📦 Update error-monitoring packages (major) #3097

renovate · 2025-08-28T19:01:00Z

This PR contains the following updates:

Package	Change	Age	Confidence
@octokit/core	`6.1.2` -> `7.0.3`
@octokit/graphql	`8.1.1` -> `9.0.1`
@octokit/plugin-rest-endpoint-methods	`13.2.6` -> `16.0.0`
body-parser	`1.20.3` -> `2.2.0`
dotenv	`16.4.5` -> `17.2.1`
express (source)	`4.21.1` -> `5.1.0`
google-auth-library	`9.15.0` -> `10.3.0`
nock	`13.5.6` -> `14.0.10`
vitest (source)	`2.1.9` -> `3.2.4`

See all other Renovate PRs on the Dependency Dashboard

Release Notes

octokit/core.js (@octokit/core)

`v7.0.3`

Compare Source

Bug Fixes

add createLogger to ensure that pino does not break (#744) (0896c50)

`v7.0.2`

Compare Source

Bug Fixes

deps: update octokit monorepo (major) (#742) (629fa4e)

`v7.0.1`

Compare Source

Bug Fixes

deps: update dependency before-after-hook to v4 (#739) (2abf89e)

`v7.0.0`

Compare Source

Continuous Integration

stop testing against NodeJS v18 (#738) (78747bf)

BREAKING CHANGES

Drop support for NodeJS v18
build: set minimal node version in build script to v20
ci: stop testing against NodeJS v18

`v6.1.6`

Compare Source

Bug Fixes

add createLogger to ensure that pino does not break (#744) (78c6df8)

`v6.1.5`

Compare Source

Bug Fixes

deps: update dependency @octokit/types to v14 (#731) (3700c41)

`v6.1.4`

Compare Source

Bug Fixes

deps: bump Octokit dependencies vulnerable to ReDos (#723) (582d8bd)

`v6.1.3`

Compare Source

Bug Fixes

deps: bump Octokit dependencies to fix Deno compat (#715) (e2b21bb)

octokit/graphql.js (@octokit/graphql)

`v9.0.1`

Compare Source

Bug Fixes

deps: update dependency @octokit/request to v10 (#659) (737812f)

`v9.0.0`

Compare Source

Continuous Integration

stop testing against NodeJS v18 (#657) (d9856f5)

BREAKING CHANGES

Drop support for NodeJS v18
build: set minimal node version in build script to v20
ci: stop testing against NodeJS v18

`v8.2.2`

Compare Source

Bug Fixes

deps: update dependency @octokit/types to v14 (#649) (fceca07)

`v8.2.1`

Compare Source

Bug Fixes

deps: update dependency @octokit/request to v9.2.2 [security] (#636) (0e582ca)

`v8.2.0`

Compare Source

Features

allow users to specify operationName in multi-operation queries (#629) (9a1787e)

`v8.1.2`

Compare Source

Bug Fixes

deps: bump Octokit dependencies (#620) (97a801c)

octokit/plugin-rest-endpoint-methods.js (@octokit/plugin-rest-endpoint-methods)

`v16.0.0`

Compare Source

Features

remove deprecated projects endpoints, remove deprecated copilot usage metric endpoints, add new billing.getGithubBillingUsageReportUser() and credentials.revoke() endpoint methods, private registry methods no longer in private beta, type update (#803) (4196f01)

BREAKING CHANGES

remove deprecated projects v1 endpoints
remove deprecated copilot usage metrics endpoints

`v15.0.0`

Compare Source

Continuous Integration

stop testing against NodeJS v18 (#801) (c016ce3)

BREAKING CHANGES

Drop support for NodeJS v18
build: set minimal node version in build script to v20
ci: stop testing against NodeJS v18

`v14.0.0`

Compare Source

Features

add new organization campaign endpoints, remove deprecated endpoints (#797) (4c8a166)

BREAKING CHANGES

remove deprecated copilot metrics endpoints
remove deprecated legacy projects endpoints

`v13.5.0`

Compare Source

Features

new /orgs/{org}/issue-types, /orgs/{org}/issue-types/{issue_type_id} enpoints (#792) (58d342e)

`v13.4.0`

Compare Source

Features

new /enterprises/{enterprise}/actions/hosted-runners, /orgs/{org}/actions/hosted-runners, /orgs/{org}/settings/network-configurations, /orgs/{org}/rulesets/{ruleset_id}/history,/repos/{owner}/{repo}/rulesets/{ruleset_id}/history endpoints (#791) (b3fe977)

`v13.3.1`

Compare Source

Bug Fixes

deps: bump @octokit/types - only changes to graphQL (#783) (519a1ab)

