chore(deps): bump the test-versions group across 1 directory with 2 updates by dependabot[bot] · Pull Request #7461 · DataDog/dd-trace-js

dependabot · 2026-02-09T00:59:02Z

Bumps the test-versions group with 2 updates in the /integration-tests/esbuild directory: @apollo/server and openai.

Updates @apollo/server from 5.3.0 to 5.4.0

Release notes

Sourced from @apollo/server's releases.

@apollo/server-integration-testsuite@5.4.0

Patch Changes

Updated dependencies [d25a5bd]:

@apollo/server@5.4.0

@apollo/server@5.4.0

Minor Changes

d25a5bd Thanks @phryneas! - ⚠️ SECURITY @apollo/server/standalone:

The default configuration of startStandaloneServer was vulnerable to denial of service (DoS) attacks through specially crafted request bodies with exotic character set encodings.

In accordance with RFC 7159, we now only accept request bodies encoded in UTF-8, UTF-16 (LE or BE), or UTF-32 (LE or BE). Any other character set will be rejected with a 415 Unsupported Media Type error. Note that the more recent JSON RFC, RFC 8259, is more strict and will only allow UTF-8. Since this is a minor release, we have chosen to remain compatible with the more permissive RFC 7159 for now. In a future major release, we may tighten this restriction further to only allow UTF-8.

If you were not using startStandaloneServer, you were not affected by this vulnerability.

Generally, please note that we provide startStandaloneServer as a convenience tool for quickly getting started with Apollo Server. For production deployments, we recommend using Apollo Server with a more fully-featured web server framework such as Express, Koa, or Fastify, where you have more control over security-related configuration options.

Changelog

Sourced from @apollo/server's changelog.

5.4.0

Minor Changes

d25a5bd Thanks @phryneas! - ⚠️ SECURITY @apollo/server/standalone:

The default configuration of startStandaloneServer was vulnerable to denial of service (DoS) attacks through specially crafted request bodies with exotic character set encodings.

In accordance with RFC 7159, we now only accept request bodies encoded in UTF-8, UTF-16 (LE or BE), or UTF-32 (LE or BE). Any other character set will be rejected with a 415 Unsupported Media Type error. Note that the more recent JSON RFC, RFC 8259, is more strict and will only allow UTF-8. Since this is a minor release, we have chosen to remain compatible with the more permissive RFC 7159 for now. In a future major release, we may tighten this restriction further to only allow UTF-8.

If you were not using startStandaloneServer, you were not affected by this vulnerability.

Generally, please note that we provide startStandaloneServer as a convenience tool for quickly getting started with Apollo Server. For production deployments, we recommend using Apollo Server with a more fully-featured web server framework such as Express, Koa, or Fastify, where you have more control over security-related configuration options.

Commits

ad45d15 Version Packages (#8179)
d25a5bd Merge commit from fork
See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @apollo/server since your current version.

Updates openai from 6.17.0 to 6.18.0

Release notes

Sourced from openai's releases.

v6.18.0

6.18.0 (2026-02-05)

Full Changelog: v6.17.0...v6.18.0

Features

api: image generation actions for responses; ResponseFunctionCallArgumentsDoneEvent.name (d373c32)

Bug Fixes

client: avoid memory leak with abort signals (b449f36)

client: avoid removing abort listener too early (1c045f7)

client: undo change to web search Find action (8259b45)

client: update type for find_in_page action (9aa8d98)

Chores

client: do not parse responses with empty content-length (4a118fa)

client: restructure abort controller binding (a4d7151)

internal: fix pagination internals not accepting option promises (6677905)

Changelog

Sourced from openai's changelog.

6.18.0 (2026-02-05)

Full Changelog: v6.17.0...v6.18.0

Features

api: image generation actions for responses; ResponseFunctionCallArgumentsDoneEvent.name (d373c32)

Bug Fixes

client: avoid memory leak with abort signals (b449f36)

client: avoid removing abort listener too early (1c045f7)

client: undo change to web search Find action (8259b45)

client: update type for find_in_page action (9aa8d98)

Chores

client: do not parse responses with empty content-length (4a118fa)

client: restructure abort controller binding (a4d7151)

internal: fix pagination internals not accepting option promises (6677905)

Commits

69d2b01 release: 6.18.0
bf5a096 chore(internal): fix pagination internals not accepting option promises
aa24028 fix(client): avoid removing abort listener too early
6ae89c6 chore(client): restructure abort controller binding
e70fa06 fix(client): undo change to web search Find action
3fd4d03 codegen metadata
f4e6a09 codegen metadata
4391e45 fix(client): update type for find_in_page action
a05e900 chore(client): do not parse responses with empty content-length
243f44d fix(client): avoid memory leak with abort signals
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…pdates Bumps the test-versions group with 2 updates in the /integration-tests/esbuild directory: [@apollo/server](https://github.com/apollographql/apollo-server/tree/HEAD/packages/server) and [openai](https://github.com/openai/openai-node). Updates `@apollo/server` from 5.3.0 to 5.4.0 - [Release notes](https://github.com/apollographql/apollo-server/releases) - [Changelog](https://github.com/apollographql/apollo-server/blob/main/packages/server/CHANGELOG.md) - [Commits](https://github.com/apollographql/apollo-server/commits/@apollo/[email protected]/packages/server) Updates `openai` from 6.17.0 to 6.18.0 - [Release notes](https://github.com/openai/openai-node/releases) - [Changelog](https://github.com/openai/openai-node/blob/master/CHANGELOG.md) - [Commits](openai/openai-node@v6.17.0...v6.18.0) --- updated-dependencies: - dependency-name: "@apollo/server" dependency-version: 5.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: test-versions - dependency-name: openai dependency-version: 6.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: test-versions ... Signed-off-by: dependabot[bot] <[email protected]>

github-actions · 2026-02-09T00:59:41Z

Overall package size

Self size: 4.58 MB
Deduped: 5.42 MB
No deduping: 5.42 MB

Dependency sizes

| name | version | self size | total size | |------|---------|-----------|------------| | import-in-the-middle | 2.0.6 | 81.92 kB | 813.08 kB | | dc-polyfill | 0.1.10 | 26.73 kB | 26.73 kB |

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

codecov · 2026-02-09T01:00:50Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.34%. Comparing base (e3344ae) to head (4e36323).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #7461   +/-   ##
=======================================
  Coverage   80.34%   80.34%           
=======================================
  Files         731      731           
  Lines       31093    31093           
=======================================
  Hits        24981    24981           
  Misses       6112     6112

Flag	Coverage Δ
aiguard-macos	`39.08% <ø> (-0.11%)`	⬇️
aiguard-ubuntu	`39.12% <ø> (-0.11%)`	⬇️
aiguard-windows	`38.97% <ø> (-0.11%)`	⬇️
apm-capabilities-tracing-macos	`48.85% <ø> (ø)`
apm-capabilities-tracing-ubuntu	`48.85% <ø> (ø)`
apm-capabilities-tracing-windows	`48.57% <ø> (-0.01%)`	⬇️
apm-integrations-child-process	`38.57% <ø> (-0.11%)`	⬇️
apm-integrations-couchbase-18	`37.33% <ø> (-0.25%)`	⬇️
apm-integrations-couchbase-eol	`37.81% <ø> (-0.25%)`	⬇️
apm-integrations-oracledb	`38.00% <ø> (-0.10%)`	⬇️
appsec-express	`55.37% <ø> (-0.08%)`	⬇️
appsec-fastify	`51.99% <ø> (-0.08%)`	⬇️
appsec-graphql	`52.32% <ø> (-0.07%)`	⬇️
appsec-kafka	`44.64% <ø> (-0.09%)`	⬇️
appsec-ldapjs	`44.31% <ø> (-0.09%)`	⬇️
appsec-lodash	`43.99% <ø> (-0.09%)`	⬇️
appsec-macos	`58.48% <ø> (-0.07%)`	⬇️
appsec-mongodb-core	`49.07% <ø> (-0.20%)`	⬇️
appsec-mongoose	`49.88% <ø> (-0.08%)`	⬇️
appsec-mysql	`51.26% <ø> (-0.08%)`	⬇️
appsec-node-serialize	`43.50% <ø> (-0.09%)`	⬇️
appsec-passport	`48.10% <ø> (-0.09%)`	⬇️
appsec-postgres	`51.05% <ø> (-0.08%)`	⬇️
appsec-sourcing	`42.84% <ø> (-0.09%)`	⬇️
appsec-template	`43.67% <ø> (-0.09%)`	⬇️
appsec-ubuntu	`58.50% <ø> (-0.07%)`	⬇️
appsec-windows	`58.36% <ø> (-0.07%)`	⬇️
instrumentations-instrumentation-bluebird	`32.25% <ø> (-0.11%)`	⬇️
instrumentations-instrumentation-body-parser	`40.73% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-child_process	`37.88% <ø> (-0.11%)`	⬇️
instrumentations-instrumentation-cookie-parser	`34.51% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-express	`34.85% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-express-mongo-sanitize	`34.65% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-express-session	`40.41% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-fs	`31.85% <ø> (-0.11%)`	⬇️
instrumentations-instrumentation-generic-pool	`29.81% <ø> (ø)`
instrumentations-instrumentation-http	`39.62% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-knex	`32.25% <ø> (-0.11%)`	⬇️
instrumentations-instrumentation-mongoose	`33.62% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-multer	`40.47% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-mysql2	`38.27% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-passport	`40.77% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-passport-http	`40.74% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-passport-local	`40.74% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-pg	`37.79% <ø> (-0.11%)`	⬇️
instrumentations-instrumentation-promise	`32.18% <ø> (-0.11%)`	⬇️
instrumentations-instrumentation-promise-js	`32.18% <ø> (-0.11%)`	⬇️
instrumentations-instrumentation-q	`32.23% <ø> (-0.11%)`	⬇️
instrumentations-instrumentation-url	`32.15% <ø> (-0.11%)`	⬇️
instrumentations-instrumentation-when	`32.20% <ø> (-0.11%)`	⬇️
llmobs-ai	`41.41% <ø> (-0.10%)`	⬇️
llmobs-anthropic	`40.63% <ø> (-0.10%)`	⬇️
llmobs-bedrock	`39.51% <ø> (-0.09%)`	⬇️
llmobs-google-genai	`40.12% <ø> (-0.09%)`	⬇️
llmobs-langchain	`39.66% <ø> (-0.08%)`	⬇️
llmobs-openai	`44.48% <ø> (-0.09%)`	⬇️
llmobs-vertex-ai	`40.34% <ø> (-0.17%)`	⬇️
platform-core	`28.09% <ø> (ø)`
platform-esbuild	`31.49% <ø> (ø)`
platform-instrumentations-misc	`39.62% <ø> (ø)`
platform-shimmer	`34.83% <ø> (ø)`
platform-unit-guardrails	`30.37% <ø> (ø)`
plugins-azure-event-hubs	`22.64% <ø> (ø)`
plugins-azure-service-bus	`22.08% <ø> (ø)`
plugins-bullmq	`43.71% <ø> (-0.10%)`	⬇️
plugins-cassandra	`38.04% <ø> (-0.10%)`	⬇️
plugins-cookie	`23.69% <ø> (ø)`
plugins-cookie-parser	`23.50% <ø> (ø)`
plugins-crypto	`22.88% <ø> (ø)`
plugins-dd-trace-api	`38.42% <ø> (-0.11%)`	⬇️
plugins-express-mongo-sanitize	`23.67% <ø> (ø)`
plugins-express-session	`23.46% <ø> (ø)`
plugins-fastify	`42.53% <ø> (-0.10%)`	⬇️
plugins-fetch	`38.60% <ø> (-0.10%)`	⬇️
plugins-fs	`38.67% <ø> (-0.11%)`	⬇️
plugins-generic-pool	`22.68% <ø> (ø)`
plugins-google-cloud-pubsub	`45.73% <ø> (-0.09%)`	⬇️
plugins-grpc	`41.29% <ø> (-0.10%)`	⬇️
plugins-handlebars	`23.71% <ø> (ø)`
plugins-hapi	`40.43% <ø> (-0.10%)`	⬇️
plugins-hono	`40.63% <ø> (-0.10%)`	⬇️
plugins-ioredis	`38.47% <ø> (-0.11%)`	⬇️
plugins-knex	`23.51% <ø> (ø)`
plugins-ldapjs	`21.28% <ø> (ø)`
plugins-light-my-request	`23.15% <ø> (ø)`
plugins-limitd-client	`32.55% <ø> (-0.11%)`	⬇️
plugins-lodash	`22.74% <ø> (ø)`
plugins-mariadb	`39.61% <ø> (-0.10%)`	⬇️
plugins-memcached	`38.20% <ø> (-0.11%)`	⬇️
plugins-microgateway-core	`39.44% <ø> (-0.10%)`	⬇️
plugins-moleculer	`40.84% <ø> (-0.10%)`	⬇️
plugins-mongodb	`39.55% <ø> (-0.10%)`	⬇️
plugins-mongodb-core	`39.13% <ø> (-0.10%)`	⬇️
plugins-mongoose	`39.18% <ø> (-0.10%)`	⬇️
plugins-multer	`23.46% <ø> (ø)`
plugins-mysql	`39.26% <ø> (-0.11%)`	⬇️
plugins-mysql2	`39.31% <ø> (-0.10%)`	⬇️
plugins-node-serialize	`23.73% <ø> (ø)`
plugins-opensearch	`37.88% <ø> (-0.10%)`	⬇️
plugins-passport-http	`23.56% <ø> (ø)`
plugins-postgres	`35.71% <ø> (-0.09%)`	⬇️
plugins-process	`22.88% <ø> (ø)`
plugins-pug	`23.69% <ø> (ø)`
plugins-redis	`38.95% <ø> (-0.11%)`	⬇️
plugins-router	`43.24% <ø> (-0.10%)`	⬇️
plugins-sequelize	`22.27% <ø> (ø)`
plugins-test-and-upstream-amqp10	`38.39% <ø> (-0.26%)`	⬇️
plugins-test-and-upstream-amqplib	`43.90% <ø> (-0.10%)`	⬇️
plugins-test-and-upstream-apollo	`39.32% <ø> (-0.09%)`	⬇️
plugins-test-and-upstream-avsc	`38.81% <ø> (-0.11%)`	⬇️
plugins-test-and-upstream-bunyan	`33.86% <ø> (-0.11%)`	⬇️
plugins-test-and-upstream-connect	`41.05% <ø> (-0.10%)`	⬇️
plugins-test-and-upstream-graphql	`40.23% <ø> (-0.10%)`	⬇️
plugins-test-and-upstream-koa	`40.63% <ø> (-0.10%)`	⬇️
plugins-test-and-upstream-protobufjs	`39.05% <ø> (-0.11%)`	⬇️
plugins-test-and-upstream-rhea	`44.15% <ø> (-0.13%)`	⬇️
plugins-undici	`39.40% <ø> (-0.10%)`	⬇️
plugins-url	`22.88% <ø> (ø)`
plugins-valkey	`38.10% <ø> (-0.14%)`	⬇️
plugins-vm	`22.88% <ø> (ø)`
plugins-winston	`34.27% <ø> (-0.10%)`	⬇️
plugins-ws	`42.21% <ø> (-0.10%)`	⬇️
profiling-macos	`40.06% <ø> (-0.10%)`	⬇️
profiling-ubuntu	`40.11% <ø> (-0.10%)`	⬇️
profiling-windows	`41.47% <ø> (-0.46%)`	⬇️
serverless-azure-functions-client	`22.38% <ø> (ø)`
serverless-azure-functions-eventhubs	`22.38% <ø> (ø)`
serverless-azure-functions-servicebus	`22.38% <ø> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

pr-commenter · 2026-02-09T01:07:04Z

Benchmarks

Benchmark execution time: 2026-02-09 01:07:01

Comparing candidate commit 4e36323 in PR branch dependabot/npm_and_yarn/integration-tests/esbuild/test-versions-f15740aa6f with baseline commit e3344ae in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 232 metrics, 28 unstable metrics.

…pdates (#7461) Bumps the test-versions group with 2 updates in the /integration-tests/esbuild directory: [@apollo/server](https://github.com/apollographql/apollo-server/tree/HEAD/packages/server) and [openai](https://github.com/openai/openai-node). Updates `@apollo/server` from 5.3.0 to 5.4.0 - [Release notes](https://github.com/apollographql/apollo-server/releases) - [Changelog](https://github.com/apollographql/apollo-server/blob/main/packages/server/CHANGELOG.md) - [Commits](https://github.com/apollographql/apollo-server/commits/@apollo/[email protected]/packages/server) Updates `openai` from 6.17.0 to 6.18.0 - [Release notes](https://github.com/openai/openai-node/releases) - [Changelog](https://github.com/openai/openai-node/blob/master/CHANGELOG.md) - [Commits](openai/openai-node@v6.17.0...v6.18.0) --- updated-dependencies: - dependency-name: "@apollo/server" dependency-version: 5.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: test-versions - dependency-name: openai dependency-version: 6.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: test-versions ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot bot added dependabot dependencies javascript Pull requests that update javascript code semver-patch labels Feb 9, 2026

dependabot bot requested a review from a team as a code owner February 9, 2026 00:59

dependabot bot added semver-patch dependencies javascript Pull requests that update javascript code dependabot labels Feb 9, 2026

dd-octo-sts bot approved these changes Feb 9, 2026

View reviewed changes

dd-octo-sts bot enabled auto-merge (squash) February 9, 2026 00:59

dd-octo-sts bot merged commit 0fa5dc2 into master Feb 9, 2026
730 of 799 checks passed

dd-octo-sts bot deleted the dependabot/npm_and_yarn/integration-tests/esbuild/test-versions-f15740aa6f branch February 9, 2026 01:13

dd-octo-sts bot mentioned this pull request Feb 9, 2026

v5.85.1 proposal #7456

Closed

dd-octo-sts bot mentioned this pull request Feb 10, 2026

v5.86.0 proposal #7477

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the test-versions group across 1 directory with 2 updates#7461

chore(deps): bump the test-versions group across 1 directory with 2 updates#7461
dd-octo-sts[bot] merged 1 commit intomasterfrom
dependabot/npm_and_yarn/integration-tests/esbuild/test-versions-f15740aa6f

dependabot bot commented on behalf of github Feb 9, 2026

Uh oh!

github-actions bot commented Feb 9, 2026

Uh oh!

codecov bot commented Feb 9, 2026 •

edited

Loading

Uh oh!

pr-commenter bot commented Feb 9, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Feb 9, 2026

@​apollo/server-integration-testsuite@​5.4.0

Patch Changes

@​apollo/server@​5.4.0

Minor Changes

5.4.0

Minor Changes

v6.18.0

6.18.0 (2026-02-05)

Features

Bug Fixes

Chores

6.18.0 (2026-02-05)

Features

Bug Fixes

Chores

Uh oh!

github-actions bot commented Feb 9, 2026

Overall package size

Uh oh!

codecov bot commented Feb 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

pr-commenter bot commented Feb 9, 2026

Benchmarks

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

`@apollo/server-integration-testsuite@5`.4.0

`@apollo/server@5`.4.0

codecov bot commented Feb 9, 2026 •

edited

Loading