@netlify/build 29.14.1 → 29.15.1

package/lib/core/build.js

@@ -30,8 +30,8 @@ export const startBuild = function (flags) {
     }
     const { bugsnagKey, tracingOpts, debug, systemLogFile, ...flagsA } = normalizeFlags(flags, logs);
     const errorMonitor = startErrorMonitor({ flags: { tracingOpts, debug, systemLogFile, ...flagsA }, logs, bugsnagKey });
-    startTracing(tracingOpts, getSystemLogger(logs, debug, systemLogFile));
-    return { ...flagsA, debug, systemLogFile, errorMonitor, logs, timers };
+    const rootTracingContext = startTracing(tracingOpts, getSystemLogger(logs, debug, systemLogFile));
+    return { ...flagsA, rootTracingContext, debug, systemLogFile, errorMonitor, logs, timers };
 };
 const tExecBuild = async function ({ config, defaultConfig, cachedConfig, cachedConfigPath, outputConfigPath, cwd, repositoryRoot, apiHost, token, siteId, context, branch, baseRelDir, env: envOpt, debug, systemLogFile, verbose, nodePath, functionsDistDir, edgeFunctionsDistDir, cacheDir, dry, mode, offline, deployId, buildId, testOpts, errorMonitor, errorParams, logs, timers, buildbotServerSocket, sendStatus, saveConfig, featureFlags, timeline, devCommand, quiet, framework, explicitSecretKeys, }) {
     const configOpts = getConfigOpts({

package/lib/core/flags.js

@@ -198,6 +198,16 @@ Default: false`,
         describe: 'Enable distributed tracing for build',
         hidden: true,
     },
+    'tracing.apiKey': {
+        string: true,
+        describe: 'API Key for the tracing backend provider',
+        hidden: true,
+    },
+    'tracing.httpProtocol': {
+        string: true,
+        describe: 'Traces backend protocol. HTTP or HTTPS.',
+        hidden: true,
+    },
     'tracing.host': {
         string: true,
         describe: 'Traces backend host',

package/lib/core/main.js

@@ -1,4 +1,4 @@
-import { trace } from '@opentelemetry/api';
+import { trace, context } from '@opentelemetry/api';
 import { handleBuildError } from '../error/handle.js';
 import { reportError } from '../error/report.js';
 import { getSystemLogger } from '../log/logger.js';
@@ -19,7 +19,7 @@ const tracer = trace.getTracer('core');
  * @param flags - build configuration CLI flags
  */
 export default async function buildSite(flags = {}) {
-    const { errorMonitor, framework, mode, logs, debug, systemLogFile, testOpts, statsdOpts, dry, telemetry, buildId, deployId, ...flagsA } = startBuild(flags);
+    const { errorMonitor, framework, mode, logs, debug, systemLogFile, testOpts, statsdOpts, dry, telemetry, buildId, deployId, rootTracingContext, ...flagsA } = startBuild(flags);
     const errorParams = { errorMonitor, mode, logs, debug, testOpts };
     const systemLog = getSystemLogger(logs, debug, systemLogFile);
     const attributes = {
@@ -28,7 +28,7 @@ export default async function buildSite(flags = {}) {
         'deploy.context': flagsA.context,
         'site.id': flagsA.siteId,
     };
-    const rootCtx = setMultiSpanAttributes(attributes);
+    const rootCtx = context.with(rootTracingContext, () => setMultiSpanAttributes(attributes));
     return await tracer.startActiveSpan('exec-build', {}, rootCtx, async (span) => {
         try {
             const { pluginsOptions, netlifyConfig: netlifyConfigA, siteInfo, userNodeVersion, stepsCount, timers, durationNs, configMutations, metrics, } = await execBuild({

package/lib/core/normalize_flags.js

@@ -8,6 +8,7 @@ const DEFAULT_FUNCTIONS_DIST = '.netlify/functions/';
 const DEFAULT_CACHE_DIR = '.netlify/cache/';
 const DEFAULT_STATSD_PORT = 8125;
 const DEFAULT_OTEL_TRACING_PORT = 4317;
+const DEFAULT_OTEL_ENDPOINT_PROTOCOL = 'http';
 /** Normalize CLI flags  */
 export const normalizeFlags = function (flags, logs) {
     const rawFlags = removeFalsy(flags);
@@ -53,7 +54,14 @@ const getDefaultFlags = function ({ env: envOpt = {} }, combinedEnv) {
         testOpts: {},
         featureFlags: DEFAULT_FEATURE_FLAGS,
         statsd: { port: DEFAULT_STATSD_PORT },
-        tracing: { enabled: false, port: DEFAULT_OTEL_TRACING_PORT },
+        // tracing.apiKey defaults to '-' else we'll get warning logs if not using
+        // honeycomb directly - https://github.com/honeycombio/honeycomb-opentelemetry-node/issues/201
+        tracing: {
+            enabled: false,
+            apiKey: '-',
+            httpProtocol: DEFAULT_OTEL_ENDPOINT_PROTOCOL,
+            port: DEFAULT_OTEL_TRACING_PORT,
+        },
         timeline: 'build',
         quiet: false,
     };

package/lib/error/type.js

@@ -92,6 +92,11 @@ const TYPES = {
         locationType: 'functionsBundling',
         severity: 'info',
     },
+    secretScanningFoundSecrets: {
+        title: 'Secrets scanning detected secrets in files during build.',
+        stackType: 'none',
+        severity: 'error',
+    },
     // Plugin called `utils.build.failBuild()`
     failBuild: {
         title: ({ location: { packageName } }) => `Plugin "${packageName}" failed`,

package/lib/log/messages/core_steps.js

@@ -1,5 +1,5 @@
 import path from 'path';
-import { log, logArray, logErrorSubHeader, logWarningSubHeader } from '../logger.js';
+import { log, logArray, logError, logErrorSubHeader, logWarningSubHeader } from '../logger.js';
 import { THEME } from '../theme.js';
 const logBundleResultFunctions = ({ functions, headerMessage, logs, error }) => {
     const functionNames = functions.map(({ path: functionPath }) => path.basename(functionPath));
@@ -73,3 +73,25 @@ const logModulesWithDynamicImports = ({ logs, modulesWithDynamicImports }) => {
   Visit https://ntl.fyi/dynamic-imports for more information.
   `);
 };
+export const logSecretsScanSkipMessage = function (logs, msg) {
+    log(logs, msg, { color: THEME.warningHighlightWords });
+};
+export const logSecretsScanSuccessMessage = function (logs, msg) {
+    log(logs, msg, { color: THEME.highlightWords });
+};
+export const logSecretsScanFailBuildMessage = function ({ logs, scanResults, groupedResults }) {
+    logErrorSubHeader(logs, `Secrets scanning found ${scanResults.matches.length} instance(s) of secrets in build output or repo code.\n`);
+    Object.keys(groupedResults).forEach((key) => {
+        logError(logs, `Secret env var "${key}"'s value detected:`);
+        groupedResults[key]
+            .sort((a, b) => {
+            return a.file > b.file ? 0 : 1;
+        })
+            .forEach(({ lineNumber, file }) => {
+            logError(logs, `found value at line ${lineNumber} in ${file}`, { indent: true });
+        });
+    });
+    logError(logs, `\nTo prevent exposing secrets, the build will fail until these secret values are not found in build output or repo files.`);
+    logError(logs, `If these are expected, use SECRETS_SCAN_OMIT_PATHS, SECRETS_SCAN_OMIT_KEYS, or SECRETS_SCAN_ENABLED to prevent detecting.`);
+    logError(logs, `See the Netlify Docs for more information on secrets scanning.`);
+};

