Skip to content

chore(deps): Bump the dependencies group with 8 updates#227

Merged
SoulPancake merged 1 commit into
mainfrom
dependabot/nuget/example/OpenTelemetryExample/dependencies-dd7fdeeb1b
Jul 2, 2026
Merged

chore(deps): Bump the dependencies group with 8 updates#227
SoulPancake merged 1 commit into
mainfrom
dependabot/nuget/example/OpenTelemetryExample/dependencies-dd7fdeeb1b

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Updated Microsoft.Bcl.AsyncInterfaces from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Bcl.AsyncInterfaces's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated OpenTelemetry from 1.15.3 to 1.16.0.

Release notes

Sourced from OpenTelemetry's releases.

1.16.0

For highlights and announcements pertaining to this release see: Release Notes > 1.16.0.

The following changes are from the previous release 1.16.0-rc.1.

... (truncated)

1.16.0-rc.1

The following changes are from the previous release 1.15.3.

  • NuGet: OpenTelemetry v1.16.0-rc.1

    • Stop validating View-provided metric stream Name against the instrument
      name syntax, per
      spec clarification.
      (#​7300)

    • Fix incorrect validation of OTEL_BSP_* and OTEL_BLRP_* environment
      variables.
      (#​7187)

    • Fix observable instrument callbacks running once per reader instead of
      once per collection cycle.
      (#​7188)

    • Added exception safety for user-supplied ExemplarReservoir implementations.
      Exceptions thrown from Offer are now caught and logged rather than propagating
      out of Counter.Add/Histogram.Record.
      (#​7277)

    • Update OpenTelemetrySdkEventSource to support the W3C randomness flag.
      (#​7301)

    • Added ObservedTimestamp property to LogRecord.
      (#​6979)

    • Breaking Change Explicit histogram boundaries no longer allow more than
      10 million values.
      (#​7165)

    • Fixed a circular reference which could cause a LoggerProvider to fail to
      resolve when one of its dependencies depends on ILogger or ILoggerFactory.
      As part of this fix the LoggerProvider resolved from dependency injection
      is now created lazily when the first logger is created rather than when
      ILoggerProvider or ILoggerFactory is resolved. A consequence is that any
      invalid configuration now surfaces when the first log record is written instead
      of when the logging services are resolved.
      (#​7308)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api v1.16.0-rc.1

    • Experimental (pre-release builds only):
      Add support for using environment variables as context propagation carriers.
      (#​7174)

    • Fix BaggagePropagator to correctly follow Key and Value Encoding rules as per
      ... (truncated)

1.16.0-beta.1

The following changes are from the previous release 1.15.3-beta.1.

  • NuGet: OpenTelemetry.Exporter.Prometheus.AspNetCore v1.16.0-beta.1

    • Fixed scrape response cache freshness using monotonic time so it is not
      affected by NTP system clock adjustments.
      (#​7253)

    • Breaking Change Removed DisableTimestamp property from
      PrometheusAspNetCoreOptions.
      (#​7176)

    • Fixed the serialization of NaN, PositiveInfinity, and NegativeInfinity
      values in Prometheus metrics to be compliant with the specification.
      (#​7179)

    • Fixed loss of precision when serializing double and float values in
      Prometheus metrics to be compliant with the specification by using 17
      significant digits to represent such values.
      (#​7179)

    • Fix non-ASCII characters in metric names and unit strings not being sanitized
      correctly during Prometheus serialization.
      (#​7184)

    • Fix case where reader tracking could be reset while readers were still active.
      (#​7190)

    • Improve Accept header handling for format negotiation so OpenMetrics is
      selected correctly by considering whitespace and q weights.
      (#​7208)

    • Emit OpenMetrics exemplars for counters and histogram buckets.
      (#​7222)

    • Fix incorrect handling of untyped metrics when using OpenMetrics format.
      (#​7219)

    • Fix Prometheus/OpenMetrics serialization to emit metric and label names
      containing _ instead of dropping them and prefixing leading digits.
      Invalid characters are replaced with _ instead of being dropped.
      (#​7209)

    • Add escaping=underscores to the Accept header handling for content
      negotiation so OpenMetrics are handled correctly.
      (#​7209)

    • Omit histogram _sum and _count in OpenMetrics when negative bucket
      thresholds are present.
      (#​7221)
      ... (truncated)

Commits viewable in compare view.

Updated OpenTelemetry.Exporter.Console from 1.15.3 to 1.16.0.

Release notes

Sourced from OpenTelemetry.Exporter.Console's releases.

1.16.0

For highlights and announcements pertaining to this release see: Release Notes > 1.16.0.

The following changes are from the previous release 1.16.0-rc.1.

... (truncated)

1.16.0-rc.1

The following changes are from the previous release 1.15.3.

  • NuGet: OpenTelemetry v1.16.0-rc.1

    • Stop validating View-provided metric stream Name against the instrument
      name syntax, per
      spec clarification.
      (#​7300)

    • Fix incorrect validation of OTEL_BSP_* and OTEL_BLRP_* environment
      variables.
      (#​7187)

    • Fix observable instrument callbacks running once per reader instead of
      once per collection cycle.
      (#​7188)

    • Added exception safety for user-supplied ExemplarReservoir implementations.
      Exceptions thrown from Offer are now caught and logged rather than propagating
      out of Counter.Add/Histogram.Record.
      (#​7277)

    • Update OpenTelemetrySdkEventSource to support the W3C randomness flag.
      (#​7301)

    • Added ObservedTimestamp property to LogRecord.
      (#​6979)

    • Breaking Change Explicit histogram boundaries no longer allow more than
      10 million values.
      (#​7165)

    • Fixed a circular reference which could cause a LoggerProvider to fail to
      resolve when one of its dependencies depends on ILogger or ILoggerFactory.
      As part of this fix the LoggerProvider resolved from dependency injection
      is now created lazily when the first logger is created rather than when
      ILoggerProvider or ILoggerFactory is resolved. A consequence is that any
      invalid configuration now surfaces when the first log record is written instead
      of when the logging services are resolved.
      (#​7308)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api v1.16.0-rc.1

    • Experimental (pre-release builds only):
      Add support for using environment variables as context propagation carriers.
      (#​7174)

    • Fix BaggagePropagator to correctly follow Key and Value Encoding rules as per
      ... (truncated)

1.16.0-beta.1

The following changes are from the previous release 1.15.3-beta.1.

  • NuGet: OpenTelemetry.Exporter.Prometheus.AspNetCore v1.16.0-beta.1

    • Fixed scrape response cache freshness using monotonic time so it is not
      affected by NTP system clock adjustments.
      (#​7253)

    • Breaking Change Removed DisableTimestamp property from
      PrometheusAspNetCoreOptions.
      (#​7176)

    • Fixed the serialization of NaN, PositiveInfinity, and NegativeInfinity
      values in Prometheus metrics to be compliant with the specification.
      (#​7179)

    • Fixed loss of precision when serializing double and float values in
      Prometheus metrics to be compliant with the specification by using 17
      significant digits to represent such values.
      (#​7179)

    • Fix non-ASCII characters in metric names and unit strings not being sanitized
      correctly during Prometheus serialization.
      (#​7184)

    • Fix case where reader tracking could be reset while readers were still active.
      (#​7190)

    • Improve Accept header handling for format negotiation so OpenMetrics is
      selected correctly by considering whitespace and q weights.
      (#​7208)

    • Emit OpenMetrics exemplars for counters and histogram buckets.
      (#​7222)

    • Fix incorrect handling of untyped metrics when using OpenMetrics format.
      (#​7219)

    • Fix Prometheus/OpenMetrics serialization to emit metric and label names
      containing _ instead of dropping them and prefixing leading digits.
      Invalid characters are replaced with _ instead of being dropped.
      (#​7209)

    • Add escaping=underscores to the Accept header handling for content
      negotiation so OpenMetrics are handled correctly.
      (#​7209)

    • Omit histogram _sum and _count in OpenMetrics when negative bucket
      thresholds are present.
      (#​7221)
      ... (truncated)

Commits viewable in compare view.

Updated OpenTelemetry.Exporter.OpenTelemetryProtocol from 1.15.3 to 1.16.0.

Release notes

Sourced from OpenTelemetry.Exporter.OpenTelemetryProtocol's releases.

1.16.0

For highlights and announcements pertaining to this release see: Release Notes > 1.16.0.

The following changes are from the previous release 1.16.0-rc.1.

... (truncated)

1.16.0-rc.1

The following changes are from the previous release 1.15.3.

  • NuGet: OpenTelemetry v1.16.0-rc.1

    • Stop validating View-provided metric stream Name against the instrument
      name syntax, per
      spec clarification.
      (#​7300)

    • Fix incorrect validation of OTEL_BSP_* and OTEL_BLRP_* environment
      variables.
      (#​7187)

    • Fix observable instrument callbacks running once per reader instead of
      once per collection cycle.
      (#​7188)

    • Added exception safety for user-supplied ExemplarReservoir implementations.
      Exceptions thrown from Offer are now caught and logged rather than propagating
      out of Counter.Add/Histogram.Record.
      (#​7277)

    • Update OpenTelemetrySdkEventSource to support the W3C randomness flag.
      (#​7301)

    • Added ObservedTimestamp property to LogRecord.
      (#​6979)

    • Breaking Change Explicit histogram boundaries no longer allow more than
      10 million values.
      (#​7165)

    • Fixed a circular reference which could cause a LoggerProvider to fail to
      resolve when one of its dependencies depends on ILogger or ILoggerFactory.
      As part of this fix the LoggerProvider resolved from dependency injection
      is now created lazily when the first logger is created rather than when
      ILoggerProvider or ILoggerFactory is resolved. A consequence is that any
      invalid configuration now surfaces when the first log record is written instead
      of when the logging services are resolved.
      (#​7308)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api v1.16.0-rc.1

    • Experimental (pre-release builds only):
      Add support for using environment variables as context propagation carriers.
      (#​7174)

    • Fix BaggagePropagator to correctly follow Key and Value Encoding rules as per
      ... (truncated)

1.16.0-beta.1

The following changes are from the previous release 1.15.3-beta.1.

  • NuGet: OpenTelemetry.Exporter.Prometheus.AspNetCore v1.16.0-beta.1

    • Fixed scrape response cache freshness using monotonic time so it is not
      affected by NTP system clock adjustments.
      (#​7253)

    • Breaking Change Removed DisableTimestamp property from
      PrometheusAspNetCoreOptions.
      (#​7176)

    • Fixed the serialization of NaN, PositiveInfinity, and NegativeInfinity
      values in Prometheus metrics to be compliant with the specification.
      (#​7179)

    • Fixed loss of precision when serializing double and float values in
      Prometheus metrics to be compliant with the specification by using 17
      significant digits to represent such values.
      (#​7179)

    • Fix non-ASCII characters in metric names and unit strings not being sanitized
      correctly during Prometheus serialization.
      (#​7184)

    • Fix case where reader tracking could be reset while readers were still active.
      (#​7190)

    • Improve Accept header handling for format negotiation so OpenMetrics is
      selected correctly by considering whitespace and q weights.
      (#​7208)

    • Emit OpenMetrics exemplars for counters and histogram buckets.
      (#​7222)

    • Fix incorrect handling of untyped metrics when using OpenMetrics format.
      (#​7219)

    • Fix Prometheus/OpenMetrics serialization to emit metric and label names
      containing _ instead of dropping them and prefixing leading digits.
      Invalid characters are replaced with _ instead of being dropped.
      (#​7209)

    • Add escaping=underscores to the Accept header handling for content
      negotiation so OpenMetrics are handled correctly.
      (#​7209)

    • Omit histogram _sum and _count in OpenMetrics when negative bucket
      thresholds are present.
      (#​7221)
      ... (truncated)

Commits viewable in compare view.

Updated OpenTelemetry.Instrumentation.Http from 1.15.1 to 1.16.0.

Release notes

Sourced from OpenTelemetry.Instrumentation.Http's releases.

1.16.0

1.16.0-beta.1

1.16.0-alpha.1

1.15.2

Commits viewable in compare view.

Updated System.Diagnostics.DiagnosticSource from 10.0.7 to 10.0.9.

Release notes

Sourced from System.Diagnostics.DiagnosticSource's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated System.Net.Http.Json from 10.0.7 to 10.0.9.

Release notes

Sourced from System.Net.Http.Json's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated System.Net.Http.Json from 10.0.8 to 10.0.9.

Release notes

Sourced from System.Net.Http.Json's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated System.Text.Json from 10.0.7 to 10.0.9.

Release notes

Sourced from System.Text.Json's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated System.Text.Json from 10.0.8 to 10.0.9.

Release notes

Sourced from System.Text.Json's releases.

No release notes found for this version range.

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps Microsoft.Bcl.AsyncInterfaces from 10.0.8 to 10.0.9
Bumps OpenTelemetry from 1.15.3 to 1.16.0
Bumps OpenTelemetry.Exporter.Console from 1.15.3 to 1.16.0
Bumps OpenTelemetry.Exporter.OpenTelemetryProtocol from 1.15.3 to 1.16.0
Bumps OpenTelemetry.Instrumentation.Http from 1.15.1 to 1.16.0
Bumps System.Diagnostics.DiagnosticSource from 10.0.7 to 10.0.9
Bumps System.Net.Http.Json to 10.0.9
Bumps System.Text.Json to 10.0.9

---
updated-dependencies:
- dependency-name: Microsoft.Bcl.AsyncInterfaces
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: System.Diagnostics.DiagnosticSource
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: System.Net.Http.Json
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: System.Text.Json
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: Microsoft.Bcl.AsyncInterfaces
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: Microsoft.Bcl.AsyncInterfaces
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: System.Diagnostics.DiagnosticSource
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: System.Net.Http.Json
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: System.Text.Json
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: OpenTelemetry
  dependency-version: 1.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: OpenTelemetry.Exporter.Console
  dependency-version: 1.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: OpenTelemetry.Exporter.OpenTelemetryProtocol
  dependency-version: 1.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: OpenTelemetry.Instrumentation.Http
  dependency-version: 1.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: Microsoft.Bcl.AsyncInterfaces
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file labels Jul 1, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 1, 2026 19:31
Copilot AI review requested due to automatic review settings July 1, 2026 19:31
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file .NET Pull requests that update .net code labels Jul 1, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot can't review bot-authored pull requests automatically. A user with Copilot access can request a review manually.

@socket-security

Copy link
Copy Markdown

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
License policy violation: nuget microsoft.bcl.asyncinterfaces under Unicode-3.0

License: Unicode-3.0 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: W3C-20150513 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: HP-1989 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: LPL-1.02 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: GPL-2.0-or-later WITH Classpath-exception-2.0 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: NIST-Software - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

From: src/OpenFga.Sdk.Test/OpenFga.Sdk.Test.csprojnuget/microsoft.bcl.asyncinterfaces@10.0.9

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/microsoft.bcl.asyncinterfaces@10.0.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: nuget system.io.pipelines under Unicode-3.0

License: Unicode-3.0 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: W3C-20150513 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: HP-1989 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: LPL-1.02 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: GPL-2.0-or-later WITH Classpath-exception-2.0 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: NIST-Software - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

From: src/OpenFga.Sdk.Test/OpenFga.Sdk.Test.csprojnuget/system.text.json@10.0.9nuget/system.io.pipelines@10.0.9

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/system.io.pipelines@10.0.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: nuget system.net.http.json under Unicode-3.0

License: Unicode-3.0 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: W3C-20150513 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: HP-1989 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: LPL-1.02 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: GPL-2.0-or-later WITH Classpath-exception-2.0 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: NIST-Software - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

From: src/OpenFga.Sdk.Test/OpenFga.Sdk.Test.csprojnuget/system.net.http.json@10.0.9

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/system.net.http.json@10.0.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: nuget system.text.encodings.web under Unicode-3.0

License: Unicode-3.0 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: W3C-20150513 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: HP-1989 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: LPL-1.02 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: GPL-2.0-or-later WITH Classpath-exception-2.0 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: NIST-Software - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

From: src/OpenFga.Sdk.Test/OpenFga.Sdk.Test.csprojnuget/system.text.json@10.0.9nuget/system.text.encodings.web@10.0.9

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/system.text.encodings.web@10.0.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
License policy violation: nuget system.text.json under Unicode-3.0

License: Unicode-3.0 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: W3C-20150513 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: HP-1989 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: LPL-1.02 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: GPL-2.0-or-later WITH Classpath-exception-2.0 - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

License: NIST-Software - The applicable license policy does not permit this license (5) (THIRD-PARTY-NOTICES.TXT)

From: src/OpenFga.Sdk.Test/OpenFga.Sdk.Test.csprojnuget/system.text.json@10.0.9

ℹ Read more on: This package | This alert | What is a license policy violation?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/system.text.json@10.0.9. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@SoulPancake SoulPancake added this pull request to the merge queue Jul 2, 2026
Merged via the queue into main with commit 7e802a1 Jul 2, 2026
23 checks passed
@SoulPancake SoulPancake deleted the dependabot/nuget/example/OpenTelemetryExample/dependencies-dd7fdeeb1b branch July 2, 2026 10:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .net code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants