Skip to content

Bump the graph-identity-telemetry group with 16 updates#346

Merged
drmoisan merged 1 commit into
mainfrom
dependabot/nuget/QuickFiler.Test/graph-identity-telemetry-a6559038bf
Jul 18, 2026
Merged

Bump the graph-identity-telemetry group with 16 updates#346
drmoisan merged 1 commit into
mainfrom
dependabot/nuget/QuickFiler.Test/graph-identity-telemetry-a6559038bf

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 17, 2026

Copy link
Copy Markdown
Contributor

Updated Azure.Core from 1.55.0 to 1.60.0.

Release notes

Sourced from Azure.Core's releases.

1.60.0

1.60.0 (2026-06-30)

Features Added

  • Added experimental (AZID0004) DisableMtlsProofOfPossession property to ManagedIdentityCredentialOptions to allow explicit opt-out of mTLS proof-of-possession token acquisition when the underlying requirements are met.
  • Simplified mTLS token binding integration for Managed Identity by moving to an optional, runtime-resolved attestation model using lazy reflection-based resolution of the Microsoft.Identity.Client.KeyAttestation extension package.

Bugs Fixed

  • Fixed a regression (introduced with managed identity host capability detection) where DefaultAzureCredential could throw an AuthenticationFailedException and stop evaluating the credential chain on hosts without a managed identity — for example, a developer machine running in Visual Studio where the IMDS endpoint (169.254.169.254) is unreachable. When ManagedIdentityCredential is part of a chain, a failure to detect the managed identity source/capabilities is now surfaced as a CredentialUnavailableException, allowing the chain to continue to the next credential.

Commits viewable in compare view.

Updated Azure.Monitor.OpenTelemetry.Exporter from 1.8.0 to 1.8.2.

Release notes

Sourced from Azure.Monitor.OpenTelemetry.Exporter's releases.

1.8.2

1.8.2 (2026-06-30)

Features Added

  • Added support for the Microsoft OpenTelemetry distro's SDK statistics: a new internal meter subscription and an AppContext switch (Azure.Monitor.OpenTelemetry.Exporter.RouteSdkStatsToDistroEndpoint) that lets the distro redirect SDK statistics to its own ingestion path. The ingestion destination and an on/off signal are resolved at startup by fetching a remote configuration; on success the configured destination is used, an explicit remote disable signal turns SDK statistics off, and any other outcome falls back to the existing region-derived ingestion endpoint so SDK statistics keep flowing. The AppContext switch has no effect on Statsbeat for callers that do not opt in.
    (#​59811)

  • Subscribed the Statsbeat MeterProvider to the Microsoft OpenTelemetry distro's Network SDKStats meter (MicrosoftOpenTelemetryNetworkSdkStatsMeter) so distro-emitted Network statistics flow through the existing Statsbeat cadence when the distro runs with a non-Azure-Monitor exporter.
    (#​60209)

  • Subscribed the Statsbeat MeterProvider to the Microsoft OpenTelemetry distro's Feature SDKStats meter (MicrosoftOpenTelemetryFeatureSdkStatsMeter) so distro-emitted Feature statistics reach the Statsbeat ingestion path. The distro uses an independent, spec-aligned bit map to avoid collisions with the classic Application Insights SDK's FeatureStatsbeatMeter.
    (#​59529)

  • Added Network SDKStats reporting, emitting the short-interval Network statistics defined in the Application Insights SDKStats spec on a 15-minute cadence: Request_Success_Count, Request_Failure_Count, Request_Duration, Retry_Count, Throttle_Count, and Exception_Count, each with the spec-defined dimensions (including host, statusCode, and exceptionType).
    (#​59909, #​60018)

Other Changes

  • Updated customer SDK stats dimension key names to use camelCase (computeType, telemetryType, dropCode, dropReason, retryCode, retryReason).
    (#​59902)

Commits viewable in compare view.

Updated Microsoft.ApplicationInsights from 3.1.1 to 3.1.2.

Release notes

Sourced from Microsoft.ApplicationInsights's releases.

3.1.2

Version 3.1.2

Commits viewable in compare view.

Updated Microsoft.Identity.Client from 4.84.0 to 4.86.1.

Release notes

Sourced from Microsoft.Identity.Client's releases.

4.86.1

Bug Fixes

  • Fixed the mTLS Proof-of-Possession token cache to key on the certificate's full DER (x5t#S256) instead of only the public key, preventing a stale token (and AADSTS500181) after a same-key certificate renewal. #​6123
  • Fell back to RS256 when a certificate's PSS signing operation is rejected by RSACryptoServiceProvider, rebuilding the client assertion so authentication can proceed. #​6126
  • Detect and reject symbolic links in the Unix cache-file write path (lstat pre-check plus O_NOFOLLOW), closing a TOCTOU window. #​6115
  • Corrected misleading "region required" error messages and doc comments in the mTLS PoP flow. #​6127

4.86.0

What's Changed

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.85.2...4.86.0

4.85.2

What's Changed

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.85.1...4.85.2

4.85.1

What's Changed

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.85.0...4.85.1

4.85.0

What's Changed

New Contributors

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.84.2...4.85.0

4.84.2

New Features

  • Added ManagedIdentityApplication.GetManagedIdentityCapabilitiesAsync(CancellationToken) returning a ManagedIdentityCapabilities object that reports the detected managed identity Source, the host's MaxSupportedBindingStrength (new MtlsBindingStrength enum: None, Software, KeyGuard), and a derived IsMtlsPopSupportedByHost. Replaces GetManagedIdentitySourceAsync()/ManagedIdentitySourceResult. The public ManagedIdentitySource.ImdsV2 value is folded into Imds (v1/v2 routing remains internal). #​6049
  • Added OID-based user identification to the User Federated Identity Credential (user_fic) flow via AcquireTokenByUserFederatedIdentityCredential(scopes, Guid userObjectId, assertion). #​6050
  • Added WithClaimsFromClient(claimsJson) to forward client-originated claims across managed identity and confidential client flows. #​5999
  • Added mTLS PoP support for WithCertificate(() => x509) (dynamic certificate credential). #​5957
  • Added opt-in token-acquisition metrics covering both successful and failed attempts. #​6004

Changes

  • Extended mTLS bearer transport (CertificateOptions.SendCertificateOverMtls) to the OBO, refresh-token, and authorization-code flows. #​6009
  • General Availability of the Microsoft.Identity.Client.KeyAttestation package. #​6038
  • Managed identity now probes IMDSv2 first and the preview latch was removed. #​6041
  • Updated NativeInterop baseline and corrected devapp version ranges. #​6045
  • Simplified GetTenantedAuthority in CiamAuthority and DstsAuthority. #​6001

Bug Fixes

  • Fixed WithExtraQueryParameters on ManagedIdentityApplicationBuilder bypassing token caching. #​6035
  • Guarded HTTP status codes on discovery endpoints in KnownInstanceMetadataIsUpToDateAsync. #​6048
  • Detect orphaned KeyGuard certificates via public-key modulus comparison. #​6020

4.84.1

What's Changed

New Features

  • Added WithReservedScopes and WithCachePartitionKey public API extensions in #​6014
  • Added IAuthenticationOperation3 interface for CDT + mTLS PoP composition in #​5996
  • Added MsalRemainingTokenLifetime histogram metric for token expiry tracking in #​5920

Changes

  • Removed [Obsolete] attribute from WithExtraBodyParameters extension method in #​6006
  • Replaced ConcurrentHashSet with ConcurrentDictionary<T, byte> in #​5975

Bug Fixes

  • Fixed WithTenantId not honoring MSA tenant GUID when specified at request level in #​5958
  • Fixed OBO cache returning multiple_matching_tokens_detected when attributed tokens share a partition in #​5993

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@6ff7075...main (AzureAD/microsoft-authentication-library-for-dotnet@6ff7075...main)

Commits viewable in compare view.

Updated Microsoft.Identity.Client.Extensions.Msal from 4.84.0 to 4.86.1.

Release notes

Sourced from Microsoft.Identity.Client.Extensions.Msal's releases.

4.86.1

Bug Fixes

  • Fixed the mTLS Proof-of-Possession token cache to key on the certificate's full DER (x5t#S256) instead of only the public key, preventing a stale token (and AADSTS500181) after a same-key certificate renewal. #​6123
  • Fell back to RS256 when a certificate's PSS signing operation is rejected by RSACryptoServiceProvider, rebuilding the client assertion so authentication can proceed. #​6126
  • Detect and reject symbolic links in the Unix cache-file write path (lstat pre-check plus O_NOFOLLOW), closing a TOCTOU window. #​6115
  • Corrected misleading "region required" error messages and doc comments in the mTLS PoP flow. #​6127

4.86.0

What's Changed

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.85.2...4.86.0

4.85.2

What's Changed

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.85.1...4.85.2

4.85.1

What's Changed

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.85.0...4.85.1

4.85.0

What's Changed

New Contributors

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.84.2...4.85.0

4.84.2

New Features

  • Added ManagedIdentityApplication.GetManagedIdentityCapabilitiesAsync(CancellationToken) returning a ManagedIdentityCapabilities object that reports the detected managed identity Source, the host's MaxSupportedBindingStrength (new MtlsBindingStrength enum: None, Software, KeyGuard), and a derived IsMtlsPopSupportedByHost. Replaces GetManagedIdentitySourceAsync()/ManagedIdentitySourceResult. The public ManagedIdentitySource.ImdsV2 value is folded into Imds (v1/v2 routing remains internal). #​6049
  • Added OID-based user identification to the User Federated Identity Credential (user_fic) flow via AcquireTokenByUserFederatedIdentityCredential(scopes, Guid userObjectId, assertion). #​6050
  • Added WithClaimsFromClient(claimsJson) to forward client-originated claims across managed identity and confidential client flows. #​5999
  • Added mTLS PoP support for WithCertificate(() => x509) (dynamic certificate credential). #​5957
  • Added opt-in token-acquisition metrics covering both successful and failed attempts. #​6004

Changes

  • Extended mTLS bearer transport (CertificateOptions.SendCertificateOverMtls) to the OBO, refresh-token, and authorization-code flows. #​6009
  • General Availability of the Microsoft.Identity.Client.KeyAttestation package. #​6038
  • Managed identity now probes IMDSv2 first and the preview latch was removed. #​6041
  • Updated NativeInterop baseline and corrected devapp version ranges. #​6045
  • Simplified GetTenantedAuthority in CiamAuthority and DstsAuthority. #​6001

Bug Fixes

  • Fixed WithExtraQueryParameters on ManagedIdentityApplicationBuilder bypassing token caching. #​6035
  • Guarded HTTP status codes on discovery endpoints in KnownInstanceMetadataIsUpToDateAsync. #​6048
  • Detect orphaned KeyGuard certificates via public-key modulus comparison. #​6020

4.84.1

What's Changed

New Features

  • Added WithReservedScopes and WithCachePartitionKey public API extensions in #​6014
  • Added IAuthenticationOperation3 interface for CDT + mTLS PoP composition in #​5996
  • Added MsalRemainingTokenLifetime histogram metric for token expiry tracking in #​5920

Changes

  • Removed [Obsolete] attribute from WithExtraBodyParameters extension method in #​6006
  • Replaced ConcurrentHashSet with ConcurrentDictionary<T, byte> in #​5975

Bug Fixes

  • Fixed WithTenantId not honoring MSA tenant GUID when specified at request level in #​5958
  • Fixed OBO cache returning multiple_matching_tokens_detected when attributed tokens share a partition in #​5993

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@6ff7075...main (AzureAD/microsoft-authentication-library-for-dotnet@6ff7075...main)

Commits viewable in compare view.

