Update NuGet packages to latest stable

[angularsen]

Summary

Bumps centrally-managed NuGet package versions in Directory.Packages.props to the latest stable release.

Package	From	To
Microsoft.NET.Test.Sdk	18.0.1	18.5.1
NuGet.Protocol	7.0.1	7.3.1
Serilog	4.3.0	4.3.1

NuGet.Protocol 7.3.1 clears the low-severity NU1901 advisories that triggered the original CI failure on #1657. As a result this PR makes #1660 unnecessary as a build-unblocker, though the comment-and-policy clean-up there still has independent value.

System.CommandLine.DragonFruit is left at the existing 0.4.0-alpha.22272.1; no newer stable version is published to the configured sources.

🤖 Generated with Claude Code

[claude]

Code Review

Overview

Routine NuGet package maintenance bump in Directory.Packages.props — 3 packages, all build/dev-time dependencies that are not shipped in the library itself.

Analysis

Breaking changes: None. All three packages are development/test dependencies:

• Microsoft.NET.Test.Sdk — test runner infrastructure
• NuGet.Protocol — used by the CodeGen tool at build time
• Serilog — logging in CodeGen, not in the library

Version jumps look fine:

• Microsoft.NET.Test.Sdk 18.0.1 → 18.5.1 (minor): standard test SDK update, no concern
• NuGet.Protocol 7.0.1 → 7.3.1 (minor): the stated motivation is clearing NU1901 advisories — this is a good reason to update
• Serilog 4.3.0 → 4.3.1 (patch): low risk

Style/conventions: Follows the existing Directory.Packages.props format correctly.

One small note: NuGet.Protocol jumps from 7.0.1 to 7.3.1, skipping two minor versions. No concern in practice for a build tool, but worth a quick sanity check that the CodeGen tool still builds cleanly after the update (the PR description confirms CI passes, so this is already verified).

Verdict

LGTM — minimal, well-motivated change. The security advisory fix in NuGet.Protocol is a good reason to bump even aside from routine maintenance.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 96%. Comparing base (2a60bf9) to head (e50d006).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files

@@          Coverage Diff           @@
##           master   #1661   +/-   ##
======================================
  Coverage      96%     96%           
======================================
  Files         450     450           
  Lines       29151   29150    -1     
======================================
  Hits        28109   28109           
+ Misses       1042    1041    -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.