Skip to content

feat(deps): bump @opentelemetry/instrumentation-graphql from 0.52.0 to 0.56.0 #18145

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

feat(deps): bump @opentelemetry/instrumentation-graphql from 0.52.0 to 0.56.0 #18145

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion packages/node/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@
"@opentelemetry/instrumentation-express": "0.53.0",
"@opentelemetry/instrumentation-fs": "0.24.0",
"@opentelemetry/instrumentation-generic-pool": "0.48.0",
"@opentelemetry/instrumentation-graphql": "0.52.0",
"@opentelemetry/instrumentation-graphql": "0.56.0",
Copy link

@cursor cursor bot Nov 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Instrumentation Upgrade: Dependency Version Clash

The upgrade of @opentelemetry/instrumentation-graphql to 0.56.0 creates a dependency version conflict. This version requires @opentelemetry/instrumentation@^0.208.0, but the root package specifies @opentelemetry/instrumentation@^0.204.0. This mismatch will cause multiple versions of the same package to be installed, potentially leading to runtime conflicts, duplicate module instances, or unexpected behavior in OpenTelemetry instrumentation.

Fix in Cursor Fix in Web

"@opentelemetry/instrumentation-hapi": "0.51.0",
"@opentelemetry/instrumentation-http": "0.204.0",
"@opentelemetry/instrumentation-ioredis": "0.52.0",
Expand Down
91 changes: 86 additions & 5 deletions yarn.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5909,6 +5909,13 @@
dependencies:
"@opentelemetry/api" "^1.3.0"

"@opentelemetry/api-logs@0.208.0":
version "0.208.0"
resolved "https://registry.yarnpkg.com/@opentelemetry/api-logs/-/api-logs-0.208.0.tgz#56d3891010a1fa1cf600ba8899ed61b43ace511c"
integrity sha512-CjruKY9V6NMssL/T1kAFgzosF1v9o6oeN+aX5JB/C/xPNtmgIJqcXHG7fA82Ou1zCpWGl4lROQUKwUNE1pMCyg==
dependencies:
"@opentelemetry/api" "^1.3.0"

"@opentelemetry/api-logs@0.57.2":
version "0.57.2"
resolved "https://registry.yarnpkg.com/@opentelemetry/api-logs/-/api-logs-0.57.2.tgz#d4001b9aa3580367b40fe889f3540014f766cc87"
Expand Down Expand Up @@ -5992,12 +5999,12 @@
dependencies:
"@opentelemetry/instrumentation" "^0.204.0"

"@opentelemetry/instrumentation-graphql@0.52.0":
version "0.52.0"
resolved "https://registry.yarnpkg.com/@opentelemetry/instrumentation-graphql/-/instrumentation-graphql-0.52.0.tgz#a2d23a669bdd0a1b031f785fe447d5a34ac56343"
integrity sha512-3fEJ8jOOMwopvldY16KuzHbRhPk8wSsOTSF0v2psmOCGewh6ad+ZbkTx/xyUK9rUdUMWAxRVU0tFpj4Wx1vkPA==
"@opentelemetry/instrumentation-graphql@0.56.0":
version "0.56.0"
resolved "https://registry.yarnpkg.com/@opentelemetry/instrumentation-graphql/-/instrumentation-graphql-0.56.0.tgz#77464dec65efe5aa53d8787d0760534cf2e2a88f"
integrity sha512-IPvNk8AFoVzTAM0Z399t34VDmGDgwT6rIqCUug8P9oAGerl2/PEIYMPOl/rerPGu+q8gSWdmbFSjgg7PDVRd3Q==
dependencies:
"@opentelemetry/instrumentation" "^0.204.0"
"@opentelemetry/instrumentation" "^0.208.0"

"@opentelemetry/instrumentation-hapi@0.51.0":
version "0.51.0"
Expand Down Expand Up @@ -6149,6 +6156,15 @@
import-in-the-middle "^1.8.1"
require-in-the-middle "^7.1.1"

"@opentelemetry/instrumentation@^0.208.0":
version "0.208.0"
resolved "https://registry.yarnpkg.com/@opentelemetry/instrumentation/-/instrumentation-0.208.0.tgz#d764f8e4329dad50804e2e98f010170c14c4ce8f"
integrity sha512-Eju0L4qWcQS+oXxi6pgh7zvE2byogAkcsVv0OjHF/97iOz1N/aKE6etSGowYkie+YA1uo6DNwdSxaaNnLvcRlA==
dependencies:
"@opentelemetry/api-logs" "0.208.0"
import-in-the-middle "^2.0.0"
require-in-the-middle "^8.0.0"

"@opentelemetry/instrumentation@^0.52.0 || ^0.53.0 || ^0.54.0 || ^0.55.0 || ^0.56.0 || ^0.57.0":
version "0.57.2"
resolved "https://registry.yarnpkg.com/@opentelemetry/instrumentation/-/instrumentation-0.57.2.tgz#8924549d7941ba1b5c6f04d5529cf48330456d1d"
Expand Down Expand Up @@ -6943,6 +6959,20 @@
"@angular-devkit/schematics" "14.2.13"
jsonc-parser "3.1.0"

"@sentry-internal/browser-utils@10.23.0":
version "10.23.0"
resolved "https://registry.yarnpkg.com/@sentry-internal/browser-utils/-/browser-utils-10.23.0.tgz#738a07ed99168cdf69d0cdb5a152289ed049de81"
integrity sha512-FUak8FH51TnGrx2i31tgqun0VsbDCVQS7dxWnUZHdi+0hpnFoq9+wBHY+qrOQjaInZSz3crIifYv3z7SEzD0Jg==
dependencies:
"@sentry/core" "10.23.0"

"@sentry-internal/feedback@10.23.0":
version "10.23.0"
resolved "https://registry.yarnpkg.com/@sentry-internal/feedback/-/feedback-10.23.0.tgz#4b9ade29f1d96309eea83cc513c4a73e3992c4d7"
integrity sha512-+HWC9VTPICsFX/lIPoBU9GxTaJZVXJcukP+qGxj+j/8q/Dy1w22JHDWcJbZiaW4kWWlz7VbA0KVKS3grD+e9aA==
dependencies:
"@sentry/core" "10.23.0"

"@sentry-internal/node-cpu-profiler@^2.2.0":
version "2.2.0"
resolved "https://registry.yarnpkg.com/@sentry-internal/node-cpu-profiler/-/node-cpu-profiler-2.2.0.tgz#0640d4aebb4d36031658ccff83dc22b76f437ede"
Expand All @@ -6959,6 +6989,22 @@
detect-libc "^2.0.4"
node-abi "^3.73.0"

"@sentry-internal/replay-canvas@10.23.0":
version "10.23.0"
resolved "https://registry.yarnpkg.com/@sentry-internal/replay-canvas/-/replay-canvas-10.23.0.tgz#236916fb9d40637d8c9f86c52b2b1619b1170854"
integrity sha512-GLNY8JPcMI6xhQ5FHiYO/W/3flrwZMt4CI/E3jDRNujYWbCrca60MRke6k7Zm1qi9rZ1FuhVWZ6BAFc4vwXnSg==
dependencies:
"@sentry-internal/replay" "10.23.0"
"@sentry/core" "10.23.0"

"@sentry-internal/replay@10.23.0":
version "10.23.0"
resolved "https://registry.yarnpkg.com/@sentry-internal/replay/-/replay-10.23.0.tgz#7a6075e2c2e1d0a371764d7c2e5dad578bb7b1fe"
integrity sha512-5yPD7jVO2JY8+JEHXep0Bf/ugp4rmxv5BkHIcSAHQsKSPhziFks2x+KP+6M8hhbF1WydqAaDYlGjrkL2yspHqA==
dependencies:
"@sentry-internal/browser-utils" "10.23.0"
"@sentry/core" "10.23.0"

"@sentry-internal/rrdom@2.34.0":
version "2.34.0"
resolved "https://registry.yarnpkg.com/@sentry-internal/rrdom/-/rrdom-2.34.0.tgz#fccc9fe211c3995d4200abafbe8d75b671961ee9"
Expand Down Expand Up @@ -7032,6 +7078,17 @@
resolved "https://registry.yarnpkg.com/@sentry/babel-plugin-component-annotate/-/babel-plugin-component-annotate-4.3.0.tgz#c5b6cbb986952596d3ad233540a90a1fd18bad80"
integrity sha512-OuxqBprXRyhe8Pkfyz/4yHQJc5c3lm+TmYWSSx8u48g5yKewSQDOxkiLU5pAk3WnbLPy8XwU/PN+2BG0YFU9Nw==

"@sentry/browser@10.23.0":
version "10.23.0"
resolved "https://registry.yarnpkg.com/@sentry/browser/-/browser-10.23.0.tgz#aa85f9c21c9a6c80b8952ee15307997fb34edbb3"
integrity sha512-9hViLfYONxRJykOhJQ3ZHQ758t1wQIsxEC7mTsydbDm+m12LgbBtXbfgcypWHlom5Yvb+wg6W+31bpdGnATglw==
dependencies:
"@sentry-internal/browser-utils" "10.23.0"
"@sentry-internal/feedback" "10.23.0"
"@sentry-internal/replay" "10.23.0"
"@sentry-internal/replay-canvas" "10.23.0"
"@sentry/core" "10.23.0"

"@sentry/bundler-plugin-core@4.3.0", "@sentry/bundler-plugin-core@^4.3.0":
version "4.3.0"
resolved "https://registry.yarnpkg.com/@sentry/bundler-plugin-core/-/bundler-plugin-core-4.3.0.tgz#cf302522a3e5b8a3bf727635d0c6a7bece981460"
Expand Down Expand Up @@ -7106,6 +7163,11 @@
"@sentry/cli-win32-i686" "2.56.0"
"@sentry/cli-win32-x64" "2.56.0"

"@sentry/core@10.23.0":
version "10.23.0"
resolved "https://registry.yarnpkg.com/@sentry/core/-/core-10.23.0.tgz#7d4eb4d2c7b9ecc88872975a916f44e0b9fec78a"
integrity sha512-4aZwu6VnSHWDplY5eFORcVymhfvS/P6BRfK81TPnG/ReELaeoykKjDwR+wC4lO7S0307Vib9JGpszjsEZw245g==

"@sentry/rollup-plugin@^4.3.0":
version "4.3.0"
resolved "https://registry.yarnpkg.com/@sentry/rollup-plugin/-/rollup-plugin-4.3.0.tgz#d23fe49e48fa68dafa2b0933a8efabcc964b1df9"
Expand Down Expand Up @@ -19060,6 +19122,16 @@ import-in-the-middle@^1.14.2, import-in-the-middle@^1.8.1:
cjs-module-lexer "^1.2.2"
module-details-from-path "^1.0.3"

import-in-the-middle@^2.0.0:
version "2.0.0"
resolved "https://registry.yarnpkg.com/import-in-the-middle/-/import-in-the-middle-2.0.0.tgz#295948cee94d0565314824c6bd75379d13e5b1a5"
integrity sha512-yNZhyQYqXpkT0AKq3F3KLasUSK4fHvebNH5hOsKQw2dhGSALvQ4U0BqUc5suziKvydO5u5hgN2hy1RJaho8U5A==
dependencies:
acorn "^8.14.0"
acorn-import-attributes "^1.9.5"
cjs-module-lexer "^1.2.2"
module-details-from-path "^1.0.3"

import-local@3.1.0:
version "3.1.0"
resolved "https://registry.yarnpkg.com/import-local/-/import-local-3.1.0.tgz#b4479df8a5fd44f6cdce24070675676063c95cb4"
Comment on lines +19127 to 19137
Copy link

@sentry sentry bot Nov 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: The PR introduces a dependency conflict: import-in-the-middle@^1.14.2 is pinned in package.json files, but a new transitive dependency requires ^2.0.0.
Severity: CRITICAL | Confidence: 1.00

🔍 Detailed Analysis

The pull request updates @opentelemetry/instrumentation-graphql to 0.56.0, which transitively requires import-in-the-middle@^2.0.0. However, packages/node/package.json and packages/node-core/package.json still explicitly pin import-in-the-middle to ^1.14.2. This version mismatch can cause dependency resolution conflicts during installation or lead to runtime errors if import-in-the-middle v2.0.0 is installed and code expects v1.x behavior.

💡 Suggested Fix

Update the explicit import-in-the-middle dependency in packages/node/package.json and packages/node-core/package.json from ^1.14.2 to ^2.0.0 to resolve the version conflict.

🤖 Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: yarn.lock#L19122-L19137

Potential issue: The pull request updates `@opentelemetry/instrumentation-graphql` to
`0.56.0`, which transitively requires `import-in-the-middle@^2.0.0`. However,
`packages/node/package.json` and `packages/node-core/package.json` still explicitly pin
`import-in-the-middle` to `^1.14.2`. This version mismatch can cause dependency
resolution conflicts during installation or lead to runtime errors if
`import-in-the-middle` v2.0.0 is installed and code expects v1.x behavior.

Did we get this right? 👍 / 👎 to inform future reviews.

Expand Down Expand Up @@ -26686,6 +26758,14 @@ require-in-the-middle@^7.1.1:
module-details-from-path "^1.0.3"
resolve "^1.22.1"

require-in-the-middle@^8.0.0:
version "8.0.1"
resolved "https://registry.yarnpkg.com/require-in-the-middle/-/require-in-the-middle-8.0.1.tgz#dbde2587f669398626d56b20c868ab87bf01cce4"
integrity sha512-QT7FVMXfWOYFbeRBF6nu+I6tr2Tf3u0q8RIEjNob/heKY/nh7drD/k7eeMFmSQgnTtCzLDcCu/XEnpW2wk4xCQ==
dependencies:
debug "^4.3.5"
module-details-from-path "^1.0.3"

require-package-name@^2.0.1:
version "2.0.1"
resolved "https://registry.yarnpkg.com/require-package-name/-/require-package-name-2.0.1.tgz#c11e97276b65b8e2923f75dabf5fb2ef0c3841b9"
Expand Down Expand Up @@ -28790,6 +28870,7 @@ stylus@0.59.0, stylus@^0.59.0:

sucrase@^3.27.0, sucrase@^3.35.0, sucrase@getsentry/sucrase#es2020-polyfills:
version "3.36.0"
uid fd682f6129e507c00bb4e6319cc5d6b767e36061
resolved "https://codeload.github.com/getsentry/sucrase/tar.gz/fd682f6129e507c00bb4e6319cc5d6b767e36061"
dependencies:
"@jridgewell/gen-mapping" "^0.3.2"
Expand Down
Loading