Upgrade snappier to 1.3.1

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Duplicate
    • Priority: Major - P3
    • None
    • Affects Version/s: 2.0, 3.8.0
    • Component/s: None
    • None
    • Dotnet Drivers
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?
    • None
    • None
    • None
    • None
    • None
    • None

      All Snappier versions prior to https://www.nuget.org/packages/Snappier/1.3.1
      are affected by https://github.com/advisories/GHSA-pggp-6c3x-2xmx (CVSS 7.5).

      It will be great to bump default version of the package.

      Detected by https://github.com/open-telemetry/opentelemetry-dotnet-instrumentation
      Workaround - manually bump package as in https://github.com/open-telemetry/opentelemetry-dotnet-instrumentation/pull/5051 

            Assignee:
            Adelin Mbida Owona
            Reporter:
            Piotr Kiełkowicz
            None
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: