Upgrade snappier to 1.3.1

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Unresolved
    • Priority: Major - P3
    • None
    • Affects Version/s: 2.0, 3.8.0
    • Component/s: None
    • None
    • Dotnet Drivers
    • None
    • None
    • None
    • None
    • None
    • None

      All Snappier versions prior to https://www.nuget.org/packages/Snappier/1.3.1
      are affected by https://github.com/advisories/GHSA-pggp-6c3x-2xmx (CVSS 7.5).

      It will be great to bump default version of the package.

      Detected by https://github.com/open-telemetry/opentelemetry-dotnet-instrumentation
      Workaround - manually bump package as in https://github.com/open-telemetry/opentelemetry-dotnet-instrumentation/pull/5051 

            Assignee:
            Unassigned
            Reporter:
            Piotr Kiełkowicz
            None
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: