Bump Microsoft.ApplicationInsights.WorkerService from 2.23.0 to 3.1.0#80
Closed
dependabot[bot] wants to merge 1 commit into
Closed
Conversation
Contributor
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
Mikeoso
added a commit
that referenced
this pull request
Apr 14, 2026
Downgrades Microsoft.ApplicationInsights.WorkerService from 3.0.0 to 2.23.0 to maintain compatibility with the current Microsoft.Azure.Functions.Worker.ApplicationInsights 2.50.0 wiring. Note: this closes Dependabot PR #80 (Bump 3.0.0 → 3.1.0) by pinning below 3.x. Moving to 3.x is a separate piece of work that needs verification against the isolated-worker Application Insights integration. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
dependabot
Bot
force-pushed
the
dependabot/nuget/Microsoft.ApplicationInsights.WorkerService-3.1.0
branch
from
April 14, 2026 22:41
5485745 to
dd84080
Compare
Mikeoso
added a commit
that referenced
this pull request
Apr 15, 2026
…92) * fix(hosting): close generic CRUD handlers across assemblies in AddIntegratoR MediatR v12's RegisterGenericHandlers = true only closes open generic handlers against types in the same scanned assembly. The generic CRUD handlers (CreateCommandHandler<T>, UpdateCommandHandler<T>, ...) live in IntegratoR.Application and the F&O entities in IntegratoR.OData.FO, so the layer-local AddMediatR calls never saw the pair together and no closed IRequestHandler<CreateCommand<LedgerJournalHeader>, ...> was emitted. Runtime symptom: "No service for type 'MediatR.IRequestHandler< CreateCommand<LedgerJournalHeader>, Result<LedgerJournalHeader>>'". Add a step 3b in AddIntegratoR that scans both assemblies in one pass so MediatR can close every generic handler against every F&O entity. Layer- local AddMediatR calls are unchanged. Adds five Hosting.Tests that resolve IMediator from a real service provider and send CreateCommand, UpdateCommand, DeleteCommand, GetByKeyQuery, and GetByFilterQuery through the pipeline against a substituted IService<LedgerJournalHeader>. Would have caught the bug the day RegisterGenericHandlers was enabled. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(odata): normalise HttpClient BaseAddress trailing slash to preserve path segment .NET HttpClient.BaseAddress silently drops preceding path segments when a relative request URI starts with '/' UNLESS BaseAddress ends with '/'. Result: a configured URL of https://host/fo produced outgoing requests to https://host/LedgerJournalHeaders — the /fo segment was lost, causing 404s against APIM with an unhelpful error. Normalise the URL with TrimEnd('/') + "/" once inside AddHttpClient so consumers can write their configuration either way and both work. Apply the same value to ODataClientOptions.BaseUrl so PanoramicData's independent URI composition stays in lockstep. IOptions<ODataSettings> .Value.Url is intentionally NOT mutated — the public setting continues to reflect what the consumer wrote. Adds four OData.Tests: parameterised normalisation verification, end- to-end HttpClient URL capture via FakeHttpMessageHandler (the test that would have caught the live sandbox failure), BaseUrl/BaseAddress lockstep sanity, and a pin that IOptions<ODataSettings>.Value.Url is unchanged after DI setup. Completes the fix from PR #79. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(odata): adapter handling for D365 string-named enums and composite-key reads Two related adapter fixes that share one file: 1. D365 F&O OData v4 serialises enum values as string names (e.g. "PostingLayer": "Current"). STJ's default enum converter only handles numeric values, so every Create/Update response carrying an enum property threw on the round-trip in DeserializeResponse<T>. Register JsonStringEnumConverter once on the shared CaseInsensitiveOptions so every enum in every F&O entity going through the dictionary-payload path deserialises correctly. 2. PanoramicData's IBoundClient.Key only exposes Key(object). There is no overload for IDictionary<string, object> or params object[], so passing a composite-key dictionary fell through to Key(object) which calls .ToString() on the dict and produced a malformed OData key like "LedgerJournalHeaders(System.Collections.Generic.Dictionary`2 [System.String,System.Object])". Bypass Key() entirely for composite keys and build an OData $filter with eq predicates on each key field — the composite key is unique by definition so GetFirstOrDefaultAsync returns exactly one row. The filter literal formatter reuses the existing FormatValue in IntegratoRODataExpressionTranslator (promoted to internal) so the composite-key bypass and the filter/select/expand path stay in lockstep on every primitive type (Guid, DateOnly, TimeOnly, decimal-with-German-locale, etc.). Adds two regression tests pinning the JsonStringEnumConverter registration and the PropertyNameCaseInsensitive setting on the shared CaseInsensitiveOptions. The composite-key filter behaviour is covered by the existing IntegratoRODataExpressionTranslator tests because both paths now share the same formatter. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(odata.fo): include CurrencyCode in LedgerJournalLine create payload CurrencyCode was simultaneously [Required] AND marked with [ODataField(IgnoreOnCreate = true)]. The two attributes contradict each other: Required says consumers must set it, IgnoreOnCreate strips it from the wire payload. Result: D365 F&O rejected line creates for any journal template without a default currency configured (e.g. "Allgemein"), with the German error "Das Feld 'Währung' muss ausgefüllt werden". Remove the IgnoreOnCreate attribute. The property remains [Required] and [JsonPropertyName("CurrencyCode")] so the value reaches the wire exactly as the consumer supplied it. IgnoreOnCreate is reserved for server-generated fields (line numbers, voucher numbers, posting status) — never for consumer-supplied required data. Adds a reflection-based regression pin asserting CurrencyCode does not carry IgnoreOnCreate = true. Cheap, direct, and catches the specific regression shape. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat(odata): improve ExceptionHandler observability for 404s and APIM errors Two related improvements to surface errors that the previous code silently swallowed: 1. When an HTTP 404 is suppressed by treatNotFoundAsSuccess, log a Warning with the request URL so a human reviewing the logs can distinguish "entity genuinely gone" from "client built the wrong URL". The latter shape caused silent-failure orphans during the 2026-04-14 smoke-test session because the cleanup-delete suppression masked a malformed composite-key URL. The consumer-visible Result shape is unchanged — the suppression behaviour still returns Result.Ok — only observability improves. Also catches ODataClientException(404) with treatNotFoundAsSuccess via an exception filter, which the earlier code did not handle at all (only the internal ODataNotFoundException went through the suppression path). Extracts a single LogSuppressed404AndReturnOk helper so both code paths share the logging shape. 2. ExtractD365InnerError now falls back to a lenient string-indexing extractor when JsonDocument.Parse throws. APIM occasionally emits malformed JSON error bodies like {"error": "The provided value for "d365foenvironment" is not valid..."} — the unescaped inner quotes break strict JSON parsing. The lenient fallback surfaces the actual offending text so the consumer-visible error becomes something actionable instead of the generic "Request failed with status BadRequest". The strict JSON path is unchanged for well-formed D365 responses. Adds four OData.Tests: HTTP 404 suppression with warning logging, HTTP 404 without suppression still fails, lenient extraction of the real APIM body from 2026-04-14, and theory coverage for the lenient extractor's recognisable-key fallbacks. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore(deps): pin Microsoft.ApplicationInsights.WorkerService to 2.23.0 Downgrades Microsoft.ApplicationInsights.WorkerService from 3.0.0 to 2.23.0 to maintain compatibility with the current Microsoft.Azure.Functions.Worker.ApplicationInsights 2.50.0 wiring. Note: this closes Dependabot PR #80 (Bump 3.0.0 → 3.1.0) by pinning below 3.x. Moving to 3.x is a separate piece of work that needs verification against the isolated-worker Application Insights integration. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(odata): log normalised BaseAddress and clarify URI comment Addresses two Copilot review findings on PR #92: - The information log emitted `settings.Url` but the PanoramicData client was constructed from `normalisedUrl`. Operators chasing a trailing-slash bug would see the raw configured value instead of what the client actually uses. Now logs `normalisedUrl`. - Expanded the explanatory comment above `httpClient.BaseAddress` to describe the actual Uri composition rule: non-rooted relatives drop the trailing segment of BaseAddress unless it ends with `/`. Noted the trap-door that rooted relatives (`/foo`) would still replace the path regardless — this does not affect us because PanoramicData emits non-rooted relatives, but future maintainers should know. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(odata): tighten lenient error extractor and harden 404 log assertion Addresses two Copilot review findings on PR #92: - `ExtractLenientErrorMessage` used `LastIndexOf('"', lastBrace - 1)` to locate the terminating quote, which over-captured when `"error"` or `"message"` was not the last property of the malformed body. On input `{"error": "x", "details": "y"}` it returned `x","details":"y`. Now scans forward from the value start for the first quote followed by a structural JSON delimiter (`,` or `}`, ignoring whitespace). This still survives embedded unescaped quotes inside the value (the APIM bug the lenient path exists to work around) and correctly stops at the first property boundary. Two new InlineData cases pin the regression. - `ExecuteNonQueryAsync_HttpNotFoundTreatAsSuccess_ReturnsOkAndLogsWarningWithUrl` asserted via `Arg.Is<object>(state => ...)` on `ILogger.Log<TState>`. LogWarning dispatches through `Log<FormattedLogValues>`, so the closed generic type on the received call does not match `object`, leaving the matching semantics unclear. Switched to `_logger.ReceivedCalls()` inspection which is type-agnostic and unambiguously reads the state argument via reflection. Verified via mutation: removing the URL from the production log message correctly fails the new assertion. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(odata): guard NormaliseBaseUrl against null or whitespace URL Addresses a multi-agent review finding on PR #92: if `ODataSettings.Url` is missing or whitespace, `NormaliseBaseUrl("")` returned `"/"` and `new Uri("/")` threw `UriFormatException` at DI resolution — a misleading error for an operator who simply forgot to set `Url` in configuration. Now throws a clear `ArgumentException` explaining that the setting must be set to a non-empty absolute URL, with a pointer to `appsettings.json` / environment variables. Adds a `[Theory]` pinning the guard against null, empty string, and whitespace-only input. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(odata): validate composite-key dictionary before $filter interpolation Addresses a multi-agent security review finding on PR #92: `FindByKeyAsync` interpolated `kv.Key` from the composite-key dictionary directly into the OData `$filter` expression. Framework-internal callers always pass reflection-derived wire names via `ODataService.BuildCompositeKeyObject` + `PropertyNameResolver`, so the exploit path is purely theoretical today — but `IODataClientAdapter` is public, and a consumer bypassing `ODataService` could pass a tainted dictionary (e.g. `"JournalNum eq '1' or 1 eq 1"`) that would silently broaden the filter. Two synchronous guards added at the start of the composite-key branch: - Empty dictionary → `ArgumentException` (previously would emit a blank `$filter` and silently return an arbitrary row via `GetFirstOrDefaultAsync`). - Each key must match `^[A-Za-z_][A-Za-z0-9_.]*$` via a new private `IsValidODataFieldName` helper. Rejects injection attempts, leading digits, whitespace, and special characters. Permits dots for qualified names (`Contoso.JournalNum`) and leading underscores. `IODataClientAdapter.FindByKeyAsync` xmldoc updated to spell out the contract: callers must supply OData wire names (attribute-derived, not CLR property names), and the identifier pattern is pinned to the regex above. New test file `ODataClientAdapterCompositeKeyGuardTests` pins: - empty-dict guard - 5 injection / invalid-key cases (trailing OData clause, embedded space, leading digit, special character, empty segment) - 4 legitimate-key cases tested via reflection on the private helper (camelCase, PascalCase, qualified, leading underscore) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * test(odata): pin error/message precedence in ExtractLenientErrorMessage Addresses a low-severity test-coverage gap from a multi-agent review on PR #92: the extractor prefers the inner `"message"` key over the outer `"error"` key when both are present (matching D365's `error.innererror.message` wrapping), but that precedence rule had no direct regression test. Adds one `InlineData` case: {"error": {"code": "BadRequest", "message": "inner text"}} → "inner text" Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
--- updated-dependencies: - dependency-name: Microsoft.ApplicationInsights.WorkerService dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/nuget/Microsoft.ApplicationInsights.WorkerService-3.1.0
branch
from
April 15, 2026 08:11
dd84080 to
7125991
Compare
Owner
|
Holding for now. WorkerService 3.x is a breaking OpenTelemetry rewrite and the isolated-worker integration ( |
Contributor
Author
|
Superseded by #124. |
dependabot
Bot
deleted the
dependabot/nuget/Microsoft.ApplicationInsights.WorkerService-3.1.0
branch
June 29, 2026 19:33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updated Microsoft.ApplicationInsights.WorkerService from 2.23.0 to 3.1.0.
Release notes
Sourced from Microsoft.ApplicationInsights.WorkerService's releases.
3.1.0
Version 3.1.0
TelemetryContextproperties public and propagate them viaTelemetryClient.APPLICATIONINSIGHTS_CONNECTION_STRINGenvironment variable for Base, Web, and NLog packages when connection string is not set via code.OTEL_SDK_DISABLEDnot being honored whenTelemetryConfiguration.DisableTelemetryis set in DI scenarios., #3157TrackAvailabilityignoring user-specifiedTimestamponAvailabilityTelemetry. The timestamp is now emitted asmicrosoft.availability.testTimestampso downstream exporters can use the correct event time.netstandard2.0target framework toMicrosoft.ApplicationInsightspackage to support customers with shared libraries targeting netstandard2.0.TelemetryClient.Context.Cloud.RoleNameset after construction now applies to all telemetry.NullReferenceExceptioninTelemetryClient.Flush()andFlushAsync()when called from DI scenariosApplicationVersionignored:ApplicationInsightsServiceOptions.ApplicationVersionis now applied asservice.versionon the OpenTelemetry Resource for both AspNetCore and WorkerService packagesHttpRequestExtensions.UnvalidatedGetHeaderalways returning empty string instead of the actual header value. Restored max-length enforcement to guard against oversized header values.3.0.0
netstandard2.0withnet8.0target framework inMicrosoft.ApplicationInsights.NLogTargetpackage.3.0.0-rc1
netstandard2.0target framework fromMicrosoft.ApplicationInsights,Microsoft.ApplicationInsights.AspNetCore, andMicrosoft.ApplicationInsights.WorkerServicepackages.Microsoft.ApplicationInsights.AspNetCorehas been updated to version 10.EnabledAdaptiveSamplingand replaced withTracesPerSecondandSamplingRatioEnableTraceBasedLogsSamplerproperty toApplicationInsightsServiceOptionsfor ASP.NET Core and WorkerService packagesStorageDirectoryandDisableOfflineStoragefromTelemetryConfigurationin DI scenarios3.0.0-beta2
Added
Bug fix
3.0.0-beta1
Commits viewable in compare view.