Update packages references

[cremor]

Could you please update the references to 3rd party packages? Currently those old package versions are either vulnerable/deprecated themselves or bring in some other transient dependencies which are vulnerable/deprecated.

• System.Text.Json 5.0.2 is deprecated
• Microsoft.AspNet.WebApi.Client 5.2.4 -> Newtonsoft.Json.Bson 1.0.1 -> NETStandard.Library 1.6.1 -> multiple vulnerable packages

Output for a new xUnit test project with FluentAssertions.Web:

> dotnet list package --include-transitive --vulnerable
   Transitive Package                    Resolved   Severity   Advisory URL
   > System.Net.Http                     4.3.0      High       https://github.com/advisories/GHSA-7jgj-8wvc-jh57
   > System.Text.RegularExpressions      4.3.0      High       https://github.com/advisories/GHSA-cmhx-cq75-c4mj

> dotnet list package --include-transitive --deprecated
   Transitive Package      Resolved   Reason(s)      Alternative
   > System.Text.Json      5.0.2      Other,Legacy

[adrianiftode]

I don't want to add constraints, unless there is a security issue. The dependencies are not strict, so clients can reference newer versions that are non-deprecated versions.

[cremor]

I've updated the initial post with additional information that shows that there are also security issues.

Also, how would package update add constraints? All those references packages still support .NET Standard 2.0 (your only target framework) in their latest version.