From c730a6d1fca96c95e18371b3c3b0900fb0332a42 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Neum=C3=BCller?=
 <christian.neumueller@dynatrace.com>
Date: Thu, 20 Jul 2023 09:48:45 +0200
Subject: [PATCH] CHANGELOG

---
 .../CHANGELOG.md                                    | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/OpenTelemetry.Instrumentation.AWSLambda/CHANGELOG.md b/src/OpenTelemetry.Instrumentation.AWSLambda/CHANGELOG.md
index a139fe55e3..f8d9d5e300 100644
--- a/src/OpenTelemetry.Instrumentation.AWSLambda/CHANGELOG.md
+++ b/src/OpenTelemetry.Instrumentation.AWSLambda/CHANGELOG.md
@@ -2,6 +2,19 @@
 
 ## Unreleased
 
+* Add explicit dependency on Newtonsoft.Json, upgrading the mimimum version.
+
+  This resolves a warning that some dependency analyzers may produce where this
+  package would transitively depend on a vulnerable version of Newtonsoft.Json
+  through [Amazon.Lambda.APIGatewayEvents][].
+
+  This also avoids a potential issue where the instrumentation would try to call
+  a Newtonsoft.Json function when no other package nor the app itself depends on
+  Newtonsoft.Json, since the transitive dependency would be ignored unless using
+  application were compiled against a TargetFramework older than Core 3.1.
+
+[Amazon.Lambda.APIGatewayEvents]: https://www.nuget.org/packages/Amazon.Lambda.APIGatewayEvents/2.4.1#dependencies-body-tab
+
 ## 1.1.0-beta.3
 
 Released 2023-Jun-13