From 3b5caf247741390171538888948e18dd3b3c6828 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Mar 2025 12:42:20 +0100 Subject: [PATCH 1/3] chore(deps): bump the github-actions group with 3 updates (#634) Bumps the github-actions group with 3 updates: [docker/metadata-action](https://github.com/docker/metadata-action), [docker/build-push-action](https://github.com/docker/build-push-action) and [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance). Updates `docker/metadata-action` from 5.6.1 to 5.7.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/369eb591f429131d6889c46b94e711f089e6ca96...902fa8ec7d6ecbf8d84d538b9b233a880e428804) Updates `docker/build-push-action` from 6.14.0 to 6.15.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/0adf9959216b96bec444f325f1e493d4aa344497...471d1dc4e07e5cdedd4c2171150001c434f0b7a4) Updates `actions/attest-build-provenance` from 2.2.0 to 2.2.2 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/520d128f165991a6c774bcb264f323e3d70747f4...bd77c077858b8d561b7a36cbe48ef4cc642ca39d) --- .github/workflows/release-mockotlpserver.yml | 6 +++--- .github/workflows/release.yml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release-mockotlpserver.yml b/.github/workflows/release-mockotlpserver.yml index ac15be63..056a333a 100644 --- a/.github/workflows/release-mockotlpserver.yml +++ b/.github/workflows/release-mockotlpserver.yml @@ -35,7 +35,7 @@ jobs: # Push a Docker image. - uses: docker/setup-buildx-action@v3 - id: docker-meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: images: ${{ env.DOCKER_IMAGE_NAME }} flavor: | @@ -54,7 +54,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push Docker image id: docker-push - uses: docker/build-push-action@0adf9959216b96bec444f325f1e493d4aa344497 # v6.14.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: context: ${{ env.PKGDIR }} platforms: linux/amd64,linux/arm64 @@ -63,7 +63,7 @@ jobs: tags: ${{ steps.docker-meta.outputs.tags }} labels: ${{ steps.docker-meta.outputs.labels }} - name: Attest Docker image - uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 + uses: actions/attest-build-provenance@bd77c077858b8d561b7a36cbe48ef4cc642ca39d # v2.2.2 with: subject-name: ${{ env.DOCKER_IMAGE_NAME }} subject-digest: ${{ steps.docker-push.outputs.digest }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 66442c1d..a28f3643 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -51,7 +51,7 @@ jobs: - name: Extract metadata (tags, labels) id: docker-meta - uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 + uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 with: images: ${{ env.DOCKER_IMAGE_NAME }} flavor: | @@ -68,7 +68,7 @@ jobs: - name: Build and Push Docker Image id: docker-push - uses: docker/build-push-action@0adf9959216b96bec444f325f1e493d4aa344497 # v6.14.0 + uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0 with: context: . platforms: linux/amd64,linux/arm64 @@ -78,7 +78,7 @@ jobs: labels: ${{ steps.docker-meta.outputs.labels }} - name: Attest Docker image - uses: actions/attest-build-provenance@520d128f165991a6c774bcb264f323e3d70747f4 # v2.2.0 + uses: actions/attest-build-provenance@bd77c077858b8d561b7a36cbe48ef4cc642ca39d # v2.2.2 with: subject-name: "${{ env.DOCKER_IMAGE_NAME }}" subject-digest: ${{ steps.docker-push.outputs.digest }} From 27397454c217f26d62696c8c5c3741062fcbb76c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 4 Mar 2025 09:55:38 +0100 Subject: [PATCH 2/3] chore(deps-dev): bump @types/node from 22.13.5 to 22.13.8 in the repo-root group (#641) --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 99b7c7a2..8d02ab21 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,7 +9,7 @@ "version": "0.1.0", "license": "Apache-2.0", "devDependencies": { - "@types/node": "^22.13.5", + "@types/node": "^22.13.8", "dependency-check": "^4.1.0", "eslint": "^8.57.0", "eslint-config-prettier": "^9.1.0", @@ -317,9 +317,9 @@ "license": "MIT" }, "node_modules/@types/node": { - "version": "22.13.5", - "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.5.tgz", - "integrity": "sha512-+lTU0PxZXn0Dr1NBtC7Y8cR21AJr87dLLU953CWA6pMxxv/UDc7jYAY90upcrie1nRcD6XNG5HOYEDtgW5TxAg==", + "version": "22.13.8", + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.8.tgz", + "integrity": "sha512-G3EfaZS+iOGYWLLRCEAXdWK9my08oHNZ+FHluRiggIYJPOXzhOiDgpVCUHaUvyIC5/fj7C/p637jdzC666AOKQ==", "dev": true, "license": "MIT", "dependencies": { @@ -3669,9 +3669,9 @@ "dev": true }, "@types/node": { - "version": "22.13.5", - "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.5.tgz", - "integrity": "sha512-+lTU0PxZXn0Dr1NBtC7Y8cR21AJr87dLLU953CWA6pMxxv/UDc7jYAY90upcrie1nRcD6XNG5HOYEDtgW5TxAg==", + "version": "22.13.8", + "resolved": "https://registry.npmjs.org/@types/node/-/node-22.13.8.tgz", + "integrity": "sha512-G3EfaZS+iOGYWLLRCEAXdWK9my08oHNZ+FHluRiggIYJPOXzhOiDgpVCUHaUvyIC5/fj7C/p637jdzC666AOKQ==", "dev": true, "requires": { "undici-types": "~6.20.0" diff --git a/package.json b/package.json index 0097fb97..d8ae2818 100644 --- a/package.json +++ b/package.json @@ -15,7 +15,7 @@ "lint:fix": "eslint --ext=js,mjs,cjs .eslintrc.js scripts examples --fix && ls -d packages/* | while read d; do (cd $d; npm run lint:fix); done" }, "devDependencies": { - "@types/node": "^22.13.5", + "@types/node": "^22.13.8", "dependency-check": "^4.1.0", "eslint": "^8.57.0", "eslint-config-prettier": "^9.1.0", From 5c85834d6bafb40c73b5efccf43665909124de01 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 4 Mar 2025 10:43:04 +0100 Subject: [PATCH 3/3] chore(deps-dev): bump mongoose from 8.10.1 to 8.11.0 in /packages/opentelemetry-node (#640) --- packages/opentelemetry-node/package-lock.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/packages/opentelemetry-node/package-lock.json b/packages/opentelemetry-node/package-lock.json index 439c1894..39d2cd2f 100644 --- a/packages/opentelemetry-node/package-lock.json +++ b/packages/opentelemetry-node/package-lock.json @@ -7626,9 +7626,9 @@ } }, "node_modules/mongoose": { - "version": "8.10.1", - "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-8.10.1.tgz", - "integrity": "sha512-5beTeBZnJNndRXU9rxPol0JmTWZMAtgkPbooROkGilswvrZALDERY4cJrGZmgGwDS9dl0mxiB7si+Mv9Yms2fg==", + "version": "8.11.0", + "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-8.11.0.tgz", + "integrity": "sha512-xaQSuaLk2JKmXI5zDVVWXVCQTnWhAe8MFOijMnwOuP/wucKVphd3f+ouDKivCDMGjYBDrR7dtoyV0U093xbKqA==", "dev": true, "license": "MIT", "dependencies": { @@ -15333,9 +15333,9 @@ } }, "mongoose": { - "version": "8.10.1", - "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-8.10.1.tgz", - "integrity": "sha512-5beTeBZnJNndRXU9rxPol0JmTWZMAtgkPbooROkGilswvrZALDERY4cJrGZmgGwDS9dl0mxiB7si+Mv9Yms2fg==", + "version": "8.11.0", + "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-8.11.0.tgz", + "integrity": "sha512-xaQSuaLk2JKmXI5zDVVWXVCQTnWhAe8MFOijMnwOuP/wucKVphd3f+ouDKivCDMGjYBDrR7dtoyV0U093xbKqA==", "dev": true, "requires": { "bson": "^6.10.1",