chore(deps): bump import-in-the-middle from 1.15.0 to 2.0.0

[dependabot]

Bumps import-in-the-middle from 1.15.0 to 2.0.0.

Release notes

Sourced from import-in-the-middle's releases.

import-in-the-middle: v2.0.0

2.0.0 (2025-10-14)

⚠ BREAKING CHANGES

This was only a new major out of an abundance of caution. The hook code has been converted to ESM to work around some loader issues. There should actually be no breaking changes when using import-in-the-middle/hook.mjs or the exported Hook API.

Features

• convert all modules running in loader thread to ESM (#210) (da7c7a6)

Changelog

Sourced from import-in-the-middle's changelog.

2.0.0 (2025-10-14)

⚠ BREAKING CHANGES

Converting all modules running in the loader thread to ESM should not be a breaking change for most users since it primarily affects internal implementation details. However, if you were referencing internal CJS files like hook.js this will no longer work.

Features

• convert all modules running in loader thread to ESM (#210) (da7c7a6)

Commits

• d96619f chore: release v2.0.0 (#214)
• da7c7a6 feat!: convert all modules running in loader thread to ESM (#210)
• b8fd97e chore: npm ignore several files used for dev (#137)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 82.63%. Comparing base (1c78dee) to head (d44b67d).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #6703      +/-   ##
==========================================
- Coverage   84.12%   82.63%   -1.49%     
==========================================
  Files         505      505              
  Lines       21027    21027              
==========================================
- Hits        17689    17376     -313     
- Misses       3338     3651     +313     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Overall package size

Self size: 12.83 MB
Deduped: 115.39 MB
No deduping: 117.59 MB

Dependency sizes

| name | version | self size | total size | |------|---------|-----------|------------| | @datadog/libdatadog | 0.7.0 | 35.02 MB | 35.02 MB | | @datadog/native-appsec | 10.2.1 | 20.64 MB | 20.65 MB | | @datadog/native-iast-taint-tracking | 4.0.0 | 11.72 MB | 11.73 MB | | @datadog/pprof | 5.11.1 | 9.96 MB | 10.34 MB | | @opentelemetry/core | 1.30.1 | 908.66 kB | 7.16 MB | | protobufjs | 7.5.4 | 2.95 MB | 5.73 MB | | @datadog/wasm-js-rewriter | 4.0.1 | 2.85 MB | 3.58 MB | | @opentelemetry/resources | 1.9.1 | 306.54 kB | 1.74 MB | | @datadog/native-metrics | 3.1.1 | 1.02 MB | 1.43 MB | | @opentelemetry/api-logs | 0.205.0 | 201.51 kB | 1.42 MB | | @opentelemetry/api | 1.9.0 | 1.22 MB | 1.22 MB | | jsonpath-plus | 10.3.0 | 617.18 kB | 1.08 MB | | lru-cache | 10.4.3 | 804.3 kB | 804.3 kB | | import-in-the-middle | 2.0.0 | 68.46 kB | 797.03 kB | | @datadog/openfeature-node-server | 0.1.0-preview.10 | 95.11 kB | 401.46 kB | | opentracing | 0.14.7 | 194.81 kB | 194.81 kB | | source-map | 0.7.6 | 185.63 kB | 185.63 kB | | pprof-format | 2.2.1 | 163.06 kB | 163.06 kB | | @datadog/sketches-js | 2.1.1 | 109.9 kB | 109.9 kB | | lodash.sortby | 4.7.0 | 75.76 kB | 75.76 kB | | ignore | 7.0.5 | 63.38 kB | 63.38 kB | | istanbul-lib-coverage | 3.2.2 | 34.37 kB | 34.37 kB | | rfdc | 1.4.1 | 27.15 kB | 27.15 kB | | dc-polyfill | 0.1.10 | 26.73 kB | 26.73 kB | | @isaacs/ttlcache | 1.4.1 | 25.2 kB | 25.2 kB | | tlhunter-sorted-set | 0.1.0 | 24.94 kB | 24.94 kB | | shell-quote | 1.8.3 | 23.74 kB | 23.74 kB | | limiter | 1.1.5 | 23.17 kB | 23.17 kB | | retry | 0.13.1 | 18.85 kB | 18.85 kB | | semifies | 1.0.0 | 15.84 kB | 15.84 kB | | jest-docblock | 29.7.0 | 8.99 kB | 12.76 kB | | crypto-randomuuid | 1.0.0 | 11.18 kB | 11.18 kB | | ttl-set | 1.0.0 | 4.61 kB | 9.69 kB | | mutexify | 1.4.0 | 5.71 kB | 8.74 kB | | path-to-regexp | 0.1.12 | 6.6 kB | 6.6 kB | | module-details-from-path | 1.0.4 | 3.96 kB | 3.96 kB |

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

[datadog-official]

⚠️ Tests

⚠️ Warnings

❄️ 2 New flaky tests detected

cypress@14.5.4 esm intelligent test runner reports code coverage relative to the repository root, not working directory from integration-tests/cypress/cypress.spec.js (Datadog)

expected [] to be a superset of [ …(4) ]

cypress@14.5.4 esm intelligent test runner reports itr_correlation_id in tests from integration-tests/cypress/cypress.spec.js (Datadog)

Timeout of 80000ms exceeded. For async tests and hooks, ensure "done()" is called; if returning a Promise, ensure it resolves. (/home/runner/work/dd-trace-js/dd-trace-js/integration-tests/cypress/cypress.spec.js)

🧪 2 Tests failed

ESM with NODE_OPTIONS=--import dd-trace/initialize.mjs should detect COMMAND_INJECTION vulnerability from with NODE_OPTIONS=--import dd-trace/initialize.mjs (Datadog)

timeout, additionally:
AssertionError: expected { …(18) } to have property '_dd.iast.json'
    at /home/runner/work/dd-trace-js/dd-trace-js/integration-tests/appsec/iast.esm.spec.js:71:20
    at verifySpan (/home/runner/work/dd-trace-js/dd-trace-js/integration-tests/appsec/iast.esm.spec.js:56:15)
    at /home/runner/work/dd-trace-js/dd-trace-js/integration-tests/appsec/iast.esm.spec.js:70:11
    at FakeAgent.messageHandler (/home/runner/work/dd-trace-js/dd-trace-js/integration-tests/helpers/fake-agent.js:152:9)
    at FakeAgent.emit (node:events:517:28)
    at /home/runner/work/dd-trace-js/dd-trace-js/integration-tests/helpers/fake-agent.js:289:11
    at Layer.handleRequest (/home/runner/work/dd-trace-js/dd-trace-js/node_modules/router/lib/layer.js:152:17)
    at next (/home/runner/work/dd-trace-js/dd-trace-js/node_modules/router/lib/route.js:157:13)
...

ESM with NODE_OPTIONS=--import dd-trace/initialize.mjs should detect COMMAND_INJECTION vulnerability in imported file from with NODE_OPTIONS=--import dd-trace/initialize.mjs (Datadog)

timeout, additionally:
AssertionError: expected { …(18) } to have property '_dd.iast.json'
    at /home/runner/work/dd-trace-js/dd-trace-js/integration-tests/appsec/iast.esm.spec.js:82:20
    at verifySpan (/home/runner/work/dd-trace-js/dd-trace-js/integration-tests/appsec/iast.esm.spec.js:56:15)
    at /home/runner/work/dd-trace-js/dd-trace-js/integration-tests/appsec/iast.esm.spec.js:81:11
    at FakeAgent.messageHandler (/home/runner/work/dd-trace-js/dd-trace-js/integration-tests/helpers/fake-agent.js:152:9)
    at FakeAgent.emit (node:events:517:28)
    at /home/runner/work/dd-trace-js/dd-trace-js/integration-tests/helpers/fake-agent.js:289:11
    at Layer.handleRequest (/home/runner/work/dd-trace-js/dd-trace-js/node_modules/router/lib/layer.js:152:17)
    at next (/home/runner/work/dd-trace-js/dd-trace-js/node_modules/router/lib/route.js:157:13)
...

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: d44b67d | Docs | Was this helpful? Give us feedback!}

[pr-commenter]

Benchmarks

Benchmark execution time: 2025-10-21 10:14:23

Comparing candidate commit d44b67d in PR branch dependabot/npm_and_yarn/import-in-the-middle-2.0.0 with baseline commit 1c78dee in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 1597 metrics, 73 unstable metrics.