open-telemetry
/
opentelemetry-dotnet
mirror of https://github.com/open-telemetry/opentelemetry-dotnet.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[repo] Mitigate vulnerabilities in System.Text.Json 8.0.0 packages (#5874)

This commit is contained in:
Mikel Blanchard 2024-10-04 13:38:15 -07:00 committed by GitHub
parent 19e1663c1e
commit 25d99a56bf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
23 changed files with 94 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Directory.Packages.props
View File

@ -1,7 +1,10 @@
<Project>
<PropertyGroup>
<ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
<OTelLatestStableVer>1.9.0</OTelLatestStableVer>
<SystemTextEncodingsWebOutOfBandMinimumCoreAppVer>8.0.0</SystemTextEncodingsWebOutOfBandMinimumCoreAppVer>
<SystemTextJsonOutOfBandMinimumCoreAppVer>8.0.4</SystemTextJsonOutOfBandMinimumCoreAppVer>
</PropertyGroup>
<!--
@ -53,22 +56,26 @@
even during major version bumps, so compatibility is not a concern here.
-->
<PackageVersion Include="System.Diagnostics.DiagnosticSource" Version="9.0.0-rc.1.24431.7" />
</ItemGroup>
<!-- A conservative version of System.Text.Encodings.Web must be used here since there is no backward compatibility guarantee during major version bumps. -->
<ItemGroup>
<!--
We use conservative versions of these packages for older runtimes where
an upgrade might introduce breaking changes. For example see:
https://devblogs.microsoft.com/dotnet/system-text-json-in-dotnet-7/#breaking-changes.
-->
<PackageVersion Include="System.Text.Encodings.Web" Version="4.7.2" />
<!-- A conservative version of System.Text.Json must be used here since there is no backward compatibility guarantee during major version bumps. -->
<PackageVersion Include="System.Text.Json" Version="4.7.2" />
<!-- A conservative version of System.Threading.Tasks.Extensions must be used here since there is no backward compatibility guarantee during major version bumps. -->
<PackageVersion Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
<!-- Bump System.Text.Json on NETCoreApp targets to mitigate https://github.com/advisories/GHSA-hh2w-p6rv-4g7w. -->
<PackageVersion Update="System.Text.Encodings.Web" Version="$(SystemTextEncodingsWebOutOfBandMinimumCoreAppVer)" Condition="'$(TargetFrameworkIdentifier)' == '.NETCoreApp'" />
<PackageVersion Update="System.Text.Json" Version="$(SystemTextJsonOutOfBandMinimumCoreAppVer)" Condition="'$(TargetFrameworkIdentifier)' == '.NETCoreApp'" />
</ItemGroup>
<!--
This section covers packages that are **not** directly referenced by the NuGet packages published from this repository.
For example, these packages are used in the tests, examples or referenced as "PrivateAssets", but not in the NuGet packages themselves.
These packages are referenced as "PrivateAssets" or used in tests/examples.
-->
<!-- 'net9.0' is the default `TargetFramework`. Use `VersionOverride` in the project to override the package versions from a different `TargetFramework` -->
<ItemGroup>
<PackageVersion Include="BenchmarkDotNet" Version="[0.13.12,0.14)" />
<PackageVersion Include="CommandLineParser" Version="[2.9.1,3.0)" />
@ -77,6 +84,7 @@
<PackageVersion Include="Grpc.Tools" Version="[2.59.0,3.0)" />
<PackageVersion Include="Microsoft.CSharp" Version="[4.7.0]" />
<PackageVersion Include="Microsoft.CodeAnalysis.PublicApiAnalyzers" Version="[3.11.0-beta1.23525.2]" />
<PackageVersion Include="Microsoft.Coyote" Version="1.7.11" />
<PackageVersion Include="Microsoft.Extensions.DependencyInjection" Version="[9.0.0-rc.1.24431.7,)" />
<PackageVersion Include="Microsoft.Extensions.Hosting" Version="[9.0.0-rc.1.24431.7,)" />
<PackageVersion Include="Microsoft.Extensions.Http" Version="[9.0.0-rc.1.24431.7,)" />
@ -86,6 +94,7 @@
<PackageVersion Include="Microsoft.NET.Test.Sdk" Version="[17.11.0,18.0.0)" />
<PackageVersion Include="Microsoft.SourceLink.GitHub" Version="[8.0.0,9.0)" />
<PackageVersion Include="MinVer" Version="[5.0.0,6.0)" />
<PackageVersion Include="NuGet.Versioning" Version="6.11.0" />
<PackageVersion Include="OpenTelemetry.Instrumentation.AspNetCore" Version="[1.9.0,2.0)" />
<PackageVersion Include="OpenTelemetry.Instrumentation.GrpcNetClient" Version="[1.9.0-beta.1,2.0)" />
<PackageVersion Include="OpenTelemetry.Instrumentation.Http" Version="[1.9.0,2.0)" />
@ -93,6 +102,7 @@
<PackageVersion Include="RabbitMQ.Client" Version="[6.8.1,7.0)" />
<PackageVersion Include="StyleCop.Analyzers" Version="[1.2.0-beta.556,2.0)" />
<PackageVersion Include="Swashbuckle.AspNetCore" Version="[6.7.3,)" />
<PackageVersion Include="System.Runtime.InteropServices.RuntimeInformation" Version="4.3.0" />
<PackageVersion Include="xunit" Version="[2.9.0,3.0)" />
<PackageVersion Include="xunit.runner.visualstudio" Version="[2.8.2,3.0)" />
</ItemGroup>
@ -100,7 +110,9 @@
<ItemGroup Condition="'$(TargetFramework)' == 'net8.0'">
<PackageVersion Include="Microsoft.AspNetCore.TestHost" Version="8.0.8" />
</ItemGroup>
<ItemGroup Condition="'$(TargetFramework)' == 'net9.0'">
<PackageVersion Include="Microsoft.AspNetCore.TestHost" Version="9.0.0-rc.1.24452.1" />
</ItemGroup>
</Project>

4
OpenTelemetry.sln
View File

@ -28,6 +28,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "build", "build", "{7CB2F02E
build\Common.nonprod.props = build\Common.nonprod.props
build\Common.prod.props = build\Common.prod.props
build\Common.props = build\Common.props
build\Common.targets = build\Common.targets
build\debug.snk = build\debug.snk
Directory.Packages.props = Directory.Packages.props
build\docfx.cmd = build\docfx.cmd
@ -112,7 +113,6 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "test", "test", "{D2E73927-5
ProjectSection(SolutionItems) = preProject
test\Directory.Build.props = test\Directory.Build.props
test\Directory.Build.targets = test\Directory.Build.targets
test\Directory.Packages.props = test\Directory.Packages.props
EndProjectSection
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Examples.Console", "examples\Console\Examples.Console.csproj", "{FF3E6E08-E8E4-4523-B526-847CD989279F}"
@ -129,7 +129,7 @@ EndProject
Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "examples", "examples", "{2C7DD1DA-C229-4D9E-9AF0-BCD5CD3E4948}"
ProjectSection(SolutionItems) = preProject
examples\Directory.Build.props = examples\Directory.Build.props
examples\Directory.Packages.props = examples\Directory.Packages.props
examples\Directory.Build.targets = examples\Directory.Build.targets
EndProjectSection
EndProject
Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "trace", "trace", "{5B7FB835-3FFF-4BC2-99C5-A5B5FAE3C818}"

1
build/Common.props
View File

@ -31,6 +31,7 @@
<TargetFrameworksForLibraries>net9.0;net8.0;netstandard2.0;$(NetFrameworkMinimumSupportedVersion)</TargetFrameworksForLibraries>
<TargetFrameworksForLibrariesExtended>net9.0;net8.0;netstandard2.1;netstandard2.0;$(NetFrameworkMinimumSupportedVersion)</TargetFrameworksForLibrariesExtended>
<TargetFrameworksForPrometheusAspNetCore>net9.0;net8.0</TargetFrameworksForPrometheusAspNetCore>
<TargetFrameworksRequiringSystemTextJsonDirectReference>net8.0;netstandard2.1;netstandard2.0;$(NetFrameworkMinimumSupportedVersion)</TargetFrameworksRequiringSystemTextJsonDirectReference>
<!-- non-production TFMs -->
<TargetFrameworksForAspNetCoreTests>net9.0;net8.0</TargetFrameworksForAspNetCoreTests>

12
build/Common.targets Normal file
View File

@ -0,0 +1,12 @@
<Project>
<ItemGroup Condition="'$(ReferenceSystemTextJsonPackages)' == 'true' AND $(TargetFrameworksRequiringSystemTextJsonDirectReference.Contains('$(TargetFramework)'))">
<!-- Note: System.Text.Encodings.Web is referenced on NET Framework & NET
Standard targets because System.Text.Json v4.7.2 uses
System.Text.Encodings.Web >= v4.7.1 but System.Text.Encodings.Web needs to
be at v4.7.2 to be safe. -->
<PackageReference Include="System.Text.Encodings.Web" Condition="'$(TargetFrameworkIdentifier)' != '.NETCoreApp'" />
<PackageReference Include="System.Text.Json" />
</ItemGroup>
</Project>

5
examples/Directory.Build.targets Normal file
View File

@ -0,0 +1,5 @@
<Project>
<Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), 'OpenTelemetry.sln'))\build\Common.targets" />
</Project>

6
examples/Directory.Packages.props
View File

@ -1,6 +0,0 @@
<Project>
<Import Project="$([MSBuild]::GetPathOfFileAbove(Directory.Packages.props, $(MSBuildThisFileDirectory)..))" />
<ItemGroup>
<PackageVersion Update="System.Text.Json" Version="9.0.0-rc.1.24431.7" />
</ItemGroup>
</Project>

2
examples/MicroserviceExample/WorkerService/WorkerService.csproj
View File

@ -6,8 +6,6 @@
<ItemGroup>
<PackageReference Include="Microsoft.Extensions.Hosting" />
<PackageReference Include="RabbitMQ.Client" />
<!-- System.Text.Json is indirect reference. It is needed to upgrade it directly to avoid https://github.com/advisories/GHSA-hh2w-p6rv-4g7w -->
<PackageReference Include="System.Text.Json" />
</ItemGroup>
<ItemGroup>

2
src/Directory.Build.targets
View File

@ -1,5 +1,7 @@
<Project>
<Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), 'OpenTelemetry.sln'))\build\Common.targets" />
<PropertyGroup>
<!-- Note: PackageValidationBaselineVersion and IsPackable are defined in
targets because $(MinVerTagPrefix) is not available in props files as they

8
src/OpenTelemetry.Exporter.Console/CHANGELOG.md
View File

@ -6,6 +6,11 @@ Notes](../../RELEASENOTES.md).
## Unreleased
* Added direct reference to `System.Text.Json` for the `net8.0` target with
minimum version of `8.0.4` in response to
[CVE-2024-30105](https://github.com/advisories/GHSA-hh2w-p6rv-4g7w).
([#5874](https://github.com/open-telemetry/opentelemetry-dotnet/pull/5874))
## 1.10.0-beta.1
Released 2024-Sep-30
@ -114,7 +119,8 @@ Released 2023-May-25
([#4507](https://github.com/open-telemetry/opentelemetry-dotnet/pull/4507))
* Added direct reference to `System.Text.Encodings.Web` with minimum version of
`4.7.2` in response to [CVE-2021-26701](https://github.com/dotnet/runtime/issues/49377).
`4.7.2` in response to
[CVE-2021-26701](https://github.com/dotnet/runtime/issues/49377).
([#4390](https://github.com/open-telemetry/opentelemetry-dotnet/pull/4390))
* Updated `LogRecord` console output: `Body` is now shown (if set),

6
src/OpenTelemetry.Exporter.Console/OpenTelemetry.Exporter.Console.csproj
View File

@ -5,17 +5,13 @@
<Description>Console exporter for OpenTelemetry .NET</Description>
<PackageTags>$(PackageTags);Console;distributed-tracing</PackageTags>
<MinVerTagPrefix>core-</MinVerTagPrefix>
<ReferenceSystemTextJsonPackages>true</ReferenceSystemTextJsonPackages>
</PropertyGroup>
<PropertyGroup>
<NoWarn>$(NoWarn),1591</NoWarn>
</PropertyGroup>
<ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.0' or '$(TargetFramework)' == '$(NetFrameworkMinimumSupportedVersion)'">
<PackageReference Include="System.Text.Encodings.Web" />
<PackageReference Include="System.Text.Json" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="$(RepoRoot)\src\OpenTelemetry\OpenTelemetry.csproj" />
</ItemGroup>

5
src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md
View File

@ -6,6 +6,11 @@ Notes](../../RELEASENOTES.md).
## Unreleased
* Added direct reference to `System.Text.Json` for the `net8.0` target with
minimum version of `8.0.4` in response to
[CVE-2024-30105](https://github.com/advisories/GHSA-hh2w-p6rv-4g7w).
([#5874](https://github.com/open-telemetry/opentelemetry-dotnet/pull/5874))
## 1.10.0-beta.1
Released 2024-Sep-30

7
src/OpenTelemetry.Exporter.Zipkin/OpenTelemetry.Exporter.Zipkin.csproj
View File

@ -1,9 +1,11 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFrameworks>$(TargetFrameworksForLibraries)</TargetFrameworks>
<Description>Zipkin exporter for OpenTelemetry .NET</Description>
<PackageTags>$(PackageTags);Zipkin;distributed-tracing</PackageTags>
<MinVerTagPrefix>core-</MinVerTagPrefix>
<ReferenceSystemTextJsonPackages>true</ReferenceSystemTextJsonPackages>
</PropertyGroup>
<ItemGroup>
@ -27,11 +29,6 @@
<ProjectReference Include="$(RepoRoot)\src\OpenTelemetry\OpenTelemetry.csproj" />
</ItemGroup>
<ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.0' or '$(TargetFramework)' == '$(NetFrameworkMinimumSupportedVersion)'">
<PackageReference Include="System.Text.Encodings.Web" />
<PackageReference Include="System.Text.Json" />
</ItemGroup>
<ItemGroup>
<Reference Include="System.Net.Http" Condition="'$(TargetFramework)' == '$(NetFrameworkMinimumSupportedVersion)'" />
</ItemGroup>

14
test/Directory.Build.targets
View File

@ -1,4 +1,7 @@
<Project>
<Import Project="$([MSBuild]::GetDirectoryNameOfFileAbove($(MSBuildProjectDirectory), 'OpenTelemetry.sln'))\build\Common.targets" />
<ItemGroup Condition="'$(TargetFramework)'=='$(NetFrameworkMinimumSupportedVersion)'">
<!--ImplicitUsings will add this namespace that is not available for NetFX.
https://github.com/dotnet/sdk/issues/24146
@ -7,4 +10,15 @@
-->
<Using Remove="System.Net.Http" />
</ItemGroup>
<ItemGroup Condition="'$(ReferenceCoyotePackages)' == 'true'">
<PackageReference Include="Microsoft.Coyote" />
<!-- System.Text.Json is an indirect reference through Coyote. This
reference is needed to mitigate:
https://github.com/advisories/GHSA-hh2w-p6rv-4g7w. Remove this if Coyote
publishes a fixed version. -->
<PackageReference Include="System.Text.Json" VersionOverride="$(SystemTextJsonOutOfBandMinimumCoreAppVer)" />
</ItemGroup>
</Project>

9
test/Directory.Packages.props
View File

@ -1,9 +0,0 @@
<Project>
<Import Project="$([MSBuild]::GetPathOfFileAbove(Directory.Packages.props, $(MSBuildThisFileDirectory)..))" />
<ItemGroup>
<PackageVersion Include="System.Runtime.InteropServices.RuntimeInformation" Version="4.3.0" />
<PackageVersion Update="System.Text.Json" Version="9.0.0-rc.1.24431.7" />
<PackageVersion Include="NuGet.Versioning" Version="6.11.0" />
<PackageVersion Include="Microsoft.Coyote" Version="1.7.11" />
</ItemGroup>
</Project>

10
test/OpenTelemetry.Api.Tests/OpenTelemetry.Api.Tests.csproj
View File

@ -1,8 +1,10 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<Description>Unit test project for OpenTelemetry.Api</Description>
<TargetFrameworks>$(TargetFrameworksForTests)</TargetFrameworks>
<NoWarn>$(NoWarn),CS0618</NoWarn>
<ReferenceCoyotePackages>true</ReferenceCoyotePackages>
</PropertyGroup>
<ItemGroup>
@ -20,11 +22,7 @@
<ItemGroup>
<PackageReference Include="Microsoft.NET.Test.Sdk" />
<PackageReference Include="xunit" />
<PackageReference Include="xunit.runner.visualstudio" PrivateAssets="All">
<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
</PackageReference>
<PackageReference Include="Microsoft.Coyote" />
<!-- System.Text.Json is indirect reference. It is needed to upgrade it directly to avoid https://github.com/advisories/GHSA-hh2w-p6rv-4g7w -->
<PackageReference Include="System.Text.Json" />
<PackageReference Include="xunit.runner.visualstudio" PrivateAssets="All" />
</ItemGroup>
</Project>

6
test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests.csproj
View File

@ -11,11 +11,7 @@
<PackageReference Include="Microsoft.Extensions.Http" />
<PackageReference Include="Microsoft.NET.Test.Sdk" />
<PackageReference Include="xunit" />
<PackageReference Include="xunit.runner.visualstudio" PrivateAssets="All">
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
<!-- System.Text.Json is indirect reference. It is needed to upgrade it directly to avoid https://github.com/advisories/GHSA-hh2w-p6rv-4g7w -->
<PackageReference Include="System.Text.Json" />
<PackageReference Include="xunit.runner.visualstudio" PrivateAssets="All" />
</ItemGroup>
<ItemGroup>

8
test/OpenTelemetry.Exporter.Prometheus.AspNetCore.Tests/OpenTelemetry.Exporter.Prometheus.AspNetCore.Tests.csproj
View File

@ -1,4 +1,5 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<Description>Unit test project for Prometheus Exporter AspNetCore for OpenTelemetry</Description>
<TargetFrameworks>$(TargetFrameworksForAspNetCoreTests)</TargetFrameworks>
@ -9,11 +10,7 @@
<PackageReference Include="Microsoft.AspNetCore.TestHost" />
<PackageReference Include="Microsoft.NET.Test.Sdk" />
<PackageReference Include="xunit" />
<PackageReference Include="xunit.runner.visualstudio" PrivateAssets="All">
<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
</PackageReference>
<!-- System.Text.Json is indirect reference. It is needed to upgrade it directly to avoid https://github.com/advisories/GHSA-hh2w-p6rv-4g7w -->
<PackageReference Include="System.Text.Json" />
<PackageReference Include="xunit.runner.visualstudio" PrivateAssets="All" />
</ItemGroup>
<ItemGroup>
@ -39,4 +36,5 @@
<Compile Include="$(RepoRoot)\test\OpenTelemetry.Tests\Shared\TestEventListener.cs" Link="Includes\TestEventListener.cs" />
<Compile Include="$(RepoRoot)\test\OpenTelemetry.Tests\Shared\Utils.cs" Link="Includes\Utils.cs" />
</ItemGroup>
</Project>

7
test/OpenTelemetry.Exporter.Prometheus.HttpListener.Tests/OpenTelemetry.Exporter.Prometheus.HttpListener.Tests.csproj
View File

@ -1,4 +1,5 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<Description>Unit test project for Prometheus Exporter HttpListener for OpenTelemetry</Description>
<TargetFrameworks>$(TargetFrameworksForTests)</TargetFrameworks>
@ -8,11 +9,7 @@
<ItemGroup>
<PackageReference Include="Microsoft.NET.Test.Sdk" />
<PackageReference Include="xunit" />
<PackageReference Include="xunit.runner.visualstudio" PrivateAssets="All">
<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
</PackageReference>
<!-- System.Text.Json is indirect reference. It is needed to upgrade it directly to avoid https://github.com/advisories/GHSA-hh2w-p6rv-4g7w -->
<PackageReference Include="System.Text.Json" />
<PackageReference Include="xunit.runner.visualstudio" PrivateAssets="All" />
</ItemGroup>
<ItemGroup>

7
test/OpenTelemetry.Exporter.Zipkin.Tests/OpenTelemetry.Exporter.Zipkin.Tests.csproj
View File

@ -1,4 +1,5 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<Description>Unit test project for Zipkin Exporter for OpenTelemetry</Description>
<TargetFrameworks>$(TargetFrameworksForTests)</TargetFrameworks>
@ -17,11 +18,7 @@
<PackageReference Include="Microsoft.Extensions.Hosting" />
<PackageReference Include="OpenTelemetry.Instrumentation.Http" />
<PackageReference Include="xunit" />
<PackageReference Include="xunit.runner.visualstudio" PrivateAssets="All">
<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
</PackageReference>
<!-- System.Text.Json is indirect reference. It is needed to upgrade it directly to avoid https://github.com/advisories/GHSA-hh2w-p6rv-4g7w -->
<PackageReference Include="System.Text.Json" />
<PackageReference Include="xunit.runner.visualstudio" PrivateAssets="All" />
</ItemGroup>
<ItemGroup>