Updated Microsoft.IdentityModel.Abstractions from 8.18.0 to 8.19.2.

Release notes

Sourced from Microsoft.IdentityModel.Abstractions's releases.

8.19.2

What's Changed

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.19.1...8.19.2

8.19.1

Bug Fixes

  • Update JwtSecurityTokenHandler for IssuerSigningKeyResolverUsingConfiguration to take priority over IssuerSigningKeyResolver, matching the documented contract and the correct behavior already present in JsonWebTokenHandler. See PR #​3519.

8.19.0

New Features

  • Add ML-DSA (FIPS 204) post-quantum signature support. See PR #​3479.
  • Cache custom crypto providers in CryptoProviderFactory. See PR #​3489.

Bug Fixes

  • Disable automatic redirects on default HttpClient for JKU retrieval. See PR #​3494.
  • Adjust rented buffer handling in claim set parsing. See PR #​3493.
  • Tidy null handling in SAML conditions validation. See PR #​3491.
  • Improve validation of jku claim. See PR #​3481.
  • Limit telemetry algorithm dimension cardinality. See PR #​3490.
  • Add defensive copy of collections in ValidationParameters. See PR #​3492.
  • Update TokenValidationParameter copy constructor to make a deep copy. See PR #​3488.
  • Update to fail-closed when replay protection isn't configured and other DPoP hardening. See PR #​3505.
  • Apply RFC 3986 section 6.2.2 normalization to DPoP htu comparison. See PR #​3509.

Commits viewable in compare view.

Updated Microsoft.IdentityModel.JsonWebTokens from 8.18.0 to 8.19.2.

Release notes

Sourced from Microsoft.IdentityModel.JsonWebTokens's releases.

8.19.2

What's Changed

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.19.1...8.19.2

8.19.1

Bug Fixes

  • Update JwtSecurityTokenHandler for IssuerSigningKeyResolverUsingConfiguration to take priority over IssuerSigningKeyResolver, matching the documented contract and the correct behavior already present in JsonWebTokenHandler. See PR #​3519.

8.19.0

New Features

  • Add ML-DSA (FIPS 204) post-quantum signature support. See PR #​3479.
  • Cache custom crypto providers in CryptoProviderFactory. See PR #​3489.

Bug Fixes

  • Disable automatic redirects on default HttpClient for JKU retrieval. See PR #​3494.
  • Adjust rented buffer handling in claim set parsing. See PR #​3493.
  • Tidy null handling in SAML conditions validation. See PR #​3491.
  • Improve validation of jku claim. See PR #​3481.
  • Limit telemetry algorithm dimension cardinality. See PR #​3490.
  • Add defensive copy of collections in ValidationParameters. See PR #​3492.
  • Update TokenValidationParameter copy constructor to make a deep copy. See PR #​3488.
  • Update to fail-closed when replay protection isn't configured and other DPoP hardening. See PR #​3505.
  • Apply RFC 3986 section 6.2.2 normalization to DPoP htu comparison. See PR #​3509.

Commits viewable in compare view.

Updated Microsoft.IdentityModel.Logging from 8.18.0 to 8.19.2.

Release notes

Sourced from Microsoft.IdentityModel.Logging's releases.

8.19.2

What's Changed

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.19.1...8.19.2

8.19.1

Bug Fixes

  • Update JwtSecurityTokenHandler for IssuerSigningKeyResolverUsingConfiguration to take priority over IssuerSigningKeyResolver, matching the documented contract and the correct behavior already present in JsonWebTokenHandler. See PR #​3519.

8.19.0

New Features

  • Add ML-DSA (FIPS 204) post-quantum signature support. See PR #​3479.
  • Cache custom crypto providers in CryptoProviderFactory. See PR #​3489.

