Skip to content

Bump Microsoft.ApplicationInsights.WorkerService from 2.23.0 to 3.1.0#80

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/Microsoft.ApplicationInsights.WorkerService-3.1.0
Closed

Bump Microsoft.ApplicationInsights.WorkerService from 2.23.0 to 3.1.0#80
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/Microsoft.ApplicationInsights.WorkerService-3.1.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 6, 2026

Copy link
Copy Markdown
Contributor

Updated Microsoft.ApplicationInsights.WorkerService from 2.23.0 to 3.1.0.

Release notes

Sourced from Microsoft.ApplicationInsights.WorkerService's releases.

3.1.0

Version 3.1.0

3.0.0

3.0.0-rc1

3.0.0-beta2

Added

  • Automatic configuration binding from "ApplicationInsights" section in appsettings.json for both AspNetCore and WorkerService packages with configuration precedence: environment variables > explicit configuration > appsettings.json
  • Added support for Entra ID (Azure Active Directory) authentication using Azure.Core.TokenCredential
  • Added Self Diagnostics feature
  • Updated the default sampler from Fixed Rate to Rate-Limited Sampling.
  • Update Azure Monitor Exporter to 1.6.0-beta.2
  • Add comprehensive applicationinsights.config support
  • Add properties in TelemetryConfiguration to configure underlying exporter

Bug fix

  • Fix TrackMetric(MetricTelemetry) unsupported telemetry type error

3.0.0-beta1

  • The following Application Insights packages in this repo now use OpenTelemetry internally. OpenTelemetry is the industry standard for telemetry collection and provides better interoperability with other observability tools.
    • Microsoft.ApplicationInsights
    • Microsoft.ApplicationInsights.AspNetCore
    • Microsoft.ApplicationInsights.WorkerService
    • Microsoft.ApplicationInsights.Web
    • Microsoft.ApplicationInsights.NLogTarget
  • Classic APIs of the above packages are preserved; calls are translated to OpenTelemetry telemetry.
  • Other packages not listed above (such as certain auto-collectors and logging adapters that were published from this repo previously) will not have future versions published. See BreakingChanges.md for details.

Commits viewable in compare view.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot @github

dependabot Bot commented on behalf of github Apr 6, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot
dependabot Bot requested a review from Mikeoso as a code owner April 6, 2026 19:39
Mikeoso added a commit that referenced this pull request Apr 14, 2026
Downgrades Microsoft.ApplicationInsights.WorkerService from 3.0.0 to
2.23.0 to maintain compatibility with the current
Microsoft.Azure.Functions.Worker.ApplicationInsights 2.50.0 wiring.

Note: this closes Dependabot PR #80 (Bump 3.0.0 → 3.1.0) by pinning
below 3.x. Moving to 3.x is a separate piece of work that needs
verification against the isolated-worker Application Insights
integration.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@dependabot
dependabot Bot force-pushed the dependabot/nuget/Microsoft.ApplicationInsights.WorkerService-3.1.0 branch from 5485745 to dd84080 Compare April 14, 2026 22:41
Mikeoso added a commit that referenced this pull request Apr 15, 2026
…92)

* fix(hosting): close generic CRUD handlers across assemblies in AddIntegratoR

MediatR v12's RegisterGenericHandlers = true only closes open generic
handlers against types in the same scanned assembly. The generic CRUD
handlers (CreateCommandHandler<T>, UpdateCommandHandler<T>, ...) live in
IntegratoR.Application and the F&O entities in IntegratoR.OData.FO, so
the layer-local AddMediatR calls never saw the pair together and no
closed IRequestHandler<CreateCommand<LedgerJournalHeader>, ...> was
emitted. Runtime symptom: "No service for type 'MediatR.IRequestHandler<
CreateCommand<LedgerJournalHeader>, Result<LedgerJournalHeader>>'".

Add a step 3b in AddIntegratoR that scans both assemblies in one pass so
MediatR can close every generic handler against every F&O entity. Layer-
local AddMediatR calls are unchanged.

Adds five Hosting.Tests that resolve IMediator from a real service
provider and send CreateCommand, UpdateCommand, DeleteCommand,
GetByKeyQuery, and GetByFilterQuery through the pipeline against a
substituted IService<LedgerJournalHeader>. Would have caught the bug
the day RegisterGenericHandlers was enabled.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(odata): normalise HttpClient BaseAddress trailing slash to preserve path segment

.NET HttpClient.BaseAddress silently drops preceding path segments when
a relative request URI starts with '/' UNLESS BaseAddress ends with '/'.
Result: a configured URL of https://host/fo produced outgoing requests
to https://host/LedgerJournalHeaders — the /fo segment was lost,
causing 404s against APIM with an unhelpful error.

Normalise the URL with TrimEnd('/') + "/" once inside AddHttpClient so
consumers can write their configuration either way and both work.
Apply the same value to ODataClientOptions.BaseUrl so PanoramicData's
independent URI composition stays in lockstep. IOptions<ODataSettings>
.Value.Url is intentionally NOT mutated — the public setting continues
to reflect what the consumer wrote.

Adds four OData.Tests: parameterised normalisation verification, end-
to-end HttpClient URL capture via FakeHttpMessageHandler (the test that
would have caught the live sandbox failure), BaseUrl/BaseAddress
lockstep sanity, and a pin that IOptions<ODataSettings>.Value.Url is
unchanged after DI setup.

Completes the fix from PR #79.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(odata): adapter handling for D365 string-named enums and composite-key reads

Two related adapter fixes that share one file:

1. D365 F&O OData v4 serialises enum values as string names (e.g.
   "PostingLayer": "Current"). STJ's default enum converter only
   handles numeric values, so every Create/Update response carrying an
   enum property threw on the round-trip in DeserializeResponse<T>.
   Register JsonStringEnumConverter once on the shared
   CaseInsensitiveOptions so every enum in every F&O entity going
   through the dictionary-payload path deserialises correctly.

2. PanoramicData's IBoundClient.Key only exposes Key(object). There is
   no overload for IDictionary<string, object> or params object[], so
   passing a composite-key dictionary fell through to Key(object) which
   calls .ToString() on the dict and produced a malformed OData key
   like "LedgerJournalHeaders(System.Collections.Generic.Dictionary`2
   [System.String,System.Object])". Bypass Key() entirely for composite
   keys and build an OData $filter with eq predicates on each key
   field — the composite key is unique by definition so
   GetFirstOrDefaultAsync returns exactly one row.

The filter literal formatter reuses the existing FormatValue in
IntegratoRODataExpressionTranslator (promoted to internal) so the
composite-key bypass and the filter/select/expand path stay in
lockstep on every primitive type (Guid, DateOnly, TimeOnly,
decimal-with-German-locale, etc.).

Adds two regression tests pinning the JsonStringEnumConverter
registration and the PropertyNameCaseInsensitive setting on the
shared CaseInsensitiveOptions. The composite-key filter behaviour is
covered by the existing IntegratoRODataExpressionTranslator tests
because both paths now share the same formatter.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(odata.fo): include CurrencyCode in LedgerJournalLine create payload

CurrencyCode was simultaneously [Required] AND marked with
[ODataField(IgnoreOnCreate = true)]. The two attributes contradict each
other: Required says consumers must set it, IgnoreOnCreate strips it
from the wire payload. Result: D365 F&O rejected line creates for any
journal template without a default currency configured (e.g.
"Allgemein"), with the German error "Das Feld 'Währung' muss ausgefüllt
werden".

Remove the IgnoreOnCreate attribute. The property remains [Required]
and [JsonPropertyName("CurrencyCode")] so the value reaches the wire
exactly as the consumer supplied it. IgnoreOnCreate is reserved for
server-generated fields (line numbers, voucher numbers, posting
status) — never for consumer-supplied required data.

Adds a reflection-based regression pin asserting CurrencyCode does not
carry IgnoreOnCreate = true. Cheap, direct, and catches the specific
regression shape.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* feat(odata): improve ExceptionHandler observability for 404s and APIM errors

Two related improvements to surface errors that the previous code
silently swallowed:

1. When an HTTP 404 is suppressed by treatNotFoundAsSuccess, log a
   Warning with the request URL so a human reviewing the logs can
   distinguish "entity genuinely gone" from "client built the wrong
   URL". The latter shape caused silent-failure orphans during the
   2026-04-14 smoke-test session because the cleanup-delete suppression
   masked a malformed composite-key URL. The consumer-visible Result
   shape is unchanged — the suppression behaviour still returns
   Result.Ok — only observability improves.

   Also catches ODataClientException(404) with treatNotFoundAsSuccess
   via an exception filter, which the earlier code did not handle at
   all (only the internal ODataNotFoundException went through the
   suppression path). Extracts a single LogSuppressed404AndReturnOk
   helper so both code paths share the logging shape.

2. ExtractD365InnerError now falls back to a lenient string-indexing
   extractor when JsonDocument.Parse throws. APIM occasionally emits
   malformed JSON error bodies like {"error": "The provided value for
   "d365foenvironment" is not valid..."} — the unescaped inner quotes
   break strict JSON parsing. The lenient fallback surfaces the actual
   offending text so the consumer-visible error becomes something
   actionable instead of the generic "Request failed with status
   BadRequest". The strict JSON path is unchanged for well-formed
   D365 responses.

Adds four OData.Tests: HTTP 404 suppression with warning logging, HTTP
404 without suppression still fails, lenient extraction of the real
APIM body from 2026-04-14, and theory coverage for the lenient
extractor's recognisable-key fallbacks.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* chore(deps): pin Microsoft.ApplicationInsights.WorkerService to 2.23.0

Downgrades Microsoft.ApplicationInsights.WorkerService from 3.0.0 to
2.23.0 to maintain compatibility with the current
Microsoft.Azure.Functions.Worker.ApplicationInsights 2.50.0 wiring.

Note: this closes Dependabot PR #80 (Bump 3.0.0 → 3.1.0) by pinning
below 3.x. Moving to 3.x is a separate piece of work that needs
verification against the isolated-worker Application Insights
integration.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(odata): log normalised BaseAddress and clarify URI comment

Addresses two Copilot review findings on PR #92:

- The information log emitted `settings.Url` but the PanoramicData client
  was constructed from `normalisedUrl`. Operators chasing a trailing-slash
  bug would see the raw configured value instead of what the client
  actually uses. Now logs `normalisedUrl`.

- Expanded the explanatory comment above `httpClient.BaseAddress` to
  describe the actual Uri composition rule: non-rooted relatives drop
  the trailing segment of BaseAddress unless it ends with `/`. Noted
  the trap-door that rooted relatives (`/foo`) would still replace the
  path regardless — this does not affect us because PanoramicData emits
  non-rooted relatives, but future maintainers should know.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(odata): tighten lenient error extractor and harden 404 log assertion

Addresses two Copilot review findings on PR #92:

- `ExtractLenientErrorMessage` used `LastIndexOf('"', lastBrace - 1)` to
  locate the terminating quote, which over-captured when `"error"` or
  `"message"` was not the last property of the malformed body. On input
  `{"error": "x", "details": "y"}` it returned `x","details":"y`. Now
  scans forward from the value start for the first quote followed by a
  structural JSON delimiter (`,` or `}`, ignoring whitespace). This still
  survives embedded unescaped quotes inside the value (the APIM bug the
  lenient path exists to work around) and correctly stops at the first
  property boundary. Two new InlineData cases pin the regression.

- `ExecuteNonQueryAsync_HttpNotFoundTreatAsSuccess_ReturnsOkAndLogsWarningWithUrl`
  asserted via `Arg.Is<object>(state => ...)` on `ILogger.Log<TState>`.
  LogWarning dispatches through `Log<FormattedLogValues>`, so the closed
  generic type on the received call does not match `object`, leaving the
  matching semantics unclear. Switched to `_logger.ReceivedCalls()`
  inspection which is type-agnostic and unambiguously reads the state
  argument via reflection. Verified via mutation: removing the URL from
  the production log message correctly fails the new assertion.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(odata): guard NormaliseBaseUrl against null or whitespace URL

Addresses a multi-agent review finding on PR #92: if `ODataSettings.Url`
is missing or whitespace, `NormaliseBaseUrl("")` returned `"/"` and
`new Uri("/")` threw `UriFormatException` at DI resolution — a
misleading error for an operator who simply forgot to set `Url` in
configuration. Now throws a clear `ArgumentException` explaining that
the setting must be set to a non-empty absolute URL, with a pointer to
`appsettings.json` / environment variables.

Adds a `[Theory]` pinning the guard against null, empty string, and
whitespace-only input.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* fix(odata): validate composite-key dictionary before $filter interpolation

Addresses a multi-agent security review finding on PR #92:
`FindByKeyAsync` interpolated `kv.Key` from the composite-key dictionary
directly into the OData `$filter` expression. Framework-internal callers
always pass reflection-derived wire names via
`ODataService.BuildCompositeKeyObject` + `PropertyNameResolver`, so the
exploit path is purely theoretical today — but `IODataClientAdapter` is
public, and a consumer bypassing `ODataService` could pass a tainted
dictionary (e.g. `"JournalNum eq '1' or 1 eq 1"`) that would silently
broaden the filter.

Two synchronous guards added at the start of the composite-key branch:

- Empty dictionary → `ArgumentException` (previously would emit a blank
  `$filter` and silently return an arbitrary row via
  `GetFirstOrDefaultAsync`).

- Each key must match `^[A-Za-z_][A-Za-z0-9_.]*$` via a new private
  `IsValidODataFieldName` helper. Rejects injection attempts, leading
  digits, whitespace, and special characters. Permits dots for qualified
  names (`Contoso.JournalNum`) and leading underscores.

`IODataClientAdapter.FindByKeyAsync` xmldoc updated to spell out the
contract: callers must supply OData wire names (attribute-derived, not
CLR property names), and the identifier pattern is pinned to the
regex above.

New test file `ODataClientAdapterCompositeKeyGuardTests` pins:
- empty-dict guard
- 5 injection / invalid-key cases (trailing OData clause, embedded
  space, leading digit, special character, empty segment)
- 4 legitimate-key cases tested via reflection on the private helper
  (camelCase, PascalCase, qualified, leading underscore)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* test(odata): pin error/message precedence in ExtractLenientErrorMessage

Addresses a low-severity test-coverage gap from a multi-agent review on
PR #92: the extractor prefers the inner `"message"` key over the outer
`"error"` key when both are present (matching D365's
`error.innererror.message` wrapping), but that precedence rule had no
direct regression test.

Adds one `InlineData` case:
  {"error": {"code": "BadRequest", "message": "inner text"}} → "inner text"

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
updated-dependencies:
- dependency-name: Microsoft.ApplicationInsights.WorkerService
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump Microsoft.ApplicationInsights.WorkerService from 3.0.0 to 3.1.0 Bump Microsoft.ApplicationInsights.WorkerService from 2.23.0 to 3.1.0 Apr 15, 2026
@dependabot
dependabot Bot force-pushed the dependabot/nuget/Microsoft.ApplicationInsights.WorkerService-3.1.0 branch from dd84080 to 7125991 Compare April 15, 2026 08:11
@Mikeoso

Mikeoso commented Jun 29, 2026

Copy link
Copy Markdown
Owner

Holding for now. WorkerService 3.x is a breaking OpenTelemetry rewrite and the isolated-worker integration (Microsoft.Azure.Functions.Worker.ApplicationInsights 2.50.0) does not support it yet — ConfigureFunctionsApplicationInsights() throws TypeLoadException on ITelemetryInitializer at host startup (Azure/azure-functions-dotnet-worker#3318). Leaving this open; revisit and bump both packages together once the worker package ships v3/OTel support.

@dependabot @github

dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #124.

@dependabot dependabot Bot closed this Jun 29, 2026
@dependabot
dependabot Bot deleted the dependabot/nuget/Microsoft.ApplicationInsights.WorkerService-3.1.0 branch June 29, 2026 19:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant