Having some way to keep up with dependency updates, both for security and bitrot, is important. Dependabot can help with this. We've been using it (relatively) successfully on opbeans-node. Soon we will be using a package-lock file (#2626) which will make it slightly less likely that we'll notice bitrot-related updates as a matter of course.
As well for the OTel Bridge (#2641) it is important we update and release quickly for new minor releases of @opentelemetry/api: https://github.com/elastic/apm-agent-nodejs/blob/main/lib/opentelemetry-bridge/README.md#maintenance
Having some way to keep up with dependency updates, both for security and bitrot, is important. Dependabot can help with this. We've been using it (relatively) successfully on opbeans-node. Soon we will be using a package-lock file (#2626) which will make it slightly less likely that we'll notice bitrot-related updates as a matter of course.
As well for the OTel Bridge (#2641) it is important we update and release quickly for new minor releases of
@opentelemetry/api: https://github.com/elastic/apm-agent-nodejs/blob/main/lib/opentelemetry-bridge/README.md#maintenance