Bump System.Security.Cryptography.Xml from 8.0.2 to 8.0.3

[dependabot]

Pinned System.Security.Cryptography.Xml at 8.0.3.

Release notes

Sourced from System.Security.Cryptography.Xml's releases.

8.0.3

Release

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 72.60%. Comparing base (f344a4c) to head (8b52b47).
⚠️ Report is 13 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4103      +/-   ##
==========================================
- Coverage   72.61%   72.60%   -0.02%     
==========================================
  Files         467      467              
  Lines       18147    18147              
==========================================
- Hits        13178    13175       -3     
- Misses       4969     4972       +3     

Flag	Coverage Δ
unittests-Contrib.Shared.Tests	89.65% <ø> (ø)
unittests-Exporter.Geneva	54.82% <ø> (ø)
unittests-Exporter.InfluxDB	95.81% <ø> (ø)
unittests-Exporter.Instana	74.86% <ø> (ø)
unittests-Exporter.OneCollector	94.61% <ø> (ø)
unittests-Extensions	90.65% <ø> (ø)
unittests-Extensions.Enrichment	100.00% <ø> (ø)
unittests-Extensions.Enrichment.AspNetCore	86.27% <ø> (ø)
unittests-Extensions.Enrichment.Http	94.33% <ø> (ø)
unittests-Instrumentation.AWS	83.54% <ø> (ø)
unittests-Instrumentation.AspNet	76.61% <ø> (ø)
unittests-Instrumentation.AspNetCore	70.44% <ø> (ø)
unittests-Instrumentation.Cassandra	23.52% <ø> (ø)
unittests-Instrumentation.ConfluentKafka	39.83% <ø> (ø)
unittests-Instrumentation.ElasticsearchClient	80.60% <ø> (ø)
unittests-Instrumentation.EntityFrameworkCore	80.80% <ø> (ø)
unittests-Instrumentation.EventCounters	77.27% <ø> (ø)
unittests-Instrumentation.GrpcCore	91.42% <ø> (ø)
unittests-Instrumentation.GrpcNetClient	73.78% <ø> (ø)
unittests-Instrumentation.Hangfire	86.05% <ø> (ø)
unittests-Instrumentation.Http	74.62% <ø> (ø)
unittests-Instrumentation.Owin	88.62% <ø> (ø)
unittests-Instrumentation.Process	100.00% <ø> (ø)
unittests-Instrumentation.Quartz	78.76% <ø> (ø)
unittests-Instrumentation.Remoting	63.67% <ø> (ø)
unittests-Instrumentation.Runtime	100.00% <ø> (ø)
unittests-Instrumentation.ServiceFabricRemoting	34.68% <ø> (ø)
unittests-Instrumentation.SqlClient	85.21% <ø> (ø)
unittests-Instrumentation.StackExchangeRedis	71.98% <ø> (ø)
unittests-Instrumentation.Wcf	79.68% <ø> (ø)
unittests-OpAmp.Client	78.28% <ø> (-0.38%)	⬇️
unittests-PersistentStorage	68.19% <ø> (ø)
unittests-Resources.AWS	74.67% <ø> (ø)
unittests-Resources.Azure	85.31% <ø> (ø)
unittests-Resources.Container	67.34% <ø> (ø)
unittests-Resources.Gcp	71.42% <ø> (ø)
unittests-Resources.Host	72.26% <ø> (ø)
unittests-Resources.OperatingSystem	76.98% <ø> (ø)
unittests-Resources.Process	100.00% <ø> (ø)
unittests-Resources.ProcessRuntime	79.59% <ø> (ø)
unittests-Sampler.AWS	93.72% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.
see 2 files with indirect coverage changes

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Kielek]

Strange, 4.7.1 version is not marked as vulnerable in NuGet: https://www.nuget.org/packages/System.Security.Cryptography.Xml/4.7.1

[martincostello]

Maybe dependabot just didn't do the right thing in this case and it's a false positive? (or it updated the wrong location)

[martincostello]

I'll have a dig into this - it might be that it's surfaced in the dependency graph of one of the test projects, but dependabot has updated it in the wrong place.

[martincostello]

I'll have a dig into this - it might be that it's surfaced in the dependency graph of one of the test projects, but dependabot has updated it in the wrong place.

Found it - will fix it up locally and push for review.

[martincostello]

I'm going to merge this to fix CI, but can open a follow-up if there's any review comments.