chore(deps): update all patch versions

[renovate-bot]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@hapi/hapi (source)	21.3.3 -> 21.3.10					devDependencies	patch
@koa/router	12.0.0 -> 12.0.1					devDependencies	patch
@types/aws-lambda (source)	8.10.122 -> 8.10.143					dependencies	patch
@types/chai (source)	4.3.12 -> 4.3.17					devDependencies	patch
@types/express (source)	4.17.18 -> 4.17.21					devDependencies	patch
@​types/lru-cache	7.10.9 -> 7.10.10					devDependencies	patch
@types/mysql (source)	2.15.22 -> 2.15.26					dependencies	patch
@types/pg-pool (source)	2.0.4 -> 2.0.6					dependencies	patch
@types/react (source)	17.0.67 -> 17.0.80					devDependencies	patch
@types/restify (source)	4.3.10 -> 4.3.12					devDependencies	patch
@types/semver (source)	7.5.3 -> 7.5.8					devDependencies	patch
@types/semver (source)	7.5.5 -> 7.5.8					devDependencies	patch
@types/sinon (source)	17.0.3 -> 10.0.20					devDependencies	patch
@types/sinon (source)	10.0.18 -> 10.0.20					devDependencies	patch
@web/dev-server-rollup (source)	0.6.1 -> 0.6.4					devDependencies	patch
@web/test-runner (source)	0.18.1 -> 0.18.3					devDependencies	patch
glob	10.4.1 -> 10.4.5					devDependencies	patch
googleapis/release-please-action	v4.1.1 -> v4.1.3					action	patch
karma (source)	6.4.3 -> 6.4.4					devDependencies	patch
memcached	1.6.21-alpine -> 1.6.29-alpine					service	patch
minimatch	9.0.4 -> 9.0.5					devDependencies	patch
rimraf	5.0.5 -> 5.0.10					devDependencies	patch
semver	7.5.4 -> 7.6.3					devDependencies	patch
semver	7.6.0 -> 7.6.3					devDependencies	patch
semver	7.6.0 -> 7.6.3					dependencies	patch
socket.io	4.7.4 -> 4.7.5					devDependencies	patch
socket.io-client	4.7.4 -> 4.7.5					devDependencies	patch
sqlite3	5.1.6 -> 5.1.7					devDependencies	patch
winston-transport	4.7.0 -> 4.7.1					dependencies	patch

---

Release Notes

hapijs/hapi (@​hapi/hapi)

v21.3.10

Compare Source

v21.3.9

Compare Source

v21.3.8

Compare Source

v21.3.7

Compare Source

v21.3.6

Compare Source

v21.3.5

Compare Source

v21.3.4

Compare Source

koajs/router (@​koa/router)

v12.0.1

Compare Source

• fix: fixed API ToC > Index to preserve links due to remark issue 072b545
• fix: fixed remark-cli version and markdown 147a934
• chore: bump deps, fixed linting 9a45a3b
• revert conversion of 'debug' package for 'node:util::debuglog' (#​173) 04884de
• fix: revert version bump due to <koajs/router@bc13548#r129747049%3E 8d390a9
• fix the two routes with the same path conflicts (#​160) bc13548
• Suggest installing types as dev dependencies (#​163) ae98680
• fix: invalid directory link. (#​162) ceb3d16

modernweb-dev/web (@​web/dev-server-rollup)

v0.6.4

Compare Source

Patch Changes

• 2031b9e: Bumping the version of whatwg-url in order to resolve an issue with a dependency.

v0.6.3

Compare Source

Patch Changes

• fix: update @​web/dev-server-core

v0.6.2

Compare Source

Patch Changes

• 8552a4a: dedupe imports from outside root

modernweb-dev/web (@​web/test-runner)

v0.18.3

Compare Source

Patch Changes

• 6914f3b: Show suites names for summaryReporter when flatten option is true

v0.18.2

Compare Source

Patch Changes

• 6a97a69: Unify visual-written representation of skipped tests.

isaacs/node-glob (glob)

v10.4.5

Compare Source

v10.4.4

Compare Source

v10.4.3

Compare Source

v10.4.2

Compare Source

googleapis/release-please-action (googleapis/release-please-action)

v4.1.3

Compare Source

Bug Fixes

• correct log output when creating releases (#​933) (2725132)

v4.1.2

Compare Source

Bug Fixes

• bump release-please from 16.10.2 to 16.12.0 (#​1005) (cb03961)

karma-runner/karma (karma)

v6.4.4

Compare Source

isaacs/minimatch (minimatch)

v9.0.5

Compare Source

isaacs/rimraf (rimraf)

v5.0.10

Compare Source

v5.0.9

Compare Source

v5.0.8

Compare Source

v5.0.7

Compare Source

v5.0.6

Compare Source

npm/node-semver (semver)

v7.6.3

Compare Source

Bug Fixes

• 73a3d79 #​726 optimize Range parsing and formatting (#​726) (@​jviide)

Documentation

• 2975ece #​719 fix extra backtick typo (#​719) (@​stdavis)

v7.6.2

Compare Source

Bug Fixes

• 6466ba9 #​713 lru: use map.delete() directly (#​713) (@​negezor, @​lukekarrys)

v7.6.1

Compare Source

Bug Fixes

• c570a34 #​704 linting: no-unused-vars (@​wraithgar)
• ad8ff11 #​704 use internal cache implementation (@​mbtools)
• ac9b357 #​682 typo in compareBuild debug message (#​682) (@​mbtools)

Dependencies

• 988a8de #​709 uninstall lru-cache (#​709)
• 3fabe4d #​704 remove lru-cache

Chores

• dd09b60 #​705 bump @​npmcli/template-oss to 4.22.0 (@​lukekarrys)
• ec49cdc #​701 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)
• b236c3d #​696 add benchmarks (#​696) (@​H4ad)
• 692451b #​688 various improvements to README (#​688) (@​mbtools)
• 5feeb7f #​705 postinstall for dependabot template-oss PR (@​lukekarrys)
• 074156f #​701 bump @​npmcli/template-oss from 4.21.3 to 4.21.4 (@​dependabot[bot])

socketio/socket.io (socket.io)

v4.7.5

Compare Source

Bug Fixes

• close the adapters when the server is closed (bf64870)
• remove duplicate pipeline when serving bundle (e426f3e)

Links

• Diff: socketio/socket.io@4.7.4...4.7.5
• Client release: 4.7.5
• engine.io@~6.5.2 (no change)
• ws@~8.11.0 (no change)

socketio/socket.io-client (socket.io-client)

v4.7.5

Compare Source

Bug Fixes

• discard acknowledgements upon disconnection (34cbfbb)

Dependencies

• engine.io-client@~6.5.2 (no change)
• ws@~8.11.0 (no change)

TryGhost/node-sqlite3 (sqlite3)

v5.1.7

Compare Source

What's Changed

• Updated bundled SQLite to v3.44.2 by @​daniellockyer
• Replaced @mapbox/node-pre-gyp with prebuild + prebuild-install (TryGhost/node-sqlite3@605c7f9) by @​daniellockyer
  • this should fix a lot of bundling issues reported by the community
• Improved RowToJS performance by removing Napi::String::New instantiation by @​daniellockyer
• Various minor code refactors and improvements (thanks @​zenon8adams!)

New Contributors

• @​zenon8adams made their first contribution in https://github.com/TryGhost/node-sqlite3/pull/1701

Full Changelog: TryGhost/node-sqlite3@v5.1.6...v5.1.7

winstonjs/winston-transport (winston-transport)

v4.7.1

Compare Source

• update dependencies 5b4d9bf
• Bump mocha from 10.2.0 to 10.4.0 (#​218) 17feb48
• Bump eslint from 8.56.0 to 8.57.0 (#​213) 719a76b
• Bump @​types/node from 20.11.10 to 20.12.7 (#​221) c30789a

---

Configuration

📅 Schedule: Branch creation - "before 3am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[trentm]

I wonder if this is related to a . character in the name (the actual directory is plugins/node/instrumentation-socket.io) - possible renovate bug? May be interesting to see if changing the directory name would improve this.

An equivalent "update all patch versions" renovate PR worked before on this dir: #1707 (https://github.com/open-telemetry/opentelemetry-js-contrib/pull/1707/files#diff-d636207fb5a93040a6e203309164d21fd7790a2fe0776ad2b21f1fe4ecbb3a74)

[trentm]

I've started a renovate discussion asking about a possible bug here: renovatebot/renovate#30466

[trentm]

It is a renovate bug. I have a PR to fix it: renovatebot/renovate#30483

[trentm]

I have a PR to fix it

Merged. We will need a renovate release ... and then whatever deployment process updates the hosted Renovate to use that release.

[trentm]

The fix is in renovate 38.13.0.
I just re-ran this renovate job and it is current using (https://developer.mend.io/github/open-telemetry/opentelemetry-js-contrib/-/job/a863f965-4af9-47f4-85b2-30606f5a78c0):

INFO: Repository started
{
  "renovateVersion": "37.440.7"
}

That release (https://github.com/renovatebot/renovate/releases/tag/37.440.7) was from last week. I'm not sure if there will be a delay updating production hosted Renovate to v38.
There are some breaking changes: https://github.com/renovatebot/renovate/releases/tag/38.0.0

[trentm]

I tried to get Renovate to update this PR by clicking the checkbox in the description. That seemed to kick off this job:
https://developer.mend.io/github/open-telemetry/opentelemetry-js-contrib/-/job/019138f1-2e90-7e74-83e4-2cf1a215b2a4

It shows that this version of Renovate was run:

INFO: Repository started
{
  "renovateVersion": "38.20.1"
}

That version should include the fix I got into Renovate for the . in the package name.

However, there was no impact on this PR, so I'm not sure what to do here.
@pichlermarc Ideas?

[trentm]

I clicked the checkbox to retry this PR and the job (https://developer.mend.io/github/open-telemetry/opentelemetry-js-contrib/-/job/0191520c-36d4-73ee-85d7-568cddaef0f4) did so.

[trentm]

Unit tests all failed in npm run compile with:

 Error: test/documentLoad.test.ts(264,7): error TS2775: Assertions require every name in the call target to be declared with an explicit type annotation.
Error: test/documentLoad.test.ts(311,7): error TS2775: Assertions require every name in the call target to be declared with an explicit type annotation.
Error: test/documentLoad.test.ts(312,7): error TS2775: Assertions require every name in the call target to be declared with an explicit type annotation.
Error: test/documentLoad.test.ts(351,9): error TS2775: Assertions require every name in the call target to be declared with an explicit type annotation.
Error: test/documentLoad.test.ts(544,9): error TS2775: Assertions require every name in the call target to be declared with an explicit type annotation.
Error: test/documentLoad.test.ts(550,9): error TS2775: Assertions require every name in the call target to be declared with an explicit type annotation.
Error: test/documentLoad.test.ts(626,9): error TS2775: Assertions require every name in the call target to be declared with an explicit type annotation.
npm ERR! Lifecycle script `compile` failed with error: 
npm ERR! Error: command failed 
npm ERR!   in workspace: @opentelemetry/[email protected] 
npm ERR!   at location: /home/runner/work/opentelemetry-js-contrib/opentelemetry-js-contrib/plugins/web/opentelemetry-instrumentation-document-load 

[trentm]

Downgrading the @types/chai version "fixes" this:

% cd plugins/web/opentelemetry-instrumentation-document-load
% npm install @types/[email protected]
% npm run compile

Here is the diff in those @types/chai versions:
https://gist.github.com/trentm/be37b10e8e38e1452f64f76761d9c5b5

Via https://stackoverflow.com/a/72689922 this is because:

1. TypeScript has a design limitation: asserts x is type doesn't work when using arrow functions microsoft/TypeScript#34523

   asserts x is type doesn't work when using arrow functions

2. That @types/chai update added usages of asserts x is type, e.g.: https://gist.github.com/trentm/be37b10e8e38e1452f64f76761d9c5b5#file-the-diff-L56

Super.

A total guess is that the latest @types/chai isn't compatible -- for this particular issue -- with the older chai that we have?

[trentm]

I don't recall "closing" this. Re-opened.

[trentm]

So I guess we could pin to the particular @types/chai verison.

DefinitelyTyped/DefinitelyTyped#69364 is the PR that added these assertions to @types/chai.

[trentm]

Apparently this works:

diff --git a/plugins/web/opentelemetry-instrumentation-document-load/test/documentLoad.test.ts b/plugins/web/opentelemetry-instrumentation-document-load/test/documentLoad.test.ts
index a239945b..cbe4b0c7 100644
--- a/plugins/web/opentelemetry-instrumentation-document-load/test/documentLoad.test.ts
+++ b/plugins/web/opentelemetry-instrumentation-document-load/test/documentLoad.test.ts
@@ -45,7 +45,7 @@ import {
 } from '@opentelemetry/semantic-conventions';
 import { EventNames } from '../src/enums/EventNames';

-const { assert } = chai as typeof import('chai');
+const assert = chai.assert;

 const exporter = new InMemorySpanExporter();
 const provider = new BasicTracerProvider();

The ways of TS are mysterious to me.

[forking-renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[trentm]

Tests are still failing (TAV v22 and v20)... for a different reason. I cancelled the workflow.

[trentm]

^^^ That commit is a fix for the fialing mongo TAV tests.

Note the warning about unhelpful npm behaviour in this workspace
when the version of mongodb to test (by TAV) matches the version
installed for the instrumentation-mongoose workspace. The version
in instr-mongoose recently updated (in #2353), so it needs to
update here as well.

[trentm]

Summary of changes beyond what renovate added here:

1. We got a fix into renovate to copy with a workspace dir having a dot in it (instrumentation-socket.io): chore(deps): update all patch versions #2006 (comment)
2. A change to documentLoad.test.ts to workaround an interaction between a design limitation in TypeScript and usage in a @types/chai update that tickled that limitation: chore(deps): update all patch versions #2006 (comment) chore(deps): update all patch versions #2006 (comment)
3. An update to the version of mongodb to skip in test-all-versions (TAV) tests because (a) npm has a bug/limitation in how it locally resolves npm install --no-save [email protected] (as tav calls it) when in a workspace that has that [email protected] installed at a higher level and (b) instrumentation-mongoose recently updated its pinned mongodb dep version to 4.7.2: chore(deps): update all patch versions #2006 (comment)