**Vulnerable Package** `OpenTelemetry.Api` version `1.1.0` is depended upon by the latest stable release `15.1.15`: https://github.com/ChilliCream/graphql-platform/blob/fb478894987ce20fcdbb857179b1b70872cb67b2/src/Directory.Packages.props#L42 Workaround for downstream consumers (like us) is to add an explicit dependency with a version pin: ```xml <PackageReference Include="OpenTelemetry.Api" Version="1.15.3" /> ```
Vulnerable Package
OpenTelemetry.Apiversion1.1.0is depended upon by the latest stable release15.1.15:graphql-platform/src/Directory.Packages.props
Line 42 in fb47889
Workaround for downstream consumers (like us) is to add an explicit dependency with a version pin: