[INTERNAL] Samples: Fixes upgrades to latest versions (vulnerabilities) and also warnings

[kirankumarkolli]

[INTERNAL] Samples: Fixes upgrades to latest versions (vulnerabilities) and also warnings

For Cosmos pinned to latest versions

    <PackageReference Include="Microsoft.Azure.Cosmos" Version="3.43.0" />

Newtonsoft.Json and System.Text.Json: updated to patched versions

    <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
    <PackageReference Include="System.Text.Json" Version="8.0.4" />

Microsoft.NET.Sdk.Functions: Upgraded to latest

    <PackageReference Include="Microsoft.NET.Sdk.Functions" Version="4.4.1" />

Removed transitive dependencies: Configuration and Configuration.FileExtensions

    <PackageReference Include="Microsoft.Extensions.Configuration" Version="2.2.0" />
    <PackageReference Include="Microsoft.Extensions.Configuration.FileExtensions" Version="2.2.0" />

ChangeFeed project: Its a migration project which has V2 CFP project reference which has vulnerabile dependencies, which are now pinned explicitly to patched version

    <PackageReference Include="System.Net.Http" Version="4.3.4" />
    <PackageReference Include="System.Net.Security" Version="4.3.2" />

Ref: #4674

[Pilchie]

I'm not sure if we want to use * versions. If we expect customers to copy these samples, they may not update them, and then they are exposed to the risks of breaking changes, and the fact that their builds aren't deterministic for these packages.

It might be better to just update them to the latest now, and have a process to check for updates regularly? Ideally if these are building as part of CI, component governance would tell us about packages with vulnerabilities and we could update that way?

[Pilchie]

Blocking only on the BOM changes. Other than that, just curious, and a note that we should eventually update to .NET 8.0 as well.

[Pilchie]

Looks great - thanks!