From 96d16eaef79b0fb319d700e898d8eca0316f75cc Mon Sep 17 00:00:00 2001 From: Stephen Belanger Date: Fri, 29 May 2026 16:49:30 +0800 Subject: [PATCH 1/3] chore: refresh mastra-instrumentation lockfile and add pnpm overrides Adds a per-scenario \`pnpm.overrides\` block covering the transitive deps flagged by Dependabot (\`hono\`, \`fast-uri\`, \`ip-address\`, \`ws\`, \`uuid\`, \`qs\`). Uses ranged overrides so only the vulnerable subrange is bumped, and refreshes the lockfile incrementally so unrelated transitives (zod, etc.) keep their existing pins and the recorded cassettes stay valid. Co-Authored-By: Claude Opus 4.7 (1M context) --- .../mastra-instrumentation/package.json | 10 +++ .../mastra-instrumentation/pnpm-lock.yaml | 88 +++++++++---------- 2 files changed, 54 insertions(+), 44 deletions(-) diff --git a/e2e/scenarios/mastra-instrumentation/package.json b/e2e/scenarios/mastra-instrumentation/package.json index 8f085b805..8c9d30bb8 100644 --- a/e2e/scenarios/mastra-instrumentation/package.json +++ b/e2e/scenarios/mastra-instrumentation/package.json @@ -13,5 +13,15 @@ "@mastra/core": "1.26.0", "@mastra/observability": "latest", "zod": "4.3.6" + }, + "pnpm": { + "overrides": { + "hono@>=4.0.0 <4.12.18": "^4.12.18", + "fast-uri@<3.1.2": "^3.1.2", + "ip-address@>=10.0.0 <10.1.1": "^10.1.1", + "ws@>=8.0.0 <8.20.1": "^8.20.1", + "uuid@<11.1.1": "^11.1.1", + "qs@>=6.7.0 <6.15.2": "^6.15.2" + } } } diff --git a/e2e/scenarios/mastra-instrumentation/pnpm-lock.yaml b/e2e/scenarios/mastra-instrumentation/pnpm-lock.yaml index 9a53957f7..e7cbc82f0 100644 --- a/e2e/scenarios/mastra-instrumentation/pnpm-lock.yaml +++ b/e2e/scenarios/mastra-instrumentation/pnpm-lock.yaml @@ -4,6 +4,14 @@ settings: autoInstallPeers: true excludeLinksFromLockfile: false +overrides: + hono@>=4.0.0 <4.12.18: ^4.12.18 + fast-uri@<3.1.2: ^3.1.2 + ip-address@>=10.0.0 <10.1.1: ^10.1.1 + ws@>=8.0.0 <8.20.1: ^8.20.1 + uuid@<11.1.1: ^11.1.1 + qs@>=6.7.0 <6.15.2: ^6.15.2 + importers: .: @@ -64,7 +72,7 @@ packages: resolution: {integrity: sha512-GwtvgtXxnWsucXvbQXkRgqksiH2Qed37H9xHZocE5sA3N8O8O8/8FA3uclQXxXVzc9XBZuEOMK7+r02FmSpHtw==} engines: {node: '>=18.14.1'} peerDependencies: - hono: ^4 + hono: ^4.12.18 '@isaacs/ttlcache@2.1.4': resolution: {integrity: sha512-7kMz0BJpMvgAMkyglums7B2vtrn5g0a0am77JY0GjkZZNetOBCFn7AG7gKCwT0QPiXyxW7YIQSgtARknUEOcxQ==} @@ -447,8 +455,8 @@ packages: fast-deep-equal@3.1.3: resolution: {integrity: sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==} - fast-uri@3.1.0: - resolution: {integrity: sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==} + fast-uri@3.1.2: + resolution: {integrity: sha512-rVjf7ArG3LTk+FS6Yw81V1DLuZl1bRbNrev6Tmd/9RaroeeRRJhAt7jg/6YFxbvAQXUCavSoZhPPj6oOx+5KjQ==} figures@6.1.0: resolution: {integrity: sha512-d+l3qxjSesT4V7v2fh+QnmFnUWv9lSpjarhShNTgBOfA0ttejbQUAlHLitbjkoRiDulW0OPoQPYIGhIC8ohejg==} @@ -512,7 +520,7 @@ packages: '@standard-community/standard-json': ^0.3.5 '@standard-community/standard-openapi': ^0.2.9 '@types/json-schema': ^7.0.15 - hono: ^4.8.3 + hono: ^4.12.18 openapi-types: ^12.1.3 peerDependenciesMeta: '@hono/standard-validator': @@ -520,8 +528,8 @@ packages: hono: optional: true - hono@4.12.14: - resolution: {integrity: sha512-am5zfg3yu6sqn5yjKBNqhnTX7Cv+m00ox+7jbaKkrLMRJ4rAdldd1xPd/JzbBWspqaQv6RSTrgFN95EsfhC+7w==} + hono@4.12.23: + resolution: {integrity: sha512-eIaZ9qDgu7XV0pxOCrg7/WhnQ6Ivm22UcxhXx/A3dcbqbbYgBEkc6e/J/s7j2tS96zoB0S9VBdLwQNCWwUo4LA==} engines: {node: '>=16.9.0'} http-errors@2.0.1: @@ -547,8 +555,8 @@ packages: inherits@2.0.4: resolution: {integrity: sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==} - ip-address@10.1.0: - resolution: {integrity: sha512-XXADHxXmvT9+CRxhXg56LJovE+bmWnEWB78LB83VZTprKTmaC5QfruXocxzTZ2Kl0DNwKuBdlIhjL8LeY8Sf8Q==} + ip-address@10.2.0: + resolution: {integrity: sha512-/+S6j4E9AHvW9SWMSEY9Xfy66O5PWvVEJ08O0y5JGyEKQpojb0K0GKpz/v5HJ/G0vi3D2sjGK78119oXZeE0qA==} engines: {node: '>= 12'} ipaddr.js@1.9.1: @@ -866,12 +874,8 @@ packages: resolution: {integrity: sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==} engines: {node: '>= 0.10'} - qs@6.14.2: - resolution: {integrity: sha512-V/yCWTTF7VJ9hIh18Ugr2zhJMP01MY7c5kh4J870L7imm6/DIzBsNLTXzMwUA3yZ5b/KBqLx8Kp3uRvd7xSe3Q==} - engines: {node: '>=0.6'} - - qs@6.15.1: - resolution: {integrity: sha512-6YHEFRL9mfgcAvql/XhwTvf5jKcOiiupt2FiJxHkiX1z4j7WL8J/jRHYLluORvc1XxB5rV20KoeK00gVJamspg==} + qs@6.15.2: + resolution: {integrity: sha512-Rzq0KEyX/w/tEybncDgdkZrJgVUsUMk3xjh3t5bv3S1HTAtg+uOYt72+ZfwiQwKdysThkTBdL/rTi6HDmX9Ddw==} engines: {node: '>=0.6'} quansync@0.2.11: @@ -1036,8 +1040,8 @@ packages: resolution: {integrity: sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==} engines: {node: '>= 0.4.0'} - uuid@11.1.0: - resolution: {integrity: sha512-0/A9rDy9P7cJ+8w1c9WD9V//9Wj15Ce2MPz8Ri6032usz+NfePxx5AcN3bN+r6ZL6jEo066/yNYB3tn4pQEx+A==} + uuid@11.1.1: + resolution: {integrity: sha512-vIYxrBCC/N/K+Js3qSN88go7kIfNPssr/hHCesKCQNAjmgvYS2oqr69kIufEG+O4+PfezOH4EbIeHCfFov8ZgQ==} hasBin: true vary@1.1.2: @@ -1058,8 +1062,8 @@ packages: wrappy@1.0.2: resolution: {integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==} - ws@8.20.0: - resolution: {integrity: sha512-sAt8BhgNbzCtgGbt2OxmpuryO63ZoDk/sqaB/znQm94T4fCEsy/yV+7CdC1kJhOU9lboAEU7R3kquuycDoibVA==} + ws@8.21.0: + resolution: {integrity: sha512-Vsp28b7DRcimFQvrqu2Wek3z1iYxDCWqHYB8Qsnk/S4RfaCQzPGPyBNuVjJV3cd6UiKtUtp6sNM77gWvzcCH+g==} engines: {node: '>=10.0.0'} peerDependencies: bufferutil: ^4.0.1 @@ -1106,7 +1110,7 @@ snapshots: body-parser: 2.2.2 cors: 2.8.6 express: 4.22.1 - uuid: 11.1.0 + uuid: 11.1.1 transitivePeerDependencies: - supports-color @@ -1150,9 +1154,9 @@ snapshots: zod: 4.3.6 zod-to-json-schema: 3.25.2(zod@4.3.6) - '@hono/node-server@1.19.14(hono@4.12.14)': + '@hono/node-server@1.19.14(hono@4.12.23)': dependencies: - hono: 4.12.14 + hono: 4.12.23 '@isaacs/ttlcache@2.1.4': {} @@ -1181,8 +1185,8 @@ snapshots: dotenv: 17.4.2 execa: 9.6.1 gray-matter: 4.0.3 - hono: 4.12.14 - hono-openapi: 1.3.0(@standard-community/standard-json@0.3.5(@standard-schema/spec@1.1.0)(@types/json-schema@7.0.15)(quansync@0.2.11)(zod-to-json-schema@3.25.2(zod@4.3.6))(zod@4.3.6))(@standard-community/standard-openapi@0.2.9(@standard-community/standard-json@0.3.5(@standard-schema/spec@1.1.0)(@types/json-schema@7.0.15)(quansync@0.2.11)(zod-to-json-schema@3.25.2(zod@4.3.6))(zod@4.3.6))(@standard-schema/spec@1.1.0)(openapi-types@12.1.3)(zod@4.3.6))(@types/json-schema@7.0.15)(hono@4.12.14)(openapi-types@12.1.3) + hono: 4.12.23 + hono-openapi: 1.3.0(@standard-community/standard-json@0.3.5(@standard-schema/spec@1.1.0)(@types/json-schema@7.0.15)(quansync@0.2.11)(zod-to-json-schema@3.25.2(zod@4.3.6))(zod@4.3.6))(@standard-community/standard-openapi@0.2.9(@standard-community/standard-json@0.3.5(@standard-schema/spec@1.1.0)(@types/json-schema@7.0.15)(quansync@0.2.11)(zod-to-json-schema@3.25.2(zod@4.3.6))(zod@4.3.6))(@standard-schema/spec@1.1.0)(openapi-types@12.1.3)(zod@4.3.6))(@types/json-schema@7.0.15)(hono@4.12.23)(openapi-types@12.1.3) ignore: 7.0.5 js-tiktoken: 1.0.21 json-schema: 0.4.0 @@ -1192,7 +1196,7 @@ snapshots: picomatch: 4.0.4 radash: 12.1.1 tokenx: 1.3.0 - ws: 8.20.0 + ws: 8.21.0 xxhash-wasm: 1.1.0 zod: 4.3.6 transitivePeerDependencies: @@ -1220,7 +1224,7 @@ snapshots: '@modelcontextprotocol/sdk@1.29.0(zod@4.3.6)': dependencies: - '@hono/node-server': 1.19.14(hono@4.12.14) + '@hono/node-server': 1.19.14(hono@4.12.23) ajv: 8.18.0 ajv-formats: 3.0.1(ajv@8.18.0) content-type: 1.0.5 @@ -1230,7 +1234,7 @@ snapshots: eventsource-parser: 3.0.8 express: 5.2.1 express-rate-limit: 8.4.0(express@5.2.1) - hono: 4.12.14 + hono: 4.12.23 jose: 6.2.2 json-schema-typed: 8.0.2 pkce-challenge: 5.0.1 @@ -1359,7 +1363,7 @@ snapshots: ajv@8.18.0: dependencies: fast-deep-equal: 3.1.3 - fast-uri: 3.1.0 + fast-uri: 3.1.2 json-schema-traverse: 1.0.0 require-from-string: 2.0.2 @@ -1383,7 +1387,7 @@ snapshots: http-errors: 2.0.1 iconv-lite: 0.4.24 on-finished: 2.4.1 - qs: 6.14.2 + qs: 6.15.2 raw-body: 2.5.3 type-is: 1.6.18 unpipe: 1.0.0 @@ -1398,7 +1402,7 @@ snapshots: http-errors: 2.0.1 iconv-lite: 0.7.2 on-finished: 2.4.1 - qs: 6.15.1 + qs: 6.15.2 raw-body: 3.0.2 type-is: 2.0.1 transitivePeerDependencies: @@ -1531,7 +1535,7 @@ snapshots: express-rate-limit@8.4.0(express@5.2.1): dependencies: express: 5.2.1 - ip-address: 10.1.0 + ip-address: 10.2.0 express@4.22.1: dependencies: @@ -1556,7 +1560,7 @@ snapshots: parseurl: 1.3.3 path-to-regexp: 0.1.13 proxy-addr: 2.0.7 - qs: 6.14.2 + qs: 6.15.2 range-parser: 1.2.1 safe-buffer: 5.2.1 send: 0.19.2 @@ -1591,7 +1595,7 @@ snapshots: once: 1.4.0 parseurl: 1.3.3 proxy-addr: 2.0.7 - qs: 6.15.1 + qs: 6.15.2 range-parser: 1.2.1 router: 2.2.0 send: 1.2.1 @@ -1610,7 +1614,7 @@ snapshots: fast-deep-equal@3.1.3: {} - fast-uri@3.1.0: {} + fast-uri@3.1.2: {} figures@6.1.0: dependencies: @@ -1685,16 +1689,16 @@ snapshots: dependencies: function-bind: 1.1.2 - hono-openapi@1.3.0(@standard-community/standard-json@0.3.5(@standard-schema/spec@1.1.0)(@types/json-schema@7.0.15)(quansync@0.2.11)(zod-to-json-schema@3.25.2(zod@4.3.6))(zod@4.3.6))(@standard-community/standard-openapi@0.2.9(@standard-community/standard-json@0.3.5(@standard-schema/spec@1.1.0)(@types/json-schema@7.0.15)(quansync@0.2.11)(zod-to-json-schema@3.25.2(zod@4.3.6))(zod@4.3.6))(@standard-schema/spec@1.1.0)(openapi-types@12.1.3)(zod@4.3.6))(@types/json-schema@7.0.15)(hono@4.12.14)(openapi-types@12.1.3): + hono-openapi@1.3.0(@standard-community/standard-json@0.3.5(@standard-schema/spec@1.1.0)(@types/json-schema@7.0.15)(quansync@0.2.11)(zod-to-json-schema@3.25.2(zod@4.3.6))(zod@4.3.6))(@standard-community/standard-openapi@0.2.9(@standard-community/standard-json@0.3.5(@standard-schema/spec@1.1.0)(@types/json-schema@7.0.15)(quansync@0.2.11)(zod-to-json-schema@3.25.2(zod@4.3.6))(zod@4.3.6))(@standard-schema/spec@1.1.0)(openapi-types@12.1.3)(zod@4.3.6))(@types/json-schema@7.0.15)(hono@4.12.23)(openapi-types@12.1.3): dependencies: '@standard-community/standard-json': 0.3.5(@standard-schema/spec@1.1.0)(@types/json-schema@7.0.15)(quansync@0.2.11)(zod-to-json-schema@3.25.2(zod@4.3.6))(zod@4.3.6) '@standard-community/standard-openapi': 0.2.9(@standard-community/standard-json@0.3.5(@standard-schema/spec@1.1.0)(@types/json-schema@7.0.15)(quansync@0.2.11)(zod-to-json-schema@3.25.2(zod@4.3.6))(zod@4.3.6))(@standard-schema/spec@1.1.0)(openapi-types@12.1.3)(zod@4.3.6) '@types/json-schema': 7.0.15 openapi-types: 12.1.3 optionalDependencies: - hono: 4.12.14 + hono: 4.12.23 - hono@4.12.14: {} + hono@4.12.23: {} http-errors@2.0.1: dependencies: @@ -1718,7 +1722,7 @@ snapshots: inherits@2.0.4: {} - ip-address@10.1.0: {} + ip-address@10.2.0: {} ipaddr.js@1.9.1: {} @@ -2142,11 +2146,7 @@ snapshots: forwarded: 0.2.0 ipaddr.js: 1.9.1 - qs@6.14.2: - dependencies: - side-channel: 1.1.0 - - qs@6.15.1: + qs@6.15.2: dependencies: side-channel: 1.1.0 @@ -2373,7 +2373,7 @@ snapshots: utils-merge@1.0.1: {} - uuid@11.1.0: {} + uuid@11.1.1: {} vary@1.1.2: {} @@ -2393,7 +2393,7 @@ snapshots: wrappy@1.0.2: {} - ws@8.20.0: {} + ws@8.21.0: {} xxhash-wasm@1.1.0: {} From 3b213273c6829343c1d4e8c6bbea8b9e80c92c9c Mon Sep 17 00:00:00 2001 From: Stephen Belanger Date: Fri, 29 May 2026 16:50:15 +0800 Subject: [PATCH 2/3] chore: refresh nextjs-instrumentation lockfile and add protobufjs overrides Adds a per-scenario \`pnpm.overrides\` block bumping the protobufjs and @protobufjs/utf8 transitives (pulled in via @vercel/otel's @opentelemetry/otlp-transformer chain). Incremental refresh preserves unrelated pins so the structural span-tree snapshots stay stable. Co-Authored-By: Claude Opus 4.7 (1M context) --- .../nextjs-instrumentation/package.json | 6 +++ .../nextjs-instrumentation/pnpm-lock.yaml | 53 ++++++++++--------- 2 files changed, 34 insertions(+), 25 deletions(-) diff --git a/e2e/scenarios/nextjs-instrumentation/package.json b/e2e/scenarios/nextjs-instrumentation/package.json index 2017e3a1f..2febcb69f 100644 --- a/e2e/scenarios/nextjs-instrumentation/package.json +++ b/e2e/scenarios/nextjs-instrumentation/package.json @@ -16,5 +16,11 @@ "@types/react": "^18", "@types/react-dom": "^18", "typescript": "5.4.4" + }, + "pnpm": { + "overrides": { + "protobufjs@<7.5.8": "^7.5.8", + "@protobufjs/utf8@<1.1.1": "^1.1.1" + } } } diff --git a/e2e/scenarios/nextjs-instrumentation/pnpm-lock.yaml b/e2e/scenarios/nextjs-instrumentation/pnpm-lock.yaml index 17dec67d2..f434a82ee 100644 --- a/e2e/scenarios/nextjs-instrumentation/pnpm-lock.yaml +++ b/e2e/scenarios/nextjs-instrumentation/pnpm-lock.yaml @@ -4,6 +4,10 @@ settings: autoInstallPeers: true excludeLinksFromLockfile: false +overrides: + protobufjs@<7.5.8: ^7.5.8 + '@protobufjs/utf8@<1.1.1': ^1.1.1 + importers: .: @@ -185,20 +189,20 @@ packages: '@protobufjs/base64@1.1.2': resolution: {integrity: sha512-AZkcAA5vnN/v4PDqKyMR5lx7hZttPDgClv83E//FMNhR2TMcLUhfRUBHCmSl0oi9zMgDDqRUJkSxO3wm85+XLg==} - '@protobufjs/codegen@2.0.4': - resolution: {integrity: sha512-YyFaikqM5sH0ziFZCN3xDC7zeGaB/d0IUb9CATugHWbd1FRFwWwt4ld4OYMPWu5a3Xe01mGAULCdqhMlPl29Jg==} + '@protobufjs/codegen@2.0.5': + resolution: {integrity: sha512-zgXFLzW3Ap33e6d0Wlj4MGIm6Ce8O89n/apUaGNB/jx+hw+ruWEp7EwGUshdLKVRCxZW12fp9r40E1mQrf/34g==} - '@protobufjs/eventemitter@1.1.0': - resolution: {integrity: sha512-j9ednRT81vYJ9OfVuXG6ERSTdEL1xVsNgqpkxMsbIabzSo3goCjDIveeGv5d03om39ML71RdmrGNjG5SReBP/Q==} + '@protobufjs/eventemitter@1.1.1': + resolution: {integrity: sha512-vW1GmwMZNnL+gMRaovlh9yZX74kc+TTU3FObkkurpMaRtBfLP3ldjS9KQWlwZgraRE0+dheEEoAxdzcJQ8eXZg==} - '@protobufjs/fetch@1.1.0': - resolution: {integrity: sha512-lljVXpqXebpsijW71PZaCYeIcE5on1w5DlQy5WH6GLbFryLUrBD4932W/E2BSpfRJWseIL4v/KPgBFxDOIdKpQ==} + '@protobufjs/fetch@1.1.1': + resolution: {integrity: sha512-GpptLrs57adMSuHi3VNj0mAF8dwh36LMaYF6XyJ6JMWlVsc+t42tm1HSEDmOs3A8fC9yyeisgLhsTVQokOZ0zw==} '@protobufjs/float@1.0.2': resolution: {integrity: sha512-Ddb+kVXlXst9d+R9PfTIxh1EdNkgoRe5tOX6t01f1lYWOvJnSPDBlG241QLzcyPdoNTsblLUdujGSE4RzrTZGQ==} - '@protobufjs/inquire@1.1.0': - resolution: {integrity: sha512-kdSefcPdruJiFMVSbn801t4vFK7KB/5gd2fYvrxhuJYg8ILrmn9SKSX2tZdV6V+ksulWqS7aXjBcRXl3wHoD9Q==} + '@protobufjs/inquire@1.1.2': + resolution: {integrity: sha512-pa0vFRuws4wkvaXKK1uXZMAwAX4/t8ANaJo45iw/oQHNQ9q5xUzwgFmVJGXiga2BeN+zpX7Vf9vmsiIa2J+MUw==} '@protobufjs/path@1.1.2': resolution: {integrity: sha512-6JOcJ5Tm08dOHAbdR3GrvP+yUUfkjG5ePsHYczMFLq3ZmMkAD98cDgcT2iA1lJ9NVwFd4tH/iSSoe44YWkltEA==} @@ -206,8 +210,8 @@ packages: '@protobufjs/pool@1.1.0': resolution: {integrity: sha512-0kELaGSIDBKvcgS4zkjz1PeddatrjYcmMWOlAuAPwAeccUrPHdUqo/J6LiymHHEiJT5NrF1UVwxY14f+fy4WQw==} - '@protobufjs/utf8@1.1.0': - resolution: {integrity: sha512-Vvn3zZrhQZkkBE8LSuW3em98c0FwgO4nxzv6OdSxPKJIEKY2bGbHn+mhGIPerzI4twdxaP8/0+06HBpwf345Lw==} + '@protobufjs/utf8@1.1.1': + resolution: {integrity: sha512-oOAWABowe8EAbMyWKM0tYDKi8Yaox52D+HWZhAIJqQXbqe0xI/GV7FhLWqlEKreMkfDjshR5FKgi3mnle0h6Eg==} '@swc/counter@0.1.3': resolution: {integrity: sha512-e2BR4lsJkkRlKZ/qCHPw9ZaSxc0MVUd7gtbtaB7aMvHeJVYe8sOB8DBZkP2DtISHGSku9sCK6T6cnY0CtXrOCQ==} @@ -330,8 +334,8 @@ packages: resolution: {integrity: sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==} engines: {node: ^10 || ^12 || >=14} - protobufjs@7.5.4: - resolution: {integrity: sha512-CvexbZtbov6jW2eXAvLukXjXUW1TzFaivC46BpWc/3BpcCysb5Vffu+B3XHMm8lVEuy2Mm4XGex8hBSg1yapPg==} + protobufjs@7.6.1: + resolution: {integrity: sha512-4K0myLaWL5EteuSAro91EGFgcfVgxb64Jx+7oDAY6GOkXD4M69yuSEljNcInGVCA5sOPxmZ/EqDLj2x0Q0+Ygg==} engines: {node: '>=12.0.0'} react-dom@18.3.1: @@ -461,7 +465,7 @@ snapshots: '@opentelemetry/sdk-logs': 0.200.0(@opentelemetry/api@1.9.0) '@opentelemetry/sdk-metrics': 2.0.0(@opentelemetry/api@1.9.0) '@opentelemetry/sdk-trace-base': 2.0.0(@opentelemetry/api@1.9.0) - protobufjs: 7.5.4 + protobufjs: 7.6.1 '@opentelemetry/resources@2.0.0(@opentelemetry/api@1.9.0)': dependencies: @@ -495,24 +499,23 @@ snapshots: '@protobufjs/base64@1.1.2': {} - '@protobufjs/codegen@2.0.4': {} + '@protobufjs/codegen@2.0.5': {} - '@protobufjs/eventemitter@1.1.0': {} + '@protobufjs/eventemitter@1.1.1': {} - '@protobufjs/fetch@1.1.0': + '@protobufjs/fetch@1.1.1': dependencies: '@protobufjs/aspromise': 1.1.2 - '@protobufjs/inquire': 1.1.0 '@protobufjs/float@1.0.2': {} - '@protobufjs/inquire@1.1.0': {} + '@protobufjs/inquire@1.1.2': {} '@protobufjs/path@1.1.2': {} '@protobufjs/pool@1.1.0': {} - '@protobufjs/utf8@1.1.0': {} + '@protobufjs/utf8@1.1.1': {} '@swc/counter@0.1.3': {} @@ -625,18 +628,18 @@ snapshots: picocolors: 1.1.1 source-map-js: 1.2.1 - protobufjs@7.5.4: + protobufjs@7.6.1: dependencies: '@protobufjs/aspromise': 1.1.2 '@protobufjs/base64': 1.1.2 - '@protobufjs/codegen': 2.0.4 - '@protobufjs/eventemitter': 1.1.0 - '@protobufjs/fetch': 1.1.0 + '@protobufjs/codegen': 2.0.5 + '@protobufjs/eventemitter': 1.1.1 + '@protobufjs/fetch': 1.1.1 '@protobufjs/float': 1.0.2 - '@protobufjs/inquire': 1.1.0 + '@protobufjs/inquire': 1.1.2 '@protobufjs/path': 1.1.2 '@protobufjs/pool': 1.1.0 - '@protobufjs/utf8': 1.1.0 + '@protobufjs/utf8': 1.1.1 '@types/node': 20.19.37 long: 5.3.2 From 100c0a50956d45a7cc401c71d53c0cad9e6197ba Mon Sep 17 00:00:00 2001 From: Stephen Belanger Date: Fri, 29 May 2026 16:50:51 +0800 Subject: [PATCH 3/3] chore: add postcss override to next-14 auto-instrumentation scenario Mirrors the postcss override already applied to the sibling next-16 directory. Bumps postcss to ^8.5.10 (patched). Co-Authored-By: Claude Opus 4.7 (1M context) --- .../versions/next-14/package.json | 5 +++++ .../versions/next-14/pnpm-lock.yaml | 11 +++++++---- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/e2e/scenarios/nextjs-auto-instrumentation/versions/next-14/package.json b/e2e/scenarios/nextjs-auto-instrumentation/versions/next-14/package.json index 472f1d754..ffdfddd28 100644 --- a/e2e/scenarios/nextjs-auto-instrumentation/versions/next-14/package.json +++ b/e2e/scenarios/nextjs-auto-instrumentation/versions/next-14/package.json @@ -10,5 +10,10 @@ "devDependencies": { "@types/react": "18.3.27", "@types/react-dom": "18.3.7" + }, + "pnpm": { + "overrides": { + "postcss@<8.5.10": "^8.5.10" + } } } diff --git a/e2e/scenarios/nextjs-auto-instrumentation/versions/next-14/pnpm-lock.yaml b/e2e/scenarios/nextjs-auto-instrumentation/versions/next-14/pnpm-lock.yaml index d45432c7f..86632a675 100644 --- a/e2e/scenarios/nextjs-auto-instrumentation/versions/next-14/pnpm-lock.yaml +++ b/e2e/scenarios/nextjs-auto-instrumentation/versions/next-14/pnpm-lock.yaml @@ -4,6 +4,9 @@ settings: autoInstallPeers: true excludeLinksFromLockfile: false +overrides: + postcss@<8.5.10: ^8.5.10 + importers: .: @@ -169,8 +172,8 @@ packages: picocolors@1.1.1: resolution: {integrity: sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==} - postcss@8.4.31: - resolution: {integrity: sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==} + postcss@8.5.15: + resolution: {integrity: sha512-FfR8sjd4em2T6fb3I2MwAJU7HWVMr9zba+enmQeeWFfCbm+UOC/0X4DS8XtpUTMwWMGbjKYP7xjfNekzyGmB3A==} engines: {node: ^10 || ^12 || >=14} react-dom@18.3.1: @@ -285,7 +288,7 @@ snapshots: busboy: 1.6.0 caniuse-lite: 1.0.30001793 graceful-fs: 4.2.11 - postcss: 8.4.31 + postcss: 8.5.15 react: 18.3.1 react-dom: 18.3.1(react@18.3.1) styled-jsx: 5.1.1(react@18.3.1) @@ -307,7 +310,7 @@ snapshots: picocolors@1.1.1: {} - postcss@8.4.31: + postcss@8.5.15: dependencies: nanoid: 3.3.12 picocolors: 1.1.1