Skip to content

Bump the nuget group with 1 update#257

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/nuget/src/ControlPlane.Api/nuget-cbeabdd7e8
Open

Bump the nuget group with 1 update#257
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/nuget/src/ControlPlane.Api/nuget-cbeabdd7e8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 23, 2026

Updated OpenTelemetry.Exporter.OpenTelemetryProtocol from 1.13.1 to 1.15.2.

Release notes

Sourced from OpenTelemetry.Exporter.OpenTelemetryProtocol's releases.

1.15.2

For highlights and announcements pertaining to this release see: Release Notes > 1.15.2.

The following changes are from the previous release 1.15.1.

... (truncated)

1.15.2-beta.1

The following changes are from the previous release 1.15.1-beta.1.

1.15.1

For highlights and announcements pertaining to this release see: Release Notes > 1.15.1.

The following changes are from the previous release 1.15.0.

... (truncated)

1.15.1-beta.1

The following changes are from the previous release 1.15.0-beta.1.

1.15.0

For highlights and announcements pertaining to this release see: Release Notes > 1.15.0.

The following changes are from the previous release 1.14.0.

  • NuGet: OpenTelemetry v1.15.0

    • Added support for the OTEL_SDK_DISABLED environment variable in TracerProvider,
      MeterProvider, and LoggerProvider. When OTEL_SDK_DISABLED=true,
      the SDK returns no-op implementations for all telemetry signals.
      The OTEL_SDK_DISABLED environment variable is only evaluated upon application
      startup, later changes have no effect.
      (#​6568)

    • Added LowMemory temporality as an option in the OTLP metrics exporter.
      (#​6648)

    • Added support for Meter.TelemetrySchemaUrl property.
      (#​6714)

    • Improve performance and reduce memory consumption for metrics histograms.
      (#​6715)

    • Decode value in OTEL_RESOURCE_ATTRIBUTES environment variable.
      (#​6737)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api v1.15.0

    • Added a new overload for TracerProvider.GetTracer which accepts an optional
      string? schemaUrl parameter, allowing a schema URL to be set on the Tracer.
      (#​6736)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api.ProviderBuilderExtensions v1.15.0

    No notable changes.

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Exporter.Console v1.15.0

    • Added support for ActivitySource.TelemetrySchemaUrl property.
      (#​6713)

    • Added support for Meter.TelemetrySchemaUrl property.
      (#​6714)

    See CHANGELOG for details.
    ... (truncated)

1.15.0-beta.1

The following changes are from the previous release 1.14.0-beta.1.

1.14.0

For highlights and announcements pertaining to this release see: Release Notes > 1.14.0.

The following changes are from the previous release 1.14.0-rc.1.

  • NuGet: OpenTelemetry v1.14.0

    • Breaking Change NuGet packages now use the Sigstore bundle format
      (.sigstore.json) for digital signatures instead of separate signature
      (.sig) and certificate (.pem) files. This requires cosign 3.0 or later
      for verification. See the Digital signing
      section       for updated verification instructions.
      (#​6623)

    • Update to stable versions for .NET 10.0 NuGet packages.
      (#​6667)

    • Update Microsoft.Extensions.* dependencies to 10.0.0 for .NET Framework
      and .NET Standard.
      (#​6667)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api v1.14.0

    • Breaking Change NuGet packages now use the Sigstore bundle format
      (.sigstore.json) for digital signatures instead of separate signature
      (.sig) and certificate (.pem) files. This requires cosign 3.0 or later
      for verification. See the Digital signing
      section       for updated verification instructions.
      (#​6623)

    • Update System.Diagnostics.DiagnosticSource dependency to 10.0.0
      for all target frameworks.
      (#​6667)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api.ProviderBuilderExtensions v1.14.0

    • Breaking Change NuGet packages now use the Sigstore bundle format
      (.sigstore.json) for digital signatures instead of separate signature
      (.sig) and certificate (.pem) files. This requires cosign 3.0 or later
      for verification. See the Digital signing
      section       for updated verification instructions.
      (#​6623)

    • Update to stable versions for .NET 10.0 NuGet packages.
      (#​6667)

    • Update Microsoft.Extensions.* dependencies to 10.0.0 for .NET Framework
      ... (truncated)

1.14.0-rc.1

The following changes are from the previous release 1.13.1.

... (truncated)

1.14.0-beta.1

The following changes are from the previous release 1.13.1-beta.1.

  • NuGet: OpenTelemetry.Exporter.Prometheus.AspNetCore v1.14.0-beta.1

    • Breaking Change When targeting net8.0, the package now depends on version
      8.0.0 of the Microsoft.Extensions.DependencyInjection.Abstractions,
      Microsoft.Extensions.Diagnostics.Abstractions and
      Microsoft.Extensions.Logging.Configuration NuGet packages.
      (#​6327)

    • Add support for .NET 10.0.
      (#​6307)

    • Added the possibility to disable timestamps via the PrometheusAspNetCoreOptions.
      (#​6600)

    • Breaking Change NuGet packages now use the Sigstore bundle format
      (.sigstore.json) for digital signatures instead of separate signature
      (.sig) and certificate (.pem) files. This requires cosign 3.0 or later
      for verification. See the Digital signing
      section       for updated verification instructions.
      (#​6623)

    • Updated OpenTelemetry core component version(s) to 1.14.0.
      (#​6689)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Exporter.Prometheus.HttpListener v1.14.0-beta.1

    • Breaking Change When targeting net8.0, the package now depends on version
      8.0.0 of the Microsoft.Extensions.DependencyInjection.Abstractions,
      Microsoft.Extensions.Diagnostics.Abstractions and
      Microsoft.Extensions.Logging.Configuration NuGet packages.
      (#​6327)

    • Add support for .NET 10.0.
      (#​6307)

    • Added the possibility to disable timestamps via the PrometheusHttpListenerOptions.
      (#​6600)

    • Breaking Change NuGet packages now use the Sigstore bundle format
      (.sigstore.json) for digital signatures instead of separate signature
      (.sig) and certificate (.pem) files. This requires cosign 3.0 or later
      for verification. See the Digital signing
      section       for updated verification instructions.
      (#​6623)

    • Updated OpenTelemetry core component version(s) to 1.14.0.
      ... (truncated)

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the nuget group with 1 update
d1e995a 
Bumps OpenTelemetry.Exporter.OpenTelemetryProtocol from 1.13.1 to 1.15.2

---
updated-dependencies:
- dependency-name: OpenTelemetry.Exporter.OpenTelemetryProtocol
  dependency-version: 1.15.2
  dependency-type: direct:production
  dependency-group: nuget
- dependency-name: OpenTelemetry.Exporter.OpenTelemetryProtocol
  dependency-version: 1.15.2
  dependency-type: direct:production
  dependency-group: nuget
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code labels Apr 23, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 23, 2026

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 2 package(s) with unknown licenses.
See the Details below.

License Issues

src/ControlPlane.Api/ControlPlane.Api.csproj

PackageVersionLicenseIssue Type
OpenTelemetry.Exporter.OpenTelemetryProtocol1.15.2NullUnknown License

src/Node.Runtime/Node.Runtime.csproj

PackageVersionLicenseIssue Type
OpenTelemetry.Exporter.OpenTelemetryProtocol1.15.2NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
nuget/OpenTelemetry.Exporter.OpenTelemetryProtocol 1.15.2 🟢 8.3
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Dependency-Update-Tool🟢 10update tool detected
Maintained🟢 1030 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices🟢 5badge detected: Passing
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST🟢 10SAST tool is run on all commits
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
License🟢 10license file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 37 contributing companies or organizations
nuget/OpenTelemetry.Exporter.OpenTelemetryProtocol 1.15.2 🟢 8.3
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Dependency-Update-Tool🟢 10update tool detected
Maintained🟢 1030 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices🟢 5badge detected: Passing
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST🟢 10SAST tool is run on all commits
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
License🟢 10license file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 37 contributing companies or organizations

Scanned Files

  • src/ControlPlane.Api/ControlPlane.Api.csproj
  • src/Node.Runtime/Node.Runtime.csproj

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants