chore(deps): bump the vendor-minor-and-patch-dependencies group across 1 directory with 2 updates by dependabot[bot] · Pull Request #7809 · DataDog/dd-trace-js

dependabot · 2026-03-18T00:54:29Z

Bumps the vendor-minor-and-patch-dependencies group with 2 updates in the /vendor directory: jsonpath-plus and meriyah.

Updates jsonpath-plus from 10.3.0 to 10.4.0

Release notes

Sourced from jsonpath-plus's releases.

v10.4.0

What's Changed

docs: fix Markdown formatting of examples in README.md by @aspiers in JSONPath-Plus/JSONPath#230

feat: add void operator by @80avin in JSONPath-Plus/JSONPath#244

build(deps): bump qs from 6.14.0 to 6.14.1 by @dependabot[bot] in JSONPath-Plus/JSONPath#248

chore: update security policy by @80avin in JSONPath-Plus/JSONPath#250

build(deps): bump lodash from 4.17.21 to 4.17.23 by @dependabot[bot] in JSONPath-Plus/JSONPath#249

fix(eval): rce using lookupGetter or lookupSetter by @80avin in 1bab1cc

New Contributors

@aspiers made their first contribution in JSONPath-Plus/JSONPath#230

Full Changelog: JSONPath-Plus/JSONPath@v10.3.0...v10.4.0

Changelog

Sourced from jsonpath-plus's changelog.

10.4.0

chore: update devDeps.

docs: fix Markdown formatting of examples in README.md (#230) (@aspiers)

feat: add void operator (#244) (@80avin)

build(deps): bump qs from 6.14.0 to 6.14.1 (#248) (@dependabot[bot])

chore: update security policy (#250) (@80avin)

build(deps): bump lodash from 4.17.21 to 4.17.23 (#249) (@dependabot[bot])

fix(eval): rce using lookupGetter or lookupSetter (1bab1cc) (@80avin)

Commits

0bedaea chore: bump version
3e597e5 chore(coverage): ignore Function guard from coverage as it is unreachable
1bab1cc fix(eval): rce using lookupGetter or lookupSetter
5d3d63e build(deps): bump lodash from 4.17.21 to 4.17.23 (#249)
233d754 chore: update security policy (#250)
d8dad28 build(deps): bump qs from 6.14.0 to 6.14.1 (#248)
c78a9b6 chore: update devDeps. and lock file
106d243 feat: add void operator (#244)
235b283 chore: remove lgtm file and update devDeps.
b92ebbf chore: update devDeps.
Additional commits viewable in compare view

Updates meriyah from 7.0.0 to 7.1.0

Changelog

Sourced from meriyah's changelog.

7.1.0 (2026-02-04)

Features

add isParseError() for brand check (#541) (c5443c4)

assign to CallExpression is now runtime error in annexB (#546) (5835016)

Commits

7c0e42a 7.1.0
5835016 feat: assign to CallExpression is now runtime error in annexB (#546)
a569525 chore: setup trusted publish (#545)
c5443c4 feat: add isParseError() for brand check (#541)
6d2f4a1 test: update test262 (#542)
d141eb1 test: update test262 (#540)
475e1b4 chore: manually add breaking changes to v7.0.0 changelog
9065d3a test: update test262 (#539)
d912072 chore: remove mentioning of deprecated parse methods (#538)
See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for meriyah since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…s 1 directory with 2 updates Bumps the vendor-minor-and-patch-dependencies group with 2 updates in the /vendor directory: [jsonpath-plus](https://github.com/s3u/JSONPath) and [meriyah](https://github.com/meriyah/meriyah). Updates `jsonpath-plus` from 10.3.0 to 10.4.0 - [Release notes](https://github.com/s3u/JSONPath/releases) - [Changelog](https://github.com/JSONPath-Plus/JSONPath/blob/main/CHANGES.md) - [Commits](JSONPath-Plus/JSONPath@v10.3.0...v10.4.0) Updates `meriyah` from 7.0.0 to 7.1.0 - [Release notes](https://github.com/meriyah/meriyah/releases) - [Changelog](https://github.com/meriyah/meriyah/blob/main/CHANGELOG.md) - [Commits](meriyah/meriyah@v7.0.0...v7.1.0) --- updated-dependencies: - dependency-name: jsonpath-plus dependency-version: 10.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: vendor-minor-and-patch-dependencies - dependency-name: meriyah dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: vendor-minor-and-patch-dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

codecov · 2026-03-18T00:55:19Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.45%. Comparing base (c0701db) to head (9fdde36).
⚠️ Report is 4 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #7809   +/-   ##
=======================================
  Coverage   80.45%   80.45%           
=======================================
  Files         748      748           
  Lines       32411    32411           
=======================================
  Hits        26076    26076           
  Misses       6335     6335

Flag	Coverage Δ
aiguard-macos	`39.10% <ø> (-0.10%)`	⬇️
aiguard-ubuntu	`39.22% <ø> (-0.10%)`	⬇️
aiguard-windows	`38.95% <ø> (-0.10%)`	⬇️
apm-capabilities-tracing-macos	`48.91% <ø> (ø)`
apm-capabilities-tracing-ubuntu	`48.94% <ø> (ø)`
apm-capabilities-tracing-windows	`48.67% <ø> (ø)`
apm-integrations-child-process	`38.41% <ø> (-0.10%)`	⬇️
apm-integrations-couchbase-18	`37.33% <ø> (-0.10%)`	⬇️
apm-integrations-couchbase-eol	`37.79% <ø> (-0.10%)`	⬇️
apm-integrations-oracledb	`37.63% <ø> (-0.10%)`	⬇️
appsec-express	`55.19% <ø> (-0.07%)`	⬇️
appsec-fastify	`51.54% <ø> (-0.07%)`	⬇️
appsec-graphql	`51.73% <ø> (-0.07%)`	⬇️
appsec-kafka	`44.29% <ø> (-0.08%)`	⬇️
appsec-ldapjs	`43.92% <ø> (-0.08%)`	⬇️
appsec-lodash	`43.55% <ø> (-0.08%)`	⬇️
appsec-macos	`58.12% <ø> (-0.07%)`	⬇️
appsec-mongodb-core	`48.71% <ø> (-0.08%)`	⬇️
appsec-mongoose	`49.37% <ø> (-0.08%)`	⬇️
appsec-mysql	`50.79% <ø> (-0.07%)`	⬇️
appsec-node-serialize	`43.10% <ø> (-0.08%)`	⬇️
appsec-passport	`47.55% <ø> (-0.09%)`	⬇️
appsec-postgres	`50.52% <ø> (-0.07%)`	⬇️
appsec-sourcing	`42.53% <ø> (-0.08%)`	⬇️
appsec-template	`43.27% <ø> (-0.08%)`	⬇️
appsec-ubuntu	`58.20% <ø> (-0.07%)`	⬇️
appsec-windows	`57.96% <ø> (-0.07%)`	⬇️
instrumentations-instrumentation-bluebird	`32.24% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-body-parser	`40.42% <ø> (-0.09%)`	⬇️
instrumentations-instrumentation-child_process	`37.73% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-cookie-parser	`34.22% <ø> (-0.09%)`	⬇️
instrumentations-instrumentation-express	`34.54% <ø> (-0.09%)`	⬇️
instrumentations-instrumentation-express-mongo-sanitize	`34.35% <ø> (-0.09%)`	⬇️
instrumentations-instrumentation-express-session	`40.06% <ø> (-0.09%)`	⬇️
instrumentations-instrumentation-fs	`31.86% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-generic-pool	`29.52% <ø> (ø)`
instrumentations-instrumentation-http	`39.70% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-knex	`32.25% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-mongoose	`33.37% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-multer	`40.17% <ø> (-0.09%)`	⬇️
instrumentations-instrumentation-mysql2	`38.18% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-passport	`43.96% <ø> (-0.09%)`	⬇️
instrumentations-instrumentation-passport-http	`43.64% <ø> (-0.09%)`	⬇️
instrumentations-instrumentation-passport-local	`44.17% <ø> (-0.09%)`	⬇️
instrumentations-instrumentation-pg	`37.62% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-promise	`32.17% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-promise-js	`32.18% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-q	`32.22% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-url	`32.15% <ø> (-0.10%)`	⬇️
instrumentations-instrumentation-when	`32.19% <ø> (-0.10%)`	⬇️
llmobs-ai	`42.16% <ø> (-0.09%)`	⬇️
llmobs-anthropic	`40.20% <ø> (-0.09%)`	⬇️
llmobs-bedrock	`39.16% <ø> (-0.08%)`	⬇️
llmobs-google-genai	`39.70% <ø> (-0.09%)`	⬇️
llmobs-langchain	`39.95% <ø> (-0.08%)`	⬇️
llmobs-openai	`43.87% <ø> (-0.09%)`	⬇️
llmobs-vertex-ai	`39.95% <ø> (-0.02%)`	⬇️
platform-core	`31.47% <ø> (ø)`
platform-esbuild	`34.42% <ø> (ø)`
platform-instrumentations-misc	`48.41% <ø> (ø)`
platform-shimmer	`37.56% <ø> (ø)`
platform-unit-guardrails	`32.89% <ø> (ø)`
plugins-azure-durable-functions	`25.74% <ø> (ø)`
plugins-azure-event-hubs	`25.90% <ø> (ø)`
plugins-azure-service-bus	`25.26% <ø> (ø)`
plugins-bullmq	`44.09% <ø> (-0.20%)`	⬇️
plugins-cassandra	`37.67% <ø> (-0.10%)`	⬇️
plugins-cookie	`26.96% <ø> (ø)`
plugins-cookie-parser	`26.75% <ø> (ø)`
plugins-crypto	`26.73% <ø> (ø)`
plugins-dd-trace-api	`38.21% <ø> (-0.10%)`	⬇️
plugins-express-mongo-sanitize	`26.89% <ø> (ø)`
plugins-express-session	`26.70% <ø> (ø)`
plugins-fastify	`42.14% <ø> (-0.09%)`	⬇️
plugins-fetch	`38.23% <ø> (-0.09%)`	⬇️
plugins-fs	`38.51% <ø> (-0.10%)`	⬇️
plugins-generic-pool	`25.94% <ø> (ø)`
plugins-google-cloud-pubsub	`45.35% <ø> (-0.09%)`	⬇️
plugins-grpc	`40.81% <ø> (-0.09%)`	⬇️
plugins-handlebars	`26.94% <ø> (ø)`
plugins-hapi	`40.06% <ø> (-0.10%)`	⬇️
plugins-hono	`40.31% <ø> (-0.10%)`	⬇️
plugins-ioredis	`38.32% <ø> (-0.10%)`	⬇️
plugins-knex	`26.57% <ø> (ø)`
plugins-langgraph	`38.36% <ø> (-0.10%)`	⬇️
plugins-ldapjs	`24.43% <ø> (ø)`
plugins-light-my-request	`26.30% <ø> (ø)`
plugins-limitd-client	`32.52% <ø> (-0.10%)`	⬇️
plugins-lodash	`26.03% <ø> (ø)`
plugins-mariadb	`39.36% <ø> (-0.10%)`	⬇️
plugins-memcached	`38.04% <ø> (-0.10%)`	⬇️
plugins-microgateway-core	`39.12% <ø> (-0.10%)`	⬇️
plugins-moleculer	`40.42% <ø> (-0.09%)`	⬇️
plugins-mongodb	`39.16% <ø> (+<0.01%)`	⬆️
plugins-mongodb-core	`38.90% <ø> (-0.10%)`	⬇️
plugins-mongoose	`38.75% <ø> (-0.10%)`	⬇️
plugins-multer	`26.70% <ø> (ø)`
plugins-mysql	`39.06% <ø> (-0.10%)`	⬇️
plugins-mysql2	`39.16% <ø> (-0.10%)`	⬇️
plugins-node-serialize	`27.00% <ø> (ø)`
plugins-opensearch	`37.50% <ø> (-0.10%)`	⬇️
plugins-passport-http	`26.76% <ø> (ø)`
plugins-postgres	`35.49% <ø> (-0.09%)`	⬇️
plugins-process	`26.73% <ø> (ø)`
plugins-pug	`26.96% <ø> (ø)`
plugins-redis	`38.78% <ø> (-0.10%)`	⬇️
plugins-router	`43.00% <ø> (+0.04%)`	⬆️
plugins-sequelize	`25.55% <ø> (ø)`
plugins-test-and-upstream-amqp10	`38.39% <ø> (-0.10%)`	⬇️
plugins-test-and-upstream-amqplib	`43.76% <ø> (-0.10%)`	⬇️
plugins-test-and-upstream-apollo	`39.02% <ø> (-0.09%)`	⬇️
plugins-test-and-upstream-avsc	`38.52% <ø> (-0.10%)`	⬇️
plugins-test-and-upstream-bunyan	`33.78% <ø> (-0.10%)`	⬇️
plugins-test-and-upstream-connect	`40.71% <ø> (-0.10%)`	⬇️
plugins-test-and-upstream-graphql	`40.00% <ø> (-0.10%)`	⬇️
plugins-test-and-upstream-koa	`40.30% <ø> (-0.10%)`	⬇️
plugins-test-and-upstream-protobufjs	`38.74% <ø> (-0.10%)`	⬇️
plugins-test-and-upstream-rhea	`43.97% <ø> (-0.07%)`	⬇️
plugins-undici	`39.00% <ø> (-0.09%)`	⬇️
plugins-url	`26.73% <ø> (ø)`
plugins-valkey	`37.98% <ø> (-0.10%)`	⬇️
plugins-vm	`26.73% <ø> (ø)`
plugins-winston	`33.97% <ø> (-0.10%)`	⬇️
plugins-ws	`41.76% <ø> (-0.10%)`	⬇️
profiling-macos	`40.46% <ø> (-0.10%)`	⬇️
profiling-ubuntu	`40.59% <ø> (-0.10%)`	⬇️
profiling-windows	`41.75% <ø> (-0.49%)`	⬇️
serverless-azure-functions-client	`25.62% <ø> (ø)`
serverless-azure-functions-eventhubs	`25.62% <ø> (ø)`
serverless-azure-functions-servicebus	`25.62% <ø> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

github-actions · 2026-03-18T00:55:25Z

Overall package size

Self size: 4.97 MB
Deduped: 5.82 MB
No deduping: 5.82 MB

Dependency sizes

| name | version | self size | total size | |------|---------|-----------|------------| | import-in-the-middle | 3.0.0 | 81.15 kB | 815.98 kB | | dc-polyfill | 0.1.10 | 26.73 kB | 26.73 kB |

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

pr-commenter · 2026-03-18T01:05:32Z

Benchmarks

Benchmark execution time: 2026-03-18 01:05:29

Comparing candidate commit 9fdde36 in PR branch dependabot/npm_and_yarn/vendor/vendor-minor-and-patch-dependencies-d6ad24ebb4 with baseline commit c0701db in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 228 metrics, 32 unstable metrics.

…s 1 directory with 2 updates (#7809) Bumps the vendor-minor-and-patch-dependencies group with 2 updates in the /vendor directory: [jsonpath-plus](https://github.com/s3u/JSONPath) and [meriyah](https://github.com/meriyah/meriyah). Updates `jsonpath-plus` from 10.3.0 to 10.4.0 - [Release notes](https://github.com/s3u/JSONPath/releases) - [Changelog](https://github.com/JSONPath-Plus/JSONPath/blob/main/CHANGES.md) - [Commits](JSONPath-Plus/JSONPath@v10.3.0...v10.4.0) Updates `meriyah` from 7.0.0 to 7.1.0 - [Release notes](https://github.com/meriyah/meriyah/releases) - [Changelog](https://github.com/meriyah/meriyah/blob/main/CHANGELOG.md) - [Commits](meriyah/meriyah@v7.0.0...v7.1.0) --- updated-dependencies: - dependency-name: jsonpath-plus dependency-version: 10.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: vendor-minor-and-patch-dependencies - dependency-name: meriyah dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: vendor-minor-and-patch-dependencies ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot bot added dependabot dependencies javascript Pull requests that update javascript code semver-patch labels Mar 18, 2026

BridgeAR approved these changes Mar 18, 2026

View reviewed changes

BridgeAR merged commit ed68895 into master Mar 18, 2026
798 checks passed

BridgeAR deleted the dependabot/npm_and_yarn/vendor/vendor-minor-and-patch-dependencies-d6ad24ebb4 branch March 18, 2026 04:29

dd-octo-sts bot mentioned this pull request Mar 18, 2026

v5.91.0 proposal #7802

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the vendor-minor-and-patch-dependencies group across 1 directory with 2 updates#7809

chore(deps): bump the vendor-minor-and-patch-dependencies group across 1 directory with 2 updates#7809
BridgeAR merged 1 commit intomasterfrom
dependabot/npm_and_yarn/vendor/vendor-minor-and-patch-dependencies-d6ad24ebb4

dependabot bot commented on behalf of github Mar 18, 2026

Uh oh!

codecov bot commented Mar 18, 2026 •

edited

Loading

Uh oh!

github-actions bot commented Mar 18, 2026

Uh oh!

pr-commenter bot commented Mar 18, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Mar 18, 2026

v10.4.0

What's Changed

New Contributors

10.4.0

7.1.0 (2026-02-04)

Features

Uh oh!

codecov bot commented Mar 18, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

github-actions bot commented Mar 18, 2026

Overall package size

Uh oh!

pr-commenter bot commented Mar 18, 2026

Benchmarks

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

codecov bot commented Mar 18, 2026 •

edited

Loading