[Snyk] Upgrade @opentelemetry/sdk-node from 0.57.2 to 0.200.0

[krischarbonneau]

Snyk has created this PR to upgrade @opentelemetry/sdk-node from 0.57.2 to 0.200.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 4 versions ahead of your current version.

• The recommended version was released 22 days ago.

Release notes

Package name: @opentelemetry/sdk-node

• 0.200.0 - 2025-03-17
  

  0.200.0

  Summary

  • The minimum supported Node.js has been raised to ^18.19.0 || >=20.6.0. This means that support for Node.js 14 and 16 has been dropped.
  • The minimum supported TypeScript version has been raised to 5.0.4.
  • The compilation target for transpiled TypeScript has been raised to ES2022 (from ES2017).
  • The public interface has changed
    • for notes on migrating to 2.x / 0.200.x see the upgrade guide
  • Only stable versions 2.0.0 are compatible with this release

  💥 Breaking Change

  • feat(exporter-prometheus)!: stop the using type field to enforce naming conventions #5291 @ chancancode
    • Any non-monotonic sums will now be treated as counters and will therefore include the _total suffix.
  • feat(shim-opencenus)!: stop mapping removed Instrument type to OpenTelemetry metrics #5291 @ chancancode
    • The internal OpenTelemetry data model dropped the concept of instrument type on exported metrics, therefore mapping it is not necessary anymore.
  • feat(instrumentation-fetch)!: passthrough original response to applyCustomAttributes hook #5281 @ chancancode
    • Previously, the fetch instrumentation code unconditionally clones every fetch() response in order to preserve the ability for the applyCustomAttributes hook to consume the response body. This is fundamentally unsound, as it forces the browser to buffer and retain the response body until it is fully received and read, which crates unnecessary memory pressure on large or long-running response streams. In extreme cases, this is effectively a memory leak and can cause the browser tab to crash. If your use case for applyCustomAttributes requires access to the response body, please chime in on #5293.
  • chore!: Raise the minimum supported Node.js version to ^18.19.0 || >=20.6.0. Support for Node.js 14, 16, and early minor versions of 18 and 20 have been dropped. This applies to all packages except the 'api' and 'semantic-conventions' packages. #5395 @ trentm
  • feat(sdk-node)!: use IMetricReader over MetricReader #5311
    • (user-facing): NodeSDKConfiguration now provides the more general IMetricReader type over MetricReader
  • feat(exporter-metrics-otlp-http)!: do not read environment variables from window in browsers #5473 @ pichlermarc
    • (user-facing): all configuration previously possible via window.OTEL_* is now not supported anymore, please pass configuration options to constructors instead.
    • Note: Node.js environment variable configuration continues to work as-is.
  • feat(sdk-logs)!: do not read environment variables from window in browsers #5472 @ pichlermarc
    • (user-facing): all configuration previously possible via window.OTEL_* is now not supported anymore, please pass configuration options to constructors instead.
      • Note: Node.js environment variable configuration continues to work as-is.

  🚀 (Enhancement)

  • feat(instrumentation-fetch): add a requestHook option #5380
  • feat(instrumentation): re-export initialize function from import-in-the-middle #5123
  • feat(sdk-node): lower diagnostic level #5360 @ cjihrig
  • feat(exporter-prometheus): add additional attributes option #5317 @ marius-a-mueller
    • Add withResourceConstantLabels option to ExporterConfig. It can be used to define a regex pattern to choose which resource attributes will be used as static labels on the metrics. The default is to not set any static labels.

  🐛 (Bug Fix)

  • fix(instrumentation-grpc): monitor error events with events.errorMonitor #5369 @ cjihrig
  • fix(exporter-metrics-otlp-http): browser OTLPMetricExporter was not passing config to OTLPMetricExporterBase super class #5331 @ trentm
  • fix(instrumentation-fetch, instrumentation-xhr): Ignore network events with zero-timings #5332 @ chancancode
  • fix(exporter-logs/trace-otlp-grpc): fix error for missing dependency otlp-exporter-base #5412 @ JamieDanielson

  🏠 (Internal)

  • chore(instrumentation-grpc): remove unused findIndex() function #5372 @ cjihrig
  • refactor(otlp-exporter-base): remove unnecessary isNaN() checks #5374 @ cjihrig
  • refactor(exporter-prometheus): remove unnecessary isNaN() check #5377 @ cjihrig
  • refactor(sdk-node): move code to auto-instantiate propagators into utils #5355 @ pichlermarc
  • chore: unpin @ opentelemetry/semantic-conventions dep to allow better de-duplication in installs #5439 @ trentm
  • refactor(instrumentation-http): migrate away from getEnv() #5469 @ pichlermarc
  • refactor(sdk-node): migrate away from getEnv() #5475 @ pichlermarc
• 0.200.0-rc.1 - 2025-03-12
• 0.200.0-dev.1 - 2025-03-05
• 0.200.0-dev.0 - 2025-02-24
• 0.57.2 - 2025-02-13
  

  0.57.2

  🐛 (Bug Fix)

  • fix(exporter-logs/trace-otlp-grpc): fix error for missing dependency otlp-exporter-base #5470 @ JamieDanielson

from @opentelemetry/sdk-node GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[github-actions]

Integration Deployment 🚀 - Build Status

Jest Coverage Report
Cypress Coverage Report