From f5a2707ac0431e776ad8bcc11ef69da4d92f47e1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Piotr=20Kie=C5=82kowicz?= <pkiekowicz@splunk.com>
Date: Wed, 17 Jan 2024 10:17:14 +0100
Subject: [PATCH] Bump dependencies (#3233)

* Bump Google.Protobuf to 3.25.2

* Bump Microsoft.Data.SqlClient to 5.1.4

* .NET Fx - Microsoft.Extensions.Options to 8.0.1

* .NET FX `Microsoft.Extensions.Configuration.Binder` from `8.0.0` to `8.0.1`

* .NET Fx `System.Text.Json` from `8.0.0` to `8.0.1`

* System.Data.SqlClient to 4.8.6 - older versions contains security issue

* StackExchange.Redis to 2.7.17

* MySqlConnector to 2.3.4

* MySql.Data to 8.3.0

* xunit 2.6.6

* Microsoft.Data.SqlClient - handles https://github.com/dotnet/announcements/issues/292
---
 CHANGELOG.md                                    | 10 +++++++---
 build/LibraryVersions.g.cs                      | 17 ++++++++---------
 examples/demo/Service/Directory.Packages.props  |  2 +-
 src/Directory.Packages.props                    |  8 ++++----
 .../netfx_assembly_redirection.h                |  8 ++++----
 test/Directory.Packages.props                   | 14 +++++++-------
 test/IntegrationTests/LibraryVersions.g.cs      | 17 ++++++++---------
 .../TestApplication.MySqlData.csproj            |  2 +-
 .../TestApplication.SqlClient.Microsoft.csproj  |  1 +
 .../PackageVersionDefinitions.cs                | 14 +++++++-------
 10 files changed, 48 insertions(+), 45 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8466325a5b..b4e6a8e3b7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -43,7 +43,7 @@ This component adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.h
   - `OpenTelemetry.Shims.OpenTracing` from `1.6.0-beta.1` to `1.7.0-beta.1`,
   - `OpenTelemetry.ResourceDetectors.Azure` from `1.0.0-beta.3` to `1.0.0-beta.4`,
   - `OpenTelemetry.ResourceDetectors.Container` from `1.0.0-beta.4` to `1.0.0-beta.5`,
-  - `OpenTelemetry.ResourceDetectors.ProcessRuntime` from `0.1.0-alpha.1` to `0.1.0-alpha.2`,
+  - `OpenTelemetry.ResourceDetectors.ProcessRuntime` from `0.1.0-alpha.1` to `0.1.0-alpha.2`.
 - .NET only, following packages updated
   - `Google.Protobuf` updated from `3.19.4` to `3.22.5`.
   - `Microsoft.Extensions.Configuration` from `3.1.0` to `8.0.0`,
@@ -56,10 +56,14 @@ This component adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.h
   - `Microsoft.Extensions.Options.ConfigurationExtensions` from `3.1.0` to `8.0.0`,
   - `Microsoft.Extensions.Primitives` from `3.1.0` to `8.0.0`,
   - `OpenTelemetry.Instrumentation.AspNetCore` from `1.6.0-beta.3` to `1.7.0`,
-  - `OpenTelemetry.Instrumentation.EntityFrameworkCore` from `1.0.0-beta.8` to `1.0.0-beta.9`,
+  - `OpenTelemetry.Instrumentation.EntityFrameworkCore` from `1.0.0-beta.8` to `1.0.0-beta.9`.
 - .NET Framework only, following packages updated
-  - `Grpc.Core.Api` from `2.59.0` to `2.60.0`
+  - `Google.Protobuf` updated from `3.25.1` to `3.25.2`,
+  - `Grpc.Core.Api` from `2.59.0` to `2.60.0`,
+  - `Microsoft.Extensions.Configuration.Binder` from `8.0.0` to `8.0.1`,
+  - `Microsoft.Extensions.Options` from `8.0.0` to `8.0.1`,
   - `OpenTelemetry.Instrumentation.AspNet` from `1.6.0-beta.2` to `1.7.0-beta.1`,
+  - `System.Text.Json` from `8.0.0` to `8.0.1`.
 
 ### Deprecated
 
diff --git a/build/LibraryVersions.g.cs b/build/LibraryVersions.g.cs
index 98c4be53f8..26e5537210 100644
--- a/build/LibraryVersions.g.cs
+++ b/build/LibraryVersions.g.cs
@@ -76,18 +76,17 @@ public static class LibraryVersion
             "TestApplication.SqlClient.Microsoft",
             new List<PackageBuildInfo>
             {
-                new("1.1.4"),
-                new("2.1.5"),
-                new("3.1.2"),
-                new("4.1.1"),
-                new("5.1.2"),
+                new("2.1.7"),
+                new("3.1.5"),
+                new("4.0.5"),
+                new("5.1.4"),
             }
         },
         {
             "TestApplication.SqlClient.System",
             new List<PackageBuildInfo>
             {
-                new("4.8.5"),
+                new("4.8.6"),
             }
         },
         {
@@ -103,7 +102,7 @@ public static class LibraryVersion
             new List<PackageBuildInfo>
             {
                 new("2.0.0"),
-                new("2.3.3"),
+                new("2.3.4"),
             }
         },
         {
@@ -111,7 +110,7 @@ public static class LibraryVersion
             new List<PackageBuildInfo>
             {
                 new("8.1.0"),
-                new("8.2.0"),
+                new("8.3.0"),
             }
         },
         {
@@ -146,7 +145,7 @@ public static class LibraryVersion
                 new("2.1.50"),
                 new("2.5.61"),
                 new("2.6.66"),
-                new("2.7.10"),
+                new("2.7.17"),
             }
         },
         {
diff --git a/examples/demo/Service/Directory.Packages.props b/examples/demo/Service/Directory.Packages.props
index 00c849b43f..7b6c8651e1 100644
--- a/examples/demo/Service/Directory.Packages.props
+++ b/examples/demo/Service/Directory.Packages.props
@@ -3,7 +3,7 @@
     <ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
   </PropertyGroup>
   <ItemGroup>
-    <PackageVersion Include="Microsoft.Data.SqlClient" Version="5.1.2" />
+    <PackageVersion Include="Microsoft.Data.SqlClient" Version="5.1.4" />
     <PackageVersion Include="Microsoft.Extensions.Logging" Version="8.0.0" />
   </ItemGroup>
 </Project>
diff --git a/src/Directory.Packages.props b/src/Directory.Packages.props
index 72ee28d046..afc4edbc3b 100644
--- a/src/Directory.Packages.props
+++ b/src/Directory.Packages.props
@@ -62,19 +62,19 @@
     <PackageVersion Include="System.Windows.Extensions" Version="4.7.0" />
   </ItemGroup>
   <ItemGroup Label="Transient dependencies auto-generated by GenerateNetFxTransientDependencies">
-    <PackageVersion Include="Google.Protobuf" Version="3.25.1" />
+    <PackageVersion Include="Google.Protobuf" Version="3.25.2" />
     <PackageVersion Include="Grpc" Version="2.46.6" />
     <PackageVersion Include="Grpc.Core" Version="2.46.6" />
     <PackageVersion Include="Grpc.Core.Api" Version="2.60.0" />
     <PackageVersion Include="Microsoft.Extensions.Configuration" Version="8.0.0" />
     <PackageVersion Include="Microsoft.Extensions.Configuration.Abstractions" Version="8.0.0" />
-    <PackageVersion Include="Microsoft.Extensions.Configuration.Binder" Version="8.0.0" />
+    <PackageVersion Include="Microsoft.Extensions.Configuration.Binder" Version="8.0.1" />
     <PackageVersion Include="Microsoft.Extensions.DependencyInjection" Version="8.0.0" />
     <PackageVersion Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="8.0.0" />
     <PackageVersion Include="Microsoft.Extensions.Logging" Version="8.0.0" />
     <PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.0" />
     <PackageVersion Include="Microsoft.Extensions.Logging.Configuration" Version="8.0.0" />
-    <PackageVersion Include="Microsoft.Extensions.Options" Version="8.0.0" />
+    <PackageVersion Include="Microsoft.Extensions.Options" Version="8.0.1" />
     <PackageVersion Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="8.0.0" />
     <PackageVersion Include="Microsoft.Extensions.Primitives" Version="8.0.0" />
     <PackageVersion Include="System.Buffers" Version="4.5.1" />
@@ -83,7 +83,7 @@
     <PackageVersion Include="System.Numerics.Vectors" Version="4.5.0" />
     <PackageVersion Include="System.Runtime.CompilerServices.Unsafe" Version="6.0.0" />
     <PackageVersion Include="System.Text.Encodings.Web" Version="8.0.0" />
-    <PackageVersion Include="System.Text.Json" Version="8.0.0" />
+    <PackageVersion Include="System.Text.Json" Version="8.0.1" />
     <PackageVersion Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
     <PackageVersion Include="System.ValueTuple" Version="4.5.0" />
   </ItemGroup>
diff --git a/src/OpenTelemetry.AutoInstrumentation.Native/netfx_assembly_redirection.h b/src/OpenTelemetry.AutoInstrumentation.Native/netfx_assembly_redirection.h
index 8174bd33c5..e8bd17caab 100644
--- a/src/OpenTelemetry.AutoInstrumentation.Native/netfx_assembly_redirection.h
+++ b/src/OpenTelemetry.AutoInstrumentation.Native/netfx_assembly_redirection.h
@@ -18,19 +18,19 @@ void CorProfiler::InitNetFxAssemblyRedirectsMap()
     const USHORT auto_major = atoi(AUTO_MAJOR);
 
     assembly_version_redirect_map_.insert({
-        { L"Google.Protobuf", {3, 25, 1, 0} },
+        { L"Google.Protobuf", {3, 25, 2, 0} },
         { L"Grpc.Core", {2, 0, 0, 0} },
         { L"Grpc.Core.Api", {2, 0, 0, 0} },
         { L"Microsoft.Bcl.AsyncInterfaces", {8, 0, 0, 0} },
         { L"Microsoft.Extensions.Configuration", {8, 0, 0, 0} },
         { L"Microsoft.Extensions.Configuration.Abstractions", {8, 0, 0, 0} },
-        { L"Microsoft.Extensions.Configuration.Binder", {8, 0, 0, 0} },
+        { L"Microsoft.Extensions.Configuration.Binder", {8, 0, 0, 1} },
         { L"Microsoft.Extensions.DependencyInjection", {8, 0, 0, 0} },
         { L"Microsoft.Extensions.DependencyInjection.Abstractions", {8, 0, 0, 0} },
         { L"Microsoft.Extensions.Logging", {8, 0, 0, 0} },
         { L"Microsoft.Extensions.Logging.Abstractions", {8, 0, 0, 0} },
         { L"Microsoft.Extensions.Logging.Configuration", {8, 0, 0, 0} },
-        { L"Microsoft.Extensions.Options", {8, 0, 0, 0} },
+        { L"Microsoft.Extensions.Options", {8, 0, 0, 1} },
         { L"Microsoft.Extensions.Options.ConfigurationExtensions", {8, 0, 0, 0} },
         { L"Microsoft.Extensions.Primitives", {8, 0, 0, 0} },
         { L"Microsoft.Win32.Primitives", {4, 0, 3, 0} },
@@ -145,7 +145,7 @@ void CorProfiler::InitNetFxAssemblyRedirectsMap()
         { L"System.Text.Encoding", {4, 0, 11, 0} },
         { L"System.Text.Encoding.Extensions", {4, 0, 11, 0} },
         { L"System.Text.Encodings.Web", {8, 0, 0, 0} },
-        { L"System.Text.Json", {8, 0, 0, 0} },
+        { L"System.Text.Json", {8, 0, 0, 1} },
         { L"System.Text.RegularExpressions", {4, 1, 1, 0} },
         { L"System.Threading", {4, 0, 11, 0} },
         { L"System.Threading.Overlapped", {4, 1, 0, 0} },
diff --git a/test/Directory.Packages.props b/test/Directory.Packages.props
index 4300d35667..720fbff638 100644
--- a/test/Directory.Packages.props
+++ b/test/Directory.Packages.props
@@ -5,7 +5,7 @@
     <PackageVersion Include="Elastic.Clients.Elasticsearch" Version="8.11.0" />
     <PackageVersion Include="Confluent.Kafka" Version="2.3.0" />
     <PackageVersion Include="FluentAssertions" Version="6.12.0" />
-    <PackageVersion Include="Google.Protobuf" Version="3.25.1" />
+    <PackageVersion Include="Google.Protobuf" Version="3.25.2" />
     <PackageVersion Include="GraphQL" Version="7.7.2" />
     <PackageVersion Include="GraphQL.MicrosoftDI" Version="7.7.2" />
     <PackageVersion Include="GraphQL.Server.Transports.AspNetCore" Version="7.6.0" />
@@ -20,7 +20,7 @@
     <PackageVersion Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.0" />
     <PackageVersion Include="Microsoft.Build" Version="15.9.20" />
     <PackageVersion Include="Microsoft.Build.Utilities.Core" Version="15.9.20" />
-    <PackageVersion Include="Microsoft.Data.SqlClient" Version="5.1.2" />
+    <PackageVersion Include="Microsoft.Data.SqlClient" Version="5.1.4" />
     <PackageVersion Include="Microsoft.EntityFrameworkCore.Sqlite" Version="7.0.13" />
     <PackageVersion Include="Microsoft.Extensions.Configuration.Abstractions" Version="8.0.0" />
     <PackageVersion Include="Microsoft.Extensions.DependencyInjection" Version="8.0.0" />
@@ -30,8 +30,8 @@
     <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
     <PackageVersion Include="MongoDB.Driver" Version="2.23.1" />
     <PackageVersion Include="NSubstitute" Version="5.1.0" />
-    <PackageVersion Include="MySqlConnector" Version="2.3.3" />
-    <PackageVersion Include="MySql.Data" Version="8.2.0" />
+    <PackageVersion Include="MySqlConnector" Version="2.3.4" />
+    <PackageVersion Include="MySql.Data" Version="8.3.0" />
     <PackageVersion Include="NServiceBus" Version="8.1.6" />
     <PackageVersion Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageVersion Include="Npgsql" Version="8.0.1" />
@@ -41,10 +41,10 @@
     <PackageVersion Include="Quartz" Version="3.8.0" />
     <PackageVersion Include="Quartz.Extensions.DependencyInjection" Version="3.8.0" />
     <PackageVersion Include="Quartz.Extensions.Hosting" Version="3.8.0" />
-    <PackageVersion Include="StackExchange.Redis" Version="2.7.10" />
+    <PackageVersion Include="StackExchange.Redis" Version="2.7.17" />
     <PackageVersion Include="StrongNamer" Version="0.2.5" />
     <PackageVersion Include="System.Collections.Immutable" Version="8.0.0" />
-    <PackageVersion Include="System.Data.SqlClient" Version="4.8.5" />
+    <PackageVersion Include="System.Data.SqlClient" Version="4.8.6" />
     <PackageVersion Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
     <PackageVersion Include="System.Reactive" Version="6.0.0" />
     <PackageVersion Include="System.Runtime.InteropServices" Version="4.3.0" />
@@ -54,7 +54,7 @@
     <PackageVersion Include="System.ValueTuple" Version="4.5.0" />
     <PackageVersion Include="Testcontainers" Version="3.6.0" />
     <PackageVersion Include="Verify.Xunit" Version="20.8.2" />
-    <PackageVersion Include="xunit" Version="2.6.4" />
+    <PackageVersion Include="xunit" Version="2.6.6" />
     <PackageVersion Include="xunit.abstractions" Version="2.0.3" />
     <PackageVersion Include="xunit.runner.visualstudio" Version="2.5.6" />
     <PackageVersion Include="Xunit.SkippableFact" Version="1.4.13" />
diff --git a/test/IntegrationTests/LibraryVersions.g.cs b/test/IntegrationTests/LibraryVersions.g.cs
index 20de7e4f33..c0b169b6f0 100644
--- a/test/IntegrationTests/LibraryVersions.g.cs
+++ b/test/IntegrationTests/LibraryVersions.g.cs
@@ -82,11 +82,10 @@ public static class LibraryVersion
 #if DEFAULT_TEST_PACKAGE_VERSIONS
         new object[] { string.Empty }
 #else
-        new object[] { "1.1.4" },
-        new object[] { "2.1.5" },
-        new object[] { "3.1.2" },
-        new object[] { "4.1.1" },
-        new object[] { "5.1.2" },
+        new object[] { "2.1.7" },
+        new object[] { "3.1.5" },
+        new object[] { "4.0.5" },
+        new object[] { "5.1.4" },
 #endif
     };
     public static readonly IReadOnlyCollection<object[]> SqlClientSystem = new List<object[]>
@@ -94,7 +93,7 @@ public static class LibraryVersion
 #if DEFAULT_TEST_PACKAGE_VERSIONS
         new object[] { string.Empty }
 #else
-        new object[] { "4.8.5" },
+        new object[] { "4.8.6" },
 #endif
     };
     public static readonly IReadOnlyCollection<object[]> MongoDB = new List<object[]>
@@ -112,7 +111,7 @@ public static class LibraryVersion
         new object[] { string.Empty }
 #else
         new object[] { "2.0.0" },
-        new object[] { "2.3.3" },
+        new object[] { "2.3.4" },
 #endif
     };
     public static readonly IReadOnlyCollection<object[]> MySqlData = new List<object[]>
@@ -121,7 +120,7 @@ public static class LibraryVersion
         new object[] { string.Empty }
 #else
         new object[] { "8.1.0" },
-        new object[] { "8.2.0" },
+        new object[] { "8.3.0" },
 #endif
     };
     public static readonly IReadOnlyCollection<object[]> Npgsql = new List<object[]>
@@ -160,7 +159,7 @@ public static class LibraryVersion
         new object[] { "2.1.50" },
         new object[] { "2.5.61" },
         new object[] { "2.6.66" },
-        new object[] { "2.7.10" },
+        new object[] { "2.7.17" },
 #endif
     };
     public static readonly IReadOnlyCollection<object[]> WCFCoreClient = new List<object[]>
diff --git a/test/test-applications/integrations/TestApplication.MySqlData/TestApplication.MySqlData.csproj b/test/test-applications/integrations/TestApplication.MySqlData/TestApplication.MySqlData.csproj
index 6a1023db9f..7e09862ba1 100644
--- a/test/test-applications/integrations/TestApplication.MySqlData/TestApplication.MySqlData.csproj
+++ b/test/test-applications/integrations/TestApplication.MySqlData/TestApplication.MySqlData.csproj
@@ -7,7 +7,7 @@
   <ItemGroup>
     <PackageReference Include="MySql.Data" VersionOverride="$(LibraryVersion)" />
     <PackageReference Include="System.Diagnostics.DiagnosticSource" />
-    <PackageReference Include="Google.Protobuf" VersionOverride="3.22.5" />
+    <PackageReference Include="Google.Protobuf" VersionOverride="3.22.5" Condition="'$(LibraryVersion)' != '' and '$(LibraryVersion)'&lt;'8.3.0'"/>
   </ItemGroup>
 
 </Project>
diff --git a/test/test-applications/integrations/TestApplication.SqlClient.Microsoft/TestApplication.SqlClient.Microsoft.csproj b/test/test-applications/integrations/TestApplication.SqlClient.Microsoft/TestApplication.SqlClient.Microsoft.csproj
index a31a07a732..4a4d13171a 100644
--- a/test/test-applications/integrations/TestApplication.SqlClient.Microsoft/TestApplication.SqlClient.Microsoft.csproj
+++ b/test/test-applications/integrations/TestApplication.SqlClient.Microsoft/TestApplication.SqlClient.Microsoft.csproj
@@ -6,5 +6,6 @@
 
   <ItemGroup>
     <PackageReference Include="System.ValueTuple" Condition="'$(TargetFramework)' == 'net462'"/>
+    <PackageReference Include="System.Diagnostics.DiagnosticSource" Condition="'$(TargetFramework)' == 'net6.0'"/>
   </ItemGroup>
 </Project>
diff --git a/tools/LibraryVersionsGenerator/PackageVersionDefinitions.cs b/tools/LibraryVersionsGenerator/PackageVersionDefinitions.cs
index 35e5fa4ac5..43272001c6 100644
--- a/tools/LibraryVersionsGenerator/PackageVersionDefinitions.cs
+++ b/tools/LibraryVersionsGenerator/PackageVersionDefinitions.cs
@@ -94,10 +94,10 @@ internal static class PackageVersionDefinitions
             TestApplicationName = "TestApplication.SqlClient.Microsoft",
             Versions = new List<PackageVersion>
             {
-                new("1.1.4"),
-                new("2.1.5"),
-                new("3.1.2"),
-                new("4.1.1"),
+                // new("1.1.4"), - high vulnerability https://github.com/dotnet/announcements/issues/292, test should be skipped
+                new("2.1.7"),
+                new("3.1.5"),
+                new("4.0.5"),
                 new("*")
             }
         },
@@ -108,7 +108,7 @@ internal static class PackageVersionDefinitions
             TestApplicationName = "TestApplication.SqlClient.System",
             Versions = new List<PackageVersion>
             {
-                new("4.8.5"),
+                new("4.8.6"),
                 new("*")
             }
         },
@@ -119,8 +119,8 @@ internal static class PackageVersionDefinitions
             TestApplicationName = "TestApplication.MongoDB",
             Versions = new List<PackageVersion>
             {
-                // new("2.13.3"), - high vulnarability https://github.com/advisories/GHSA-7j9m-j397-g4wx, <= 2.18.0 test should be skipped
-                // new("2.15.0"), - high vulnarability https://github.com/advisories/GHSA-7j9m-j397-g4wx, <= 2.18.0 test should be skipped
+                // new("2.13.3"), - high vulnerability https://github.com/advisories/GHSA-7j9m-j397-g4wx, <= 2.18.0 test should be skipped
+                // new("2.15.0"), - high vulnerability https://github.com/advisories/GHSA-7j9m-j397-g4wx, <= 2.18.0 test should be skipped
                 new("2.19.0"),
                 new("*")
             }