chore: upgrade dependencies to address vulnerabilities

[pepol]

Summary by CodeRabbit

• Chores
  • Updated Go module dependencies across multiple packages to latest versions for improved security and stability.
  • Updated npm package dependencies including development tools and monitoring libraries to latest compatible versions.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

Checklist

• I have discussed my proposed changes in an issue and have received approval to proceed.
• I have followed the coding standards of the project.
• Tests or benchmarks have been added or updated.
• Documentation has been updated on https://github.com/wundergraph/cosmo-docs.
• I have read the Contributors Guide.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

This PR updates dependency versions across Go modules and Node.js package configuration files. Changes include updating Go standard library extension packages (golang.org/x/*), js-yaml, Sentry packages, and lerna-lite tooling versions. No code logic or functionality is modified.

Changes

Cohort / File(s)	Summary
Go standard library extension updates aws-lambda-router/go.mod, demo/go.mod, graphqlmetrics/go.mod, router-tests/go.mod, router/go.mod	Updated golang.org/x packages: crypto (v0.36.0–v0.43.0 → v0.45.0), net (v0.38.0–v0.46.0 → v0.47.0), sync (v0.12.0–v0.17.0 → v0.18.0), sys (v0.31.0–v0.37.0 → v0.38.0), text (v0.23.0–v0.30.0 → v0.31.0)
CLI package updates cli/package.json	Bumped js-yaml from 4.1.0 to 4.1.1
Controlplane monitoring updates controlplane/package.json	Updated @sentry/node, @sentry/node-native, and @sentry/profiling-node from ^10.19.0 to ^10.27.0
Workspace build tooling updates package.json	Bumped @lerna-lite/cli, @lerna-lite/publish, and @lerna-lite/version from 4.1.1 to 4.2.0

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

• All changes are dependency version updates with no code modifications or API alterations
• Homogeneous pattern repeated across Go modules (consistent stdlib extension bumps)
• No structural or configuration changes required

Possibly related PRs

• chore(demo): update demo module router dependencies #2364: Updates Go module versions in demo/go.mod with similar golang.org/x package bumps
• fix: go.mod references to security merge commit #2048: Modifies go.mod files (demo and router-tests) with matching version requirement block updates
• fix: vulnerabilities by updating packages #2339: Contains related package.json dependency version updates in controlplane

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dc8a0a4 and f0fe29c.

⛔ Files ignored due to path filters (6)

• aws-lambda-router/go.sum is excluded by !**/*.sum
• demo/go.sum is excluded by !**/*.sum
• graphqlmetrics/go.sum is excluded by !**/*.sum
• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml
• router-tests/go.sum is excluded by !**/*.sum
• router/go.sum is excluded by !**/*.sum

📒 Files selected for processing (8)

• aws-lambda-router/go.mod (1 hunks)
• cli/package.json (1 hunks)
• controlplane/package.json (1 hunks)
• demo/go.mod (2 hunks)
• graphqlmetrics/go.mod (1 hunks)
• package.json (1 hunks)
• router-tests/go.mod (2 hunks)
• router/go.mod (3 hunks)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Router image scan passed

✅ No security vulnerabilities found in image:

ghcr.io/wundergraph/cosmo/router:sha-41936dcec3c441ef62dcca6e9ff79236e4fe0a40