chore(release): merge release/2.1.5 into master (#210)

* fix: package.json & package-lock.json to reduce vulnerabilities (#169)

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AXIOS-9403194

Co-authored-by: snyk-bot <snyk-bot@snyk.io>

* chore: use exact versions for github actions (#170)

* Merge pull request #176 from rudderlabs/dependabot/github_actions/develop/slackapi/slack-github-action-2.1.0

chore(deps): bump slackapi/slack-github-action from 2.0.0 to 2.1.0

* chore(deps): bump SonarSource/sonarqube-scan-action from 5.0.0 to 5.2.0 (#177)

Bumps [SonarSource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) from 5.0.0 to 5.2.0.
- [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases)
- [Commits](SonarSource/sonarqube-scan-action@0303d6b...2500896)

---
updated-dependencies:
- dependency-name: SonarSource/sonarqube-scan-action
  dependency-version: 5.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump eslint-config-prettier from 9.1.0 to 10.1.5 (#180)

Bumps [eslint-config-prettier](https://github.com/prettier/eslint-config-prettier) from 9.1.0 to 10.1.5.
- [Release notes](https://github.com/prettier/eslint-config-prettier/releases)
- [Changelog](https://github.com/prettier/eslint-config-prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/eslint-config-prettier@v9.1.0...v10.1.5)

---
updated-dependencies:
- dependency-name: eslint-config-prettier
  dependency-version: 10.1.5
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump lint-staged from 15.2.10 to 16.0.0 (#182)

Bumps [lint-staged](https://github.com/lint-staged/lint-staged) from 15.2.10 to 16.0.0.
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](lint-staged/lint-staged@v15.2.10...v16.0.0)

---
updated-dependencies:
- dependency-name: lint-staged
  dependency-version: 16.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump codecov/codecov-action from 5.4.0 to 5.4.3 (#178)

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.4.0 to 5.4.3.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@0565863...18283e0)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: 5.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump the npm-deps group with 16 updates (#179)

* chore(deps): bump the npm-deps group with 16 updates

Bumps the npm-deps group with 16 updates:

| Package | From | To |
| --- | --- | --- |
| [axios](https://github.com/axios/axios) | `1.8.3` | `1.9.0` |
| [uuid](https://github.com/uuidjs/uuid) | `11.0.2` | `11.1.0` |
| [@babel/eslint-parser](https://github.com/babel/babel/tree/HEAD/eslint/babel-eslint-parser) | `7.25.9` | `7.27.1` |
| [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) | `7.26.0` | `7.27.2` |
| [@commitlint/config-conventional](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/config-conventional) | `19.5.0` | `19.8.1` |
| [@size-limit/preset-app](https://github.com/ai/size-limit) | `11.1.6` | `11.2.0` |
| [ava](https://github.com/avajs/ava) | `6.2.0` | `6.3.0` |
| [commitlint](https://github.com/conventional-changelog/commitlint/tree/HEAD/@alias/commitlint) | `19.5.0` | `19.8.1` |
| [dotenv](https://github.com/motdotla/dotenv) | `16.4.5` | `16.5.0` |
| [eslint-plugin-compat](https://github.com/amilajack/eslint-plugin-compat) | `6.0.1` | `6.0.2` |
| [husky](https://github.com/typicode/husky) | `9.1.6` | `9.1.7` |
| [np](https://github.com/sindresorhus/np) | `10.0.7` | `10.2.0` |
| [prettier](https://github.com/prettier/prettier) | `3.3.3` | `3.5.3` |
| [size-limit](https://github.com/ai/size-limit) | `11.1.6` | `11.2.0` |
| [typescript](https://github.com/microsoft/TypeScript) | `5.6.3` | `5.8.3` |
| [bull](https://github.com/OptimalBits/bull) | `4.16.4` | `4.16.5` |


Updates `axios` from 1.8.3 to 1.9.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.8.3...v1.9.0)

Updates `uuid` from 11.0.2 to 11.1.0
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v11.0.2...v11.1.0)

Updates `@babel/eslint-parser` from 7.25.9 to 7.27.1
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.27.1/eslint/babel-eslint-parser)

Updates `@babel/preset-env` from 7.26.0 to 7.27.2
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.27.2/packages/babel-preset-env)

