build(deps): bump protobufjs and @opentelemetry/exporter-trace-otlp-http

[dependabot]

Bumps protobufjs and @opentelemetry/exporter-trace-otlp-http. These dependencies needed to be updated together.
Updates protobufjs from 7.4.0 to 7.5.8

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.5.8

7.5.8 (2026-05-12)

Bug Fixes

• Backport parser hardening to 7.x (#2245) (54b593f)

protobufjs: v7.5.7

7.5.7 (2026-05-09)

Bug Fixes

• Restore first-match namespace lookup (#2236) (cc7d595)

protobufjs: v7.5.6

7.5.6 (2026-04-27)

Bug Fixes

• Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)

v7.5.5

This release backports two reported security issues to 7.x branch.

• fix: do not allow setting __proto__ in Message constructor (#2126)
• fix: filter invalid characters from the type name (#2127)

Full Changelog: protobufjs/protobuf.js@protobufjs-v7.5.4...protobufjs-v7.5.5

protobufjs: v7.5.4

7.5.4 (2025-08-15)

Bug Fixes

• invalid syntax in descriptor.proto (#2092) (5a3769a)

protobufjs: v7.5.3

7.5.3 (2025-05-28)

Bug Fixes

• descriptor extensions handling post-editions (#2075) (6e255d4)

protobufjs: v7.5.2

7.5.2 (2025-05-14)

... (truncated)

Changelog

Sourced from protobufjs's changelog.

7.5.8 (2026-05-12)

Bug Fixes

• Backport parser hardening to 7.x (#2245) (54b593f)

7.5.7 (2026-05-09)

Bug Fixes

• Restore first-match namespace lookup (#2236) (cc7d595)

7.5.6 (2026-04-27)

Bug Fixes

• Backport input hardening and CLI fixes to 7.x (#2173) (75392ea)

7.5.4 (2025-08-15)

Bug Fixes

• invalid syntax in descriptor.proto (#2092) (5a3769a)

7.5.3 (2025-05-28)

Bug Fixes

• descriptor extensions handling post-editions (#2075) (6e255d4)

7.5.2 (2025-05-14)

Bug Fixes

• ensure that types are always resolved (#2068) (4b51cb2)

7.5.1 (2025-05-08)

Bug Fixes

• optimize regressions from editions implementations (#2066) (6406d4c)
• reserved field inside group blocks fail parsing (#2058) (56782bf)

... (truncated)

Commits

• d7035f9 chore: release protobufjs-v7.x (#2248)
• 54b593f fix: Backport parser hardening to 7.x (#2245)
• e88fcea chore: release protobufjs-v7.x (#2239)
• cc7d595 fix: Restore first-match namespace lookup (#2236)
• 3abc9b5 chore: release protobufjs-v7.x (#2190)
• a0bf2df fix: Update CLI peer dependency (7.x) (#2189)
• 2189e5b chore: release protobufjs-v7.x (#2174)
• 75392ea fix: Backport input hardening and CLI fixes to 7.x (#2173)
• 8af8d7c chore(ci): Fix 7.x release please configuration (#2169)
• e92ca42 chore(ci): Enable release-please for 7.x (#2166)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for protobufjs since your current version.

Updates @opentelemetry/exporter-trace-otlp-http from 0.211.0 to 0.215.0

Release notes

Sourced from @​opentelemetry/exporter-trace-otlp-http's releases.

experimental/v0.215.0

0.215.0

💥 Breaking Changes

• feat(sdk-logs)!: add required forceFlush() to LogRecordExporter interface #6356 @​pichlermarc
  • (user-facing): LogRecordExporter interface now requires a forceFlush() method to be implemented. Custom exporters will need to implement this method to continue working with the Logs SDK.
• feat(api-logs, sdk-logs)!: add Logger#enabled() #6371 @​david-luna

🚀 Features

• feat(otlp-transformer): add custom protobuf logs serializer #6228 @​pichlermarc
• feat(otlp-transformer): add custom protobuf logs export response deserializer #6530 @​pichlermarc

🐛 Bug Fixes

• fix(instrumentation-fetch): preserve init overrides when input is a Request object #6421 @​akandic47
• fix(otlp-exporter-base): limit Node.js HTTP transport response body to 4 MiB #6552 @​kartikgola
• fix(instrumentation-fetch): avoid unwrapping fetch API when disabling #6575 @​david-luna
• fix(web-common): add check for possible unsafe json parse #6589 @​maryliag
• fix(otlp-transformer): add check for possible unsafe json parse #6588 @​maryliag

experimental/v0.214.0

0.214.0

💥 Breaking Changes

• feat(configuration)!: rename OTEL_EXPERIMENTAL_CONFIG_FILE to OTEL_CONFIG_FILE #6486 @​maryliag
• refactor!(otlp-grpc-exporter-base): remove headers from gRPC exporter config type, passing headers now results in a compile-time error instead of being silently ignored #6487

🚀 Features

• feat(configuration): add sampler configuration parsing support #6409 @​MikeGoldsmith
• feat(configuration): add resource detection parsing #6435 @​MikeGoldsmith
• feat(configuration): export interfaces required in other packages #6462 @​maryliag
• feat(configuration): set MeterProvider on sdk start #6463 @​maryliag
• feat(configuration): export interfaces required in other packages #6507 @​maryliag

🐛 Bug Fixes

• fix(opentelemetry-instrumentation): access require via globalThis to avoid webpack analysis #6481 @​overbalance
• fix(sdk-logs): fix inflated droppedAttributesCount when updating existing attribute keys #6479 @​overbalance
• fix(instrumentation-fetch): do not modify the returned type of fetch #6521 @​dyladan
• fix(opentelemetry-sdk-node): add missing @opentelemetry/otlp-exporter-base dependency #6520 @​gotgenes

🏠 Internal

• chore: enforce import type for type-only imports via ESLint #6467 @​overbalance

... (truncated)

Commits

• a0476ee chore: prepare next release (#6603)
• 6bc69c7 fix(instr-fetch): avoid unwrap fetch API (#6575)
• 840f3d4 chore: re-arrange misplaced changelog entries (#6604)
• 2da8d39 feat(configuration): refactoring config loader to print warning message for b...
• 401af13 fix(deps): update dependency protobufjs to v8 (#6602)
• 36e2a9a fix(opentelemetry-core): add extra checks on internal merge function for safe...
• 8ee2a8b fix(web-common): add check for possible unsafe json parse (#6589)
• f40fd24 fix(otlp-transformer): add check for possible unsafe json parse (#6588)
• 394eeb0 chore: update changelog script (#6586)
• 36ce569 feat(sdk-metrics): adds the cardinalitySelector argument to PeriodicExporting...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #15.