Skip to content

chore(deps): bump the minor-updates group across 1 directory with 9 updates#465

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-updates-40bb1e1c2a
Open

chore(deps): bump the minor-updates group across 1 directory with 9 updates#465
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/minor-updates-40bb1e1c2a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-updates group with 9 updates in the / directory:

Package From To
@aws-sdk/client-secrets-manager 3.1063.0 3.1068.0
@opentelemetry/exporter-trace-otlp-http 0.54.2 0.219.0
@opentelemetry/instrumentation-fetch 0.54.2 0.219.0
@opentelemetry/instrumentation-http 0.54.2 0.219.0
@opentelemetry/sdk-node 0.54.2 0.219.0
@supabase/supabase-js 2.107.0 2.108.2
bullmq 5.56.0 5.78.1
ioredis 5.6.1 5.11.1
@playwright/test 1.60.0 1.61.0

Updates @aws-sdk/client-secrets-manager from 3.1063.0 to 3.1068.0

Release notes

Sourced from @​aws-sdk/client-secrets-manager's releases.

v3.1068.0

3.1068.0(2026-06-12)

Documentation Changes
  • client-iam: Updating documentation for select service-specific credential APIs (f572228a)
New Features
  • clients: update client endpoints as of 2026-06-12 (3f89d039)
  • client-acm: Certificate transparency logging opt-out is no longer available. Per compliance requirements, all public ACM certificates are automatically recorded in certificate transparency logs. The CertificateTransparencyLoggingPreference option is deprecated. (ca60b0f9)
  • client-eks: Patches missing enum values for EKS updates (c2df34dc)
  • client-sagemaker-runtime: Added support for inline request payloads to the InvokeEndpointAsync operation to allow users to provide the inference payload directly in the request Body (up to 128,000 bytes) as an alternative to uploading the payload to Amazon S3 and passing InputLocation. (c4e229dd)
  • client-glue: Adds support for retrieving Apache Iceberg table metadata via GetTable. Use the new AttributesToGet parameter with LATEST ICEBERG METADATA to receive schema, partition specs, sort orders, and table properties in the response. (f45445f9)
  • client-firehose: Update KeyARN in DeliveryStreamEncryptionConfigurationInput to accept KMS key ARNs only (not alias ARNs), matching service behavior. (80837cd3)
  • client-bedrock-agentcore: Added tagging and CMK support across optimization, an explanation field in recommendation output, and an insights feature to identify failure patterns, extract user intents, and summarize execution behavior (1c06496f)
  • client-devops-agent: Adds support for Trigger CRUD APIs (CreateTrigger, GetTrigger, UpdateTrigger, DeleteTrigger, ListTriggers) for managing schedule-based automation triggers in DevOps Agent agent spaces. (7139cf1e)
  • client-bedrock-agentcore-control: Added tagging and CMK support for optimizations and an insights feature to identify failure patterns, extract user intents, and summarize execution behavior (571ac1e7)

For list of updated packages, view updated-packages.md in assets-3.1068.0.zip

v3.1067.0

3.1067.0(2026-06-11)

Documentation Changes
  • suggest UndiciHttpHandler as an alternative request handler (#8092) (bd18a9f0)
New Features
  • client-eks: Introduce new CreateCluster parameters for Amazon EKS local clusters on AWS Outposts. Added etcdInstanceType for configuring the EC2 instance type for dedicated etcd instances, and spreadLevel for configuring the placement group spread level for Kubernetes control plane and etcd instances. (383363d5)
  • client-omics: Adds support for workflowName in the ListRuns API response. (fa2f4604)
  • client-neptune: Amazon Neptune now supports IPv6 dual-stack networking. You can create and manage Neptune DB clusters accessible over both IPv4 and IPv6 by specifying NetworkType as DUAL in CreateDBCluster, ModifyDBCluster, RestoreDBClusterFromSnapshot, and RestoreDBClusterToPointInTime API operations (ae089f94)
  • client-bedrock-agentcore: Adds support to perform cross account data plane actions on an AgentCore Memory resource (8d92e480)
  • client-healthlake: Adds the UpdateFHIRDatastore API and adds analytics, NLP, and profile configuration support to CreateFHIRDatastore and DescribeFHIRDatastore. (c74ab005)
  • client-bedrock-agentcore-control: Supports deterministic metadata for AgentCore Memory (af7a995a)
  • client-support: Adding new BDD representation of endpoint ruleset (cd9dac21)

For list of updated packages, view updated-packages.md in assets-3.1067.0.zip

v3.1066.0

3.1066.0(2026-06-10)

New Features

... (truncated)

Changelog

Sourced from @​aws-sdk/client-secrets-manager's changelog.

