From ebd15f6fb1a15cb7d306a79568ce22548858a56b Mon Sep 17 00:00:00 2001
From: Rajkumar Rangaraj <rajrang@microsoft.com>
Date: Tue, 9 Jul 2024 16:30:47 -0700
Subject: [PATCH 1/5] Bump System.Text.Json version due to
 [CVE-2024-30105](https://github.com/dotnet/runtime/issues/104619)

---
 Directory.Packages.props                        | 4 ++--
 examples/Directory.Packages.props               | 2 +-
 src/OpenTelemetry.Exporter.Console/CHANGELOG.md | 5 +++++
 src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md  | 4 ++++
 test/Directory.Packages.props                   | 2 +-
 5 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/Directory.Packages.props b/Directory.Packages.props
index f15e90b0d9..211590261a 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -55,10 +55,10 @@
     <PackageVersion Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
 
     <!-- A conservative version of System.Text.Encodings.Web must be used here since there is no backward compatibility guarantee during major version bumps. -->
-    <PackageVersion Include="System.Text.Encodings.Web" Version="4.7.2" />
+    <PackageVersion Include="System.Text.Encodings.Web" Version="8.0.0" />
 
     <!-- A conservative version of System.Text.Json must be used here since there is no backward compatibility guarantee during major version bumps. -->
-    <PackageVersion Include="System.Text.Json" Version="4.7.2" />
+    <PackageVersion Include="System.Text.Json" Version="8.0.4" />
 
     <!-- A conservative version of System.Threading.Tasks.Extensions must be used here since there is no backward compatibility guarantee during major version bumps. -->
     <PackageVersion Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
diff --git a/examples/Directory.Packages.props b/examples/Directory.Packages.props
index 902efc8cc0..549e1ed325 100644
--- a/examples/Directory.Packages.props
+++ b/examples/Directory.Packages.props
@@ -1,6 +1,6 @@
 <Project>
   <Import Project="$([MSBuild]::GetPathOfFileAbove(Directory.Packages.props, $(MSBuildThisFileDirectory)..))" />
   <ItemGroup>
-    <PackageVersion Update="System.Text.Json" Version="6.0.5" />
+    <PackageVersion Update="System.Text.Json" Version="8.0.4" />
   </ItemGroup>
 </Project>
diff --git a/src/OpenTelemetry.Exporter.Console/CHANGELOG.md b/src/OpenTelemetry.Exporter.Console/CHANGELOG.md
index 9e94df266e..d86f326205 100644
--- a/src/OpenTelemetry.Exporter.Console/CHANGELOG.md
+++ b/src/OpenTelemetry.Exporter.Console/CHANGELOG.md
@@ -2,6 +2,11 @@
 
 ## Unreleased
 
+* Bumped the minimum required version of `System.Text.Json` to 8.0.4  and its
+indirect dependency on `System.Text.Encodings.Web` to 8.0.0 in response to
+[CVE-2024-30105](https://github.com/dotnet/runtime/issues/104619).
+([#](https://github.com/open-telemetry/opentelemetry-dotnet/pull/))
+
 ## 1.9.0
 
 Released 2024-Jun-14
diff --git a/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md b/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md
index dedce65399..3641e0a83f 100644
--- a/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md
+++ b/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md
@@ -6,6 +6,10 @@
   `Convert.ToString` will now format using `CultureInfo.InvariantCulture`.
   ([#5700](https://github.com/open-telemetry/opentelemetry-dotnet/pull/5700))
 
+* Bumped the minimum required version of `System.Text.Json` to 8.0.4 in response
+to [CVE-2024-30105](https://github.com/dotnet/runtime/issues/104619).
+([#](https://github.com/open-telemetry/opentelemetry-dotnet/pull/))
+
 ## 1.9.0
 
 Released 2024-Jun-14
diff --git a/test/Directory.Packages.props b/test/Directory.Packages.props
index 575224321a..4800f76a84 100644
--- a/test/Directory.Packages.props
+++ b/test/Directory.Packages.props
@@ -1,7 +1,7 @@
 <Project>
   <Import Project="$([MSBuild]::GetPathOfFileAbove(Directory.Packages.props, $(MSBuildThisFileDirectory)..))" />
   <ItemGroup>
-    <PackageVersion Update="System.Text.Json" Version="7.0.1" />
+    <PackageVersion Update="System.Text.Json" Version="8.0.4" />
     <PackageVersion Include="System.Runtime.InteropServices.RuntimeInformation" Version="4.3.0" />
     <PackageVersion Include="Microsoft.Coyote" Version="1.7.10" />
   </ItemGroup>

From dbc2f0de16917362e522e4a606224e7140eee6ca Mon Sep 17 00:00:00 2001
From: Rajkumar Rangaraj <rajrang@microsoft.com>
Date: Tue, 9 Jul 2024 16:38:30 -0700
Subject: [PATCH 2/5] changelog update

---
 src/OpenTelemetry.Exporter.Console/CHANGELOG.md | 6 +++---
 src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md  | 7 ++++---
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/OpenTelemetry.Exporter.Console/CHANGELOG.md b/src/OpenTelemetry.Exporter.Console/CHANGELOG.md
index d86f326205..c734c342eb 100644
--- a/src/OpenTelemetry.Exporter.Console/CHANGELOG.md
+++ b/src/OpenTelemetry.Exporter.Console/CHANGELOG.md
@@ -3,9 +3,9 @@
 ## Unreleased
 
 * Bumped the minimum required version of `System.Text.Json` to 8.0.4  and its
-indirect dependency on `System.Text.Encodings.Web` to 8.0.0 in response to
-[CVE-2024-30105](https://github.com/dotnet/runtime/issues/104619).
-([#](https://github.com/open-telemetry/opentelemetry-dotnet/pull/))
+  indirect dependency on `System.Text.Encodings.Web`   to 8.0.0 in response to
+  [CVE-2024-30105](https://github.com/dotnet/runtime/issues/104619).
+  ([#5744](https://github.com/open-telemetry/opentelemetry-dotnet/pull/5744))
 
 ## 1.9.0
 
diff --git a/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md b/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md
index 3641e0a83f..c6bd7c90a7 100644
--- a/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md
+++ b/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md
@@ -6,9 +6,10 @@
   `Convert.ToString` will now format using `CultureInfo.InvariantCulture`.
   ([#5700](https://github.com/open-telemetry/opentelemetry-dotnet/pull/5700))
 
-* Bumped the minimum required version of `System.Text.Json` to 8.0.4 in response
-to [CVE-2024-30105](https://github.com/dotnet/runtime/issues/104619).
-([#](https://github.com/open-telemetry/opentelemetry-dotnet/pull/))
+* Bumped the minimum required version of `System.Text.Json` to 8.0.4  and its
+  indirect dependency on `System.Text.Encodings.Web`   to 8.0.0 in response to
+  [CVE-2024-30105](https://github.com/dotnet/runtime/issues/104619).
+  ([#5744](https://github.com/open-telemetry/opentelemetry-dotnet/pull/5744))
 
 ## 1.9.0
 

From 8a2001ecdba41f542824d5213019802c41a666d7 Mon Sep 17 00:00:00 2001
From: Rajkumar Rangaraj <rajrang@microsoft.com>
Date: Tue, 9 Jul 2024 16:40:35 -0700
Subject: [PATCH 3/5] Remove comment

---
 Directory.Packages.props | 2 --
 1 file changed, 2 deletions(-)

diff --git a/Directory.Packages.props b/Directory.Packages.props
index 211590261a..eb5e3651ed 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -54,10 +54,8 @@
     -->
     <PackageVersion Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
 
-    <!-- A conservative version of System.Text.Encodings.Web must be used here since there is no backward compatibility guarantee during major version bumps. -->
     <PackageVersion Include="System.Text.Encodings.Web" Version="8.0.0" />
 
-    <!-- A conservative version of System.Text.Json must be used here since there is no backward compatibility guarantee during major version bumps. -->
     <PackageVersion Include="System.Text.Json" Version="8.0.4" />
 
     <!-- A conservative version of System.Threading.Tasks.Extensions must be used here since there is no backward compatibility guarantee during major version bumps. -->

From 052a79a65b7a5b1b34f8888270ef1381d4f5c026 Mon Sep 17 00:00:00 2001
From: Rajkumar Rangaraj <rajrang@microsoft.com>
Date: Tue, 9 Jul 2024 17:38:55 -0700
Subject: [PATCH 4/5] fix spacing in changelog

---
 src/OpenTelemetry.Exporter.Console/CHANGELOG.md | 4 ++--
 src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/OpenTelemetry.Exporter.Console/CHANGELOG.md b/src/OpenTelemetry.Exporter.Console/CHANGELOG.md
index c734c342eb..bc6b7853bf 100644
--- a/src/OpenTelemetry.Exporter.Console/CHANGELOG.md
+++ b/src/OpenTelemetry.Exporter.Console/CHANGELOG.md
@@ -2,8 +2,8 @@
 
 ## Unreleased
 
-* Bumped the minimum required version of `System.Text.Json` to 8.0.4  and its
-  indirect dependency on `System.Text.Encodings.Web`   to 8.0.0 in response to
+* Bumped the minimum required version of `System.Text.Json` to 8.0.4 and its
+  indirect dependency on `System.Text.Encodings.Web` to 8.0.0 in response to
   [CVE-2024-30105](https://github.com/dotnet/runtime/issues/104619).
   ([#5744](https://github.com/open-telemetry/opentelemetry-dotnet/pull/5744))
 
diff --git a/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md b/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md
index c6bd7c90a7..1ca0a6edbc 100644
--- a/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md
+++ b/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md
@@ -6,8 +6,8 @@
   `Convert.ToString` will now format using `CultureInfo.InvariantCulture`.
   ([#5700](https://github.com/open-telemetry/opentelemetry-dotnet/pull/5700))
 
-* Bumped the minimum required version of `System.Text.Json` to 8.0.4  and its
-  indirect dependency on `System.Text.Encodings.Web`   to 8.0.0 in response to
+* Bumped the minimum required version of `System.Text.Json` to 8.0.4 and its
+  indirect dependency on `System.Text.Encodings.Web` to 8.0.0 in response to
   [CVE-2024-30105](https://github.com/dotnet/runtime/issues/104619).
   ([#5744](https://github.com/open-telemetry/opentelemetry-dotnet/pull/5744))
 

From f203db7d3b3102b1d513ce135070708de6e0586c Mon Sep 17 00:00:00 2001
From: Rajkumar Rangaraj <rajrang@microsoft.com>
Date: Wed, 10 Jul 2024 16:34:38 -0700
Subject: [PATCH 5/5] Remove main project changes as there is no impact.

---
 Directory.Packages.props                        | 6 ++++--
 src/OpenTelemetry.Exporter.Console/CHANGELOG.md | 5 -----
 src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md  | 5 -----
 3 files changed, 4 insertions(+), 12 deletions(-)

diff --git a/Directory.Packages.props b/Directory.Packages.props
index eb5e3651ed..f15e90b0d9 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -54,9 +54,11 @@
     -->
     <PackageVersion Include="System.Diagnostics.DiagnosticSource" Version="8.0.0" />
 
-    <PackageVersion Include="System.Text.Encodings.Web" Version="8.0.0" />
+    <!-- A conservative version of System.Text.Encodings.Web must be used here since there is no backward compatibility guarantee during major version bumps. -->
+    <PackageVersion Include="System.Text.Encodings.Web" Version="4.7.2" />
 
-    <PackageVersion Include="System.Text.Json" Version="8.0.4" />
+    <!-- A conservative version of System.Text.Json must be used here since there is no backward compatibility guarantee during major version bumps. -->
+    <PackageVersion Include="System.Text.Json" Version="4.7.2" />
 
     <!-- A conservative version of System.Threading.Tasks.Extensions must be used here since there is no backward compatibility guarantee during major version bumps. -->
     <PackageVersion Include="System.Threading.Tasks.Extensions" Version="4.5.4" />
diff --git a/src/OpenTelemetry.Exporter.Console/CHANGELOG.md b/src/OpenTelemetry.Exporter.Console/CHANGELOG.md
index bc6b7853bf..9e94df266e 100644
--- a/src/OpenTelemetry.Exporter.Console/CHANGELOG.md
+++ b/src/OpenTelemetry.Exporter.Console/CHANGELOG.md
@@ -2,11 +2,6 @@
 
 ## Unreleased
 
-* Bumped the minimum required version of `System.Text.Json` to 8.0.4 and its
-  indirect dependency on `System.Text.Encodings.Web` to 8.0.0 in response to
-  [CVE-2024-30105](https://github.com/dotnet/runtime/issues/104619).
-  ([#5744](https://github.com/open-telemetry/opentelemetry-dotnet/pull/5744))
-
 ## 1.9.0
 
 Released 2024-Jun-14
diff --git a/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md b/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md
index 1ca0a6edbc..dedce65399 100644
--- a/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md
+++ b/src/OpenTelemetry.Exporter.Zipkin/CHANGELOG.md
@@ -6,11 +6,6 @@
   `Convert.ToString` will now format using `CultureInfo.InvariantCulture`.
   ([#5700](https://github.com/open-telemetry/opentelemetry-dotnet/pull/5700))
 
-* Bumped the minimum required version of `System.Text.Json` to 8.0.4 and its
-  indirect dependency on `System.Text.Encodings.Web` to 8.0.0 in response to
-  [CVE-2024-30105](https://github.com/dotnet/runtime/issues/104619).
-  ([#5744](https://github.com/open-telemetry/opentelemetry-dotnet/pull/5744))
-
 ## 1.9.0
 
 Released 2024-Jun-14