chore(deps): update opentelemetry #1569

renovate · 2024-09-05T14:04:24Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@myrotvorets/opentelemetry-configurator	`7.9.0` -> `7.10.0`
@opentelemetry/instrumentation-knex (source)	`^0.39.0` -> `^0.40.0`

Release Notes

myrotvorets/opentelemetry-configurator (@myrotvorets/opentelemetry-configurator)

`v7.10.0`

Compare Source

What's Changed

chore(deps): update github/codeql-action action to v3.26.5 by @renovate in https://github.com/myrotvorets/opentelemetry-configurator/pull/776
chore(deps): update dependency @myrotvorets/eslint-config-myrotvorets-ts to v2.27.1 by @renovate in https://github.com/myrotvorets/opentelemetry-configurator/pull/777
chore(deps): update dependency @myrotvorets/opentelemetry-resource-detectors to v1.2.2 by @renovate in https://github.com/myrotvorets/opentelemetry-configurator/pull/774
chore(deps): update dependency @myrotvorets/eslint-config-myrotvorets-ts to v2.27.2 by @renovate in https://github.com/myrotvorets/opentelemetry-configurator/pull/778
chore(deps): lock file maintenance by @renovate in https://github.com/myrotvorets/opentelemetry-configurator/pull/779
chore(deps): update dependency @types/chai to v4.3.18 by @renovate in https://github.com/myrotvorets/opentelemetry-configurator/pull/780
chore(deps): update dependency @myrotvorets/eslint-config-myrotvorets-ts to v2.27.3 by @renovate in https://github.com/myrotvorets/opentelemetry-configurator/pull/781
chore(deps): update dependency @types/chai to v4.3.19 by @renovate in https://github.com/myrotvorets/opentelemetry-configurator/pull/782
chore(deps): update github/codeql-action action to v3.26.6 by @renovate in https://github.com/myrotvorets/opentelemetry-configurator/pull/783
chore(deps): update dependency eslint-formatter-gha to v1.5.1 by @renovate in https://github.com/myrotvorets/opentelemetry-configurator/pull/787
chore(deps): update dependency mocha-reporter-sonarqube to v2.1.1 by @renovate in https://github.com/myrotvorets/opentelemetry-configurator/pull/785
chore(deps): update opentelemetry by @renovate in https://github.com/myrotvorets/opentelemetry-configurator/pull/784
chore(deps): update dependency @myrotvorets/eslint-config-myrotvorets-ts to v2.27.4 by @renovate in https://github.com/myrotvorets/opentelemetry-configurator/pull/788
chore(deps): lock file maintenance by @renovate in https://github.com/myrotvorets/opentelemetry-configurator/pull/786

Full Changelog: myrotvorets/opentelemetry-configurator@v7.9.0...v7.10.0

open-telemetry/opentelemetry-js-contrib (@opentelemetry/instrumentation-knex)

`v0.40.0`

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2024-09-05T14:04:42Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

package-lock.json

Package	Version	License	Issue Type
@myrotvorets/opentelemetry-configurator	7.10.0	Null	Unknown License

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

npm/@myrotvorets/opentelemetry-configurator

7.10.0

Unknown

npm/@opentelemetry/context-async-hooks

1.26.0

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	20 existing vulnerabilities detected

npm/@opentelemetry/exporter-logs-otlp-grpc

0.53.0

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	20 existing vulnerabilities detected

npm/@opentelemetry/exporter-logs-otlp-http

0.53.0

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	20 existing vulnerabilities detected

npm/@opentelemetry/exporter-logs-otlp-proto

0.53.0

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	20 existing vulnerabilities detected

npm/@opentelemetry/exporter-metrics-otlp-grpc

0.53.0

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	20 existing vulnerabilities detected

npm/@opentelemetry/exporter-metrics-otlp-http

0.53.0

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	20 existing vulnerabilities detected

npm/@opentelemetry/exporter-metrics-otlp-proto

0.53.0

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	20 existing vulnerabilities detected

npm/@opentelemetry/exporter-prometheus

0.53.0

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	20 existing vulnerabilities detected

npm/@opentelemetry/exporter-trace-otlp-grpc

0.53.0

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	20 existing vulnerabilities detected

npm/@opentelemetry/exporter-trace-otlp-http

0.53.0

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	20 existing vulnerabilities detected

npm/@opentelemetry/exporter-trace-otlp-proto

0.53.0

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	20 existing vulnerabilities detected

npm/@opentelemetry/exporter-zipkin

1.26.0

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	20 existing vulnerabilities detected

npm/@opentelemetry/instrumentation-express

0.42.0

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	🟢 7	SAST tool detected but not run on all commits
Vulnerabilities	⚠️ 0	27 existing vulnerabilities detected

npm/@opentelemetry/instrumentation-fs

0.15.0

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	🟢 7	SAST tool detected but not run on all commits
Vulnerabilities	⚠️ 0	27 existing vulnerabilities detected

npm/@opentelemetry/instrumentation-knex

0.40.0

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	🟢 7	SAST tool detected but not run on all commits
Vulnerabilities	⚠️ 0	27 existing vulnerabilities detected

npm/@opentelemetry/otlp-exporter-base

0.53.0

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	20 existing vulnerabilities detected

npm/@opentelemetry/otlp-grpc-exporter-base

0.53.0

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	20 existing vulnerabilities detected

npm/@opentelemetry/otlp-transformer

0.53.0

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	20 existing vulnerabilities detected

npm/@opentelemetry/propagator-b3

1.26.0

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	20 existing vulnerabilities detected

npm/@opentelemetry/propagator-jaeger

1.26.0

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	20 existing vulnerabilities detected

npm/@opentelemetry/resources

1.26.0

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	20 existing vulnerabilities detected

npm/@opentelemetry/sdk-logs

0.53.0

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	20 existing vulnerabilities detected

npm/@opentelemetry/sdk-metrics

1.26.0

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	20 existing vulnerabilities detected

npm/@opentelemetry/sdk-node

0.53.0

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	20 existing vulnerabilities detected

npm/@opentelemetry/sdk-trace-base

1.26.0

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	20 existing vulnerabilities detected

npm/@opentelemetry/sdk-trace-node

1.26.0

🟢 5.8

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	🟢 3	dependency not pinned by hash detected -- score normalized to 3
SAST	🟢 10	SAST tool is run on all commits
Security-Policy	🟢 10	security policy file detected
Fuzzing	⚠️ 0	project is not fuzzed
Vulnerabilities	⚠️ 0	20 existing vulnerabilities detected

npm/lodash.merge

4.6.2

🟢 6.4

Details

Check	Score	Reason
Maintained	🟢 8	1 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 8
Code-Review	🟢 6	Found 20/30 approved changesets -- score normalized to 6
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 9	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	🟢 10	project is fuzzed
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	🟢 8	2 existing vulnerabilities detected

npm/@opentelemetry/instrumentation-knex

^0.40.0

🟢 6.1

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
License	🟢 10	license file detected
Signed-Releases	⚠️ -1	no releases found
Branch-Protection	⚠️ -1	internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Packaging	⚠️ -1	packaging workflow not detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
Binary-Artifacts	🟢 10	no binaries found in the repo
Pinned-Dependencies	⚠️ 2	dependency not pinned by hash detected -- score normalized to 2
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
SAST	🟢 7	SAST tool detected but not run on all commits
Vulnerabilities	⚠️ 0	27 existing vulnerabilities detected

Scanned Manifest Files

package-lock.json

@myrotvorets/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
[email protected]
@myrotvorets/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
@opentelemetry/[email protected]
[email protected]

package.json

@opentelemetry/instrumentation-knex@^0.40.0
@opentelemetry/instrumentation-knex@^0.39.0

sonarqubecloud · 2024-09-06T04:46:52Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

renovate bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code prod-dependencies labels Sep 5, 2024

chore(deps): update opentelemetry

098aa5f

renovate bot force-pushed the renovate/opentelemetry branch from b5b370e to 098aa5f Compare September 6, 2024 04:46

renovate bot changed the title ~~chore(deps): update dependency @opentelemetry/instrumentation-knex to ^0.40.0~~ chore(deps): update opentelemetry Sep 6, 2024

myrotvorets-team merged commit aa1b973 into master Sep 7, 2024
11 checks passed

myrotvorets-team deleted the renovate/opentelemetry branch September 7, 2024 10:01

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update opentelemetry #1569

chore(deps): update opentelemetry #1569

renovate bot commented Sep 5, 2024 •

edited

Loading

github-actions bot commented Sep 5, 2024 •

edited

Loading

sonarqubecloud bot commented Sep 6, 2024

chore(deps): update opentelemetry #1569

chore(deps): update opentelemetry #1569

Conversation

renovate bot commented Sep 5, 2024 • edited Loading

Release Notes

v7.10.0

What's Changed

v0.40.0

Configuration

github-actions bot commented Sep 5, 2024 • edited Loading

Dependency Review

License Issues

package-lock.json

OpenSSF Scorecard

Scanned Manifest Files

sonarqubecloud bot commented Sep 6, 2024

Quality Gate passed

renovate bot commented Sep 5, 2024 •

edited

Loading

`v7.10.0`

`v0.40.0`

github-actions bot commented Sep 5, 2024 •

edited

Loading