[deps] Tools: Pin dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
AWSSDK.SQS	nuget	pin	4.0.2.5 → [4.0.2.5]
AWSSDK.SimpleEmail	nuget	pin	4.0.2.5 → [4.0.2.5]
AngleSharp (source)	nuget	pin	1.4.0 → [1.4.0]
AspNetCore.HealthChecks.SqlServer	nuget	pin	8.0.2 → [8.0.2]
AspNetCore.HealthChecks.Uris	nuget	pin	8.0.1 → [8.0.1]
AspNetCoreRateLimit	nuget	pin	5.0.0 → [5.0.0]
AspNetCoreRateLimit.Redis	nuget	pin	2.0.0 → [2.0.0]
AutoMapper.Extensions.Microsoft.DependencyInjection (source)	nuget	pin	12.0.1 → [12.0.1]
Azure.Data.Tables (source)	nuget	pin	12.11.0 → [12.11.0]
Azure.Extensions.AspNetCore.DataProtection.Blobs (source)	nuget	pin	1.3.4 → [1.3.4]
Azure.Messaging.EventGrid (source)	nuget	pin	5.0.0 → [5.0.0]
Azure.Messaging.ServiceBus (source)	nuget	pin	7.20.1 → [7.20.1]
Azure.Storage.Blobs (source)	nuget	pin	12.26.0 → [12.26.0]
Azure.Storage.Queues (source)	nuget	pin	12.24.0 → [12.24.0]
BenchmarkDotNet	nuget	pin	0.15.3 → [0.15.3]
BitPay.Light (source)	nuget	pin	1.0.1907 → [1.0.1907]
Braintree	nuget	pin	5.36.0 → [5.36.0]
CommandDotNet	nuget	pin	7.0.5 → [7.0.5]
CsvHelper (source)	nuget	pin	33.1.0 → [33.1.0]
Dapper	nuget	pin	2.1.66 → [2.1.66]
DnsClient (source)	nuget	pin	1.8.0 → [1.8.0]
Duende.IdentityServer (source)	nuget	pin	7.2.4 → [7.2.4]
DuoUniversal	nuget	pin	1.3.1 → [1.3.1]
Fido2.AspNet	nuget	pin	3.0.1 → [3.0.1]
Handlebars.Net (source)	nuget	pin	2.1.6 → [2.1.6]
Kralizek.AutoFixture.Extensions.MockHttp	nuget	pin	2.1.0 → [2.1.0]
LaunchDarkly.ServerSdk	nuget	pin	8.11.0 → [8.11.0]
MailKit (source)	nuget	pin	4.14.1 → [4.14.1]
MarkDig	nuget	pin	0.44.0 → [0.44.0]
MartinCostello.Logging.XUnit	nuget	pin	0.7.0 → [0.7.0]
MessagePack	nuget	pin	2.5.192 → [2.5.192]
Microsoft.AspNetCore.Authentication.JwtBearer (source)	nuget	pin	8.0.10 → [8.0.10]
Microsoft.AspNetCore.DataProtection (source)	nuget	pin	8.0.10 → [8.0.10]
Microsoft.AspNetCore.Http (source)	nuget	pin	2.2.2 → [2.2.2]
Microsoft.AspNetCore.Mvc.Testing (source)	nuget	pin	8.0.10 → [8.0.10]
Microsoft.AspNetCore.SignalR.Protocols.MessagePack (source)	nuget	pin	8.0.8 → [8.0.8]
Microsoft.AspNetCore.SignalR.StackExchangeRedis (source)	nuget	pin	8.0.8 → [8.0.8]
Microsoft.Azure.Cosmos	nuget	pin	3.52.0 → [3.52.0]
Microsoft.Azure.NotificationHubs	nuget	pin	4.2.0 → [4.2.0]
Microsoft.Bot.Builder	nuget	pin	4.23.0 → [4.23.0]
Microsoft.Bot.Builder.Integration.AspNet.Core	nuget	pin	4.23.0 → [4.23.0]
Microsoft.Bot.Connector	nuget	pin	4.23.0 → [4.23.0]
Microsoft.Data.SqlClient (source)	nuget	pin	5.2.2 → [5.2.2]
Microsoft.Extensions.Caching.Cosmos	nuget	pin	1.8.0 → [1.8.0]
Microsoft.Extensions.Caching.Memory (source)	nuget	pin	8.0.1 → [8.0.1]
Microsoft.Extensions.Caching.SqlServer (source)	nuget	pin	8.0.10 → [8.0.10]
Microsoft.Extensions.Caching.StackExchangeRedis (source)	nuget	pin	8.0.10 → [8.0.10]
Microsoft.Extensions.Configuration (source)	nuget	pin	8.0.0 → [8.0.0]
Microsoft.Extensions.Configuration.EnvironmentVariables (source)	nuget	pin	8.0.0 → [8.0.0]
Microsoft.Extensions.Configuration.UserSecrets (source)	nuget	pin	8.0.0 → [8.0.0]
Microsoft.Extensions.DependencyInjection (source)	nuget	pin	8.0.1 → [8.0.1]
Microsoft.Extensions.DependencyInjection.Abstractions (source)	nuget	pin	8.0.2 → [8.0.2]
Microsoft.Extensions.Diagnostics.Testing (source)	nuget	pin	9.3.0 → [9.3.0]
Microsoft.Extensions.Identity.Stores (source)	nuget	pin	8.0.10 → [8.0.10]
Microsoft.Extensions.Logging (source)	nuget	pin	8.0.1 → [8.0.1]
Microsoft.Extensions.Logging.Console (source)	nuget	pin	8.0.1 → [8.0.1]
Microsoft.Extensions.TimeProvider.Testing (source)	nuget	pin	8.10.0 → [8.10.0]
Microsoft.NET.Test.Sdk	nuget	pin	17.11.0 → [17.11.0]
Neovolve.Logging.Xunit	nuget	pin	6.3.0 → [6.3.0]
Newtonsoft.Json (source)	nuget	pin	13.0.3 → [13.0.3]
OneOf	nuget	pin	3.0.271 → [3.0.271]
Otp.NET	nuget	pin	1.4.0 → [1.4.0]
Quartz (source)	nuget	pin	3.15.1 → [3.15.1]
Quartz.Extensions.DependencyInjection (source)	nuget	pin	3.15.1 → [3.15.1]
Quartz.Extensions.Hosting (source)	nuget	pin	3.15.1 → [3.15.1]
RabbitMQ.Client (source)	nuget	pin	7.1.2 → [7.1.2]
RichardSzalay.MockHttp	nuget	pin	7.0.0 → [7.0.0]
Rnwood.SmtpServer (source)	nuget	pin	3.1.0-ci0868 → [3.1.0-ci0868]
SendGrid (source)	nuget	pin	9.29.3 → [9.29.3]
Serilog.Extensions.Logging.File	nuget	pin	3.0.0 → [3.0.0]
Stripe.net	nuget	pin	48.5.0 → [48.5.0]
Sustainsys.Saml2.AspNetCore2	nuget	pin	2.11.0 → [2.11.0]
Swashbuckle.AspNetCore	nuget	pin	9.0.4 → [9.0.4]
Swashbuckle.AspNetCore.SwaggerGen	nuget	pin	9.0.4 → [9.0.4]
System.Text.Json (source)	nuget	pin	8.0.5 → [8.0.5]
YamlDotNet (source)	nuget	pin	11.2.1 → [11.2.1]
YubicoDotNetClient	nuget	pin	1.2.0 → [1.2.0]
ZiggyCreatures.FusionCache	nuget	pin	2.0.2 → [2.0.2]
ZiggyCreatures.FusionCache.Backplane.StackExchangeRedis	nuget	pin	2.0.2 → [2.0.2]
ZiggyCreatures.FusionCache.Serialization.SystemTextJson	nuget	pin	2.0.2 → [2.0.2]
base64	dependencies	pin	0.22.1 → =0.22.1
coverlet.collector	nuget	pin	6.0.4 → [6.0.4]
dbup-sqlserver (source)	nuget	pin	6.0.0 → [6.0.0]
linq2db (source)	nuget	pin	5.4.1 → [5.4.1]
xunit	nuget	pin	2.9.3 → [2.9.3]
xunit.runner.visualstudio	nuget	pin	3.1.4 → [3.1.4]
xunit.runner.visualstudio	nuget	pin	3.1.2 → [3.1.2]
xunit.runner.visualstudio	nuget	pin	3.1.5 → [3.1.5]
xunit.v3	nuget	pin	3.0.1 → [3.0.1]

Add the preset :preserveSemverRanges to your config if you don't want to pin your dependencies.

---

Configuration

📅 Schedule: Branch creation - "every 2nd week starting on the 2 week of the year before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[bitwarden-bot]

Internal tracking:

• ID: PM-24840
• Link: https://bitwarden.atlassian.net/browse/PM-24840

[Patrick-Pimentel-Bitwarden]

👍 Auth changes look good.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (main@d9e849a). Learn more about missing BASE report.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #6204   +/-   ##
=======================================
  Coverage        ?   13.31%           
=======================================
  Files           ?     1193           
  Lines           ?    51856           
  Branches        ?     4041           
=======================================
  Hits            ?     6905           
  Misses          ?    44820           
  Partials        ?      131           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[justindbaur]

I decided to delete some packages that we already get through the ASP.NET Core reference and decided to explicitly reference it. This fixed the Microsoft.Extensions.Configuration.UserSecrets downgrade. The System.Text.Json downgrade is fixed by just removing our manual reference of it. I wanted to make sure that all projects were getting a non-vulnerable version of STJ though. The below command will show that all projects except Billing.Test reference 8.0.5 and Billing.Test references 9.0.0 because one of their dependencies brings it in. Neither version are vulnerable.

dotnet list package --include-transitive --format json \
  | jq '.projects | .[] | { path: .path, version: .frameworks.[0].transitivePackages | .[]? | select(.id=="System.Text.Json") | .resolvedVersion }'