Since three weeks, there is a high rated security vulnerability in @opentelemetry/sdk-node (GHSA-q7rr-3cgh-j5r3), but the update can not be applied because of a version pinning in the current version of @appsignal/nodejs (3.8.0).
Can you please update the version pinning, so we are able to fix the vulnerability within @opentelemetry/sdk-node?
Dependabot cannot update @opentelemetry/sdk-node to a non-vulnerable version
The latest possible version that can be installed is 0.213.0 because of the following conflicting dependencies:
@appsignal/nodejs@3.8.0 requires @opentelemetry/sdk-node@>= 0.213.0 < 0.214.0
No patched version available for @opentelemetry/sdk-node
The earliest fixed version is 0.217.0.
Since three weeks, there is a high rated security vulnerability in @opentelemetry/sdk-node (GHSA-q7rr-3cgh-j5r3), but the update can not be applied because of a version pinning in the current version of @appsignal/nodejs (3.8.0).
Can you please update the version pinning, so we are able to fix the vulnerability within @opentelemetry/sdk-node?
Dependabot cannot update @opentelemetry/sdk-node to a non-vulnerable version
The latest possible version that can be installed is 0.213.0 because of the following conflicting dependencies:
@appsignal/nodejs@3.8.0 requires @opentelemetry/sdk-node@>= 0.213.0 < 0.214.0
No patched version available for @opentelemetry/sdk-node
The earliest fixed version is 0.217.0.