From 1ad160b7653ba37b5b0c34ef980ad20404dcff5a Mon Sep 17 00:00:00 2001
From: Matt Hensley <130569+matt-hensley@users.noreply.github.com>
Date: Mon, 15 Jul 2024 16:16:28 -0400
Subject: [PATCH] Upgrade `System.Text.Json` to `8.0.4` for CVE-2024-30105
 (#102)

* bump System.Text.Json to 8.0.4 for CVE-2024-30105

https://github.com/advisories/GHSA-hh2w-p6rv-4g7w

* CHANGELOG entry
---
 CHANGELOG.md                                               | 7 +++++++
 .../Grafana.OpenTelemetry.Base.csproj                      | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5c3c300..4cd4e60 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,12 @@
 # Changelog
 
+## Unreleased
+
+### Bug Fixes
+
+* Use 8.0.4 of System.Text.Json to remediate CVE-2024-30105
+  ([#102](https://github.com/grafana/grafana-opentelemetry-dotnet/pull/102))
+
 ## 0.8.1-beta.1
 
 ### BREAKING CHANGES
diff --git a/src/Grafana.OpenTelemetry.Base/Grafana.OpenTelemetry.Base.csproj b/src/Grafana.OpenTelemetry.Base/Grafana.OpenTelemetry.Base.csproj
index cb66d7a..2d7333a 100644
--- a/src/Grafana.OpenTelemetry.Base/Grafana.OpenTelemetry.Base.csproj
+++ b/src/Grafana.OpenTelemetry.Base/Grafana.OpenTelemetry.Base.csproj
@@ -22,7 +22,7 @@
     <PackageReference Include="Microsoft.Extensions.Configuration" Version="8.0.0" />
     <PackageReference Include="Microsoft.Extensions.Configuration.EnvironmentVariables" Version="8.0.0" />
     <PackageReference Include="Microsoft.Extensions.Logging" Version="8.0.0" />
-    <PackageReference Include="System.Text.Json" Version="8.0.0" />
+    <PackageReference Include="System.Text.Json" Version="8.0.4" />
     <PackageReference Include="MinVer" Version="4.3.0">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>