Add a direct reference to System.Configuration.ConfigurationManager v…

[Numpsy]

…6.0.0 to Fake.DotNet.MSBuild

refs #2871

This attempts to remove a transient reference to old versions of System.Drawing.Common with known CVEs by directly referencing a newer version of ConfigurationManager

fake-cli is already using v6 (it's included in the fake-cli tool nuget package) which hopefully means it's already had some testing with that version

[Numpsy]

This shouldn't be need after the .NET 8 update as all the transient dependencies are using newer versions anyway, so it's a question of if it's useful for a 6.1.5 before that.

[github-actions]

Test Results

   12 files  ±0     12 suites  ±0   25m 48s ⏱️ - 8m 14s
  451 tests ±0    450 ✅ ±0  1 💤 ±0  0 ❌ ±0 
1 287 runs  ±0  1 284 ✅ ±0  3 💤 ±0  0 ❌ ±0 

Results for commit 1c78682. ± Comparison against base commit e7d3021.

♻️ This comment has been updated with latest results.

[Copilot]

Pull request overview

This PR aims to mitigate a transitive dependency chain that pulls in older, vulnerable .NET assemblies by making Fake.DotNet.MSBuild explicitly reference System.Configuration.ConfigurationManager (intended to align with the v6.x already used elsewhere, per the PR description).

Changes:

• Added System.Configuration.ConfigurationManager to Fake.DotNet.MSBuild’s paket.references.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[xperiandri]

I would prefer some order like System, FSharp, Microsoft, Other

Suggested change

	System.Configuration.ConfigurationManager
	System.Configuration.ConfigurationManager
	FSharp.Core
	NETStandard.Library
	MSBuild.StructuredLogger
	BlackFox.VsWhere

[Numpsy]

Anyway, this won't be needed if #2852 is finished, so do we want it, or not?