Skip to content

Commit c37985d

Browse files
KielekKielek
authored
[Instrumentation.Cassandra] NugetAudit - fix dependencies with known vulnerabilities (open-telemetry#2058)
1 parent 1fb3c59 commit c37985d

File tree

3 files changed

+8
-0
lines changed

3 files changed

+8
-0
lines changed

src/OpenTelemetry.Instrumentation.Cassandra/CHANGELOG.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,10 @@
88
* Updated OpenTelemetry core component version(s) to `1.9.0`.
99
([#1888](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/pull/1888))
1010

11+
* Added direct reference to `Newtonsoft.Json` with minimum version of
12+
`13.0.1` in response to [CVE-2024-21907](https://github.com/advisories/GHSA-5crp-9r3c-p9vr).
13+
([#2058](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/pull/2058))
14+
1115
## 1.0.0-beta.1
1216

1317
Released 2023-Mar-30

src/OpenTelemetry.Instrumentation.Cassandra/OpenTelemetry.Instrumentation.Cassandra.csproj

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,8 @@
1616
<ItemGroup>
1717
<PackageReference Include="CassandraCSharpDriver" Version="$(CassandraCSharpDriverPkgVer)" />
1818
<PackageReference Include="OpenTelemetry.Api" Version="$(OpenTelemetryCoreLatestVersion)" />
19+
<!-- Newtonsoft.Json is indirect reference. It is needed to upgrade it directly to avoid https://github.com/advisories/GHSA-5crp-9r3c-p9vr -->
20+
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
1921
</ItemGroup>
2022

2123
<ItemGroup>

test/OpenTelemetry.Instrumentation.Cassandra.Tests/OpenTelemetry.Instrumentation.Cassandra.Tests.csproj

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,8 @@
1010
<PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="$(OpenTelemetryCoreLatestVersion)" />
1111
<PackageReference Include="OpenTelemetry.Exporter.InMemory" Version="$(OpenTelemetryExporterInMemoryPkgVer)" />
1212
<PackageReference Include="Microsoft.Extensions.Hosting" Version="$(MicrosoftExtensionsHostingPkgVer)" />
13+
<!-- System.Text.Json is indirect reference. It is needed to upgrade it directly to avoid https://github.com/advisories/GHSA-hh2w-p6rv-4g7w -->
14+
<PackageReference Include="System.Text.Json" Version="8.0.4" />
1315
</ItemGroup>
1416

1517

0 commit comments

Comments
 (0)