8
test/OpenTelemetry.Extensions.Hosting.Tests/OpenTelemetry.Extensions.Hosting.Tests.csproj
View File

@ -1,4 +1,5 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<Description>Unit test project for OpenTelemetry .NET Core hosting library</Description>
<TargetFrameworks>$(TargetFrameworksForTests)</TargetFrameworks>
@ -36,10 +37,7 @@
<PackageReference Include="Microsoft.Extensions.Hosting" />
<PackageReference Include="Microsoft.NET.Test.Sdk" />
<PackageReference Include="xunit" />
<PackageReference Include="xunit.runner.visualstudio" PrivateAssets="All">
<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
</PackageReference>
<!-- System.Text.Json is indirect reference. It is needed to upgrade it directly to avoid https://github.com/advisories/GHSA-hh2w-p6rv-4g7w -->
<PackageReference Include="System.Text.Json" />
<PackageReference Include="xunit.runner.visualstudio" PrivateAssets="All" />
</ItemGroup>
</Project>

4
test/OpenTelemetry.Shims.OpenTracing.Tests/OpenTelemetry.Shims.OpenTracing.Tests.csproj
View File

@ -1,4 +1,5 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<Description>Unit test project for OpenTelemetry.Shims.OpenTracing</Description>
<TargetFrameworks>$(TargetFrameworksForTests)</TargetFrameworks>
@ -10,8 +11,6 @@
<PackageReference Include="Microsoft.NET.Test.Sdk" />
<PackageReference Include="xunit" />
<PackageReference Include="xunit.runner.visualstudio" PrivateAssets="All" />
<!-- System.Text.Json is indirect reference. It is needed to upgrade it directly to avoid https://github.com/advisories/GHSA-hh2w-p6rv-4g7w -->
<PackageReference Include="System.Text.Json" />
</ItemGroup>
<ItemGroup>
@ -25,4 +24,5 @@
<ItemGroup Condition="'$(RunningDotNetPack)' == 'true'">
<PackageReference Include="OpenTelemetry.Exporter.InMemory" />
</ItemGroup>
</Project>

4
test/OpenTelemetry.Tests.Stress/OpenTelemetry.Tests.Stress.csproj
View File

@ -1,17 +1,19 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFrameworks>$(TargetFrameworksForTests)</TargetFrameworks>
<ReferenceSystemTextJsonPackages>true</ReferenceSystemTextJsonPackages>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="CommandLineParser" />
<PackageReference Include="OpenTelemetry.Instrumentation.Runtime" />
<PackageReference Include="System.Runtime.InteropServices.RuntimeInformation" Condition="'$(TargetFramework)' == '$(NetFrameworkMinimumSupportedVersion)'" />
<PackageReference Include="System.Text.Json" Condition="'$(TargetFramework)' == '$(NetFrameworkMinimumSupportedVersion)'" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="$(RepoRoot)\src\OpenTelemetry.Exporter.Prometheus.HttpListener\OpenTelemetry.Exporter.Prometheus.HttpListener.csproj" />
</ItemGroup>
</Project>

10
test/OpenTelemetry.Tests/OpenTelemetry.Tests.csproj
View File

@ -1,8 +1,10 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<Description>Unit test project for OpenTelemetry</Description>
<TargetFrameworks>$(TargetFrameworksForTests)</TargetFrameworks>
<NoWarn>$(NoWarn),CS0618</NoWarn>
<ReferenceCoyotePackages>true</ReferenceCoyotePackages>
<!-- this is temporary. will remove in future PR. -->
<Nullable>disable</Nullable>
@ -27,11 +29,7 @@
<ItemGroup>
<PackageReference Include="Microsoft.NET.Test.Sdk" />
<PackageReference Include="xunit" />
<PackageReference Include="xunit.runner.visualstudio" PrivateAssets="All">
<IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
</PackageReference>
<PackageReference Include="Microsoft.Coyote" />
<!-- System.Text.Json is indirect reference. It is needed to upgrade it directly to avoid https://github.com/advisories/GHSA-hh2w-p6rv-4g7w -->
<PackageReference Include="System.Text.Json" />
<PackageReference Include="xunit.runner.visualstudio" PrivateAssets="All" />
</ItemGroup>
</Project>