opentelemetry-lambda
opentelemetry-lambda copied to clipboard
open-telemetry
Dependabot not updating dependencies for OpenTelemetry Lambda JS
Describe the bug
It appears that Dependabot, is not updating the dependencies for Node.js release. dependencies that are not updated.
Lambda Nodejs Layer 0.7.0 claims to be at version otel js 1.24.1, but the dependencies are not updated in the corresponding release
1.24.1 was the version reported by the build: https://github.com/open-telemetry/opentelemetry-lambda/actions/runs/9355724499 (component-version=1.24.1)
(which invokes version.js)
Maybe that is reporting the version incorrectly or it's being transitively updated?
We are using caret in the version of the dependencies: https://github.com/npm/node-semver?tab=readme-ov-file#caret-ranges-123-025-004
This makes the dependency to be resolved in build time.
We could use a package-lock.json or explicitly set the the version instead of using caret. Since this is somewhat a library I would prefer to make it explicit in package.json.
This issue was marked stale. It will be closed in 30 days without additional activity.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Closed as inactive. Feel free to reopen if this issue is still relevant.