/winstonjs/winston/releases)
- [Changelog](https://github.com/winstonjs/winston/blob/master/CHANGELOG.md)
- [Commits](winstonjs/winston@v3.18.3...v3.19.0)

---
updated-dependencies:
- dependency-name: "@google-cloud/functions-framework"
  dependency-version: 4.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: dd-trace
  dependency-version: 5.80.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: winston
  dependency-version: 3.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Dec 8, 2025
@dependabot dependabot bot requested a review from a team as a code owner December 8, 2025 18:34
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Dec 8, 2025
@apiarian-datadog apiarian-datadog mentioned this pull request Jan 6, 2026
Merged
apiarian-datadog added a commit that referenced this pull request Jan 6, 2026
@apiarian-datadog @dependabot
chore(deps): combine Dependabot updates (#121)
79ecae3 
## Combined Dependabot Updates

This PR combines 18 Dependabot PR(s) into a single update.

### Included PRs
- #84 - Bump datadog from 2.21.0 to 2.22.0 in /cloud-run-functions/ruby
in the ruby-dependencies group
- #86 - Bump laravel/laravel from 12.5.0 to 12.9.1 in
/cloud-run/in-container/php in the php-dependencies group
- #88 - Bump the java-dependencies group in /cloud-run/in-container/java
with 2 updates
- #92 - Bump the java-dependencies group in /cloud-run/sidecar/java with
2 updates
- #93 - Bump ddtrace from 3.15.0 to 3.17.2 in /cloud-run/sidecar/python
in the python-dependencies group
- #95 - Bump ddtrace from 3.15.0 to 3.17.2 in
/cloud-run-functions/python in the python-dependencies group
- #96 - Bump the go-dependencies group in /cloud-run/sidecar/go with 3
updates
- #97 - Bump the go-dependencies group in /cloud-run-functions/go with 2
updates
- #98 - Bump the go-dependencies group in /cloud-run/in-container/go
with 3 updates
- #99 - Bump the python-dependencies group in
/cloud-run/in-container/python with 2 updates
- #110 - Bump the ruby-dependencies group across 1 directory with 4
updates
- #111 - Bump the ruby-dependencies group across 1 directory with 4
updates
- #112 - Bump the npm-dependencies group across 1 directory with 3
updates
- #113 - Bump the npm-dependencies group across 1 directory with 3
updates
- #114 - Bump the npm-dependencies group across 1 directory with 3
updates
- #117 - Bump the java-dependencies group across 1 directory with 5
updates
- #118 - Bump the dotnet-dependencies group with 2 updates
- #120 - Bump the dotnet-dependencies group with 2 updates

### Summary
- ✅ Successfully combined: 18 PR(s)

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 6, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Jan 6, 2026
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/cloud-run-functions/node/npm-dependencies-bdbab121fb branch January 6, 2026 20:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant