Skip to content

Update @opentelemetry/sdk-node dependency to non-vulnerable version #1438

Description

@stefan-as

Since three weeks, there is a high rated security vulnerability in @opentelemetry/sdk-node (GHSA-q7rr-3cgh-j5r3), but the update can not be applied because of a version pinning in the current version of @appsignal/nodejs (3.8.0).

Can you please update the version pinning, so we are able to fix the vulnerability within @opentelemetry/sdk-node?


Dependabot cannot update @opentelemetry/sdk-node to a non-vulnerable version
The latest possible version that can be installed is 0.213.0 because of the following conflicting dependencies:

@appsignal/nodejs@3.8.0 requires @opentelemetry/sdk-node@>= 0.213.0 < 0.214.0
No patched version available for @opentelemetry/sdk-node
The earliest fixed version is 0.217.0.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions