chore: update pnpm and next test versions

[campaigner-prod]

Summary: Critical-severity security update — 2 packages upgraded (MINOR changes included)

Manifests changed:

• packages/dd-trace (npm)

Updates

Package	From	To	Type	Vulnerabilities Fixed
next	16.0.5	16.0.10	patch	1 CRITICAL, 1 HIGH, 1 MODERATE
pnpm	10.21.0	10.27.0	minor	3 HIGH

---

Security Details

🚨 Critical & High Severity (5 fixed)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
next	GHSA-9qr9-h5gf-34mp	CRITICAL	Next.js is vulnerable to RCE in React flight protocol	16.0.5	15.0.5
next	GHSA-mwv6-3258-q52c	HIGH	Next Vulnerable to Denial of Service with Server Components	16.0.5	14.2.34
pnpm	GHSA-2phv-j68v-wwqx	HIGH	pnpm vulnerable to Command Injection via environment variable substitution	10.21.0	10.27.0
pnpm	GHSA-379q-355j-w6rj	HIGH	pnpm v10+ Bypass "Dependency lifecycle scripts execution disabled by default"	10.21.0	10.26.0
pnpm	GHSA-7vhp-vf5g-r2fw	HIGH	pnpm Has Lockfile Integrity Bypass that Allows Remote Dynamic Dependencies	10.21.0	10.26.0

ℹ️ Other Vulnerabilities (1)

Package	CVE	Severity	Summary	Unsafe Version	Fixed In
next	GHSA-w37m-7fhw-fmv9	MODERATE	Next Server Actions Source Code Exposure	16.0.5	15.0.6

---

Review Checklist

Enhanced review recommended for this update:

• Review changes for compatibility with your code
• Check release notes for breaking changes
• Run integration tests to verify service behavior
• Test in staging environment before production
• Monitor key metrics after deployment

---

Update Mode: Vulnerability Remediation (Critical/High)

🤖 Generated by DataDog Automated Dependency Management System

[github-actions]

Overall package size

Self size: 4.37 MB
Deduped: 5.19 MB
No deduping: 5.19 MB

Dependency sizes

| name | version | self size | total size | |------|---------|-----------|------------| | import-in-the-middle | 2.0.0 | 68.46 kB | 797.03 kB | | dc-polyfill | 0.1.10 | 26.73 kB | 26.73 kB |

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.51%. Comparing base (06156ff) to head (503cfce).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #7192   +/-   ##
=======================================
  Coverage   84.51%   84.51%           
=======================================
  Files         527      527           
  Lines       22538    22538           
=======================================
  Hits        19048    19048           
  Misses       3490     3490           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[pr-commenter]

Benchmarks

Benchmark execution time: 2026-01-08 00:35:03

Comparing candidate commit 503cfce in PR branch engraver-auto-version-upgrade/minorpatch/npm/dd-trace/0-1767831712 with baseline commit 06156ff in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 282 metrics, 38 unstable metrics.