[Snyk] Security upgrade elastic-apm-node from 3.8.0 to 4.8.0

[freezy]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	601/1000 Why? Recently disclosed, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: elastic-apm-node

The new version differs by 250 commits.

• aa638c5 release 4.8.0 (#4264)
• ef1521c chore(deps): bump cookie from 0.7.1 to 0.7.2 (#4263)
• b272d7d chore(deps): bump docker/build-push-action in the github-actions group (#4258)
• cbdc892 chore(deps): bump cookie from 0.6.0 to 0.7.1 (#4261)
• 07c4ec4 chore(deps): bump import-in-the-middle from 1.11.1 to 1.11.2 (#4260)
• 0bfcaf1 chore(deps): update docker.elastic.co/wolfi/chainguard-base:latest docker digest to 90888b1 (#4257)
• 0c1f50f chore(deps): bump docker/build-push-action from 6.7.0 to 6.8.0 in the github-actions group (#4252)
• 10a7ab8 test: attempted fix of flaky 'span slower than configured spanStackTraceMinDuration' test (#4256)
• 5c9e59a chore(deps): update docker.elastic.co/wolfi/chainguard-base:latest docker digest to 5186816 (#4255)
• 9397499 chore(deps-dev): bump @ types/node from 22.5.2 to 22.7.4 (#4254)
• ce04d9b chore(deps): update docker.elastic.co/wolfi/chainguard-base:latest docker digest to a51a1cd (#4241)
• 3e27d26 chore(deps): bump import-in-the-middle from 1.11.0 to 1.11.1 (#4253)
• 54cd2c3 github-action: use elastic/oblt-actions/github/is-member-of (#4250)
• 891a983 chore(deps-dev): update fastify to 5.0.0 and @ fastify/formbody to 8.0.1 (#4248)
• 09dbbfe chore(deps-dev): bump pg from 8.12.0 to 8.13.0 (#4245)
• c566823 chore(deps-dev): bump @ koa/router from 13.0.1 to 13.1.0 (#4244)
• 2d084c5 chore(deps): update docker.elastic.co/wolfi/chainguard-base:latest docker digest to d4def25 (#4240)
• c79a528 github-action: use ephemeral tokens with the required permissions (#4225)
• dd7edfb test(express): drop express@5 from TAV tests (#4239)
• 2deee2a chore: update supported technologies (#4237)
• b0185f8 feat: add support for koa-router@13 (#4236)
• cfc5178 chore(deps-dev): bump tape from 5.8.1 to 5.9.0 (#4234)
• e499316 chore(deps-dev): bump typescript from 5.5.4 to 5.6.2 (#4227)
• 79c0fd9 chore(deps-dev): bump wait-on from 8.0.0 to 8.0.1 (#4228)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)