3.1068.0 (2026-06-12)

Note: Version bump only for package @​aws-sdk/client-secrets-manager

3.1067.0 (2026-06-11)

Note: Version bump only for package @​aws-sdk/client-secrets-manager

3.1066.0 (2026-06-10)

Note: Version bump only for package @​aws-sdk/client-secrets-manager

3.1065.0 (2026-06-09)

Note: Version bump only for package @​aws-sdk/client-secrets-manager

3.1064.0 (2026-06-08)

Note: Version bump only for package @​aws-sdk/client-secrets-manager

Commits

Updates @opentelemetry/exporter-trace-otlp-http from 0.54.2 to 0.219.0

Release notes

Sourced from @​opentelemetry/exporter-trace-otlp-http's releases.

experimental/v0.219.0

0.219.0

💥 Breaking Changes

  • fix(configuration)!: stop removing null values from parsed config object #6679 @​trentm
    • It is now the responsibility of the user of a parsed declarative config object, typically just the sdk-node package, to handle null values.
  • fix(api-logs)!: Removed NOOP_LOGGER and NoopLogger exports from @opentelemetry/api-logs. Use createNoopLogger(): Logger instead. #6713 @​dyladan
  • feat(api-logs)!: rename scopeAttributes to attributes in LoggerOptions #6573 @​pichlermarc
  • fix(sdk-node)!: remove buildSamplerFromConfig export #6784 @​trentm

🚀 Features

🐛 Bug Fixes

  • fix(sdk-node): pass all config properties to log record exporters in declarative config #6708 @​MikeGoldsmith
  • fix(sdk-node): warn and ignore zero exporter timeout in declarative config #6711 @​MikeGoldsmith
  • fix(sdk-node): pass gRPC credentials and headers to span exporter in declarative config #6705 @​MikeGoldsmith
  • fix(otlp-transformer): do not attempt to skip groups #6704 @​pichlermarc
  • fix(otlp-grpc-exporter-base): recreate client after 5 consecutive DEADLINE_EXCEEDED to recover from connection dropped deadlock #6296 @​afharo
  • fix(browser-detector): use the right semantic convention for user agent resource attribute #6729 @​david-luna
  • fix(browser-detector): user agent resource attribute always #6754 @​david-luna
  • fix(opentelemetry-exporter-prometheus): handle additional edge cases in metric name conversion #6727 @​cjihrig
  • fix(sdk-logs): avoid null dereference in BatchLogRecordProcessor._flushAll when an in-flight export completes between awaits #6763 @​Janealter
  • fix(configuration): improve environment variable substitution to handle all the cases shown in the spec #6757 @​trentm

📚 Documentation

  • docs(otlp-exporter-base): index the package's public API in generated docs so types like OTLPExporterNodeConfigBase resolve and link from consumer exporter pages #6725 @​devareddy05

🏠 Internal

  • refactor(configuration): remove redundant env var parsing in EnvironmentConfigFactory #6710 @​MikeGoldsmith

experimental/v0.218.0

0.218.0

🚀 Features

  • feat(otlp-transformer): replace protobufjs metrics serialization with custom implementation #6625 @​pichlermarc
  • feat(configuration): show all config validation errors, if there are multiple #6683 @​trentm
  • feat(sdk-node): allow startNodeSDK() without an arg #6688 @​trentm

🏠 Internal

... (truncated)

Commits
  • 13a035b chore: prepare next release (#6756)
  • 4b13587 Merge commit from fork
  • 71d195c chore(renovate): set minimumReleaseAge to 3 days (#6792)
  • 555fca6 Update renovate.json to use matchManagers (#6141)
  • b711a81 docs(otlp-exporter-base): add typedoc entry points so public API is indexed a...
  • da70402 fix(ci): supply-chain sec: disable caching in release-related workflow (#6790)
  • 002267b chore: complete the move to the smaller SPDX license header (#6791)
  • 056ef9c feat(sdk-metrics): implement metric reader metrics (#6449)
  • 3bd69ce fix(configuration): improve environment variable substitution to handle all t...
  • bfbda7c docs(exporter-trace-otlp-grpc): import CompressionAlgorithm from otlp-exporte...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​opentelemetry/exporter-trace-otlp-http since your current version.


Updates @opentelemetry/instrumentation-fetch from 0.54.2 to 0.219.0

Release notes

Sourced from @​opentelemetry/instrumentation-fetch's releases.

experimental/v0.219.0

0.219.0

💥 Breaking Changes

  • fix(configuration)!: stop removing null values from parsed config object #6679 @​trentm
    • It is now the responsibility of the user of a parsed declarative config object, typically just the sdk-node package, to handle null values.
  • fix(api-logs)!: Removed NOOP_LOGGER and NoopLogger exports from @opentelemetry/api-logs. Use createNoopLogger(): Logger instead. #6713 @​dyladan
  • feat(api-logs)!: rename scopeAttributes to attributes in LoggerOptions #6573 @​pichlermarc
  • fix(sdk-node)!: remove buildSamplerFromConfig export #6784 @​trentm

🚀 Features

🐛 Bug Fixes

  • fix(sdk-node): pass all config properties to log record exporters in declarative config #6708 @​MikeGoldsmith
  • fix(sdk-node): warn and ignore zero exporter timeout in declarative config #6711 @​MikeGoldsmith
  • fix(sdk-node): pass gRPC credentials and headers to span exporter in declarative config #6705 @​MikeGoldsmith
  • fix(otlp-transformer): do not attempt to skip groups #6704 @​pichlermarc
  • fix(otlp-grpc-exporter-base): recreate client after 5 consecutive DEADLINE_EXCEEDED to recover from connection dropped deadlock #6296 @​afharo
  • fix(browser-detector): use the right semantic convention for user agent resource attribute #6729 @​david-luna
  • fix(browser-detector): user agent resource attribute always #6754 @​david-luna
  • fix(opentelemetry-exporter-prometheus): handle additional edge cases in metric name conversion #6727 @​cjihrig
  • fix(sdk-logs): avoid null dereference in BatchLogRecordProcessor._flushAll when an in-flight export completes between awaits #6763 @​Janealter
  • fix(configuration): improve environment variable substitution to handle all the cases shown in the spec #6757 @​trentm

📚 Documentation

  • docs(otlp-exporter-base): index the package's public API in generated docs so types like OTLPExporterNodeConfigBase resolve and link from consumer exporter pages #6725 @​devareddy05

🏠 Internal

  • refactor(configuration): remove redundant env var parsing in EnvironmentConfigFactory #6710 @​MikeGoldsmith

experimental/v0.218.0

0.218.0

🚀 Features

  • feat(otlp-transformer): replace protobufjs metrics serialization with custom implementation #6625 @​pichlermarc
  • feat(configuration): show all config validation errors, if there are multiple #6683 @​trentm
  • feat(sdk-node): allow startNodeSDK() without an arg #6688 @​trentm

🏠 Internal

... (truncated)

Commits
  • 13a035b chore: prepare next release (#6756)
  • 4b13587 Merge commit from fork
  • 71d195c chore(renovate): set minimumReleaseAge to 3 days (#6792)
  • 555fca6 Update renovate.json to use matchManagers (#6141)
  • b711a81 docs(otlp-exporter-base): add typedoc entry points so public API is indexed a...
  • da70402 fix(ci): supply-chain sec: disable caching in release-related workflow (#6790)
  • 002267b chore: complete the move to the smaller SPDX license header (#6791)
  • 056ef9c feat(sdk-metrics): implement metric reader metrics (#6449)
  • 3bd69ce fix(configuration): improve environment variable substitution to handle all t...
  • bfbda7c docs(exporter-trace-otlp-grpc): import CompressionAlgorithm from otlp-exporte...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​opentelemetry/instrumentation-fetch since your current version.


Updates @opentelemetry/instrumentation-http from 0.54.2 to 0.219.0

Release notes

Sourced from @​opentelemetry/instrumentation-http's releases.

experimental/v0.219.0

0.219.0

💥 Breaking Changes

  • fix(configuration)!: stop removing null values from parsed config object #6679 @​trentm
    • It is now the responsibility of the user of a parsed declarative config object, typically just the sdk-node package, to handle null values.
  • fix(api-logs)!: Removed NOOP_LOGGER and NoopLogger exports from @opentelemetry/api-logs. Use createNoopLogger(): Logger instead. #6713 @​dyladan
  • feat(api-logs)!: rename scopeAttributes to attributes in LoggerOptions #6573 @​pichlermarc
  • fix(sdk-node)!: remove buildSamplerFromConfig export #6784 @​trentm

🚀 Features

🐛 Bug Fixes

  • fix(sdk-node): pass all config properties to log record exporters in declarative config #6708 @​MikeGoldsmith
  • fix(sdk-node): warn and ignore zero exporter timeout in declarative config #6711 @​MikeGoldsmith
  • fix(sdk-node): pass gRPC credentials and headers to span exporter in declarative config #6705 @​MikeGoldsmith
  • fix(otlp-transformer): do not attempt to skip groups #6704 @​pichlermarc
  • fix(otlp-grpc-exporter-base): recreate client after 5 consecutive DEADLINE_EXCEEDED to recover from connection dropped deadlock #6296 @​afharo
  • fix(browser-detector): use the right semantic convention for user agent resource attribute #6729 @​david-luna
  • fix(browser-detector): user agent resource attribute always #6754 @​david-luna
  • fix(opentelemetry-exporter-prometheus): handle additional edge cases in metric name conversion #6727 @​cjihrig
  • fix(sdk-logs): avoid null dereference in BatchLogRecordProcessor._flushAll when an in-flight export completes between awaits #6763 @​Janealter
  • fix(configuration): improve environment variable substitution to handle all the cases shown in the spec #6757 @​trentm

📚 Documentation

  • docs(otlp-exporter-base): index the package's public API in generated docs so types like OTLPExporterNodeConfigBase resolve and link from consumer exporter pages #6725 @​devareddy05

🏠 Internal

  • refactor(configuration): remove redundant env var parsing in EnvironmentConfigFactory #6710 @​MikeGoldsmith

experimental/v0.218.0

0.218.0

🚀 Features

  • feat(otlp-transformer): replace protobufjs metrics serialization with custom implementation #6625 @​pichlermarc
  • feat(configuration): show all config validation errors, if there are multiple #6683 @​trentm
  • feat(sdk-node): allow startNodeSDK() without an arg #6688 @​trentm

🏠 Internal

... (truncated)

Commits
  • 13a035b chore: prepare next release (#6756)
  • 4b13587 Merge commit from fork
  • 71d195c chore(renovate): set minimumReleaseAge to 3 days (#6792)
  • 555fca6 Update renovate.json to use matchManagers (#6141)
  • b711a81 docs(otlp-exporter-base): add typedoc entry points so public API is indexed a...
  • da70402 fix(ci): supply-chain sec: disable caching in release-related workflow (#6790)
  • 002267b chore: complete the move to the smaller SPDX license header (#6791)
  • 056ef9c feat(sdk-metrics): implement metric reader metrics (#6449)
  • 3bd69ce fix(configuration): improve environment variable substitution to handle all t...
  • bfbda7c docs(exporter-trace-otlp-grpc): import CompressionAlgorithm from otlp-exporte...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​opentelemetry/instrumentation-http since your current version.


Updates @opentelemetry/sdk-node from 0.54.2 to 0.219.0

Release notes

Sourced from @​opentelemetry/sdk-node's releases.

experimental/v0.219.0

0.219.0

💥 Breaking Changes

  • fix(configuration)!: stop removing null values from parsed config object #6679 @​trentm
    • It is now the responsibility of the user of a parsed declarative config object, typically just the sdk-node package, to handle null values.
  • fix(api-logs)!: Removed NOOP_LOGGER and NoopLogger exports from @opentelemetry/api-logs. Use createNoopLogger(): Logger instead. #6713 @​dyladan
  • feat(api-logs)!: rename scopeAttributes to attributes in LoggerOptions #6573 @​pichlermarc
  • fix(sdk-node)!: remove buildSamplerFromConfig export #6784 @​trentm

🚀 Features

🐛 Bug Fixes

  • fix(sdk-node): pass all config properties to log record exporters in declarative config #6708 @​MikeGoldsmith
  • fix(sdk-node): warn and ignore zero exporter timeout in declarative config #6711 @​MikeGoldsmith
  • fix(sdk-node): pass gRPC credentials and headers to span exporter in declarative config #6705 @​MikeGoldsmith
  • fix(otlp-transformer): do not attempt to skip groups #6704 @​pichlermarc
  • fix(otlp-grpc-exporter-base): recreate client after 5 consecutive DEADLINE_EXCEEDED to recover from connection dropped deadlock #6296 @​afharo
  • fix(browser-detector): use the right semantic convention for user agent resource attribute #6729 @​david-luna
  • fix(browser-detector): user agent resource attribute always #6754 @​david-luna
  • fix(opentelemetry-exporter-prometheus): handle additional edge cases in metric name conversion #6727 @​cjihrig
  • fix(sdk-logs): avoid null dereference in BatchLogRecordProcessor._flushAll when an in-flight export completes between awaits #6763 @​Janealter
  • fix(configuration): improve environment variable substitution to handle all the cases shown in the spec #6757 @​trentm

📚 Documentation

  • docs(otlp-exporter-base): index the package's public API in generated docs so types like OTLPExporterNodeConfigBase resolve and link from consumer exporter pages #6725 @​devareddy05

🏠 Internal

  • refactor(configuration): remove redundant env var parsing in EnvironmentConfigFactory #6710 @​MikeGoldsmith

experimental/v0.218.0

0.218.0

🚀 Features

  • feat(otlp-transformer): replace protobufjs metrics serialization with custom implementation #6625 @​pichlermarc
  • feat(configuration): show all config validation errors, if there are multiple #6683 @​trentm
  • feat(sdk-node): allow startNodeSDK() without an arg #6688 @​trentm

🏠 Internal

... (truncated)

Commits
  • 13a035b chore: prepare next release (#6756)
  • 4b13587 Merge commit from fork
  • 71d195c chore(renovate): set minimumReleaseAge to 3 days (#6792)
  • 555fca6 Update renovate.json to use matchManagers (#6141)
  • b711a81 docs(otlp-exporter-base): add typedoc entry points so public API is indexed a...
  • da70402 fix(ci): supply-chain sec: disable caching in release-related workflow (#6790)
  • 002267b chore: complete the move to the smaller SPDX license header (#6791)
  • 056ef9c feat(sdk-metrics): implement metric reader metrics (#6449)
  • 3bd69ce fix(configuration): improve environment variable substitution to handle all t...
  • bfbda7c docs(exporter-trace-otlp-grpc): import CompressionAlgorithm from otlp-exporte...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​opentelemetry/sdk-node since your current version.


Updates @supabase/supabase-js from 2.107.0 to 2.108.2

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.108.2

2.108.2 (2026-06-15)

🩹 Fixes

  • auth: preserve valid session on refresh failure and cooldown repeat failures (#2436)
  • realtime: clarify httpSend() 404 error and server migration note (#2444)
  • release: pin Deno and bound JSR publish to survive stranded-task hangs (#2439)
  • release: restore JSR publish flags and enable for beta (#2440)

❤️ Thank You

v2.108.2-canary.5

2.108.2-canary.5 (2026-06-15)

This was a version bump only, there were no code changes.

v2.108.2-canary.4

2.108.2-canary.4 (2026-06-12)

🩹 Fixes

  • realtime: clarify httpSend() 404 error and server migration note (#2444)

❤️ Thank You

v2.108.2-canary.3

2.108.2-canary.3 (2026-06-11)

This was a version bump only, there were no code changes.

v2.108.2-canary.2

2.108.2-canary.2 (2026-06-11)

🩹 Fixes

  • release: restore JSR publish flags and enable for beta (#2440)

❤️ Thank You

v2.108.2-canary.1

2.108.2-canary.1 (2026-06-11)

🩹 Fixes

... (truncated)

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.108.2 (2026-06-15)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.108.0 (2026-06-08)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

Commits

Updates bullmq from 5.56.0 to 5.78.1

Release notes

Sourced from bullmq's releases.

v5.78.1

5.78.1 (2026-06-13)

Bug Fixes

  • scheduler: fail stalled jobs if scheduler does not longer exist (elixir) (rust) (#4222) (d1fcda5)

v5.78.0

5.78.0 (2026-06-02)

Features

  • rust: initial implementation of rust support (#4200) (38798cc)

v5.77.7

5.77.7 (2026-06-01)

Bug Fixes

  • deps: update dependency msgpackr to v2.0.2 [security] (#4202) (fbe04af)

v5.77.6

5.77.6 (2026-05-27)

Bug Fixes

  • types: change NodeRedisRawClient to be node-redis compliant (#4195) (81709e4)

v5.77.5

5.77.5 (2026-05-27)

Bug Fixes

  • connection: handle cluster reconnection with timeouts (#4186) (411690e)

v5.77.4

5.77.4 (2026-05-26)

Bug Fixes

  • deduplication: preserve custom jobId when requeuing keepLastIfActive proto-jobs (#4190) fixes #4030 (6e4972e)

v5.77.3

5.77.3 (2026-05-25)

... (truncated)

Commits
  • d1fcda5 fix(scheduler): fail stalled jobs if scheduler does not longer exist (elixir)...
  • 3db7b21 chore(deps): bump shell-quote (#4218)
  • cda941a fix(release): include commands [rust] (#4208)
  • cb6b801 feat: add job schedulers and release Lua script sync [rust] (#4207)
  • 3fe7cb1 fix(relase): copy lua scripts [rust] (#4206)
  • 9b75313 chore(deps): update dependency semver to v7.8.1 [security] (#4204)
  • c89d7ef chore(release): 5.78.0 (#4205)
  • 3ce5930 chore(deps): update devdependencies (non-major) [security] (#4191)
  • 38798cc feat(rust): initial implementation of rust support (#4200)
  • a45e0d9 chore(release): 5.77.7 (#4203)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for bullmq since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates ioredis from 5.6.1 to 5.11.1

Release notes

Sourced from ioredis's releases.

v5.11.1

5.11.1 (2026-06-04)

Bug Fixes

  • cluster: reconnect to nodes that restart without slot changes (#2096) (c84b2ee)
  • parse protocol-relative Redis URLs as TCP connections (#2125) (131ee24)

v5.11.0

5.11.0 (2026-05-26)

Bug Fixes

Features

v5.10.1

5.10.1 (2026-03-19)

Bug Fixes

  • cluster: lazily start sharded subscribers (#2090) (4f167bb)

v5.10.0

5.10.0 (2026-02-27)

Features

  • add hash field expiration commands and tests (5219f9f)
  • add hexpireat & hexpiretime (#2082) (b38124f)

v5.9.3

5.9.3 (2026-02-12)

... (truncated)

Changelog

Sourced from ioredis's changelog.

5.11.1 (2026-06-04)

Bug Fixes

  • cluster: reconnect to nodes that restart without slot changes (#2096) (c84b2ee)
  • parse protocol-relative Redis URLs as TCP connections (#2125) (131ee24)

5.11.0 (2026-05-26)

Bug Fixes

Features

@dependabot
chore(deps): bump the minor-updates group across 1 directory with 9 u…
836fd82 
…pdates

Bumps the minor-updates group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@aws-sdk/client-secrets-manager](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-secrets-manager) | `3.1063.0` | `3.1068.0` |
| [@opentelemetry/exporter-trace-otlp-http](https://github.com/open-telemetry/opentelemetry-js) | `0.54.2` | `0.219.0` |
| [@opentelemetry/instrumentation-fetch](https://github.com/open-telemetry/opentelemetry-js) | `0.54.2` | `0.219.0` |
| [@opentelemetry/instrumentation-http](https://github.com/open-telemetry/opentelemetry-js) | `0.54.2` | `0.219.0` |
| [@opentelemetry/sdk-node](https://github.com/open-telemetry/opentelemetry-js) | `0.54.2` | `0.219.0` |
| [@supabase/supabase-js](https://github.com/supabase/supabase-js/tree/HEAD/packages/core/supabase-js) | `2.107.0` | `2.108.2` |
| [bullmq](https://github.com/taskforcesh/bullmq) | `5.56.0` | `5.78.1` |
| [ioredis](https://github.com/luin/ioredis) | `5.6.1` | `5.11.1` |
| [@playwright/test](https://github.com/microsoft/playwright) | `1.60.0` | `1.61.0` |



