feat(deps): bump @opentelemetry/instrumentation-graphql from 0.52.0 to 0.56.0 #18145
Conversation
Bumps [@opentelemetry/instrumentation-graphql](https://github.com/open-telemetry/opentelemetry-js-contrib/tree/HEAD/packages/instrumentation-graphql) from 0.52.0 to 0.56.0. - [Release notes](https://github.com/open-telemetry/opentelemetry-js-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-js-contrib/blob/main/packages/instrumentation-graphql/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-js-contrib/commits/instrumentation-pg-v0.56.0/packages/instrumentation-graphql) --- updated-dependencies: - dependency-name: "@opentelemetry/instrumentation-graphql" dependency-version: 0.56.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
dependencies
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| "@opentelemetry/instrumentation-fs": "0.24.0", | ||
| "@opentelemetry/instrumentation-generic-pool": "0.48.0", | ||
| "@opentelemetry/instrumentation-graphql": "0.52.0", | ||
| "@opentelemetry/instrumentation-graphql": "0.56.0", |
There was a problem hiding this comment.
Bug: Instrumentation Upgrade: Dependency Version Clash
The upgrade of @opentelemetry/instrumentation-graphql to 0.56.0 creates a dependency version conflict. This version requires @opentelemetry/instrumentation@^0.208.0, but the root package specifies @opentelemetry/instrumentation@^0.204.0. This mismatch will cause multiple versions of the same package to be installed, potentially leading to runtime conflicts, duplicate module instances, or unexpected behavior in OpenTelemetry instrumentation.
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
| resolved "https://registry.yarnpkg.com/import-in-the-middle/-/import-in-the-middle-2.0.0.tgz#295948cee94d0565314824c6bd75379d13e5b1a5" | ||
| integrity sha512-yNZhyQYqXpkT0AKq3F3KLasUSK4fHvebNH5hOsKQw2dhGSALvQ4U0BqUc5suziKvydO5u5hgN2hy1RJaho8U5A== | ||
| dependencies: | ||
| acorn "^8.14.0" | ||
| acorn-import-attributes "^1.9.5" | ||
| cjs-module-lexer "^1.2.2" | ||
| module-details-from-path "^1.0.3" | ||
|
|
||
| [email protected]: | ||
| version "3.1.0" | ||
| resolved "https://registry.yarnpkg.com/import-local/-/import-local-3.1.0.tgz#b4479df8a5fd44f6cdce24070675676063c95cb4" |
There was a problem hiding this comment.
Bug: The PR introduces a dependency conflict: import-in-the-middle@^1.14.2 is pinned in package.json files, but a new transitive dependency requires ^2.0.0.
Severity: CRITICAL | Confidence: 1.00
🔍 Detailed Analysis
The pull request updates @opentelemetry/instrumentation-graphql to 0.56.0, which transitively requires import-in-the-middle@^2.0.0. However, packages/node/package.json and packages/node-core/package.json still explicitly pin import-in-the-middle to ^1.14.2. This version mismatch can cause dependency resolution conflicts during installation or lead to runtime errors if import-in-the-middle v2.0.0 is installed and code expects v1.x behavior.
💡 Suggested Fix
Update the explicit import-in-the-middle dependency in packages/node/package.json and packages/node-core/package.json from ^1.14.2 to ^2.0.0 to resolve the version conflict.
🤖 Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: yarn.lock#L19122-L19137
Potential issue: The pull request updates `@opentelemetry/instrumentation-graphql` to
`0.56.0`, which transitively requires `import-in-the-middle@^2.0.0`. However,
`packages/node/package.json` and `packages/node-core/package.json` still explicitly pin
`import-in-the-middle` to `^1.14.2`. This version mismatch can cause dependency
resolution conflicts during installation or lead to runtime errors if
`import-in-the-middle` v2.0.0 is installed and code expects v1.x behavior.
Did we get this right? 👍 / 👎 to inform future reviews.
Bumps @opentelemetry/instrumentation-graphql from 0.52.0 to 0.56.0.
Release notes
Sourced from
@opentelemetry/instrumentation-graphql's releases.... (truncated)
Changelog
Sourced from
@opentelemetry/instrumentation-graphql's changelog.Commits
Maintainer changes
This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for
@opentelemetry/instrumentation-graphqlsince your current version.Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)