[release/6.0.1xx] Bump System.Security.Cryptography.Xml to 6.0.1 and System.Security.Cryptography.Pkcs to 6.0.4

[YuliiaKovalova]

Summary

This is a security fix after the recent scanner results for sdk repo.

Customer Impact

No impact is expected.

Regression?

No

Testing

N/A

Risk

Minimal - no risks, it's just package version update + data from arcade .Net 6 Eng channel

[YuliiaKovalova]

Hi @premun,

Could you help us with that? We need a build with the dependency bump .

[premun]

Sorry, I don't follow. Help with what exactly?

[YuliiaKovalova]

Sorry, I don't follow. Help with what exactly?

@premun , I apologize for confusion.
This build fails on source-build step and I don't know how to propagate the arcade version that can fix it and not break sdk.
Do you have any ideas?

[premun]

Sorry, I am not the best person for SB problems. @dotnet/source-build-internal Yulia has some issues with restoring Microsoft.DotNet.SourceBuild.Tasks. Can you help?

[mthalman]

##[error].packages/microsoft.dotnet.arcade.sdk/6.0.0-beta.21460.7/tools/Tools.proj(0,0): error NU1603: (NETCORE_ENGINEERING_TELEMETRY=Restore) Tools depends on Microsoft.DotNet.SourceBuild.Tasks (>= 6.0.0-beta.21460.7) but Microsoft.DotNet.SourceBuild.Tasks 6.0.0-beta.21460.7 was not found. An approximate best match of Microsoft.DotNet.SourceBuild.Tasks 6.0.0-beta.21620.3 was resolved.
  /__w/1/s/.packages/microsoft.dotnet.arcade.sdk/6.0.0-beta.21460.7/tools/Tools.proj : error NU1102: Unable to find package Microsoft.SourceBuild.Intermediate.arcade with version (= 6.0.0-beta.21460.7)
  /__w/1/s/.packages/microsoft.dotnet.arcade.sdk/6.0.0-beta.21460.7/tools/Tools.proj : error NU1102:   - Found 1002 version(s) in arcade [ Nearest version: 6.0.0-beta.22431.8 ]
  /__w/1/s/.packages/microsoft.dotnet.arcade.sdk/6.0.0-beta.21460.7/tools/Tools.proj : error NU1102:   - Found 0 version(s) in dotnet-public
  /__w/1/s/.packages/microsoft.dotnet.arcade.sdk/6.0.0-beta.21460.7/tools/Tools.proj : error NU1102:   - Found 0 version(s) in dotnet-tools
  /__w/1/s/.packages/microsoft.dotnet.arcade.sdk/6.0.0-beta.21460.7/tools/Tools.proj : error NU1102:   - Found 0 version(s) in dotnet6
##[error].packages/microsoft.dotnet.arcade.sdk/6.0.0-beta.21460.7/tools/Tools.proj(0,0): error NU1102: (NETCORE_ENGINEERING_TELEMETRY=Restore) Unable to find package Microsoft.SourceBuild.Intermediate.arcade with version (= 6.0.0-beta.21460.7)
  - Found 1002 version(s) in arcade [ Nearest version: 6.0.0-beta.22431.8 ]
  - Found 0 version(s) in dotnet-public
  - Found 0 version(s) in dotnet-tools
  - Found 0 version(s) in dotnet6
    Failed to restore /__w/1/s/.packages/microsoft.dotnet.arcade.sdk/6.0.0-beta.21460.7/tools/Tools.proj (in 968 ms).

The error seems completely unrelated to the changes. Are you sure this branch is building without these changes?

Do you have the latest 6.0 Arcade in this branch? /cc @mmitche

[premun]

There was no commit on the target branch for some time:

[YuliiaKovalova]

@GangWang01 please look at the tests failures.

update: it's related to vs-image update. Hopefully, @rainersigwald will resolve it.

[GangWang01]

@GangWang01 please look at the tests failures.

update: it's related to vs-image update. Hopefully, @rainersigwald will resolve it.

It looks like the test failures were resolved by Rainer. Thanks Rainer!

[JanKrivanek]

I suppose changes in eng.. were automatic via the arcade update - correct? Or is there any specific manual changes that should be reviewed with care?

[YuliiaKovalova]

I suppose changes in eng.. were automatic via the arcade update - correct? Or is there any specific manual changes that should be reviewed with care?

Nope, these changes were added by running
darc update-dependencies --source-repo "dotnet/arcade" --channel ".NET 6 Eng"

[KevinRansom]

@YuliiaKovalova will you be merging this anytime soon. I'm hoping for F# to use the nuget packages from it.

[dotnet-policy-service]

Hello! I noticed that you're targeting one of our servicing branches. Please consider updating the version.