chore: resolve open dependabot security alerts

[jonathannorris]

Summary

• Resolved 4 open Dependabot security alerts by bumping vulnerable dependencies

Dependabot Alerts Resolved

Alert	Package	Severity	Fix
#78	fast-uri	high	Added override to force >=3.1.2 (host confusion via percent-encoded authority delimiters)
#77	fast-uri	high	Added override to force >=3.1.2 (path traversal via percent-encoded dot segments)
#76	uuid	medium	Bumped direct dep to >=11.1.1 (missing buffer bounds check)
#74	postcss	medium	Added override to deduplicate to root version >=8.5.10 (XSS); moved from devDependencies to dependencies for correct override resolution

[gemini-code-assist]

Code Review

This pull request updates the uuid dependency to version 11.1.1 and postcss to 8.5.14, and adds a postcss override in package.json. The reviewer recommends moving postcss from devDependencies to dependencies to ensure it is available during production-only installs, as it is now a production-critical dependency due to the override and its use by production dependencies like next.

[Copilot]

Pull request overview

This PR addresses Dependabot-reported security vulnerabilities by updating dependency versions and enforcing safer transitive resolution via npm overrides.

Changes:

• Bumped uuid from ^11.1.0 to ^11.1.1.
• Promoted postcss to a direct dependency and added an override to deduplicate to the root postcss version.
• Added an override to force fast-uri to resolve to >=3.1.2.

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File	Description
package.json	Updates dependency versions and adds npm overrides for vulnerable transitive packages.
package-lock.json	Locks updated resolved versions for uuid, postcss, and fast-uri, reflecting the new override behavior.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 1 out of 2 changed files in this pull request and generated no new comments.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: e2767c3b-53db-41db-879a-3989cf170be9

📥 Commits

Reviewing files that changed from the base of the PR and between bddca14 and 6e0469c.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json

🚧 Files skipped from review as they are similar to previous changes (1)

• package.json

---

📝 Walkthrough

Walkthrough

Upgrades OpenTelemetry packages from 0.54.x to 0.202.x/0.219.x and bumps @vercel/otel, next, and uuid. Adapts registerOTel to use plural metricReaders/logRecordProcessors array fields and updates TelemetryHook's event callback parameter type to use AttributeValue | undefined.

Changes

OpenTelemetry upgrade and API adaptation

Layer / File(s)	Summary
Dependency and override updates package.json	Bumps @opentelemetry/* packages to 0.202.x/0.219.x, upgrades @vercel/otel to ^2.1.3, next to 15.5.18, uuid, and eslint-config-next. Adds overrides for postcss, fast-uri, @opentelemetry/core, and @opentelemetry/resources; bumps protobufjs override to ^7.6.3.
OTel API adaptation src/instrumentation.ts, src/libs/open-feature/telemetry-hook.ts	Switches registerOTel options from singular metricReader/logRecordProcessor to one-element-array metricReaders/logRecordProcessors. Updates TelemetryHook constructor's sendEvent parameter type from Record<string, string | number | boolean> to Record<string, AttributeValue | undefined>, adding the AttributeValue import.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: resolving Dependabot security alerts by updating dependencies.
Description check	✅ Passed	The description is clearly related to the changeset, detailing the specific security alerts resolved and the fixes applied.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@package.json`:
- Around line 21-28: Update two OpenTelemetry experimental package versions in
package.json to match `@vercel/otel` 2.1.3 compatibility requirements: change
`@opentelemetry/api-logs` from ^0.202.0 to ^0.205.0 and change
`@opentelemetry/sdk-logs` from ^0.202.0 to ^0.205.0. Additionally, add
`@opentelemetry/sdk-trace-base` as a new direct dependency with version ^2.1.0 in
the dependencies section, as it is currently only installed transitively through
other packages.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 91d75b4e-4474-4af8-b271-7b746b9c145f

📥 Commits

Reviewing files that changed from the base of the PR and between 42f2785 and bddca14.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (3)

• package.json
• src/instrumentation.ts
• src/libs/open-feature/telemetry-hook.ts