System.Data.SqlClient - use version recommended by the SQL team, I co…

…uldn't find v5, not sure if it exists, we are not referencing this package right ow, so this is not a problem.

Nuget.Packaging - use version that does not pull in vulnerable System.Formats.Asn1 (v8.0,0)
Change in the VB test project - this assembly is not references directly, transitive versions can be resolved from the central packaging

Directory.Packages.props

@@ -14,7 +14,7 @@
     <PackageVersion Include="System.Collections.Concurrent" Version="4.3.0" />
     <PackageVersion Include="System.ComponentModel.TypeConverter.TestData" Version="$(SystemComponentModelTypeConverterTestDataVersion)" />
     <PackageVersion Include="System.Configuration.ConfigurationManager" Version="$(SystemConfigurationConfigurationManagerPackageVersion)" />
-    <PackageVersion Include="System.Data.SqlClient" Version="5.0.0-alpha.1.19618.1" />
+    <PackageVersion Include="System.Data.SqlClient" Version="4.9.0" />
     <PackageVersion Include="System.Drawing.Common.TestData" Version="$(SystemDrawingCommonTestDataVersion)" />
     <PackageVersion Include="System.Formats.Asn1" Version="$(SystemFormatsAsn1PackageVersion)" />
     <PackageVersion Include="System.Formats.Nrbf" Version="$(SystemFormatsNrbfPackageVersion)" />

eng/Version.Details.xml

@@ -1,9 +1,9 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!-- 
-Dependencies registered here by Name and Uri will be updated by Maestro via darc update-dependencies 
-  They will be updated either in eng/Versions.props (most) or in global.json (for example: Microsoft.DotNet.Arcade.Sdk) 
-Note: if the Uri is a new place, you will need to add a subscription from that place to us in the appropriate channel 
-  And you can check these with "darc get-dependencies <dash dash>target-repo "winforms" 
+Dependencies registered here by Name and Uri will be updated by Maestro via darc update-dependencies
+  They will be updated either in eng/Versions.props (most) or in global.json (for example: Microsoft.DotNet.Arcade.Sdk)
+Note: if the Uri is a new place, you will need to add a subscription from that place to us in the appropriate channel
+  And you can check these with "darc get-dependencies <dash dash>target-repo "winforms"
 -->
 <Dependencies>
   <ProductDependencies>

eng/Versions.props

@@ -103,7 +103,7 @@
     <MicrosoftCodeAnalysisPublicApiAnalyzersVersion>$(MicrosoftCodeAnalysisAnalyzersVersion)</MicrosoftCodeAnalysisPublicApiAnalyzersVersion>
     <MicrosoftCodeAnalysisNetAnalyzersVersion>10.0.0-preview.24559.1</MicrosoftCodeAnalysisNetAnalyzersVersion>
     <StyleCopAnalyzersVersion>1.2.0-beta.556</StyleCopAnalyzersVersion>
-    <NugetPackagingVersion>6.11.0</NugetPackagingVersion>
+    <NugetPackagingVersion>6.12.1</NugetPackagingVersion>
   </PropertyGroup>
   <!-- Additional unchanging dependencies -->
   <PropertyGroup>

pkg/Microsoft.Private.Winforms/sdk/dotnet-windowsdesktop/System.Windows.Forms.FileClassification.props

@@ -19,7 +19,7 @@
     <FrameworkListFileClass Include="System.Windows.Forms.dll" Profile="WindowsForms" />
     <FrameworkListFileClass Include="System.Windows.Forms.Primitives.dll" Profile="WindowsForms" />
   </ItemGroup>
-        
+
   <!-- File classifications that should only be included for the ref pack. -->
   <ItemGroup Condition="'$(PackageTargetRuntime)' == ''">
     <FrameworkListFileClass Include="System.Windows.Forms.Analyzers.CodeFixes.CSharp.dll" Profile="WindowsForms" />

src/System.Windows.Forms.Analyzers.VisualBasic/tests/UnitTests/System.Windows.Forms.Analyzers.VisualBasic.Tests/System.Windows.Forms.Analyzers.VisualBasic.Tests.vbproj

@@ -24,7 +24,6 @@
     <PackageReference Include="Microsoft.CodeAnalysis.VisualBasic.SourceGenerators.Testing.XUnit" />
     <PackageReference Include="Verify.Xunit" />
     <PackageReference Include="NuGet.Packaging" />
-    <PackageReference Include="System.Formats.Asn1" />
   </ItemGroup>
 
   <ItemGroup>