From 6dc799adecb76ba671c3a3f9716ead1dc203c04c Mon Sep 17 00:00:00 2001
From: jppaquet <87076124+jppaquet@users.noreply.github.com>
Date: Wed, 6 May 2026 19:19:46 -0400
Subject: [PATCH] =?UTF-8?q?deps(archive):=20bump=20AppInsights=202.23.0?=
=?UTF-8?q?=E2=86=923.1.0=20+=20restore=20OTel=20pin=20(redux)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
PR #33 originally landed this on 2026-05-05 evening, but PR #30 (azure-sdks)
was branched from main BEFORE #33 merged and reverted Notify.Archive.csproj
back to AppInsights 2.23.0 when it landed. Dependabot's PR #42 then tried
to bump again and failed CI on the same OTel transitive vuln.
Manual landing again. Closes #42. Same fix:
- Microsoft.ApplicationInsights.WorkerService 2.23.0 → 3.1.0
- Pin OpenTelemetry.Api 1.15.3 (3.1.0 pulls 1.15.1 transitively, GHSA-g94r-2vxg-569j)
Notify.IngestionApi already has the same pin from PR #21.
---
src/Notify.Archive/Notify.Archive.csproj | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/Notify.Archive/Notify.Archive.csproj b/src/Notify.Archive/Notify.Archive.csproj
index 6e437d5..7b19b53 100644
--- a/src/Notify.Archive/Notify.Archive.csproj
+++ b/src/Notify.Archive/Notify.Archive.csproj
@@ -16,7 +16,9 @@
-
+
+
+