chore: bump regular System.Text.RegularExpressions due to a known CVE in earlier versions

[aygalinc]

Proposed Changes

Add explicit dependencies due to cve on System.Text.RegularExpressions

Types of Changes

What types of changes does your code introduce to this project?
Put an x in the boxes that apply

• Bug fix (non-breaking change which fixes issue #NNNN)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause an observable behavior change in existing systems)
• Documentation improvements (corrections, new content, etc)
• Cosmetic change (whitespace, formatting, etc)

[michaelklishin]

@aygalinc it now complains about a CVE in System.Text.Json GHSA-8g4q-xg66-9fp4. Feel free to bump that library, too, since it is the same fundamental problem that now breaks builds on Windows.

[aygalinc]

@michaelklishin Weird that the build fail by resolving a system text json lib in version 6 => if you have drop net6 in favor of net8 what can cause this ?
I work on macos so i cannot reproduce on my local env

[michaelklishin]

@aygalinc I am not sure what in the Windows environment might have caused this. Possibly dependency lock file caching of sorts? We'll have to wait until @lukebakken comes back next week.

[Tornhoof]

The package should only be relevant for .NET 4.7.2 targets, not the new one (similar to S.T.J).
See https://devblogs.microsoft.com/nuget/nugetaudit-2-0-elevating-security-and-trust-in-package-management/#system.net.http-and-system.text.regularexpressions

[lukebakken]

@michaelklishin 53d484f bumps the version we use to identify cached NuGet deps and thus invalidates the cache. I bet that's the issue. I'll know soon!

[lukebakken]

Test failures are not related to these changes. Thanks!