Bug Fixes

  • Disable automatic redirects on default HttpClient for JKU retrieval. See PR #​3494.
  • Adjust rented buffer handling in claim set parsing. See PR #​3493.
  • Tidy null handling in SAML conditions validation. See PR #​3491.
  • Improve validation of jku claim. See PR #​3481.
  • Limit telemetry algorithm dimension cardinality. See PR #​3490.
  • Add defensive copy of collections in ValidationParameters. See PR #​3492.
  • Update TokenValidationParameter copy constructor to make a deep copy. See PR #​3488.
  • Update to fail-closed when replay protection isn't configured and other DPoP hardening. See PR #​3505.
  • Apply RFC 3986 section 6.2.2 normalization to DPoP htu comparison. See PR #​3509.

Commits viewable in compare view.

Updated Microsoft.IdentityModel.Protocols from 8.18.0 to 8.19.2.

Release notes

Sourced from Microsoft.IdentityModel.Protocols's releases.

8.19.2

What's Changed

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.19.1...8.19.2

8.19.1

Bug Fixes

  • Update JwtSecurityTokenHandler for IssuerSigningKeyResolverUsingConfiguration to take priority over IssuerSigningKeyResolver, matching the documented contract and the correct behavior already present in JsonWebTokenHandler. See PR #​3519.

8.19.0

New Features

  • Add ML-DSA (FIPS 204) post-quantum signature support. See PR #​3479.
  • Cache custom crypto providers in CryptoProviderFactory. See PR #​3489.

Bug Fixes

  • Disable automatic redirects on default HttpClient for JKU retrieval. See PR #​3494.
  • Adjust rented buffer handling in claim set parsing. See PR #​3493.
  • Tidy null handling in SAML conditions validation. See PR #​3491.
  • Improve validation of jku claim. See PR #​3481.
  • Limit telemetry algorithm dimension cardinality. See PR #​3490.
  • Add defensive copy of collections in ValidationParameters. See PR #​3492.
  • Update TokenValidationParameter copy constructor to make a deep copy. See PR #​3488.
  • Update to fail-closed when replay protection isn't configured and other DPoP hardening. See PR #​3505.
  • Apply RFC 3986 section 6.2.2 normalization to DPoP htu comparison. See PR #​3509.

Commits viewable in compare view.

Updated Microsoft.IdentityModel.Protocols.OpenIdConnect from 8.18.0 to 8.19.2.

Release notes

Sourced from Microsoft.IdentityModel.Protocols.OpenIdConnect's releases.

8.19.2

What's Changed

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.19.1...8.19.2

8.19.1

Bug Fixes

  • Update JwtSecurityTokenHandler for IssuerSigningKeyResolverUsingConfiguration to take priority over IssuerSigningKeyResolver, matching the documented contract and the correct behavior already present in JsonWebTokenHandler. See PR #​3519.

8.19.0

New Features

  • Add ML-DSA (FIPS 204) post-quantum signature support. See PR #​3479.
  • Cache custom crypto providers in CryptoProviderFactory. See PR #​3489.

Bug Fixes

  • Disable automatic redirects on default HttpClient for JKU retrieval. See PR #​3494.
  • Adjust rented buffer handling in claim set parsing. See PR #​3493.
  • Tidy null handling in SAML conditions validation. See PR #​3491.
  • Improve validation of jku claim. See PR #​3481.
  • Limit telemetry algorithm dimension cardinality. See PR #​3490.
  • Add defensive copy of collections in ValidationParameters. See PR #​3492.
  • Update TokenValidationParameter copy constructor to make a deep copy. See PR #​3488.
  • Update to fail-closed when replay protection isn't configured and other DPoP hardening. See PR #​3505.
  • Apply RFC 3986 section 6.2.2 normalization to DPoP htu comparison. See PR #​3509.

Commits viewable in compare view.

Updated Microsoft.IdentityModel.Tokens from 8.18.0 to 8.19.2.