Updates `@aws-sdk/client-secrets-manager` from 3.1063.0 to 3.1068.0
- [Release notes](https://github.com/aws/aws-sdk-js-v3/releases)
- [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-secrets-manager/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.1068.0/clients/client-secrets-manager)

Updates `@opentelemetry/exporter-trace-otlp-http` from 0.54.2 to 0.219.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@experimental/v0.54.2...experimental/v0.219.0)

Updates `@opentelemetry/instrumentation-fetch` from 0.54.2 to 0.219.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@experimental/v0.54.2...experimental/v0.219.0)

Updates `@opentelemetry/instrumentation-http` from 0.54.2 to 0.219.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@experimental/v0.54.2...experimental/v0.219.0)

Updates `@opentelemetry/sdk-node` from 0.54.2 to 0.219.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-js/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-js/blob/main/CHANGELOG.md)
- [Commits](open-telemetry/opentelemetry-js@experimental/v0.54.2...experimental/v0.219.0)

Updates `@supabase/supabase-js` from 2.107.0 to 2.108.2
- [Release notes](https://github.com/supabase/supabase-js/releases)
- [Changelog](https://github.com/supabase/supabase-js/blob/master/packages/core/supabase-js/CHANGELOG.md)
- [Commits](https://github.com/supabase/supabase-js/commits/v2.108.2/packages/core/supabase-js)

Updates `bullmq` from 5.56.0 to 5.78.1
- [Release notes](https://github.com/taskforcesh/bullmq/releases)
- [Commits](taskforcesh/bullmq@v5.56.0...v5.78.1)

Updates `ioredis` from 5.6.1 to 5.11.1
- [Release notes](https://github.com/luin/ioredis/releases)
- [Changelog](https://github.com/redis/ioredis/blob/main/CHANGELOG.md)
- [Commits](redis/ioredis@v5.6.1...v5.11.1)

Updates `@playwright/test` from 1.60.0 to 1.61.0
- [Release notes](https://github.com/microsoft/playwright/releases)
- [Commits](microsoft/playwright@v1.60.0...v1.61.0)

---
updated-dependencies:
- dependency-name: "@aws-sdk/client-secrets-manager"
  dependency-version: 3.1068.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: "@opentelemetry/exporter-trace-otlp-http"
  dependency-version: 0.219.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: "@opentelemetry/instrumentation-fetch"
  dependency-version: 0.219.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: "@opentelemetry/instrumentation-http"
  dependency-version: 0.219.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: "@opentelemetry/sdk-node"
  dependency-version: 0.219.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: "@supabase/supabase-js"
  dependency-version: 2.108.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: bullmq
  dependency-version: 5.78.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: ioredis
  dependency-version: 5.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: "@playwright/test"
  dependency-version: 1.61.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, javascript. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@github-actions

github-actions Bot commented Jun 15, 2026

Copy link
Copy Markdown

✅ cargo audit

�[0m�[0m�[1m�[32m    Fetching�[0m advisory database from `https://github.com/RustSec/advisory-db.git`
�[0m�[0m�[1m�[32m      Loaded�[0m 1131 security advisories (from /home/runner/.cargo/advisory-db)
�[0m�[0m�[1m�[32m    Updating�[0m crates.io index
�[0m�[0m�[1m�[32m    Scanning�[0m Cargo.lock for vulnerabilities (192 crate dependencies)
�[0m�[0m�[1m�[33mCrate:    �[0m derivative
�[0m�[0m�[1m�[33mVersion:  �[0m 2.2.0
�[0m�[0m�[1m�[33mWarning:  �[0m unmaintained
�[0m�[0m�[1m�[33mTitle:    �[0m `derivative` is unmaintained; consider using an alternative
�[0m�[0m�[1m�[33mDate:     �[0m 2024-06-26
�[0m�[0m�[1m�[33mID:       �[0m RUSTSEC-2024-0388
�[0m�[0m�[1m�[33mURL:      �[0m https://rustsec.org/advisories/RUSTSEC-2024-0388

�[0m�[0m�[1m�[33mCrate:    �[0m paste
�[0m�[0m�[1m�[33mVersion:  �[0m 1.0.15
�[0m�[0m�[1m�[33mWarning:  �[0m unmaintained
�[0m�[0m�[1m�[33mTitle:    �[0m paste - no longer maintained
�[0m�[0m�[1m�[33mDate:     �[0m 2024-10-07
�[0m�[0m�[1m�[33mID:       �[0m RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mURL:      �[0m https://rustsec.org/advisories/RUSTSEC-2024-0436

�[0m�[0m�[1m�[33mwarning:�[0m 2 allowed warnings found

@github-actions

github-actions Bot commented Jun 15, 2026

Copy link
Copy Markdown

❌ pnpm audit

┌─────────────────────┬────────────────────────────────────────────────────────┐
│ critical            │ When Vitest UI server is listening, arbitrary file can │
│                     │ be read and executed                                   │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package             │ vitest                                                 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ <3.2.6                                                 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions    │ >=3.2.6                                                │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths               │ apps/web > @vitest/coverage-v8@2.1.9 > vitest@2.1.9    │
│                     │                                                        │
│                     │ apps/web > vitest@2.1.9                                │
│                     │                                                        │
│                     │ packages/stellar > vitest@2.1.9                        │
│                     │                                                        │
│                     │ ... Found 6 paths, run `pnpm why vitest` for more      │
│                     │ information                                            │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info           │ https://github.com/advisories/GHSA-5xrq-8626-4rwp      │
└─────────────────────┴────────────────────────────────────────────────────────┘
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ high                │ esbuild: Missing binary integrity verification in Deno │
│                     │ module enables remote code execution via               │
│                     │ NPM_CONFIG_REGISTRY                                    │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package             │ esbuild                                                │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ >=0.17.0 <0.28.1                                       │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions    │ >=0.28.1                                               │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths               │ apps/web > @vitejs/plugin-react@4.7.0 > vite@5.4.21 >  │
│                     │ esbuild@0.21.5                                         │
│                     │                                                        │
│                     │ apps/web > @vitest/coverage-v8@2.1.9 > vitest@2.1.9 >  │
│                     │ @vitest/mocker@2.1.9 > vite@5.4.21 > esbuild@0.21.5    │
│                     │                                                        │
│                     │ apps/web > @vitest/coverage-v8@2.1.9 > vitest@2.1.9 >  │
│                     │ vite@5.4.21 > esbuild@0.21.5                           │
│                     │                                                        │
│                     │ ... Found 12 paths, run `pnpm why esbuild` for more    │
│                     │ information                                            │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info           │ https://github.com/advisories/GHSA-gv7w-rqvm-qjhr      │
└─────────────────────┴────────────────────────────────────────────────────────┘
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ high                │ ws: Memory exhaustion DoS from tiny fragments and data │
│                     │ chunks                                                 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package             │ ws                                                     │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ >=8.0.0 <8.21.0                                        │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions    │ >=8.21.0                                               │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths               │ apps/web > @vitest/coverage-v8@2.1.9 > vitest@2.1.9 >  │
│                     │ jsdom@25.0.1 > ws@8.20.1                               │
│                     │                                                        │
│                     │ apps/web > jsdom@25.0.1 > ws@8.20.1                    │
│                     │                                                        │
│                     │ apps/web > vitest@2.1.9 > jsdom@25.0.1 > ws@8.20.1     │
│                     │                                                        │
│                     │ ... Found 4 paths, run `pnpm why ws` for more          │
│                     │ information                                            │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info           │ https://github.com/advisories/GHSA-96hv-2xvq-fx4p      │
└─────────────────────┴────────────────────────────────────────────────────────┘
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ high                │ form-data: CRLF injection in form-data via unescaped   │
│                     │ multipart field names and filenames                    │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package             │ form-data                                              │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vuln

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants