chore(deps): bump @opentelemetry/exporter-prometheus, @opentelemetry/auto-instrumentations-node and @opentelemetry/sdk-node

[dependabot]

Bumps @opentelemetry/exporter-prometheus, @opentelemetry/auto-instrumentations-node and @opentelemetry/sdk-node. These dependencies needed to be updated together.
Updates @opentelemetry/exporter-prometheus from 0.207.0 to 0.217.0

Release notes

Sourced from @​opentelemetry/exporter-prometheus's releases.

experimental/v0.217.0

0.217.0

🚀 Features

• feat(otlp-transformer): replace protobufjs trace serialization with custom implementation #6625 @​pichlermarc
• feat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using json-schema-to-typescript and ajv #6533 @​MikeGoldsmith
• feat(configuration, sdk-node): startNodeSDK() code path now uses log_level configuration to setup a DiagConsoleLogger #6668 @​trentm
  • Note that allowed values for log_level in a configuration YAML file are not the same set as for OTEL_LOG_LEVEL. Use log_level: trace to see all logs (equivalent of OTEL_LOG_LEVEL=ALL). Use log_level: fatal to effectively disable the SDK's internal diagnostic logger (equivalent of OTEL_LOG_LEVEL=NONE).
  • If log_level is not specified, a diagnostic console logger at "info" level will be setup.
  • An invalid YAML config file will now result in a noop OTel SDK.

🐛 Bug Fixes

• fix(configuration): do not validate OTEL_CONFIG_FILE value before using it for file config #6643 @​trentm
• fix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types #6650 @​trentm
• fix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing #6657 @​trentm
• fix(configuration): improve handling of enums in generated types #6659 @​trentm
• fix(configuration): improve the technique for removing '| null' on types the JSON Schema #6662 @​trentm
• fix(sampler-jaeger-remote): add missing axios dep #6656 @​trentm
• fix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler #6674 @​homanp

experimental/v0.216.0

0.216.0

🚀 Features

• feat(sdk-node): wire attribute_keys from declarative configuration to ViewOptions.attributesProcessors #6427 @​ravitheja4531-cell
• feat(sdk-node): set TracerProvider in startNodeSDK() #6607 @​maryliag

🐛 Bug Fixes

• fix(instrumentation-xml-http-request): avoid unwrapping XMLHttpRequest API when disabling #6611 @​david-luna
• fix(instrumentation-fetch): tolerate non-writable globalThis.fetch and fix premature _isEnabled / _isFetchPatched flips in enable() @​brunorodmoreira
• fix(instrumentation-xhr): resolve relative URLs before matching ignoreUrls #6551 @​Maximiliano-Zeballos
• fix(sdk-node): fix setting of ViewOption#name from ConfigurationModel #6620 @​trentm
• fix(web-common): add limit for timeout #6601 @​maryliag
• fix(otlp-transformer): pin [email protected] as [email protected] is broken for browser use #6646

🏠 Internal

• test(otlp-transformer): add metrics transform benchmark #6628 @​pichlermarc
• refactor(opentelemetry-exporter-prometheus): do not call enforcePrometheusNamingConvention() multiple times per metric #6636 @​cjihrig

experimental/v0.215.0

0.215.0

💥 Breaking Changes

... (truncated)

Commits

• 74cde1b chore: prepare next release (#6675)
• e8f439a fix: handle malformed URLs in Prometheus exporter request handler (#6674)
• ab3a2e2 feat(sdk-node, configuration): diag log handling updates for startNodeSDK(), ...
• d5b7d1e fix(deps): update dependency axios to v1.15.2 [security] (#6670)
• c163618 chore(deps): update github/codeql-action digest to e46ed2c (#6661)
• ec2bfbe chore(configuration): move config generation scripts into the configuration p...
• acc9ecd chore(configuration): cosmetic changes to generated types.ts (#6663)
• 8f008ec chore: Move inactive members to emeritus (#6649)
• 435431e fix(configuration): improve the technique for removing '| null' on types due ...
• 4222024 fix(configuration): improve handling of enums in generated types (#6659)
• Additional commits viewable in compare view

Updates @opentelemetry/auto-instrumentations-node from 0.66.0 to 0.75.0

Release notes

Sourced from @​opentelemetry/auto-instrumentations-node's releases.

auto-instrumentations-node: v0.75.0

0.75.0 (2026-05-06)

Features

• deps: update deps matching '@opentelemetry/*' (#3507) (e1ef3d1)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​opentelemetry/instrumentation-amqplib bumped from ^0.63.0 to ^0.64.0
    • @​opentelemetry/instrumentation-aws-lambda bumped from ^0.68.0 to ^0.69.0
    • @​opentelemetry/instrumentation-aws-sdk bumped from ^0.71.0 to ^0.72.0
    • @​opentelemetry/instrumentation-bunyan bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-cassandra-driver bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-connect bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-cucumber bumped from ^0.32.0 to ^0.33.0
    • @​opentelemetry/instrumentation-dataloader bumped from ^0.33.0 to ^0.34.0
    • @​opentelemetry/instrumentation-dns bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-express bumped from ^0.64.0 to ^0.65.0
    • @​opentelemetry/instrumentation-fs bumped from ^0.35.0 to ^0.36.0
    • @​opentelemetry/instrumentation-generic-pool bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-graphql bumped from ^0.64.0 to ^0.65.0
    • @​opentelemetry/instrumentation-hapi bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-ioredis bumped from ^0.64.0 to ^0.65.0
    • @​opentelemetry/instrumentation-kafkajs bumped from ^0.25.0 to ^0.26.0
    • @​opentelemetry/instrumentation-knex bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-koa bumped from ^0.64.0 to ^0.65.0
    • @​opentelemetry/instrumentation-lru-memoizer bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-memcached bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-mongodb bumped from ^0.69.0 to ^0.70.0
    • @​opentelemetry/instrumentation-mongoose bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-mysql bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-mysql2 bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-nestjs-core bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-net bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-openai bumped from ^0.14.0 to ^0.15.0
    • @​opentelemetry/instrumentation-oracledb bumped from ^0.41.0 to ^0.42.0
    • @​opentelemetry/instrumentation-pg bumped from ^0.68.0 to ^0.69.0
    • @​opentelemetry/instrumentation-pino bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-redis bumped from ^0.64.0 to ^0.65.0
    • @​opentelemetry/instrumentation-restify bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-router bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-runtime-node bumped from ^0.29.0 to ^0.30.0
    • @​opentelemetry/instrumentation-socket.io bumped from ^0.63.0 to ^0.64.0
    • @​opentelemetry/instrumentation-tedious bumped from ^0.35.0 to ^0.36.0
    • @​opentelemetry/instrumentation-undici bumped from ^0.26.0 to ^0.27.0

... (truncated)

Changelog

Sourced from @​opentelemetry/auto-instrumentations-node's changelog.

0.75.0 (2026-05-06)

Features

• deps: update deps matching '@opentelemetry/*' (#3507) (e1ef3d1)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​opentelemetry/instrumentation-amqplib bumped from ^0.63.0 to ^0.64.0
    • @​opentelemetry/instrumentation-aws-lambda bumped from ^0.68.0 to ^0.69.0
    • @​opentelemetry/instrumentation-aws-sdk bumped from ^0.71.0 to ^0.72.0
    • @​opentelemetry/instrumentation-bunyan bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-cassandra-driver bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-connect bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-cucumber bumped from ^0.32.0 to ^0.33.0
    • @​opentelemetry/instrumentation-dataloader bumped from ^0.33.0 to ^0.34.0
    • @​opentelemetry/instrumentation-dns bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-express bumped from ^0.64.0 to ^0.65.0
    • @​opentelemetry/instrumentation-fs bumped from ^0.35.0 to ^0.36.0
    • @​opentelemetry/instrumentation-generic-pool bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-graphql bumped from ^0.64.0 to ^0.65.0
    • @​opentelemetry/instrumentation-hapi bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-ioredis bumped from ^0.64.0 to ^0.65.0
    • @​opentelemetry/instrumentation-kafkajs bumped from ^0.25.0 to ^0.26.0
    • @​opentelemetry/instrumentation-knex bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-koa bumped from ^0.64.0 to ^0.65.0
    • @​opentelemetry/instrumentation-lru-memoizer bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-memcached bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-mongodb bumped from ^0.69.0 to ^0.70.0
    • @​opentelemetry/instrumentation-mongoose bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-mysql bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-mysql2 bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-nestjs-core bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-net bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-openai bumped from ^0.14.0 to ^0.15.0
    • @​opentelemetry/instrumentation-oracledb bumped from ^0.41.0 to ^0.42.0
    • @​opentelemetry/instrumentation-pg bumped from ^0.68.0 to ^0.69.0
    • @​opentelemetry/instrumentation-pino bumped from ^0.62.0 to ^0.63.0
    • @​opentelemetry/instrumentation-redis bumped from ^0.64.0 to ^0.65.0
    • @​opentelemetry/instrumentation-restify bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-router bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-runtime-node bumped from ^0.29.0 to ^0.30.0
    • @​opentelemetry/instrumentation-socket.io bumped from ^0.63.0 to ^0.64.0
    • @​opentelemetry/instrumentation-tedious bumped from ^0.35.0 to ^0.36.0
    • @​opentelemetry/instrumentation-undici bumped from ^0.26.0 to ^0.27.0
    • @​opentelemetry/instrumentation-winston bumped from ^0.60.0 to ^0.61.0

... (truncated)

Commits

• b68fb6d chore: release main (#3498)
• e1ef3d1 feat(deps): update deps matching '@opentelemetry/*' (#3507)
• 03ed3a3 chore: release main (#3481)
• a91133a feat(deps): update deps matching '@opentelemetry/*' (#3497)
• bd017c8 chore: release main (#3451)
• 8891261 feat(deps): update deps matching '@opentelemetry/*' (#3479)
• 36a030c chore: switch to short license header (#3476)
• See full diff in compare view

Updates @opentelemetry/sdk-node from 0.207.0 to 0.217.0

Release notes

Sourced from @​opentelemetry/sdk-node's releases.

experimental/v0.217.0

0.217.0

🚀 Features

• feat(otlp-transformer): replace protobufjs trace serialization with custom implementation #6625 @​pichlermarc
• feat(configuration): auto-generate TypeScript types from OTel declarative config JSON schema (stable v1.0.0) using json-schema-to-typescript and ajv #6533 @​MikeGoldsmith
• feat(configuration, sdk-node): startNodeSDK() code path now uses log_level configuration to setup a DiagConsoleLogger #6668 @​trentm
  • Note that allowed values for log_level in a configuration YAML file are not the same set as for OTEL_LOG_LEVEL. Use log_level: trace to see all logs (equivalent of OTEL_LOG_LEVEL=ALL). Use log_level: fatal to effectively disable the SDK's internal diagnostic logger (equivalent of OTEL_LOG_LEVEL=NONE).
  • If log_level is not specified, a diagnostic console logger at "info" level will be setup.
  • An invalid YAML config file will now result in a noop OTel SDK.

🐛 Bug Fixes

• fix(configuration): do not validate OTEL_CONFIG_FILE value before using it for file config #6643 @​trentm
• fix(configuration): improve how 'additionalProperties' in JSON schema is translated to TS types #6650 @​trentm
• fix(configuration): remove stripMinItems and preprocessNullArrays from validation/parsing #6657 @​trentm
• fix(configuration): improve handling of enums in generated types #6659 @​trentm
• fix(configuration): improve the technique for removing '| null' on types the JSON Schema #6662 @​trentm
• fix(sampler-jaeger-remote): add missing axios dep #6656 @​trentm
• fix(exporter-prometheus): handle malformed URLs in Prometheus exporter request handler #6674 @​homanp

experimental/v0.216.0

0.216.0

🚀 Features

• feat(sdk-node): wire attribute_keys from declarative configuration to ViewOptions.attributesProcessors #6427 @​ravitheja4531-cell
• feat(sdk-node): set TracerProvider in startNodeSDK() #6607 @​maryliag

🐛 Bug Fixes

• fix(instrumentation-xml-http-request): avoid unwrapping XMLHttpRequest API when disabling #6611 @​david-luna
• fix(instrumentation-fetch): tolerate non-writable globalThis.fetch and fix premature _isEnabled / _isFetchPatched flips in enable() @​brunorodmoreira
• fix(instrumentation-xhr): resolve relative URLs before matching ignoreUrls #6551 @​Maximiliano-Zeballos
• fix(sdk-node): fix setting of ViewOption#name from ConfigurationModel #6620 @​trentm
• fix(web-common): add limit for timeout #6601 @​maryliag
• fix(otlp-transformer): pin [email protected] as [email protected] is broken for browser use #6646

🏠 Internal

• test(otlp-transformer): add metrics transform benchmark #6628 @​pichlermarc
• refactor(opentelemetry-exporter-prometheus): do not call enforcePrometheusNamingConvention() multiple times per metric #6636 @​cjihrig

experimental/v0.215.0

0.215.0

💥 Breaking Changes

... (truncated)

Commits

• 74cde1b chore: prepare next release (#6675)
• e8f439a fix: handle malformed URLs in Prometheus exporter request handler (#6674)
• ab3a2e2 feat(sdk-node, configuration): diag log handling updates for startNodeSDK(), ...
• d5b7d1e fix(deps): update dependency axios to v1.15.2 [security] (#6670)
• c163618 chore(deps): update github/codeql-action digest to e46ed2c (#6661)
• ec2bfbe chore(configuration): move config generation scripts into the configuration p...
• acc9ecd chore(configuration): cosmetic changes to generated types.ts (#6663)
• 8f008ec chore: Move inactive members to emeritus (#6649)
• 435431e fix(configuration): improve the technique for removing '| null' on types due ...
• 4222024 fix(configuration): improve handling of enums in generated types (#6659)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​opentelemetry/​exporter-prometheus@​0.207.0 ⏵ 0.217.0		+16
	@​opentelemetry/​resources@​2.5.0 ⏵ 2.7.1
	@​opentelemetry/​auto-instrumentations-node@​0.66.0 ⏵ 0.75.0	+1	+16
	@​opentelemetry/​sdk-node@​0.207.0 ⏵ 0.217.0		+16	+1

View full report