Update NuGet packages

[Jay-o-Way]

System.Net.Http ⚠️

Update 📈

• WPF-UI 3.0 (latest) Check changes to see what we can improve in PowerToys.
• WinUI-EX v2.2.0 --> 2.3.3 Check changes to see what we can improve in PowerToys.
• System.IO.Abstractions 17.2.3 --> 20.0.15 changes
• UnitsNet 4.415 --> 5.43 changes

Check for unused 🗑️

• FZ Editor
  • ModernWpfUI: update 0.9.4 to 0.9.6 (from 6/2022) or change to WPF-UI or to WinUI3?
• Settings project??
  

[Jay-o-Way]

@jaimecbernardo who can i ping for this?

[jaimecbernardo]

Ah, looks like we need to fix before .NET 9 hits in November.

[jaimecbernardo]

Regarding unused extensions, there were some that we needed to make sure dependencies follow the same versions after the flattening.

[Jay-o-Way]

Nobody mentioning the vulnerability issue?

[drawbyperpetual]

@Jay-o-Way: I'm currently looking into the BinaryFormatter deprecation / security issue. Regarding the System.Net.Http issue, could you indicate where you see the dependency? I don't see us taking any NuGet dependency on System.Net.Http in the entire solution.

[Jay-o-Way]

@drawbyperpetual thanks. System.Net.Http is unused in SvgPreviewHandler (FYI @zanseb) and is used in OobeWhatsNew - seemingly to create a way to link/show release notes. (HttpClient and such)

CC @jaimecbernardo and @lncubus

[drawbyperpetual]

@Jay-o-Way: Yes, System.Net.Http is indeed used there but not via a vulnerable NuGet package, but rather via a framework dependency on .NET Core 8. Where's the vulnerability there?

[Jay-o-Way]

@drawbyperpetual I just encountered the warning one day. Not an expert on the usage details 😇