Updates `@commitlint/config-conventional` from 19.5.0 to 19.8.1
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/config-conventional/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v19.8.1/@commitlint/config-conventional)

Updates `@size-limit/preset-app` from 11.1.6 to 11.2.0
- [Release notes](https://github.com/ai/size-limit/releases)
- [Changelog](https://github.com/ai/size-limit/blob/main/CHANGELOG.md)
- [Commits](ai/size-limit@11.1.6...11.2.0)

Updates `ava` from 6.2.0 to 6.3.0
- [Release notes](https://github.com/avajs/ava/releases)
- [Commits](avajs/ava@v6.2.0...v6.3.0)

Updates `commitlint` from 19.5.0 to 19.8.1
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@alias/commitlint/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v19.8.1/@alias/commitlint)

Updates `dotenv` from 16.4.5 to 16.5.0
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v16.4.5...v16.5.0)

Updates `eslint-plugin-compat` from 6.0.1 to 6.0.2
- [Release notes](https://github.com/amilajack/eslint-plugin-compat/releases)
- [Changelog](https://github.com/amilajack/eslint-plugin-compat/blob/main/CHANGELOG.md)
- [Commits](amilajack/eslint-plugin-compat@v6.0.1...v6.0.2)

Updates `husky` from 9.1.6 to 9.1.7
- [Release notes](https://github.com/typicode/husky/releases)
- [Commits](typicode/husky@v9.1.6...v9.1.7)

Updates `np` from 10.0.7 to 10.2.0
- [Release notes](https://github.com/sindresorhus/np/releases)
- [Commits](sindresorhus/np@v10.0.7...v10.2.0)

Updates `prettier` from 3.3.3 to 3.5.3
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.3.3...3.5.3)

Updates `size-limit` from 11.1.6 to 11.2.0
- [Release notes](https://github.com/ai/size-limit/releases)
- [Changelog](https://github.com/ai/size-limit/blob/main/CHANGELOG.md)
- [Commits](ai/size-limit@11.1.6...11.2.0)

Updates `typescript` from 5.6.3 to 5.8.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release-publish.yml)
- [Commits](microsoft/TypeScript@v5.6.3...v5.8.3)

Updates `bull` from 4.16.4 to 4.16.5
- [Release notes](https://github.com/OptimalBits/bull/releases)
- [Changelog](https://github.com/OptimalBits/bull/blob/develop/CHANGELOG.md)
- [Commits](OptimalBits/bull@v4.16.4...v4.16.5)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: uuid
  dependency-version: 11.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: "@babel/eslint-parser"
  dependency-version: 7.27.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: "@babel/preset-env"
  dependency-version: 7.27.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: "@commitlint/config-conventional"
  dependency-version: 19.8.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: "@size-limit/preset-app"
  dependency-version: 11.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: ava
  dependency-version: 6.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: commitlint
  dependency-version: 19.8.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: dotenv
  dependency-version: 16.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: eslint-plugin-compat
  dependency-version: 6.0.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-deps
- dependency-name: husky
  dependency-version: 9.1.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-deps
- dependency-name: np
  dependency-version: 10.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: prettier
  dependency-version: 3.5.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: size-limit
  dependency-version: 11.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: typescript
  dependency-version: 5.8.3
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: bull
  dependency-version: 4.16.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-deps
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: revert ava version bump

* chore: update dependabot config

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sai Kumar Battinoju <saibattinoju@rudderstack.com>

* chore(deps-dev): bump express from 4.21.2 to 5.1.0 (#181)

* chore(deps-dev): bump express from 4.21.2 to 5.1.0

Bumps [express](https://github.com/expressjs/express) from 4.21.2 to 5.1.0.
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@4.21.2...v5.1.0)

---
updated-dependencies:
- dependency-name: express
  dependency-version: 5.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* chore: fix deps

* chore: fix package-lock.json

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sai Kumar Battinoju <saibattinoju@rudderstack.com>

* chore(deps-dev): bump body-parser from 1.20.3 to 2.2.0 (#186)

Bumps [body-parser](https://github.com/expressjs/body-parser) from 1.20.3 to 2.2.0.
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@1.20.3...v2.2.0)

---
updated-dependencies:
- dependency-name: body-parser
  dependency-version: 2.2.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump sinon from 19.0.2 to 20.0.0 (#187)

Bumps [sinon](https://github.com/sinonjs/sinon) from 19.0.2 to 20.0.0.
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md)
- [Commits](sinonjs/sinon@v19.0.2...v20.0.0)

---
updated-dependencies:
- dependency-name: sinon
  dependency-version: 20.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump the npm-deps group across 1 directory with 7 updates (#192)

* chore(deps): bump the npm-deps group across 1 directory with 7 updates

Bumps the npm-deps group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [axios](https://github.com/axios/axios) | `1.9.0` | `1.10.0` |
| [@babel/eslint-parser](https://github.com/babel/babel/tree/HEAD/eslint/babel-eslint-parser) | `7.27.1` | `7.27.5` |
| [ava](https://github.com/avajs/ava) | `6.2.0` | `6.4.0` |
| [dotenv](https://github.com/motdotla/dotenv) | `16.5.0` | `16.6.0` |
| [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import) | `2.31.0` | `2.32.0` |
| [lint-staged](https://github.com/lint-staged/lint-staged) | `16.0.0` | `16.1.2` |
| [prettier](https://github.com/prettier/prettier) | `3.5.3` | `3.6.1` |



Updates `axios` from 1.9.0 to 1.10.0
- [Release notes](https://github.com/axios/axios/releases)
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md)
- [Commits](axios/axios@v1.9.0...v1.10.0)

Updates `@babel/eslint-parser` from 7.27.1 to 7.27.5
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.27.5/eslint/babel-eslint-parser)

Updates `ava` from 6.2.0 to 6.4.0
- [Release notes](https://github.com/avajs/ava/releases)
- [Commits](avajs/ava@v6.2.0...v6.4.0)

Updates `dotenv` from 16.5.0 to 16.6.0
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v16.5.0...v16.6.0)

Updates `eslint-plugin-import` from 2.31.0 to 2.32.0
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases)
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md)
- [Commits](import-js/eslint-plugin-import@v2.31.0...v2.32.0)

Updates `lint-staged` from 16.0.0 to 16.1.2
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](lint-staged/lint-staged@v16.0.0...v16.1.2)

Updates `prettier` from 3.5.3 to 3.6.1
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.5.3...3.6.1)

---
updated-dependencies:
- dependency-name: axios
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: "@babel/eslint-parser"
  dependency-version: 7.27.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-deps
- dependency-name: ava
  dependency-version: 6.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: dotenv
  dependency-version: 16.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: eslint-plugin-import
  dependency-version: 2.32.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: lint-staged
  dependency-version: 16.1.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: prettier
  dependency-version: 3.6.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
...

Signed-off-by: dependabot[bot] <support@github.com>

* test: close lingering timers

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: AI Assistant <saibattinoju@rudderstack.com>

* chore(deps-dev): bump prettier from 3.6.1 to 3.6.2 in the npm-deps group (#193)

Bumps the npm-deps group with 1 update: [prettier](https://github.com/prettier/prettier).


Updates `prettier` from 3.6.1 to 3.6.2
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.6.1...3.6.2)

---
updated-dependencies:
- dependency-name: prettier
  dependency-version: 3.6.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump eslint-plugin-sonarjs from 2.0.4 to 3.0.4 (#197)

Bumps [eslint-plugin-sonarjs](https://github.com/SonarSource/SonarJS) from 2.0.4 to 3.0.4.
- [Release notes](https://github.com/SonarSource/SonarJS/releases)
- [Commits](https://github.com/SonarSource/SonarJS/commits)

---
updated-dependencies:
- dependency-name: eslint-plugin-sonarjs
  dependency-version: 3.0.4
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump sinon from 20.0.0 to 21.0.0 (#196)

Bumps [sinon](https://github.com/sinonjs/sinon) from 20.0.0 to 21.0.0.
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md)
- [Commits](https://github.com/sinonjs/sinon/commits)

---
updated-dependencies:
- dependency-name: sinon
  dependency-version: 21.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump dotenv from 16.6.0 to 17.0.0 (#194)

Bumps [dotenv](https://github.com/motdotla/dotenv) from 16.6.0 to 17.0.0.
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v16.6.0...v17.0.0)

---
updated-dependencies:
- dependency-name: dotenv
  dependency-version: 17.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump dotenv from 17.0.0 to 17.0.1 in the npm-deps group (#198)

Bumps the npm-deps group with 1 update: [dotenv](https://github.com/motdotla/dotenv).


Updates `dotenv` from 17.0.0 to 17.0.1
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v17.0.0...v17.0.1)

---
updated-dependencies:
- dependency-name: dotenv
  dependency-version: 17.0.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: update dependabot schedule to weekly

* chore(deps-dev): bump the npm-deps group with 2 updates (#200)

Bumps the npm-deps group with 2 updates: [@babel/eslint-parser](https://github.com/babel/babel/tree/HEAD/eslint/babel-eslint-parser) and [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env).


Updates `@babel/eslint-parser` from 7.27.5 to 7.28.0
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.0/eslint/babel-eslint-parser)

Updates `@babel/preset-env` from 7.27.2 to 7.28.0
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.28.0/packages/babel-preset-env)

---
updated-dependencies:
- dependency-name: "@babel/eslint-parser"
  dependency-version: 7.28.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
- dependency-name: "@babel/preset-env"
  dependency-version: 7.28.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump dotenv from 17.0.1 to 17.1.0 in the npm-deps group (#201)

Bumps the npm-deps group with 1 update: [dotenv](https://github.com/motdotla/dotenv).


Updates `dotenv` from 17.0.1 to 17.1.0
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v17.0.1...v17.1.0)

---
updated-dependencies:
- dependency-name: dotenv
  dependency-version: 17.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump the npm-deps group across 1 directory with 2 updates (#204)

Bumps the npm-deps group with 2 updates in the / directory: [ava](https://github.com/avajs/ava) and [dotenv](https://github.com/motdotla/dotenv).


Updates `ava` from 6.4.0 to 6.4.1
- [Release notes](https://github.com/avajs/ava/releases)
- [Commits](avajs/ava@v6.4.0...v6.4.1)

Updates `dotenv` from 17.1.0 to 17.2.0
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v17.1.0...v17.2.0)

---
updated-dependencies:
- dependency-name: ava
  dependency-version: 6.4.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-deps
- dependency-name: dotenv
  dependency-version: 17.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps): bump slackapi/slack-github-action from 2.1.0 to 2.1.1 (#203)

Bumps [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) from 2.1.0 to 2.1.1.
- [Release notes](https://github.com/slackapi/slack-github-action/releases)
- [Commits](slackapi/slack-github-action@b0fa283...91efab1)

---
updated-dependencies:
- dependency-name: slackapi/slack-github-action
  dependency-version: 2.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore(deps-dev): bump eslint-config-prettier in the npm-deps group (#206)

Bumps the npm-deps group with 1 update: [eslint-config-prettier](https://github.com/prettier/eslint-config-prettier).


Updates `eslint-config-prettier` from 10.1.5 to 10.1.8
- [Release notes](https://github.com/prettier/eslint-config-prettier/releases)
- [Changelog](https://github.com/prettier/eslint-config-prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/eslint-config-prettier@v10.1.5...v10.1.8)

---
updated-dependencies:
- dependency-name: eslint-config-prettier
  dependency-version: 10.1.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: fix snyk vulnerabilities (#208)

* chore(release): 2.1.5

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Sai Kumar Battinoju <88789928+saikumarrs@users.noreply.github.com>
Co-authored-by: Sudip Paul <67197965+ItsSudip@users.noreply.github.com>
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sai Kumar Battinoju <saibattinoju@rudderstack.com>
Co-authored-by: GitHub actions <noreply@github.com>

Author: 5 people

.github/dependabot.yml

@@ -3,17 +3,25 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/" 
     schedule:
-      interval: "daily"
+      interval: "weekly"
     target-branch: "develop"
   - package-ecosystem: "npm"
     directory: "/" 
     schedule:
-      interval: "daily"
+      interval: "weekly"
+    target-branch: "develop"
     groups:
-      npm-deps:
+      npm-prod-deps:
         patterns:
           - "*"
         update-types:
           - "minor"
           - "patch"
-    target-branch: "develop"
+        dependency-type: "production"
+      npm-dev-deps:
+        patterns:
+          - "*"
+        dependency-type: "development"
+        update-types:
+          - "minor"
+          - "patch"

.github/workflows/deploy-npm.yml

@@ -52,7 +52,7 @@ jobs:
       - name: Send message to Slack channel
         id: slack
         continue-on-error: true
-        uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d  # v2.0.0
+        uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a  # v2.1.1
         env:
           PROJECT_NAME: 'Node.js SDK'
           NPM_PACKAGE_URL: 'https://www.npmjs.com/package/@rudderstack/rudder-sdk-node'

.github/workflows/test.yml

@@ -38,13 +38,13 @@ jobs:
           ./scripts/fix-reports-path-in-github-runner.sh
 
       - name: SonarQube Scan
-        uses: SonarSource/sonarqube-scan-action@0303d6b62e310685c0e34d0b9cde218036885c4d  # v5.0.0
+        uses: SonarSource/sonarqube-scan-action@2500896589ef8f7247069a56136f8dc177c27ccf  # v5.2.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
       - name: Upload coverage reports to Codecov
-        uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574  # v5.4.0
+        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24  # v5.4.3
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
         with:

CHANGELOG.md

@@ -2,6 +2,13 @@
 
 All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 
+### [2.1.5](https://github.com/rudderlabs/rudder-sdk-node/compare/v2.1.4...v2.1.5) (2025-07-22)
+
+
+### Bug Fixes
+
+* package.json & package-lock.json to reduce vulnerabilities ([#169](https://github.com/rudderlabs/rudder-sdk-node/issues/169)) ([23d9be9](https://github.com/rudderlabs/rudder-sdk-node/commit/23d9be94b352b9dea885cc74d2c22f67fda24d10))
+
 ### [2.1.4](https://github.com/rudderlabs/rudder-sdk-node/compare/v2.1.3...v2.1.4) (2025-03-24)
 
 

__tests__/index.test.js

@@ -28,6 +28,12 @@ const port = 4063;
 const separateAxiosClientPort = 4064;
 const retryCount = 2;
 
+let server;
+// Track active timeouts to clear them during cleanup
+let activeTimeouts = [];
+// Track all created clients to clean up their timers
+let createdClients = [];
+
 const createClient = async (options) => {
   const newOptions = { ...options, logLevel: 'error', gzip: false };
   if (!newOptions.host && !newOptions.dataPlaneUrl) {
@@ -40,11 +46,12 @@ const createClient = async (options) => {
   client.flush = pify(client.flush.bind(client));
   client.flushed = true;
 
+  // Track the client for cleanup
+  createdClients.push(client);
+
   return client;
 };
 
-let server;
-
 test.before((t) => {
   let count = 0;
   server = express()
@@ -73,14 +80,17 @@ test.before((t) => {
       }
 
       if (batch[0] === 'timeout') {
-        return globalThis.setTimeout(() => res.end(), 5000);
+        // Store the timeout ID so we can clear it during cleanup
+        const timeoutId = globalThis.setTimeout(() => res.end(), 5000);
+        activeTimeouts.push(timeoutId);
+        return timeoutId;
       }
 
       // console.log("=== response===", JSON.stringify(req.body));
       // res.json(req.body);
       if (batch[0] === 'axios-retry') {
         count += 1;
-        if (count === retryCount) return res.json({});
+        if (count === retryCount) return res.status(200).json({});
         return res.status(503).json({
           error: { message: 'Service Unavailable' },
         });
@@ -92,13 +102,36 @@ test.before((t) => {
         });
       }
 
-      return res.json({});
+      return res.status(200).json({});
     })
     .listen(port, t.end);
 });
 
-test.after(() => {
-  server.close();
+test.after.always(async () => {
+  // Clear any active timeouts before closing the server
+  activeTimeouts.forEach((timeoutId) => {
+    globalThis.clearTimeout(timeoutId);
+  });
+  activeTimeouts = [];
+
+  // Clean up all Analytics clients by clearing their timers
+  createdClients.forEach((client) => {
+    if (client.timer) {
+      clearTimeout(client.timer);
+    }
+    if (client.flushTimer) {
+      clearTimeout(client.flushTimer);
+    }
+  });
+  createdClients = [];
+
+  // Properly close the server and wait for it to finish
+  if (server) {
+    await new Promise((resolve) => {
+      server.close(resolve);
+    });
+  }
+
   Sinon.restore();
 });