package/lib/plugins_core/secrets_scanning/index.js

@@ -0,0 +1,61 @@
+import { addErrorInfo } from '../../error/info.js';
+import { logSecretsScanFailBuildMessage, logSecretsScanSkipMessage, logSecretsScanSuccessMessage, } from '../../log/messages/core_steps.js';
+import { getFilePathsToScan, getSecretKeysToScanFor, groupScanResultsByKey, isSecretsScanningEnabled, scanFilesForKeyValues, } from './utils.js';
+const coreStep = async function ({ buildDir, logs, netlifyConfig, explicitSecretKeys, systemLog }) {
+    const stepResults = {};
+    const passedSecretKeys = (explicitSecretKeys || '').split(',');
+    const envVars = netlifyConfig.build.environment;
+    systemLog({ envVars, passedSecretKeys });
+    if (!isSecretsScanningEnabled(envVars)) {
+        logSecretsScanSkipMessage(logs, 'Secrets scanning disabled via SECRETS_SCAN_ENABLED flag set to false.');
+        return stepResults;
+    }
+    const keysToSearchFor = getSecretKeysToScanFor(envVars, passedSecretKeys);
+    systemLog({ keysToSearchFor });
+    if (keysToSearchFor.length === 0) {
+        logSecretsScanSkipMessage(logs, 'Secrets scanning skipped because no env vars marked as secret are set to non-empty/non-trivial values or they are all omitted with SECRETS_SCAN_OMIT_KEYS env var setting.');
+        return stepResults;
+    }
+    // buildDir is the repository root or the base folder
+    // The scanning will look at builddir so that it can review both repo pulled files
+    // and post build files
+    const filePaths = await getFilePathsToScan({ env: envVars, base: buildDir });
+    systemLog({ buildDir, filePaths });
+    if (filePaths.length === 0) {
+        logSecretsScanSkipMessage(logs, 'Secrets scanning skipped because there are no files or all files were omitted with SECRETS_SCAN_OMIT_PATHS env var setting.');
+        return stepResults;
+    }
+    const scanResults = await scanFilesForKeyValues({
+        env: envVars,
+        keys: keysToSearchFor,
+        base: buildDir,
+        filePaths,
+    });
+    if (scanResults.matches.length === 0) {
+        logSecretsScanSuccessMessage(logs, 'Secrets scanning complete. No secrets detected in build output or repo code.');
+        return stepResults;
+    }
+    // at this point we have found matching secrets
+    // Output the results and fail the build
+    logSecretsScanFailBuildMessage({ logs, scanResults, groupedResults: groupScanResultsByKey(scanResults) });
+    const error = new Error(`Secrets scanning found secrets in build.`);
+    addErrorInfo(error, { type: 'secretScanningFoundSecrets' });
+    throw error;
+};
+// We run this core step if the build was run with explicit secret keys. This
+// is passed from BB to build so only accounts that are allowed to have explicit
+// secrets and actually have them will have them.
+const hasExplicitSecretsKeys = function ({ explicitSecretKeys }) {
+    if (typeof explicitSecretKeys !== 'string') {
+        return false;
+    }
+    return explicitSecretKeys.length > 0;
+};
+export const scanForSecrets = {
+    event: 'onPostBuild',
+    coreStep,
+    coreStepId: 'secrets_scanning',
+    coreStepName: 'Secrets scanning',
+    coreStepDescription: () => 'Scanning for secrets in code and build output.',
+    condition: hasExplicitSecretsKeys,
+};

package/lib/plugins_core/secrets_scanning/utils.js

@@ -0,0 +1,258 @@
+import { createReadStream } from 'node:fs';
+import path from 'node:path';
+import { createInterface } from 'node:readline';
+import { fdir } from 'fdir';
+/**
+ * Determine if the user disabled scanning via env var
+ * @param env current envars
+ * @returns
+ */
+export function isSecretsScanningEnabled(env) {
+    if (env.SECRETS_SCAN_ENABLED === false || env.SECRETS_SCAN_ENABLED === 'false') {
+        return false;
+    }
+    return true;
+}
+/**
+ * given the explicit secret keys and env vars, return the list of secret keys which have non-empty or non-trivial values. This
+ * will also filter out keys passed in the SECRETS_SCAN_OMIT_KEYS env var.
+ *
+ * non-trivial values are values that are:
+ *  - >4 characters/digits
+ *  - not booleans
+ *
+ * @param env env vars list
+ * @param secretKeys
+ * @returns string[]
+ */
+export function getSecretKeysToScanFor(env, secretKeys) {
+    let omitKeys = [];
+    if (typeof env.SECRETS_SCAN_OMIT_KEYS === 'string') {
+        omitKeys = env.SECRETS_SCAN_OMIT_KEYS.split(',')
+            .map((s) => s.trim())
+            .filter(Boolean);
+    }
+    return secretKeys.filter((key) => {
+        if (omitKeys.includes(key)) {
+            return false;
+        }
+        const val = env[key];
+        if (typeof val === 'string') {
+            // string forms of booleans
+            if (val === 'true' || val === 'false') {
+                return false;
+            }
+            // non-trivial/non-empty values only
+            return val.trim().length > 4;
+        }
+        else if (typeof val === 'boolean') {
+            // booleans are trivial values
+            return false;
+        }
+        else if (typeof val === 'number' || typeof val === 'object') {
+            return JSON.stringify(val).length > 4;
+        }
+        return !!val;
+    });
+}
+/**
+ * Given the env and base directory, find all file paths to scan. It will look at the
+ * env vars to decide if it should omit certain paths.
+ *
+ * @param options
+ * @returns string[] of relative paths from base of files that should be searched
+ */
+export async function getFilePathsToScan({ env, base }) {
+    let files = await new fdir().withRelativePaths().crawl(base).withPromise();
+    // normalize the path separators to all use the forward slash
+    // this is needed for windows machines and snapshot tests consistency.
+    files = files.map((f) => f.split(path.sep).join('/'));
+    let omitPaths = [];
+    if (typeof env.SECRETS_SCAN_OMIT_PATHS === 'string') {
+        omitPaths = env.SECRETS_SCAN_OMIT_PATHS.split(',')
+            .map((s) => s.trim())
+            .filter(Boolean);
+    }
+    if (omitPaths.length > 0) {
+        files = files.filter((relativePath) => !omitPathMatches(relativePath, omitPaths));
+    }
+    return files;
+}
+// omit paths are relative path substrings.
+const omitPathMatches = (relativePath, omitPaths) => omitPaths.some((oPath) => relativePath.startsWith(oPath));
+/**
+ * Given the env vars, the current keys, paths, etc. Look across the provided files to find the values
+ * of the secrets based on the keys provided. It will process files separately in different read streams.
+ * The values that it looks for will be a unique set of plaintext, base64 encoded, and uri encoded permutations
+ * of each value - to catch common permutations that occur post build.
+ *
+ * @param scanArgs {ScanArgs} scan options
+ * @returns promise with all of the scan results, if any
+ */
+export async function scanFilesForKeyValues({ env, keys, filePaths, base }) {
+    const scanResults = {
+        matches: [],
+    };
+    const keyValues = keys.reduce((kvs, key) => {
+        let val = env[key];
+        if (typeof val === 'number' || typeof val === 'object') {
+            val = JSON.stringify(val);
+        }
+        if (typeof val === 'string') {
+            // to detect the secrets effectively
+            // normalize the value so that we remove leading and
+            // ending whitespace and newline characters
+            const normalizedVal = val.replace(/^\s*/, '').replace(/\s*$/, '');
+            kvs[key] = Array.from(new Set([normalizedVal, Buffer.from(normalizedVal).toString('base64'), encodeURIComponent(normalizedVal)]));
+        }
+        return kvs;
+    }, {});
+    const settledPromises = await Promise.allSettled(filePaths.map((file) => {
+        return searchStream(base, file, keyValues);
+    }));
+    settledPromises.forEach((result) => {
+        if (result.status === 'fulfilled' && result.value?.length > 0) {
+            scanResults.matches = scanResults.matches.concat(result.value);
+        }
+    });
+    return scanResults;
+}
+const searchStream = (basePath, file, keyValues) => {
+    return new Promise((resolve) => {
+        const filePath = path.resolve(basePath, file);
+        const inStream = createReadStream(filePath);
+        const rl = createInterface(inStream);
+        const matches = [];
+        const keyVals = [].concat(...Object.values(keyValues));
+        function getKeyForValue(val) {
+            let key = '';
+            for (const [secretKeyName, valuePermutations] of Object.entries(keyValues)) {
+                if (valuePermutations.includes(val)) {
+                    key = secretKeyName;
+                }
+            }
+            return key;
+        }
+        // how many lines is the largest multiline string
+        let maxMultiLineCount = 1;
+        keyVals.forEach((valVariant) => {
+            maxMultiLineCount = Math.max(maxMultiLineCount, valVariant.split('\n').length);
+        });
+        // search if not multi line or current accumulated lines length is less than num of lines
+        const lines = [];
+        let lineNumber = 0;
+        rl.on('line', function (line) {
+            // iterating here so the first line will always appear as line 1 to be human friendly
+            // and match what an IDE would show for a line number.
+            lineNumber++;
+            if (typeof line === 'string') {
+                if (maxMultiLineCount > 1) {
+                    lines.push(line);
+                }
+                // only track the max number of lines needed to match our largest
+                // multiline value. If we get above that remove the first value from the list
+                if (lines.length > maxMultiLineCount) {
+                    lines.shift();
+                }
+                keyVals.forEach((valVariant) => {
+                    // matching of single/whole values
+                    if (line.search(new RegExp(valVariant)) >= 0) {
+                        matches.push({
+                            file,
+                            lineNumber,
+                            key: getKeyForValue(valVariant),
+                        });
+                        return;
+                    }
+                    // matching of multiline values
+                    if (isMultiLineVal(valVariant)) {
+                        // drop empty values at beginning and end
+                        const multiStringLines = valVariant.split('\n');
+                        // drop early if we don't have enough lines for all values
+                        if (lines.length < multiStringLines.length) {
+                            return;
+                        }
+                        let stillMatches = true;
+                        let fullMatch = false;
+                        multiStringLines.forEach((valLine, valIndex) => {
+                            if (valIndex === 0) {
+                                // first lines have to end with the line value
+                                if (!lines[valIndex].endsWith(valLine)) {
+                                    stillMatches = false;
+                                }
+                            }
+                            else if (valIndex !== multiStringLines.length - 1) {
+                                // middle lines have to have full line match
+                                // middle lines
+                                if (lines[valIndex] !== valLine) {
+                                    stillMatches = false;
+                                }
+                            }
+                            else {
+                                // last lines have start with the value
+                                if (!lines[valIndex].startsWith(valLine)) {
+                                    stillMatches = false;
+                                }
+                                if (stillMatches === true) {
+                                    fullMatch = true;
+                                }
+                            }
+                        });
+                        if (fullMatch) {
+                            matches.push({
+                                file,
+                                lineNumber: lineNumber - lines.length + 1,
+                                key: getKeyForValue(valVariant),
+                            });
+                            return;
+                        }
+                    }
+                });
+            }
+        });
+        rl.on('close', function () {
+            resolve(matches);
+        });
+    });
+};
+/**
+ * ScanResults are all of the finds for all keys and their disparate locations. Scanning is
+ * async in streams so order can change a lot. This function groups the results into an object
+ * where the keys are the env var keys and the values are all match results for that key
+ *
+ * @param scanResults
+ * @returns
+ */
+export function groupScanResultsByKey(scanResults) {
+    const matchesByKeys = {};
+    scanResults.matches.forEach((matchResult) => {
+        if (!matchesByKeys[matchResult.key]) {
+            matchesByKeys[matchResult.key] = [];
+        }
+        matchesByKeys[matchResult.key].push(matchResult);
+    });
+    // sort results to get a consistent output and logically ordered match results
+    Object.keys(matchesByKeys).forEach((key) => {
+        matchesByKeys[key].sort((a, b) => {
+            // sort by file name first
+            if (a.file > b.file) {
+                return 1;
+            }
+            // sort by line number second
+            if (a.file === b.file) {
+                if (a.lineNumber > b.lineNumber) {
+                    return 1;
+                }
+                if (a.lineNumber === b.lineNumber) {
+                    return 0;
+                }
+                return -1;
+            }
+            return -1;
+        });
+    });
+    return matchesByKeys;
+}
+function isMultiLineVal(v) {
+    return typeof v === 'string' && v.includes('\n');
+}

package/lib/steps/get.js

@@ -4,6 +4,7 @@ import { deploySite } from '../plugins_core/deploy/index.js';
 import { bundleEdgeFunctions } from '../plugins_core/edge_functions/index.js';
 import { bundleFunctions } from '../plugins_core/functions/index.js';
 import { saveArtifacts } from '../plugins_core/save_artifacts/index.js';
+import { scanForSecrets } from '../plugins_core/secrets_scanning/index.js';
 // Get all build steps
 export const getSteps = function (steps) {
     const stepsA = addCoreSteps(steps);
@@ -28,7 +29,7 @@ export const getDevSteps = function (command, steps) {
     return { steps: sortedSteps, events };
 };
 const addCoreSteps = function (steps) {
-    return [buildCommandCore, ...steps, bundleFunctions, bundleEdgeFunctions, deploySite, saveArtifacts];
+    return [buildCommandCore, ...steps, bundleFunctions, bundleEdgeFunctions, scanForSecrets, deploySite, saveArtifacts];
 };
 // Sort plugin steps by event order.
 const sortSteps = function (steps, events) {

package/lib/steps/run_step.js

@@ -14,7 +14,6 @@ export const runStep = async function ({ event, childProcess, packageName, coreS
     // Add relevant attributes to the upcoming span context
     const attributes = {
         'build.execution.step.name': coreStepName,
-        'build.execution.step.description': coreStepDescription,
         'build.execution.step.package_name': packageName,
         'build.execution.step.id': coreStepId,
         'build.execution.step.loaded_from': loadedFrom,
@@ -22,7 +21,9 @@ export const runStep = async function ({ event, childProcess, packageName, coreS
         'build.execution.step.event': event,
     };
     const spanCtx = setMultiSpanAttributes(attributes);
-    return tracer.startActiveSpan(`run-step-${coreStepId}`, {}, spanCtx, async (span) => {
+    // If there's no `coreStepId` then this is a plugin execution
+    const spanName = `run-step-${coreStepId || 'plugin'}`;
+    return tracer.startActiveSpan(spanName, {}, spanCtx, async (span) => {
         const constantsA = await addMutableConstants({ constants, buildDir, netlifyConfig });
         const shouldRun = await shouldRunStep({
             event,

package/lib/tracing/main.js

@@ -1,12 +1,14 @@
+import { HoneycombSDK } from '@honeycombio/opentelemetry-node';
 import { context, trace, propagation, SpanStatusCode, diag, DiagLogLevel } from '@opentelemetry/api';
-import { OTLPTraceExporter } from '@opentelemetry/exporter-trace-otlp-grpc';
-import { HttpInstrumentation } from '@opentelemetry/instrumentation-http';
-import { NodeSDK } from '@opentelemetry/sdk-node';
 import { ROOT_PACKAGE_JSON } from '../utils/json.js';
 let sdk;
 /** Given a simple logging function return a `DiagLogger`. Used to setup our system logger as the diag logger.*/
 const getOtelLogger = function (logger) {
-    const otelLogger = (...args) => logger('[otel-traces]', ...args);
+    const otelLogger = (...args) => {
+        // Debug log msgs can be an array of 1 or 2 elements with the second element being an array fo multiple elements
+        const msgs = args.flat(1);
+        logger('[otel-traces]', ...msgs);
+    };
     return {
         debug: otelLogger,
         info: otelLogger,
@@ -21,13 +23,11 @@ export const startTracing = function (options, logger) {
         return;
     if (sdk)
         return;
-    const traceExporter = new OTLPTraceExporter({
-        url: `http://${options.host}:${options.port}`,
-    });
-    sdk = new NodeSDK({
+    sdk = new HoneycombSDK({
         serviceName: ROOT_PACKAGE_JSON.name,
-        traceExporter,
-        instrumentations: [new HttpInstrumentation()],
+        protocol: 'grpc',
+        apiKey: options.apiKey,
+        endpoint: `${options.httpProtocol}://${options.host}:${options.port}`,
     });
     // Set the diagnostics logger to our system logger. We also need to suppress the override msg
     // in case there's a default console logger already registered (it would log a msg to it)
@@ -35,7 +35,7 @@ export const startTracing = function (options, logger) {
     sdk.start();
     // Sets the current trace ID and span ID based on the options received
     // this is used as a way to propagate trace context from Buildbot
-    trace.setSpanContext(context.active(), {
+    return trace.setSpanContext(context.active(), {
         traceId: options.traceId,
         spanId: options.parentSpanId,
         traceFlags: options.traceFlags,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@netlify/build",
-  "version": "29.14.1",
+  "version": "29.15.1",
   "description": "Netlify build module",
   "type": "module",
   "exports": "./lib/core/main.js",
@@ -64,24 +64,23 @@
   "license": "MIT",
   "dependencies": {
     "@bugsnag/js": "^7.0.0",
+    "@honeycombio/opentelemetry-node": "^0.4.0",
     "@netlify/cache-utils": "^5.1.5",
     "@netlify/config": "^20.5.1",
     "@netlify/edge-bundler": "8.16.2",
     "@netlify/framework-info": "^9.8.10",
-    "@netlify/functions-utils": "^5.2.14",
+    "@netlify/functions-utils": "^5.2.15",
     "@netlify/git-utils": "^5.1.1",
     "@netlify/plugins-list": "^6.68.0",
     "@netlify/run-utils": "^5.1.1",
-    "@netlify/zip-it-and-ship-it": "9.11.0",
+    "@netlify/zip-it-and-ship-it": "9.12.0",
     "@opentelemetry/api": "^1.4.1",
-    "@opentelemetry/exporter-trace-otlp-grpc": "^0.40.0",
-    "@opentelemetry/instrumentation-http": "^0.40.0",
-    "@opentelemetry/sdk-node": "^0.40.0",
     "@sindresorhus/slugify": "^2.0.0",
     "ansi-escapes": "^6.0.0",
     "chalk": "^5.0.0",
     "clean-stack": "^4.0.0",
     "execa": "^6.0.0",
+    "fdir": "^6.0.1",
     "figures": "^5.0.0",
     "filter-obj": "^5.0.0",
     "got": "^12.0.0",
@@ -150,5 +149,5 @@
       "module": "commonjs"
     }
   },
-  "gitHead": "ad519f9a4109132c13d517f727c586dbe479af61"
+  "gitHead": "8710be74e31adad1729680e7202f77fb72e0d2a4"
 }