`v13.3.0`

Compare Source

Features

new action runner groups endpoints, new code scanning alerts autofix endpoints, new sub-issues endpoints, new private registries enpoints, new code security endpoints, various description updates (#777) (5e1ecd4)

expressjs/body-parser (body-parser)

`v2.2.0`

Compare Source

=========================

refactor: normalize common options for all parsers
deps:
- iconv-lite@^0.6.3

`v2.1.0`

Compare Source

=========================

deps:
- type-is@^2.0.0
- debug@^4.4.0
- Removed destroy
refactor: prefix built-in node module imports
use the node require cache instead of custom caching

`v2.0.2`

Compare Source

=========================

remove unpipe package and use native unpipe() method

`v2.0.1`

Compare Source

=========================

Restore expected behavior extended to false

`v2.0.0`

Compare Source

=========================

Propagate changes from 1.20.3
add brotli support #406
Breaking Change: Node.js 18 is the minimum supported version

motdotla/dotenv (dotenv)

`v17.2.1`

Compare Source

Changed

Fix clickable tip links by removing parentheses (#897)

`v17.2.0`

Compare Source

Added

Optionally specify DOTENV_CONFIG_QUIET=true in your environment or .env file to quiet the runtime log (#889)
Just like dotenv any DOTENV_CONFIG_ environment variables take precedence over any code set options like ({quiet: false})

`v17.1.0`

Compare Source

Added

Add additional security and configuration tips to the runtime log (#884)
Dim the tips text from the main injection information text

const TIPS = [
  '🔐 encrypt with dotenvx: https://dotenvx.com',
  '🔐 prevent committing .env to code: https://dotenvx.com/precommit',
  '🔐 prevent building .env in docker: https://dotenvx.com/prebuild',
  '🛠️  run anywhere with `dotenvx run -- yourcommand`',
  '⚙️  specify custom .env file path with { path: \'/custom/path/.env\' }',
  '⚙️  enable debug logging with { debug: true }',
  '⚙️  override existing env vars with { override: true }',
  '⚙️  suppress all logs with { quiet: true }',
  '⚙️  write to custom object with { processEnv: myObject }',
  '⚙️  load multiple .env files with { path: [\'.env.local\', \'.env\'] }'
]

`v17.0.1`

Compare Source

Changed

Patched injected log to count only populated/set keys to process.env (#879)

`v17.0.0`

Compare Source

Changed

Default quiet to false - informational (file and keys count) runtime log message shows by default (#875)

`v16.6.1`

Compare Source

Changed

Default quiet to true – hiding the runtime log message (#874)
NOTICE: 17.0.0 will be released with quiet defaulting to false. Use config({ quiet: true }) to suppress.
And check out the new dotenvx. As coding workflows evolve and agents increasingly handle secrets, encrypted .env files offer a much safer way to deploy both agents and code together with secure secrets. Simply switch require('dotenv').config() for require('@dotenvx/dotenvx').config().

`v16.6.0`

Compare Source

Added

Default log helpful message [[email protected]] injecting env (1) from .env (#870)
Use { quiet: true } to suppress
Aligns dotenv more closely with dotenvx.

`v16.5.0`

Compare Source

Added

🎉 Added new sponsor Graphite - the AI developer productivity platform helping teams on GitHub ship higher quality software, faster.

[!TIP]
Become a sponsor

The dotenvx README is viewed thousands of times DAILY on GitHub and NPM.
Sponsoring dotenv is a great way to get in front of developers and give back to the developer community at the same time.

Changed

Remove _log method. Use _debug #862

`v16.4.7`

Compare Source

Changed

Ignore .tap folder when publishing. (oops, sorry about that everyone. - @motdotla) #848

`v16.4.6`

Compare Source

Changed

Clean up stale dev dependencies #847
Various README updates clarifying usage and alternative solutions using dotenvx

expressjs/express (express)

`v5.1.0`

Compare Source

========================

Add support for Uint8Array in res.send()
Add support for ETag option in res.sendFile()
Add support for multiple links with the same rel in res.links()
Add funding field to package.json
perf: use loop for acceptParams
refactor: prefix built-in node module imports
deps: remove setprototypeof
deps: remove safe-buffer
deps: remove utils-merge
deps: remove methods
deps: remove depd
deps: debug@^4.4.0
deps: body-parser@^2.2.0
deps: router@^2.2.0
deps: content-type@^1.0.5
deps: finalhandler@^2.1.0
deps: qs@^6.14.0
deps: [email protected]
deps: [email protected]

`v5.0.1`

Compare Source

==========

Update cookie semver lock to address CVE-2024-47764

`v5.0.0`

Compare Source

=========================

remove:
- path-is-absolute dependency - use path.isAbsolute instead
breaking:
- res.status() accepts only integers, and input must be greater than 99 and less than 1000
  - will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
  - will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
- deps: send@1.0.0
- res.redirect('back') and res.location('back') is no longer a supported magic string, explicitly use req.get('Referrer') || '/'.
change:
- res.clearCookie will ignore user provided maxAge and expires options
deps: cookie-signature@^1.2.1
deps: debug@4.3.6
deps: merge-descriptors@^2.0.0
deps: serve-static@^2.1.0
deps: qs@6.13.0
deps: accepts@^2.0.0
deps: mime-types@^3.0.0
- application/javascript => text/javascript
deps: type-is@^2.0.0
deps: content-disposition@^1.0.0
deps: finalhandler@^2.0.0
deps: fresh@^2.0.0
deps: body-parser@^2.0.1
deps: send@^1.1.0

`v4.21.2`

Compare Source

What's Changed

Add funding field (v4) by @bjohansebas in https://github.com/expressjs/express/pull/6065
deps: [email protected] by @blakeembrey in https://github.com/expressjs/express/pull/5956
deps: bump [email protected] by @jonchurch in https://github.com/expressjs/express/pull/6209
Release: 4.21.2 by @UlisesGascon in https://github.com/expressjs/express/pull/6094

Full Changelog: expressjs/express@4.21.1...4.21.2

googleapis/google-auth-library-nodejs (google-auth-library)

`v10.3.0`

Compare Source

Features

Add detection for Cloud Run Jobs (#2120) (b659124)

`v10.2.1`

Compare Source

Bug Fixes

Pin nock and typescript dependencies to fix window.crypto.subtle.verify signature argument type (#2106) (afc3bc8)

`v10.2.0`

Compare Source

Features

X509 cert authentication (#2055) (6ac9ab4)

Bug Fixes

deps: Update dependency @googleapis/iam to v30 (#2052) (b8adc26)

`v10.1.0`

Compare Source

Features

fetch-Compatible API (#1939) (c63f608)
Normalize GoogleAuth<T> from JSONClient to AuthClient (#1940) (440de51)

Bug Fixes

deps: Update dependency google-auth-library to v10 (#2034) (182c5db)

`v10.0.0`

Compare Source

⚠ BREAKING CHANGES

Request Revamp (#1938)
Remove Transporter (#1937)
remove additionalOptions from AuthClients (#1689)
Remove options.ts (#1920)
Remove messages.ts (#1919)
Support Node 18+ (#1879)
Support Node 18, 20, and 22 (#1928)
remove DEFAULT_UNIVERSE from BaseExternalClient (#1690)
Move Base AuthClient Types to authclient.ts (#1774)

Features

Request Revamp (#1938) (f23e807)
Add debug logging support (#1903) (13ca1dc)
Support Node 18, 20, and 22 (#1928) (5b60a95)
Support Node 18+ (#1879) (3d24045)

Bug Fixes

Circular Dependencies Issue (#1936) (aea893c)
deps: Update dependency @google-cloud/language to v7 (#1947) (70e9183)
deps: Update dependency @googleapis/iam to v27 (#1962) (629da74)
deps: Update dependency @googleapis/iam to v28 (#2027) (ebb2bc0)
deps: Update dependency puppeteer to v24 (#1933) (474453d)
Process undefined values before creating URLSearchParams (#2029) (c0181c5)

Code Refactoring

Move Base AuthClient Types to authclient.ts (#1774) (b0c3a43)
Remove messages.ts (#1919) (654753d)
Remove options.ts (#1920) (51316e8)
Remove Transporter (#1937) (dbcc44b)
Remove additionalOptions from AuthClients (#1689) (2f780a8)
Remove DEFAULT_UNIVERSE from BaseExternalClient (#1690) (4f1dc04)

`v9.15.1`

Compare Source

Bug Fixes

Resolve typo in document (#1901) (12f2c87)

nock/nock (nock)

`v14.0.10`

Compare Source

Bug Fixes

Use Error objects instead of plain objects with replyWithError() (#2900) (f2a3389)

`v14.0.9`

Compare Source

Bug Fixes

address timeout issue with mocked timers (Revert #2880) (#2902) (bc48f92)

`v14.0.8`

Compare Source

Bug Fixes

ClientRequest: support http.Agent instances as agents for https requests (#2896) (e4390b8)

`v14.0.7`

Compare Source

Bug Fixes

address timeout issue with mocked timers (#2880) (fb112f3)

`v14.0.6`

Compare Source

Bug Fixes

upgrade interceptors (2bcaf0f)

`v14.0.5`

Compare Source

Bug Fixes

use of a fetch() recording that uses gzip compression is missing the headers, Possible EventEmitter memory leak when used together with MongoDBContainer (#2869) (90b2a04)