chore(deps): bump the vendor-minor-and-patch-dependencies group across 1 directory with 2 updates by dependabot[bot] · Pull Request #7185 · DataDog/dd-trace-js

dependabot · 2026-01-07T00:07:13Z

Bumps the vendor-minor-and-patch-dependencies group with 2 updates in the /vendor directory: @isaacs/ttlcache and esquery.

Updates @isaacs/ttlcache from 2.1.3 to 2.1.4

Commits

1476f92 2.1.4
e101894 stack timers for long TTLs
fe12fe3 move configs out of package.json to config files
See full diff in compare view

Updates esquery from 1.6.0 to 1.7.0

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

github-actions · 2026-01-07T00:07:59Z

Overall package size

Self size: 4.45 MB
Deduped: 5.29 MB
No deduping: 5.29 MB

Dependency sizes

| name | version | self size | total size | |------|---------|-----------|------------| | import-in-the-middle | 2.0.3 | 76.87 kB | 808.03 kB | | dc-polyfill | 0.1.10 | 26.73 kB | 26.73 kB |

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

codecov · 2026-01-07T00:08:23Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.03%. Comparing base (daa5dbd) to head (ce0f5f1).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #7185   +/-   ##
=======================================
  Coverage   86.03%   86.03%           
=======================================
  Files         513      513           
  Lines       22245    22245           
=======================================
  Hits        19139    19139           
  Misses       3106     3106

Flag	Coverage Δ
aiguard-macos	`99.09% <ø> (ø)`
aiguard-ubuntu	`99.09% <ø> (ø)`
aiguard-windows	`99.09% <ø> (ø)`
apm-capabilities-tracing-macos	`57.85% <ø> (ø)`
apm-capabilities-tracing-ubuntu	`57.85% <ø> (ø)`
apm-capabilities-tracing-windows	`57.46% <ø> (+0.01%)`	⬆️
apm-integrations-child-process	`99.19% <ø> (ø)`
apm-integrations-couchbase-18	`100.00% <ø> (ø)`
apm-integrations-couchbase-eol	`100.00% <ø> (ø)`
appsec-express	`62.46% <ø> (ø)`
appsec-fastify	`58.48% <ø> (ø)`
appsec-graphql	`53.41% <ø> (ø)`
appsec-kafka	`43.98% <ø> (ø)`
appsec-ldapjs	`46.04% <ø> (ø)`
appsec-lodash	`47.29% <ø> (ø)`
appsec-macos	`93.74% <ø> (ø)`
appsec-mongodb-core	`51.82% <ø> (ø)`
appsec-mongoose	`50.73% <ø> (ø)`
appsec-mysql	`54.20% <ø> (ø)`
appsec-node-serialize	`43.92% <ø> (ø)`
appsec-passport	`48.10% <ø> (ø)`
appsec-postgres	`54.55% <ø> (ø)`
appsec-sourcing	`33.80% <ø> (ø)`
appsec-template	`43.92% <ø> (ø)`
appsec-ubuntu	`93.74% <ø> (ø)`
appsec-windows	`93.74% <ø> (ø)`
llmobs-ai	`51.97% <ø> (ø)`
llmobs-anthropic	`42.62% <ø> (ø)`
llmobs-bedrock	`39.95% <ø> (ø)`
llmobs-google-genai	`45.79% <ø> (ø)`
llmobs-langchain	`50.07% <ø> (ø)`
llmobs-openai	`55.51% <ø> (ø)`
llmobs-vertex-ai	`44.36% <ø> (ø)`
platform-core	`87.23% <ø> (ø)`
platform-instrumentations-misc	`73.68% <ø> (ø)`
platform-shimmer	`98.82% <ø> (ø)`
platform-unit-guardrails	`89.47% <ø> (ø)`
profiling-macos	`70.74% <ø> (ø)`
profiling-ubuntu	`70.74% <ø> (ø)`
profiling-windows	`74.18% <ø> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

pr-commenter · 2026-01-07T00:28:23Z

Benchmarks

Benchmark execution time: 2026-01-22 21:27:56

Comparing candidate commit ce0f5f1 in PR branch dependabot/npm_and_yarn/vendor/vendor-minor-and-patch-dependencies-5247613444 with baseline commit daa5dbd in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 230 metrics, 30 unstable metrics.

BridgeAR · 2026-01-20T13:25:16Z

@dependabot recreate

BridgeAR · 2026-01-22T15:56:49Z

@dependabot recreate

dependabot · 2026-01-22T16:09:35Z

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

BridgeAR · 2026-01-22T18:58:08Z

@dependabot recreate

…s 1 directory with 2 updates Bumps the vendor-minor-and-patch-dependencies group with 2 updates in the /vendor directory: [@isaacs/ttlcache](https://github.com/isaacs/ttlcache) and [esquery](https://github.com/estools/esquery). Updates `@isaacs/ttlcache` from 2.1.3 to 2.1.4 - [Changelog](https://github.com/isaacs/ttlcache/blob/main/CHANGELOG.md) - [Commits](isaacs/ttlcache@v2.1.3...v2.1.4) Updates `esquery` from 1.6.0 to 1.7.0 - [Commits](https://github.com/estools/esquery/commits) --- updated-dependencies: - dependency-name: "@isaacs/ttlcache" dependency-version: 2.1.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: vendor-minor-and-patch-dependencies - dependency-name: esquery dependency-version: 1.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: vendor-minor-and-patch-dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: github-actions <[email protected]>

dependabot · 2026-01-22T21:15:45Z

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

BridgeAR · 2026-01-22T21:15:50Z

@dependabot reopen

dependabot · 2026-01-22T21:15:53Z

Beginning January 27, 2026, Dependabot will no longer support the @dependabot reopen command. Please use GitHub's native pull request controls instead. Please see the changelog announcement for additional details.

…s 1 directory with 2 updates (#7185) * chore(deps): bump the vendor-minor-and-patch-dependencies group across 1 directory with 2 updates Bumps the vendor-minor-and-patch-dependencies group with 2 updates in the /vendor directory: [@isaacs/ttlcache](https://github.com/isaacs/ttlcache) and [esquery](https://github.com/estools/esquery). Updates `@isaacs/ttlcache` from 2.1.3 to 2.1.4 - [Changelog](https://github.com/isaacs/ttlcache/blob/main/CHANGELOG.md) - [Commits](isaacs/ttlcache@v2.1.3...v2.1.4) Updates `esquery` from 1.6.0 to 1.7.0 - [Commits](https://github.com/estools/esquery/commits) --- updated-dependencies: - dependency-name: "@isaacs/ttlcache" dependency-version: 2.1.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: vendor-minor-and-patch-dependencies - dependency-name: esquery dependency-version: 1.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: vendor-minor-and-patch-dependencies ... Signed-off-by: dependabot[bot] <[email protected]> * update vendored dependencies with new versions Co-authored-by: github-actions <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions <[email protected]>

dependabot bot added dependabot dependencies javascript Pull requests that update javascript code semver-patch labels Jan 7, 2026

dependabot bot requested a review from a team as a code owner January 7, 2026 00:07

dependabot bot added semver-patch dependencies javascript Pull requests that update javascript code dependabot labels Jan 7, 2026

dependabot bot force-pushed the dependabot/npm_and_yarn/vendor/vendor-minor-and-patch-dependencies-5247613444 branch 2 times, most recently from 167668b to 4500820 Compare January 14, 2026 00:55

dependabot bot force-pushed the dependabot/npm_and_yarn/vendor/vendor-minor-and-patch-dependencies-5247613444 branch 2 times, most recently from 1bd15f1 to 39a302e Compare January 21, 2026 00:58

dependabot bot force-pushed the dependabot/npm_and_yarn/vendor/vendor-minor-and-patch-dependencies-5247613444 branch from 39a302e to 57791e5 Compare January 22, 2026 15:58

BridgeAR closed this Jan 22, 2026

BridgeAR reopened this Jan 22, 2026

dependabot bot force-pushed the dependabot/npm_and_yarn/vendor/vendor-minor-and-patch-dependencies-5247613444 branch from 24f3483 to 357028e Compare January 22, 2026 18:59

update vendored dependencies with new versions

ce0f5f1

Co-authored-by: github-actions <[email protected]>

BridgeAR closed this Jan 22, 2026

dependabot bot deleted the dependabot/npm_and_yarn/vendor/vendor-minor-and-patch-dependencies-5247613444 branch January 22, 2026 21:15

dependabot bot reopened this Jan 22, 2026

dependabot bot restored the dependabot/npm_and_yarn/vendor/vendor-minor-and-patch-dependencies-5247613444 branch January 22, 2026 21:15

BridgeAR enabled auto-merge (squash) January 22, 2026 21:40

BridgeAR approved these changes Jan 22, 2026

View reviewed changes

BridgeAR merged commit b4af38d into master Jan 22, 2026
798 checks passed

BridgeAR deleted the dependabot/npm_and_yarn/vendor/vendor-minor-and-patch-dependencies-5247613444 branch January 22, 2026 21:40

dd-octo-sts bot mentioned this pull request Jan 23, 2026

v5.83.1 proposal #7324

Closed

dd-octo-sts bot mentioned this pull request Jan 27, 2026

v5.84.0 proposal #7347

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the vendor-minor-and-patch-dependencies group across 1 directory with 2 updates#7185

chore(deps): bump the vendor-minor-and-patch-dependencies group across 1 directory with 2 updates#7185
BridgeAR merged 2 commits intomasterfrom
dependabot/npm_and_yarn/vendor/vendor-minor-and-patch-dependencies-5247613444

dependabot bot commented on behalf of github Jan 7, 2026 •

edited

Loading

Uh oh!

github-actions bot commented Jan 7, 2026 •

edited

Loading

Uh oh!

codecov bot commented Jan 7, 2026 •

edited

Loading

Uh oh!

pr-commenter bot commented Jan 7, 2026 •

edited

Loading

Uh oh!

BridgeAR commented Jan 20, 2026

Uh oh!

BridgeAR commented Jan 22, 2026

Uh oh!

dependabot bot commented on behalf of github Jan 22, 2026

Uh oh!

BridgeAR commented Jan 22, 2026

Uh oh!

dependabot bot commented on behalf of github Jan 22, 2026

Uh oh!

BridgeAR commented Jan 22, 2026

Uh oh!

dependabot bot commented on behalf of github Jan 22, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Jan 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Jan 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Overall package size

Uh oh!

codecov bot commented Jan 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

pr-commenter bot commented Jan 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Benchmarks

Uh oh!

BridgeAR commented Jan 20, 2026

Uh oh!

BridgeAR commented Jan 22, 2026

Uh oh!

dependabot bot commented on behalf of github Jan 22, 2026

Uh oh!

BridgeAR commented Jan 22, 2026

Uh oh!

dependabot bot commented on behalf of github Jan 22, 2026

Uh oh!

BridgeAR commented Jan 22, 2026

Uh oh!

dependabot bot commented on behalf of github Jan 22, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Jan 7, 2026 •

edited

Loading

github-actions bot commented Jan 7, 2026 •

edited

Loading

codecov bot commented Jan 7, 2026 •

edited

Loading

pr-commenter bot commented Jan 7, 2026 •

edited

Loading