Release notes

Sourced from Microsoft.IdentityModel.Tokens's releases.

8.19.2

What's Changed

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.19.1...8.19.2

8.19.1

Bug Fixes

  • Update JwtSecurityTokenHandler for IssuerSigningKeyResolverUsingConfiguration to take priority over IssuerSigningKeyResolver, matching the documented contract and the correct behavior already present in JsonWebTokenHandler. See PR #​3519.

8.19.0

New Features

  • Add ML-DSA (FIPS 204) post-quantum signature support. See PR #​3479.
  • Cache custom crypto providers in CryptoProviderFactory. See PR #​3489.

Bug Fixes

  • Disable automatic redirects on default HttpClient for JKU retrieval. See PR #​3494.
  • Adjust rented buffer handling in claim set parsing. See PR #​3493.
  • Tidy null handling in SAML conditions validation. See PR #​3491.
  • Improve validation of jku claim. See PR #​3481.
  • Limit telemetry algorithm dimension cardinality. See PR #​3490.
  • Add defensive copy of collections in ValidationParameters. See PR #​3492.
  • Update TokenValidationParameter copy constructor to make a deep copy. See PR #​3488.
  • Update to fail-closed when replay protection isn't configured and other DPoP hardening. See PR #​3505.
  • Apply RFC 3986 section 6.2.2 normalization to DPoP htu comparison. See PR #​3509.

Commits viewable in compare view.

Updated Microsoft.IdentityModel.Validators from 8.18.0 to 8.19.2.

Release notes

Sourced from Microsoft.IdentityModel.Validators's releases.

8.19.2

What's Changed

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.19.1...8.19.2

8.19.1

Bug Fixes

  • Update JwtSecurityTokenHandler for IssuerSigningKeyResolverUsingConfiguration to take priority over IssuerSigningKeyResolver, matching the documented contract and the correct behavior already present in JsonWebTokenHandler. See PR #​3519.

8.19.0

New Features

  • Add ML-DSA (FIPS 204) post-quantum signature support. See PR #​3479.
  • Cache custom crypto providers in CryptoProviderFactory. See PR #​3489.

Bug Fixes

  • Disable automatic redirects on default HttpClient for JKU retrieval. See PR #​3494.
  • Adjust rented buffer handling in claim set parsing. See PR #​3493.
  • Tidy null handling in SAML conditions validation. See PR #​3491.
  • Improve validation of jku claim. See PR #​3481.
  • Limit telemetry algorithm dimension cardinality. See PR #​3490.
  • Add defensive copy of collections in ValidationParameters. See PR #​3492.
  • Update TokenValidationParameter copy constructor to make a deep copy. See PR #​3488.
  • Update to fail-closed when replay protection isn't configured and other DPoP hardening. See PR #​3505.
  • Apply RFC 3986 section 6.2.2 normalization to DPoP htu comparison. See PR #​3509.

Commits viewable in compare view.

Updated OpenTelemetry from 1.15.3 to 1.17.0.

Release notes

Sourced from OpenTelemetry's releases.

1.17.0

For highlights and announcements pertaining to this release see: Release Notes > 1.17.0.

The following changes are from the previous release 1.17.0-rc.1.

... (truncated)

1.17.0-rc.1

The following changes are from the previous release 1.16.0.

  • NuGet: OpenTelemetry v1.17.0-rc.1

    • Fixed a metric point reclaim data race on CPU ARM architectures.
      (#​7401)

    • The library is now marked as trim and AOT compatible.
      (#​7441)

    • Replaced the vendored copy of
      EnvironmentVariablesConfigurationProvider with a direct
      Microsoft.Extensions.Configuration.EnvironmentVariables package dependency.
      Consumers gain automatic pickup of upstream bug fixes and security patches;
      no public API or behavioural change.
      (#​7146)

    • Added a verbose OpenTelemetry-Sdk self-diagnostics event that is emitted
      when an activity is dropped because its local (in-process) parent is not
      recorded.
      (#​7427)

    • Added support for a Schema URL on Resource instances.
      (#​7472)

    • Fixed a metric storage leak that occurred when meters and instruments were
      repeatedly created and disposed.
      (#​7466)

    • Added ExcludedTagKeys property to MetricStreamConfiguration to support
      excluding specific tag keys from metric streams.
      (#​7373)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api v1.17.0-rc.1

    • Fixed TraceContextPropagator to normalize empty tracestate header values
      to null when extracting trace context.
      (#​7407,
      #​7433)

    • The library is now marked as trim and AOT compatible.
      (#​7441)

    • Experimental (pre-release builds only): Updated EnvironmentVariableCarrier.Get
      to read only the normalized environment variable name, following the updated
      environment variable carrier specification.
      Non-normalized carrier keys are no longer matched, even when they would
      normalize to the requested key.
      ... (truncated)

1.17.0-beta.1

The following changes are from the previous release 1.16.0-beta.1.

  • NuGet: OpenTelemetry.Exporter.Prometheus.AspNetCore v1.17.0-beta.1

    • Added a verbose-level diagnostic event for ignored metrics.
      (#​7429)

    • The library is now marked as trim and AOT compatible.
      (#​7441)

    • Fix double unit suffixes in metric names when using OpenMetrics.
      (#​7454)

    • Fix incorrect handling of leading digits in metric names for OpenMetrics.
      (#​7454)

    • Add PrometheusAspNetCoreOptions.ScopeInfoEnabled property to enable or
      disable scope labels in Prometheus metrics. Defaults to true.
      (#​7436)

    • Added support for the dots and values Prometheus UTF-8 name escaping
      schemes when negotiated via the Accept header.
      (#​7439)

    • Add PrometheusAspNetCoreOptions.TargetInfoEnabled property to enable or
      disable the target_info metric in Prometheus metrics. Defaults to true.
      (#​7438)

    • Added support for the allow-utf-8 Prometheus UTF-8 name escaping scheme
      when negotiated via the Accept header.
      (#​7440)

    • Add PrometheusAspNetCoreOptions.ResourceConstantLabels property to select
      resource attributes to add to each metric as constant labels. Defaults to
      null (no resource attributes are added as metric labels).
      (#​7471)

    • Add PrometheusAspNetCoreOptions.MaxScrapeResponseSizeBytes to configure
      the maximum size of a scrape response. The default is now ~166 MiB.
      (#​7487)

    • A scrape whose serialized output exceeds the maximum scrape response size
      limit now responds with HTTP 500.
      (#​7487)

    • Fixed the Prometheus text exposition format emitting redundant comments.
      (#​7491)

    • Made Accept header content negotiation consistent with the
      PrometheusHttpListener endpoint.
      ... (truncated)

1.16.0

For highlights and announcements pertaining to this release see: Release Notes > 1.16.0.

The following changes are from the previous release 1.16.0-rc.1.

... (truncated)

1.16.0-rc.1

The following changes are from the previous release 1.15.3.

  • NuGet: OpenTelemetry v1.16.0-rc.1

    • Stop validating View-provided metric stream Name against the instrument
      name syntax, per
      spec clarification.
      (#​7300)

    • Fix incorrect validation of OTEL_BSP_* and OTEL_BLRP_* environment
      variables.
      (#​7187)

    • Fix observable instrument callbacks running once per reader instead of
      once per collection cycle.
      (#​7188)

    • Added exception safety for user-supplied ExemplarReservoir implementations.
      Exceptions thrown from Offer are now caught and logged rather than propagating
      out of Counter.Add/Histogram.Record.
      (#​7277)

    • Update OpenTelemetrySdkEventSource to support the W3C randomness flag.
      (#​7301)

    • Added ObservedTimestamp property to LogRecord.
      (#​6979)

    • Breaking Change Explicit histogram boundaries no longer allow more than
      10 million values.
      (#​7165)

    • Fixed a circular reference which could cause a LoggerProvider to fail to
      resolve when one of its dependencies depends on ILogger or ILoggerFactory.
      As part of this fix the LoggerProvider resolved from dependency injection
      is now created lazily when the first logger is created rather than when
      ILoggerProvider or ILoggerFactory is resolved. A consequence is that any
      invalid configuration now surfaces when the first log record is written instead
      of when the logging services are resolved.
      (#​7308)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api v1.16.0-rc.1

    • Experimental (pre-release builds only):
      Add support for using environment variables as context propagation carriers.
      (#​7174)

    • Fix BaggagePropagator to correctly follow Key and Value Encoding rules as per
      ... (truncated)

1.16.0-beta.1

The following changes are from the previous release 1.15.3-beta.1.

  • NuGet: OpenTelemetry.Exporter.Prometheus.AspNetCore v1.16.0-beta.1

    • Fixed scrape response cache freshness using monotonic time so it is not
      affected by NTP system clock adjustments.
      (#​7253)

    • Breaking Change Removed DisableTimestamp property from
      PrometheusAspNetCoreOptions.
      (#​7176)

    • Fixed the serialization of NaN, PositiveInfinity, and NegativeInfinity
      values in Prometheus metrics to be compliant with the specification.
      (#​7179)

    • Fixed loss of precision when serializing double and float values in
      Prometheus metrics to be compliant with the specification by using 17
      significant digits to represent such values.
      (#​7179)

    • Fix non-ASCII characters in metric names and unit strings not being sanitized
      correctly during Prometheus serialization.
      (#​7184)

    • Fix case where reader tracking could be reset while readers were still active.
      (#​7190)

    • Improve Accept header handling for format negotiation so OpenMetrics is
      selected correctly by considering whitespace and q weights.
      (#​7208)

    • Emit OpenMetrics exemplars for counters and histogram buckets.
      (#​7222)

    • Fix incorrect handling of untyped metrics when using OpenMetrics format.
      (#​7219)

    • Fix Prometheus/OpenMetrics serialization to emit metric and label names
      containing _ instead of dropping them and prefixing leading digits.
      Invalid characters are replaced with _ instead of being dropped.
      (#​7209)

    • Add escaping=underscores to the Accept header handling for content
      negotiation so OpenMetrics are handled correctly.
      (#​7209)

    • Omit histogram _sum and _count in OpenMetrics when negative bucket
      thresholds are present.
      (#​7221)
      ... (truncated)

Commits viewable in compare view.

Updated [OpenTelemetry.Api](https://github.com/open...

Description has been truncated

@dependabot dependabot Bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels Jul 17, 2026
@drmoisan
drmoisan force-pushed the dependabot/nuget/QuickFiler.Test/graph-identity-telemetry-a6559038bf branch from f787edc to e87cac6 Compare July 18, 2026 12:41
Bumps Azure.Core, Azure.Monitor.OpenTelemetry.Exporter,
Microsoft.ApplicationInsights, Microsoft.Identity.Client(.Extensions.
Msal), the Microsoft.IdentityModel.* family, and OpenTelemetry* to the
versions selected by Dependabot's graph-identity-telemetry group
update, applied consistently across every project in the solution
(packages.config, csproj reference/hint path, and the declared
assembly version verified against the restored package DLL) so no
project is left referencing a stale version of a package another
project already requires.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
@drmoisan
drmoisan force-pushed the dependabot/nuget/QuickFiler.Test/graph-identity-telemetry-a6559038bf branch from e87cac6 to 7b5500e Compare July 18, 2026 12:54
@drmoisan
drmoisan merged commit aed372e into main Jul 18, 2026
2 checks passed
@drmoisan
drmoisan deleted the dependabot/nuget/QuickFiler.Test/graph-identity-telemetry-a6559038bf branch July 18, 2026 13:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant