chore(deps):(deps): bump the production-minor group across 1 directory with 20 updates

[dependabot]

Bumps the production-minor group with 20 updates in the / directory:

Package	From	To
@auth0/auth0-react	2.11.0	2.16.1
@aws-sdk/client-dynamodb	3.1023.0	3.1024.0
@aws-sdk/client-ec2	3.1023.0	3.1024.0
@aws-sdk/client-eks	3.1023.0	3.1024.0
@aws-sdk/client-kms	3.1023.0	3.1024.0
@aws-sdk/client-rds	3.1023.0	3.1024.0
@aws-sdk/client-s3	3.1023.0	3.1024.0
@aws-sdk/lib-dynamodb	3.1023.0	3.1024.0
@aws-sdk/s3-request-presigner	3.1023.0	3.1024.0
@openai/codex	0.116.0	0.118.0
@opentelemetry/auto-instrumentations-node	0.67.3	0.72.0
@opentelemetry/exporter-metrics-otlp-http	0.212.0	0.214.0
@opentelemetry/exporter-trace-otlp-grpc	0.212.0	0.214.0
@opentelemetry/exporter-trace-otlp-http	0.212.0	0.214.0
@opentelemetry/resources	2.5.1	2.6.1
@opentelemetry/sdk-node	0.212.0	0.214.0
@opentelemetry/sdk-trace-base	2.5.1	2.6.1
@opentelemetry/sdk-trace-node	2.5.1	2.6.1
oxlint-tsgolint	0.18.1	0.19.0
three	0.182.0	0.183.2

Updates @auth0/auth0-react from 2.11.0 to 2.16.1

Release notes

Sourced from @​auth0/auth0-react's releases.

v2.16.1

Changed

• chore(deps): bump @​auth0/auth0-spa-js from 2.18.2 to 2.18.3 #1068 (dependabot[bot])
• chore(deps): bump @​auth0/auth0-spa-js from 2.18.0 to 2.18.2 #1065 (dependabot[bot])

v2.16.0

Added

• feat: add client prop to Auth0Provider #1041 (yogeshchoudhary147)
• Native to Web SSO support (via auth0-spa-js v2.18.0)

Changed

• chore(deps): bump @​auth0/auth0-spa-js from 2.17.1 to 2.18.0 #1059 (yogeshchoudhary147)

v2.15.1

Changed

• chore(deps): update @​auth0/auth0-spa-js to version 2.17.1 #1045 (gyaneshgouraw-okta)

v2.15.0

Added

• feat: add Step-Up Authentication section and related examples to documentation #1023 (gyaneshgouraw-okta)

v2.14.0

Added

• feat: add Multi-Factor Authentication (MFA) support #1014 (gyaneshgouraw-okta)

Changed

• chore: bump @​auth0/auth0-spa-js to v2.15.0 #1017 (yogeshchoudhary147)

v2.13.0

Added

• feat: add loginWithCustomTokenExchange and deprecate exchangeToken #1010 (yogeshchoudhary147)

v2.12.0

Added

• feat: add getConfiguration method to Auth0Client and updated documentation #991 (gyaneshgouraw-okta)
• Security: Example app update Next.js dependency for CVE-2025-55184 and CVE-2025-55183 #951 (tusharpandey13)

Changelog

Sourced from @​auth0/auth0-react's changelog.

v2.16.1 (2026-03-31)

Full Changelog

Changed

• chore(deps): bump @​auth0/auth0-spa-js from 2.18.2 to 2.18.3 #1068 (dependabot[bot])
• chore(deps): bump @​auth0/auth0-spa-js from 2.18.0 to 2.18.2 #1065 (dependabot[bot])

v2.16.0 (2026-03-25)

Full Changelog

Added

• feat: add client prop to Auth0Provider #1041 (yogeshchoudhary147)
• Native to Web SSO support (via auth0-spa-js v2.18.0)

Changed

• chore(deps): bump @​auth0/auth0-spa-js from 2.17.1 to 2.18.0 #1059 (yogeshchoudhary147)

v2.15.1 (2026-03-13)

Full Changelog

Changed

• chore(deps): update @​auth0/auth0-spa-js to version 2.17.1 #1045 (gyaneshgouraw-okta)

v2.15.0 (2026-02-17)

Full Changelog

Added

• feat: add Step-Up Authentication section and related examples to documentation #1023 (gyaneshgouraw-okta)

v2.14.0 (2026-02-13)

Full Changelog

Added

• feat: add Multi-Factor Authentication (MFA) support #1014 (gyaneshgouraw-okta)

Changed

• chore: bump @​auth0/auth0-spa-js to v2.15.0 #1017 (yogeshchoudhary147)

v2.13.0 (2026-02-05)

Full Changelog

Added

• feat: add loginWithCustomTokenExchange and deprecate exchangeToken #1010 (yogeshchoudhary147)

v2.12.0 (2026-01-28)

Full Changelog

Added

• feat: add getConfiguration method to Auth0Client and updated documentation #991 (gyaneshgouraw-okta)
• Security: Example app update Next.js dependency for CVE-2025-55184 and CVE-2025-55183 #951 (tusharpandey13)

Commits

• ca1786c Release v2.16.1 (#1072)
• e661192 chore(deps): bump @​auth0/auth0-spa-js from 2.18.2 to 2.18.3 (#1068)
• 71d2ac2 chore(deps-dev): bump rollup-plugin-typescript2 from 0.36.0 to 0.37.0 (#1071)
• 432803c chore(deps-dev): bump @​typescript-eslint/eslint-plugin from 8.57.2 to 8.58.0 ...
• 47caafa chore(deps-dev): bump @​typescript-eslint/parser from 8.57.2 to 8.58.0 (#1069)
• 3d8cd27 chore(deps): bump path-to-regexp from 0.1.12 to 0.1.13 in /examples/users-api...
• 18e7257 chore(deps-dev): bump handlebars from 4.7.8 to 4.7.9 (#1066)
• 2ec1601 chore(deps): bump @​auth0/auth0-spa-js from 2.18.0 to 2.18.2 (#1065)
• f5e0503 chore(deps): bump codecov/codecov-action from 5.5.3 to 6.0.0 (#1064)
• c361a1f chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2 (#1061)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​auth0/auth0-react since your current version.

Updates @aws-sdk/client-dynamodb from 3.1023.0 to 3.1024.0

Release notes

Sourced from @​aws-sdk/client-dynamodb's releases.

v3.1024.0

3.1024.0(2026-04-03)

Documentation Changes

• client-organizations: Updates close Account quota for member accounts in an Organization. (4bc933f4)
• client-bedrock-agentcore-control: Documentation Update for Adds support for three-legged (Authorization Code grant type) OAuth along with predefined MCP tool schema configuration for Amazon Bedrock AgentCore gateway MCP server targets. (96ae995b)

New Features

• client-bedrock-agent: Added strict parameter to ToolSpecification to allow users to enforce strict JSON schema adherence for tool input schemas. (2d57cd61)
• client-medialive: AWS Elemental MediaLive released a new features that allows customers to use HLG 2020 as a color space for AV1 video codec. (b9ff368c)
• client-imagebuilder: Updated pagination token validation for ListContainerRecipes API to support maximum size of 65K characters (0d392c90)
• client-cloudwatch-logs: Added queryDuration, bytesScanned, and userIdentity fields to the QueryInfo response object returned by DescribeQueries. Customers can now view detailed query cost information including who ran the query, how long it took, and the volume of data scanned. (c4b9df8e)
• client-payment-cryptography: Adds optional support to retrieve previously generated import and export tokens to simplify import and export functions (76274743)
• client-bedrock: Amazon Bedrock Guardrails enforcement configuration APIs now support selective guarding controls for system prompts as well as user and assistant messages, along with SDK support for Amazon Bedrock resource policy APIs. (4aa232cc)
• client-lightsail: Add support for tagging of Alarm resource type (ad9e0d71)

---

For list of updated packages, view updated-packages.md in assets-3.1024.0.zip

Changelog

Sourced from @​aws-sdk/client-dynamodb's changelog.

3.1024.0 (2026-04-03)

Note: Version bump only for package @​aws-sdk/client-dynamodb

Commits

• 99bf9fc Publish v3.1024.0
• See full diff in compare view

Updates @aws-sdk/client-ec2 from 3.1023.0 to 3.1024.0

Release notes

Sourced from @​aws-sdk/client-ec2's releases.

v3.1024.0

3.1024.0(2026-04-03)

Documentation Changes

• client-organizations: Updates close Account quota for member accounts in an Organization. (4bc933f4)
• client-bedrock-agentcore-control: Documentation Update for Adds support for three-legged (Authorization Code grant type) OAuth along with predefined MCP tool schema configuration for Amazon Bedrock AgentCore gateway MCP server targets. (96ae995b)

New Features

• client-bedrock-agent: Added strict parameter to ToolSpecification to allow users to enforce strict JSON schema adherence for tool input schemas. (2d57cd61)
• client-medialive: AWS Elemental MediaLive released a new features that allows customers to use HLG 2020 as a color space for AV1 video codec. (b9ff368c)
• client-imagebuilder: Updated pagination token validation for ListContainerRecipes API to support maximum size of 65K characters (0d392c90)
• client-cloudwatch-logs: Added queryDuration, bytesScanned, and userIdentity fields to the QueryInfo response object returned by DescribeQueries. Customers can now view detailed query cost information including who ran the query, how long it took, and the volume of data scanned. (c4b9df8e)
• client-payment-cryptography: Adds optional support to retrieve previously generated import and export tokens to simplify import and export functions (76274743)
• client-bedrock: Amazon Bedrock Guardrails enforcement configuration APIs now support selective guarding controls for system prompts as well as user and assistant messages, along with SDK support for Amazon Bedrock resource policy APIs. (4aa232cc)
• client-lightsail: Add support for tagging of Alarm resource type (ad9e0d71)

---

For list of updated packages, view updated-packages.md in assets-3.1024.0.zip

Changelog

Sourced from @​aws-sdk/client-ec2's changelog.

3.1024.0 (2026-04-03)

Note: Version bump only for package @​aws-sdk/client-ec2

Commits

• 99bf9fc Publish v3.1024.0
• See full diff in compare view

Updates @aws-sdk/client-eks from 3.1023.0 to 3.1024.0

Release notes

Sourced from @​aws-sdk/client-eks's releases.

v3.1024.0

3.1024.0(2026-04-03)

Documentation Changes

• client-organizations: Updates close Account quota for member accounts in an Organization. (4bc933f4)
• client-bedrock-agentcore-control: Documentation Update for Adds support for three-legged (Authorization Code grant type) OAuth along with predefined MCP tool schema configuration for Amazon Bedrock AgentCore gateway MCP server targets. (96ae995b)

New Features

• client-bedrock-agent: Added strict parameter to ToolSpecification to allow users to enforce strict JSON schema adherence for tool input schemas. (2d57cd61)
• client-medialive: AWS Elemental MediaLive released a new features that allows customers to use HLG 2020 as a color space for AV1 video codec. (b9ff368c)
• client-imagebuilder: Updated pagination token validation for ListContainerRecipes API to support maximum size of 65K characters (0d392c90)
• client-cloudwatch-logs: Added queryDuration, bytesScanned, and userIdentity fields to the QueryInfo response object returned by DescribeQueries. Customers can now view detailed query cost information including who ran the query, how long it took, and the volume of data scanned. (c4b9df8e)
• client-payment-cryptography: Adds optional support to retrieve previously generated import and export tokens to simplify import and export functions (76274743)
• client-bedrock: Amazon Bedrock Guardrails enforcement configuration APIs now support selective guarding controls for system prompts as well as user and assistant messages, along with SDK support for Amazon Bedrock resource policy APIs. (4aa232cc)
• client-lightsail: Add support for tagging of Alarm resource type (ad9e0d71)

---

For list of updated packages, view updated-packages.md in assets-3.1024.0.zip

Changelog

Sourced from @​aws-sdk/client-eks's changelog.

3.1024.0 (2026-04-03)

Note: Version bump only for package @​aws-sdk/client-eks

Commits

• 99bf9fc Publish v3.1024.0
• See full diff in compare view

Updates @aws-sdk/client-kms from 3.1023.0 to 3.1024.0

Release notes

Sourced from @​aws-sdk/client-kms's releases.

v3.1024.0

3.1024.0(2026-04-03)

Documentation Changes

• client-organizations: Updates close Account quota for member accounts in an Organization. (4bc933f4)
• client-bedrock-agentcore-control: Documentation Update for Adds support for three-legged (Authorization Code grant type) OAuth along with predefined MCP tool schema configuration for Amazon Bedrock AgentCore gateway MCP server targets. (96ae995b)

New Features

• client-bedrock-agent: Added strict parameter to ToolSpecification to allow users to enforce strict JSON schema adherence for tool input schemas. (2d57cd61)
• client-medialive: AWS Elemental MediaLive released a new features that allows customers to use HLG 2020 as a color space for AV1 video codec. (b9ff368c)
• client-imagebuilder: Updated pagination token validation for ListContainerRecipes API to support maximum size of 65K characters (0d392c90)
• client-cloudwatch-logs: Added queryDuration, bytesScanned, and userIdentity fields to the QueryInfo response object returned by DescribeQueries. Customers can now view detailed query cost information including who ran the query, how long it took, and the volume of data scanned. (c4b9df8e)
• client-payment-cryptography: Adds optional support to retrieve previously generated import and export tokens to simplify import and export functions (76274743)
• client-bedrock: Amazon Bedrock Guardrails enforcement configuration APIs now support selective guarding controls for system prompts as well as user and assistant messages, along with SDK support for Amazon Bedrock resource policy APIs. (4aa232cc)
• client-lightsail: Add support for tagging of Alarm resource type (ad9e0d71)

---

For list of updated packages, view updated-packages.md in assets-3.1024.0.zip

Changelog

Sourced from @​aws-sdk/client-kms's changelog.

3.1024.0 (2026-04-03)

Note: Version bump only for package @​aws-sdk/client-kms

Commits

• 99bf9fc Publish v3.1024.0
• See full diff in compare view

Updates @aws-sdk/client-rds from 3.1023.0 to 3.1024.0

Release notes

Sourced from @​aws-sdk/client-rds's releases.

v3.1024.0

3.1024.0(2026-04-03)

Documentation Changes

• client-organizations: Updates close Account quota for member accounts in an Organization. (4bc933f4)
• client-bedrock-agentcore-control: Documentation Update for Adds support for three-legged (Authorization Code grant type) OAuth along with predefined MCP tool schema configuration for Amazon Bedrock AgentCore gateway MCP server targets. (96ae995b)

New Features

• client-bedrock-agent: Added strict parameter to ToolSpecification to allow users to enforce strict JSON schema adherence for tool input schemas. (2d57cd61)
• client-medialive: AWS Elemental MediaLive released a new features that allows customers to use HLG 2020 as a color space for AV1 video codec. (b9ff368c)
• client-imagebuilder: Updated pagination token validation for ListContainerRecipes API to support maximum size of 65K characters (0d392c90)
• client-cloudwatch-logs: Added queryDuration, bytesScanned, and userIdentity fields to the QueryInfo response object returned by DescribeQueries. Customers can now view detailed query cost information including who ran the query, how long it took, and the volume of data scanned. (c4b9df8e)
• client-payment-cryptography: Adds optional support to retrieve previously generated import and export tokens to simplify import and export functions (76274743)
• client-bedrock: Amazon Bedrock Guardrails enforcement configuration APIs now support selective guarding controls for system prompts as well as user and assistant messages, along with SDK support for Amazon Bedrock resource policy APIs. (4aa232cc)
• client-lightsail: Add support for tagging of Alarm resource type (ad9e0d71)

---

For list of updated packages, view updated-packages.md in assets-3.1024.0.zip

Changelog

Sourced from @​aws-sdk/client-rds's changelog.

3.1024.0 (2026-04-03)

Note: Version bump only for package @​aws-sdk/client-rds

Commits

• 99bf9fc Publish v3.1024.0
• See full diff in compare view

Updates @aws-sdk/client-s3 from 3.1023.0 to 3.1024.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.1024.0

3.1024.0(2026-04-03)

Documentation Changes

• client-organizations: Updates close Account quota for member accounts in an Organization. (4bc933f4)
• client-bedrock-agentcore-control: Documentation Update for Adds support for three-legged (Authorization Code grant type) OAuth along with predefined MCP tool schema configuration for Amazon Bedrock AgentCore gateway MCP server targets. (96ae995b)

New Features

• client-bedrock-agent: Added strict parameter to ToolSpecification to allow users to enforce strict JSON schema adherence for tool input schemas. (2d57cd61)
• client-medialive: AWS Elemental MediaLive released a new features that allows customers to use HLG 2020 as a color space for AV1 video codec. (b9ff368c)
• client-imagebuilder: Updated pagination token validation for ListContainerRecipes API to support maximum size of 65K characters (0d392c90)
• client-cloudwatch-logs: Added queryDuration, bytesScanned, and userIdentity fields to the QueryInfo response object returned by DescribeQueries. Customers can now view detailed query cost information including who ran the query, how long it took, and the volume of data scanned. (c4b9df8e)
• client-payment-cryptography: Adds optional support to retrieve previously generated import and export tokens to simplify import and export functions (76274743)
• client-bedrock: Amazon Bedrock Guardrails enforcement configuration APIs now support selective guarding controls for system prompts as well as user and assistant messages, along with SDK support for Amazon Bedrock resource policy APIs. (4aa232cc)
• client-lightsail: Add support for tagging of Alarm resource type (ad9e0d71)

---

For list of updated packages, view updated-packages.md in assets-3.1024.0.zip

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.1024.0 (2026-04-03)

Note: Version bump only for package @​aws-sdk/client-s3

Commits

• 99bf9fc Publish v3.1024.0
• See full diff in compare view

Updates @aws-sdk/lib-dynamodb from 3.1023.0 to 3.1024.0

Release notes

Sourced from @​aws-sdk/lib-dynamodb's releases.

v3.1024.0

3.1024.0(2026-04-03)

Documentation Changes

• client-organizations: Updates close Account quota for member accounts in an Organization. (4bc933f4)
• client-bedrock-agentcore-control: Documentation Update for Adds support for three-legged (Authorization Code grant type) OAuth along with predefined MCP tool schema configuration for Amazon Bedrock AgentCore gateway MCP server targets. (96ae995b)

New Features

• client-bedrock-agent: Added strict parameter to ToolSpecification to allow users to enforce strict JSON schema adherence for tool input schemas. (2d57cd61)
• client-medialive: AWS Elemental MediaLive released a new features that allows customers to use HLG 2020 as a color space for AV1 video codec. (b9ff368c)
• client-imagebuilder: Updated pagination token validation for ListContainerRecipes API to support maximum size of 65K characters (0d392c90)
• client-cloudwatch-logs: Added queryDuration, bytesScanned, and userIdentity fields to the QueryInfo response object returned by DescribeQueries. Customers can now view detailed query cost information including who ran the query, how long it took, and the volume of data scanned. (c4b9df8e)
• client-payment-cryptography: Adds optional support to retrieve previously generated import and export tokens to simplify import and export functions (76274743)
• client-bedrock: Amazon Bedrock Guardrails enforcement configuration APIs now support selective guarding controls for system prompts as well as user and assistant messages, along with SDK support for Amazon Bedrock resource policy APIs. (4aa232cc)
• client-lightsail: Add support for tagging of Alarm resource type (ad9e0d71)

---

For list of updated packages, view updated-packages.md in assets-3.1024.0.zip

Changelog

Sourced from @​aws-sdk/lib-dynamodb's changelog.

3.1024.0 (2026-04-03)

Note: Version bump only for package @​aws-sdk/lib-dynamodb

Commits

• 99bf9fc Publish v3.1024.0
• See full diff in compare view

Updates @aws-sdk/s3-request-presigner from 3.1023.0 to 3.1024.0

Release notes

Sourced from @​aws-sdk/s3-request-presigner's releases.

v3.1024.0

3.1024.0(2026-04-03)

Documentation Changes

• client-organizations: Updates close Account quota for member accounts in an Organization. (4bc933f4)
• client-bedrock-agentcore-control: Documentation Update for Adds support for three-legged (Authorization Code grant type) OAuth along with predefined MCP tool schema configuration for Amazon Bedrock AgentCore gateway MCP server targets. (96ae995b)

New Features

• client-bedrock-agent: Added strict parameter to ToolSpecification to allow users to enforce strict JSON schema adherence for tool input schemas. (2d57cd61)
• client-medialive: AWS Elemental MediaLive released a new features that allows customers to use HLG 2020 as a color space for AV1 video codec. (b9ff368c)
• client-imagebuilder: Updated pagination token validation for ListContainerRecipes API to support maximum size of 65K characters (0d392c90)
• client-cloudwatch-logs: Added queryDuration, bytesScanned, and userIdentity fields to the QueryInfo response object returned by DescribeQueries. Customers can now view detailed query cost information including who ran the query, how long it took, and the volume of data scanned. (c4b9df8e)
• client-payment-cryptography: Adds optional support to retrieve previously generated import and export tokens to simplify import and export functions (76274743)
• client-bedrock: Amazon Bedrock Guardrails enforcement configuration APIs now support selective guarding controls for system prompts as well as user and assistant messages, along with SDK support for Amazon Bedrock resource policy APIs. (4aa232cc)
• client-lightsail: Add support for tagging of Alarm resource type (ad9e0d71)

---

For list of updated packages, view updated-packages.md in assets-3.1024.0.zip

Changelog

Sourced from @​aws-sdk/s3-request-presigner's changelog.

3.1024.0 (2026-04-03)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

Commits

• 99bf9fc Publish v3.1024.0
• See full diff in compare view

Updates @openai/codex from 0.116.0 to 0.118.0

Release notes

Sourced from @​openai/codex's releases.

0.118.0

New Features

• Windows sandbox runs can now enforce proxy-only networking with OS-level egress rules, instead of relying on environment variables alone. (#12220)
• App-server clients can now start ChatGPT sign-in with a device code flow, which helps when browser callback login is unreliable or unavailable. (#15525)
• codex exec now supports the prompt-plus-stdin workflow, so you can pipe input and still pass a separate prompt on the command line. (#15917)
• Custom model providers can now fetch and refresh short-lived bearer tokens dynamically, instead of being limited to static credentials from config or environment variables. (#16286, #16287, #16288)

Bug Fixes

• Project-local .codex files are now protected even on first creation, closing a gap where the initial write could bypass normal approval checks. (#15067)
• Linux sandbox launches are more reliable because Codex once again finds a trusted system bwrap on normal multi-entry PATHs. (#15791, #15973)
• The app-server-backed TUI regained several missing workflows: hook notifications replay correctly, /copy and /resume <name> work again, /agent no longer shows stale threads, and the skills picker scrolls past the first page. (#16013, #16021, #16050, #16014, #16109, #16110)
• MCP startup is more robust: local servers get a longer startup window, and failed handshakes surface warnings in the TUI again instead of looking like clean startups. (#16080, #16041)
• On Windows, apply_patch is less likely to fail because it no longer adds redundant writable roots that could trigger unnecessary ACL churn. (#16030)

Changelog

Full Changelog: openai/codex@rust-v0.117.0...rust-v0.118.0

• #15891 [plugins] Polish tool suggest prompts. @​mzeng-openai
• #15791 fix: resolve bwrap from trusted PATH entry @​viyatb-oai
• #15900 skills: remove unused skill permission metadata @​bolinfest
• #15811 app-server: Split transport module @​euroelessar
• #15067 Protect first-time project .codex creation across Linux and macOS sandboxes @​rreichel3-oai
• #15903 [codex] import token_data from codex-login directly @​bolinfest
• #15897 sandboxing: use OsString for SandboxCommand.program @​bolinfest
• #15910 docs: update AGENTS.md to discourage adding code to codex-core @​bolinfest
• #15898 chore: move bwrap config helpers into dedicated module @​viyatb-oai
• #15906 chore: remove skill metadata from command approval payloads @​bolinfest
• #15909 fix(network-proxy): fail closed on network-proxy DNS lookup errors @​viyatb-oai
• #14495 Preserve bazel repository cache in github actions @​siggisim
• #15522 bazel: re-organize bazelrc @​sluongng
• #15923 codex-tools: extract shared tool schema parsing @​bolinfest
• #15918 permissions: remove macOS seatbelt extension profiles @​bolinfest
• #12220 feat(windows-sandbox): add network proxy support @​viyatb-oai
• #15931 fix: make MACOS_DEFAULT_PREFERENCES_POLICY part of MACOS_SEATBELT_BASE_POLICY @​bolinfest
• #15933 fix: use matrix.target instead of matrix.os for actions/cache build action @​bolinfest
• #15928 codex-tools: extract MCP schema adapters @​bolinfest
• #15948 fix: increase timeout for rust-ci to 45 minutes for now @​bolinfest
• #15921 [app-server-protocol] introduce generic ClientResponse for app-server-protocol @​rhan-oai
• #15120 chore: refactor network permissions to use explicit domain and unix socket rule maps @​celia-oai
• #15525 Add ChatGPT device-code login to app server @​daniel-oai
• #15876 chore: drop useless stuff @​jif-oai
• #15954 chore: move pty and windows sandbox to Rust 2024 @​bolinfest
• #15986 feat: spawn v2 make task name as mandatory @​jif-oai
• #16000 Use codex-utils-template for login error page @​jif-oai
• #16001 Use codex-utils-template for review prompts @​jif-oai
• #15998 Use codex-utils-template for sandbox mode prompts @​jif-oai
• #15995 Use codex-utils-template for collaboration mode presets @​jif-oai
• #15996 Use codex-utils-template for search tool descriptions @​jif-oai
• #15999 Use codex-utils-template for review exit XML @​jif-oai

... (truncated)

Commits

• See full diff in compare view

Updates @opentelemetry/auto-instrumentations-node from 0.67.3 to 0.72.0

Release notes

Sourced from @​opentelemetry/auto-instrumentations-node's releases.

auto-instrumentations-node: v0.72.0

0.72.0 (2026-03-25)

⚠ BREAKING CHANGES

• auto-instrumentations-node, instrumentation-fastify: remove instrumentation-fastify (#3409)

Features

• auto-instrumentations-node, instrumentation-fastify: remove instrumentation-fastify (#3409) (ac26e9a)
• deps: update deps matching '@opentelemetry/*' (#3450) (c8df394)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​opentelemetry/instrumentation-amqplib bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-aws-lambda bumped from ^0.65.0 to ^0.66.0
    • @​opentelemetry/instrumentation-aws-sdk bumped from ^0.68.0 to ^0.69.0
    • @​opentelemetry/instrumentation-bunyan bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-cassandra-driver bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-connect bumped from ^0.56.0 to ^0.57.0
    • @​opentelemetry/instrumentation-cucumber bumped from ^0.29.0 to ^0.30.0
    • @​opentelemetry/instrumentation-dataloader bumped from ^0.30.0 to ^0.31.0
    • @​opentelemetry/instrumentation-dns bumped from ^0.56.0 to ^0.57.0
    • @​opentelemetry/instrumentation-express bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-fs bumped from ^0.32.0 to ^0.33.0
    • @​opentelemetry/instrumentation-generic-pool bumped from ^0.56.0 to ^0.57.0
    • @​opentelemetry/instrumentation-graphql bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-hapi bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-ioredis bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-kafkajs bumped from ^0.22.0 to ^0.23.0
    • @​opentelemetry/instrumentation-knex bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-koa bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-lru-memoizer bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-memcached bumped from ^0.56.0 to ^0.57.0
    • @​opentelemetry/instrumentation-mongodb bumped from ^0.66.0 to ^0.67.0
    • @​opentelemetry/instrumentation-mongoose bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-mysql bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-mysql2 bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-nestjs-core bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-net bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-openai bumped from ^0.11.0 to ^0.12.0
    • @​opentelemetry/instrumentation-oracledb bumped from ^0.38.0 to ^0.39.0
    • @​opentelemetry/instrumentation-pg bumped from ^0.65.0 to ^0.66.0
    • @​opentelemetry/instrumentation-pino bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-redis bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-restify bumped from ^0.58.0 to ^0.59.0

... (truncated)

Changelog

Sourced from @​opentelemetry/auto-instrumentations-node's changelog.

0.72.0 (2026-03-25)

⚠ BREAKING CHANGES

• auto-instrumentations-node, instrumentation-fastify: remove instrumentation-fastify (#3409)

Features

• auto-instrumentations-node, instrumentation-fastify: remove instrumentation-fastify (#3409) (ac26e9a)
• deps: update deps matching '@opentelemetry/*' (#3450) (c8df394)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​opentelemetry/instrumentation-amqplib bumped from ^0.60.0 to ^0.61.0
    • @​opentelemetry/instrumentation-aws-lambda bumped from ^0.65.0 to ^0.66.0
    • @​opentelemetry/instrumentation-aws-sdk bumped from ^0.68.0 to ^0.69.0
    • @​opentelemetry/instrumentation-bunyan bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-cassandra-driver bumped from ^0.58.0 to ^0.59.0
    • @​opentelemetry/instrumentation-connect bumped from ^0.56.0 to ^0.57.0
    • @​opentelemetry/instrumentation-cucumber bumped from ^0.29.0 to ^0.30.0
    • @​opentelemetry/instrumentation-dataloader bumped from ^0.30.0 to ^0.31.0
    • @​opentelemetry/instrumentation-dns bumped from ^0.56.0 to ^0.57.0
    • @​opentelemetry/instrumentation-express bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-fs bumped from ^0.32.0 to ^0.33.0
    • @​opentelemetry/instrumentation-generic-pool bumped from ^0.56.0 to ^0.57.0
    • @​opentelemetry/instrumentation-graphql bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-hapi bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-ioredis bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-kafkajs bumped from ^0.22.0 to ^0.23.0
    • @​opentelemetry/instrumentation-knex bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-koa bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/instrumentation-lru-memoizer bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-memcached bumped from ^0.56.0 to ^0.57.0
    • @​opentelemetry/instrumentation-mongodb bumped from ^0.66.0 to ^0.67.0
    • @​opentelemetry/instrumentation-mongoose bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-mysql bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-mysql2 bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-nestjs-core bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-net bumped from ^0.57.0 to ^0.58.0
    • @​opentelemetry/instrumentation-openai bumped from ^0.11.0 to ^0.12.0
    • @​opentelemetry/instrumentation-oracledb bumped from ^0.38.0 to ^0.39.0
    • @​opentelemetry/instrumentation-pg bumped from ^0.65.0 to ^0.66.0
    • @​opentelemetry/instrumentation-pino bumped from ^0.59.0 to ^0.60.0
    • @​opentelemetry/instrumentation-redis bumped from ^0.61.0 to ^0.62.0
    • @​opentelemetry/ins...

      Description has been truncated

      ---

      Summary by cubic

      Upgrade production dependencies to current minor versions for auth, AWS SDK, telemetry, and 3D rendering. Highlights: @auth0/auth0-react 2.16.1, AWS SDK v3.1024, OpenTelemetry exporters/core 0.214/2.6, @openai/codex 0.118.0, and three 0.183.2.

      • Dependencies

        • Auth: @auth0/auth0-react → 2.16.1.
        • AWS SDK: v3.1024 across DynamoDB, S3, EC2, EKS, KMS, RDS, lib-dynamodb, and s3-request-presigner.
        • Observability: @opentelemetry/auto-instrumentations-node → 0.72.0; exporters/resources/sdk updated to 0.214.0/2.6.1.
        • Tooling: @openai/codex → 0.118.0, oxlint-tsgolint → 0.19.0, three → 0.183.2.

      • Migration

        • Telemetry: @opentelemetry/auto-instrumentations-node@0.72.0 no longer includes Fastify instrumentation. If you need it, pin to 0.71.x or add manual instrumentation.
        • 3D: Verify three scenes and loaders in critical views for minor API changes.

      ^{Written for commit d1c7402d531f3d2c50c53cbecc0ac37fe8bd6906. Summary will update on new commits.}

[dependabot]

Labels

The following labels could not be found: npm. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
pixelated	Ready	Preview, Comment	Apr 3, 2026 11:53pm

[cubic-dev-ai]

No issues found across 2 files