chore(deps): update opentelemetry

[thomhurst]

This PR contains the following updates:

Package	Type	Update	Change
OpenTelemetry.Exporter.OpenTelemetryProtocol (source)	nuget	minor	1.12.0 → 1.15.2
OpenTelemetry.Extensions.Hosting (source)	nuget	minor	1.12.0 → 1.15.2
OpenTelemetry.Instrumentation.AspNetCore (source)	nuget	minor	1.12.0 → 1.15.1

---

Release Notes

open-telemetry/opentelemetry-dotnet (OpenTelemetry.Exporter.OpenTelemetryProtocol)

v1.15.2

Release details: 1.15.2

• Limit how much of the response body is read by the OTLP exporter when
  export fails and error logging is enabled.
• Added Task-based worker support for BatchExportProcessor and
  PeriodicExportingMetricReader to enable the OpenTelemetry SDK to work
  in single-threaded WebAssembly environments such as Blazor and
  Uno Platform.

v1.15.1

Release details: 1.15.1

• Breaking change: The Baggage API now disallows empty baggage names and
  treats baggage names and values as case sensitive, aligning with the latest
  Baggage API specification.
• Various bug fixes across OpenTelemetry.Api and OpenTelemetry SDK,
  including fixes for thread-safety, sampler edge cases, metrics precision,
  and observable instrument lifecycle handling.

v1.15.0

Release details: 1.15.0

• Added support for ActivitySource.TelemetrySchemaUrl
  and Meter.TelemetrySchemaUrl properties across exporters.
• Improved performance and reduced memory consumption for metrics histograms.
• Added mTLS configuration support for the OTLP exporter (client cert/key and
  CA certificate options).
• OpenTelemetry.Exporter.Zipkin is deprecated and will stop receiving updates
  in December 2026. Zipkin already supports OTLP ingestion.
  Migrate to OpenTelemetry.Exporter.OpenTelemetryProtocol as stated
  in the Deprecating Zipkin Exporter blog post.

v1.14.0

Release details: 1.14.0

• Add support for .NET 10.0.
• Breaking Change When targeting net8.0, the package now depends on version
  8.0.0 of the Microsoft.Extensions.DependencyInjection.Abstractions,
  Microsoft.Extensions.Diagnostics.Abstractions,
  Microsoft.Extensions.Hosting.Abstractions and
  Microsoft.Extensions.Logging.Configuration NuGet packages.
• Update System.Diagnostics.DiagnosticSource dependency to 10.0.0
  for all target frameworks.
• Update Microsoft.Extensions.* dependencies to 10.0.0
  for .NET Framework and .NET Standard.
• Breaking Change NuGet packages now use the Sigstore bundle format
  (.sigstore.json) for digital signatures instead of separate signature
  (.sig) and certificate (.pem) files. This requires cosign 3.0 or later
  for verification. See the Digital signing
  section for updated verification instructions.

v1.13.1

Release details: 1.13.1

• In version 1.13.0, the digital signature (.dll-keyless.sig) and
  certificate (.dll-keyless.pem) files were unintentionally omitted from the
  published NuGet packages.
• This hotfix restores the Sigstore signing artifacts for all target frameworks
  (net462, netstandard2.0, netstandard2.1, net8.0, net9.0), ensuring
  the integrity of DLL verification using Sigstore cosign.

v1.13.0

Release details: 1.13.0

• gRPC calls to export traces, logs, and metrics using OtlpExportProtocol.Grpc
  now set the TE=trailers HTTP request header to improve interoperability.
• EventName is now exported by default as EventName instead of
  logrecord.event.name when specified through ILogger or the experimental
  log bridge API.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[azure-pipelines]

Azure Pipelines:
1 pipeline(s) were filtered out due to trigger conditions.

[claude]

Dependency Update Review: OpenTelemetry Packages (1.12.0 → 1.15.x)

This is a Renovate Bot-generated minor version bump spanning 3 minor versions across 3 OpenTelemetry packages. The change itself is straightforward — 3 line edits in Directory.Packages.props — but the release notes contain items worth flagging before merging.

Release Notes Highlights Worth Noting

v1.15.1 Breaking Change — Baggage API:
The OpenTelemetry Baggage API now disallows empty baggage names and is case-sensitive, aligning with the W3C spec. TUnit does use Baggage extensively (TUnitBaggagePropagationHandler, AspireFixture, tests in TUnit.Aspire.Tests and TUnit.AspNetCore.Tests).

However, TUnit's code uses Activity.SetBaggage() / Activity.GetBaggageItem() from System.Diagnostics.Activity (part of the .NET runtime), not the OpenTelemetry Baggage static API. The breaking change targets the Baggage class in OpenTelemetry.Api, so TUnit's existing usages are unaffected.

v1.14.0 Breaking Change — Microsoft.Extensions. version pins:*
When targeting net8.0, these packages now depend on version 8.0.0 of Microsoft.Extensions.DependencyInjection.Abstractions and related packages. Since TUnit multi-targets net8.0;net9.0;net10.0, this could introduce a version conflict if other parts of the project depend on newer Microsoft.Extensions.* versions for net8.0. However, since these OpenTelemetry packages are only used in the service defaults / Aspire test API projects (not core TUnit library projects), the risk of conflict is low.

v1.15.0 Notable Change:
Improved histogram performance and reduced memory consumption — a net positive for the Aspire integration's telemetry overhead.

Verdict

The change is safe and appropriate. The breaking changes in the release notes do not impact TUnit's usage patterns. The packages are correctly scoped to service defaults and Aspire integration test infrastructure (not the core engine). CI validation will catch any unexpected breakage.

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity

Metric	Results
Complexity	0

View in Codacy

_{TIP This summary will be updated as you push new changes. Give us feedback}

[azure-pipelines]

Azure Pipelines:
1 pipeline(s) were filtered out due to trigger conditions.

[claude]

Code Review: chore(deps): update opentelemetry

This is a straightforward Renovate Bot dependency update bumping three OpenTelemetry packages from 1.12.0 to their latest versions. The change is mechanically correct but there are a few observations worth noting.

What the PR does

Updates three packages in Directory.Packages.props:

• OpenTelemetry.Exporter.OpenTelemetryProtocol: 1.12.0 → 1.15.2
• OpenTelemetry.Extensions.Hosting: 1.12.0 → 1.15.2
• OpenTelemetry.Instrumentation.AspNetCore: 1.12.0 → 1.15.1

Observations

1. Version inconsistency across the codebase — packages outside central management are already at the new versions

The examples/CloudShop/ and TUnit.Templates/ subtrees both opt out of central package management (ManagePackageVersionsCentrally=false in their own Directory.Packages.props). Those projects already pin OpenTelemetry packages at the new target versions (1.15.2/1.15.1) with inline Version= attributes on their <PackageReference> elements. This means those projects were already ahead of the central props file — this PR closes that gap for the centrally managed projects (TUnit.Aspire.Tests.ApiService).

2. Two related packages not included in the update

The examples/CloudShop/CloudShop.ServiceDefaults/CloudShop.ServiceDefaults.csproj and TUnit.Templates/.../ExampleNamespace.ServiceDefaults.csproj both reference two additional OTel packages that aren't under central management and aren't touched by this PR:

• OpenTelemetry.Instrumentation.Http at 1.15.0
• OpenTelemetry.Instrumentation.Runtime at 1.15.0

These were presumably updated manually at some prior point. Renovate didn't pick them up here because they are not in Directory.Packages.props. They're on the same major release train so consistency is fine, but it's worth being aware they remain outside the centralized version management.

3. Notable breaking changes in the upgrade range

Jumping from 1.12.0 → 1.15.x crosses two notable upstream changes to be aware of:

• v1.14.0: Microsoft.Extensions.* dependencies changed to 8.0.0/10.0.0 depending on target framework. The project already targets net8.0;net9.0;net10.0 so this is expected to be fine.
• v1.15.1: The Baggage API now treats names and values as case-sensitive and disallows empty baggage names. If any TUnit instrumentation code sets baggage entries (unlikely for a test framework, but worth verifying), this could surface subtle behavioral changes.
• v1.15.x: NuGet package signatures moved from .sig/.pem to the Sigstore bundle format .sigstore.json. This is only relevant if the build pipeline verifies package signatures; no action needed for normal consumption.

4. The update is safe for this project's use case

TUnit uses these packages exclusively in the Aspire integration test service (TUnit.Aspire.Tests.ApiService) and example/template projects — they are not part of the core engine, the source generator, or any shipped TUnit NuGet packages. There are no AOT, reflection, or source-gen concerns here. The CI checks will validate that the Aspire integration scenario still builds and runs correctly.

Summary

The change is correct and safe to merge. No code changes are required. The slight version spread across centrally- and manually-managed projects is pre-existing and not introduced by this PR.