dependabot[bot] opened a new pull request, #40789: URL: https://github.com/apache/superset/pull/40789
Bumps [hot-shots](https://github.com/bdeitte/hot-shots) from 14.3.1 to 15.0.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/bdeitte/hot-shots/blob/main/CHANGES.md";>hot-shots's changelog</a>.</em></p> <blockquote> <h2>15.0.0 (2026-5-28)</h2> <ul> <li><a href="https://github.com/bdeitte";><code>@bdeitte</code></a> A number of updates to improve callback and error handling: <ul> <li>Default error listener on every transport socket so that in the cases we didn't have one, an error doesn't crash the host</li> <li>Wrap interval flushes (buffer + telemetry) and the close-time telemetry flush in try/catch to prevent host crashing</li> <li>Fix child-close error routing so there's no double-delivery for inherited handlers</li> <li>Fix buffered-message callback being sometimes (but not always) misrouted to the prior buffer's flush- new callback now fires synchronously after enqueue for consistency</li> <li>Ensure the errorHandler is used when there's an issue with the flush performed inside <code>close()</code></li> <li>Updated error section in README to explain better how things work, especially the differences between buffered and unbuffered modes</li> </ul> </li> <li><a href="https://github.com/bdeitte";><code>@bdeitte</code></a> A number of security improvements: <ul> <li>Sanitize <code>\r</code> in metric names, tag keys, and tag values alongside newlines, since some receivers split lines on <code>\r</code> and could otherwise be tricked into accepting injected metrics</li> <li>Add <code>files</code> allowlist to package.json so npm publishes only <code>index.js</code>, <code>index.mjs</code>, <code>lib/</code>, and the TypeScript definitions</li> <li>dev-only library updates. Override <code>uuid</code> to 14.x to fix <a href="https://github.com/advisories/GHSA-w5hq-g745-h8pq";>GHSA-w5hq-g745-h8pq</a> and add <code>diff</code> override to <code>^8.0.3</code> to resolve <a href="https://github.com/advisories/GHSA-73rr-hh4g-fpgx";>GHSA-73rr-hh4g-fpgx</a> transitively pulled in via <code>mocha</code> and <code>sinon</code>.</li> </ul> </li> <li><a href="https://github.com/bdeitte";><code>@bdeitte</code></a> A few smaller cleanups and fixups: <ul> <li>Replace polling in close() with a Promise-based drain that handles async-queued follow-up sends</li> <li>Warn (via console.error) on invalid <code>port</code>, <code>sampleRate</code>, <code>bufferFlushInterval</code> config values and use default config values</li> <li>Misc cleanups: <code>for-of</code> over array routes, simpler EAGAIN access, dedup <code>Buffer.byteLength</code> in <code>sendMessage</code></li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/bdeitte/hot-shots/commit/7129573ac93975b44259e0c193019d8d137f0a20";><code>7129573</code></a> 15.0.0</li> <li><a href="https://github.com/bdeitte/hot-shots/commit/da3053b37614859f6cc51d0fa5ae67ee7da6dae6";><code>da3053b</code></a> Changes update</li> <li><a href="https://github.com/bdeitte/hot-shots/commit/d15d412a3e88bdbc6b084adfb9223ca9e3aa71e9";><code>d15d412</code></a> Merge pull request <a href="https://redirect.github.com/bdeitte/hot-shots/issues/319";>#319</a> from bdeitte/best-practices</li> <li><a href="https://github.com/bdeitte/hot-shots/commit/69208639a2ece52a992727edf0431320c5fc76da";><code>6920863</code></a> Silence no-invalid-this lint for mocha this.timeout in TS test</li> <li><a href="https://github.com/bdeitte/hot-shots/commit/acc13062b1589a027e3dc4b2a61df0fdd08f07f1";><code>acc1306</code></a> Bump TypeScript-compilation test timeout for slow Windows CI</li> <li><a href="https://github.com/bdeitte/hot-shots/commit/f20cfd8d336122631db2d06f786582cc51763bca";><code>f20cfd8</code></a> Address review feedback</li> <li><a href="https://github.com/bdeitte/hot-shots/commit/3f75e9e846527a11c8e05b2377b0661d64165a16";><code>3f75e9e</code></a> Better changes update and fix extra info that is not needed</li> <li><a href="https://github.com/bdeitte/hot-shots/commit/dffc9005db8334790b16c8afa67361f58b236bf0";><code>dffc900</code></a> Address PR review comments</li> <li><a href="https://github.com/bdeitte/hot-shots/commit/5e1e59eee59897d237c16528ae82880780545afa";><code>5e1e59e</code></a> More small reviewing updates</li> <li><a href="https://github.com/bdeitte/hot-shots/commit/53c46b453dc80f4af586321c74c3e89596663eb6";><code>53c46b4</code></a> More small reviewing updates</li> <li>Additional commits viewable in <a href="https://github.com/bdeitte/hot-shots/compare/v14.3.1...v15.0.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
