From 8bf86ff8e5cd804ed4a28e7fbd2ce51ae6bae5cd Mon Sep 17 00:00:00 2001 From: jppaquet <87076124+jppaquet@users.noreply.github.com> Date: Mon, 4 May 2026 20:17:34 -0400 Subject: [PATCH] =?UTF-8?q?deps:=20bump=20Microsoft.ApplicationInsights.Wo?= =?UTF-8?q?rkerService=202.23.0=E2=86=923.1.0=20+=20pin=20OTel?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Manual landing of dependabot's #18 plus the GHSA-g94r-2vxg-569j fix: 3.1.0 pulls OpenTelemetry.Api 1.15.1 transitively, which has a moderate-severity advisory. NuGet's audit step under -warnaserror fails restore unless we pin a patched version directly. Pin OpenTelemetry.Api → 1.15.3 (latest patched stable in the 1.15.x line). The transitive pin propagates to Notify.IngestionApi.Tests via project reference. Closed dependabot's PR #18 because pushes to its branch weren't retriggering CI for unclear reasons (close+reopen + empty commits + the fix push all produced zero workflow runs). Co-Authored-By: Claude Opus 4.7 --- src/Notify.IngestionApi/Notify.IngestionApi.csproj | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/Notify.IngestionApi/Notify.IngestionApi.csproj b/src/Notify.IngestionApi/Notify.IngestionApi.csproj index 815e955..45d138c 100644 --- a/src/Notify.IngestionApi/Notify.IngestionApi.csproj +++ b/src/Notify.IngestionApi/Notify.IngestionApi.csproj @@ -17,7 +17,9 @@ - + + +