Microsoft.Azure.DocumentDB 2.15 depends on a version of System.Net.Http.WinHttpHandler with vulnerabilities

[mattgotteiner]

Describe the bug
From Microsoft.Azure.DocumentDB nuspec:

      <group targetFramework=".NETFramework4.6.1">
        <dependency id="Newtonsoft.Json" version="6.0.8" />
        <dependency id="System.Net.Http.WinHttpHandler" version="4.5.0" />
        <dependency id="System.Net.Http" version="4.3.4" />
        <dependency id="System.Threading.Tasks.Extensions" version="4.5.2" />
      </group>

4.5.0 has a security issue
https://www.nuget.org/packages/System.Net.Http.WinHttpHandler/4.5.0
Advisory Details: GHSA-6xh7-4v2w-36q6

To Reproduce
SDK will pull in 4.5.0 version of System.Net.Http.WinHttpHandler through its dependencies when referencing it in a project

Expected behavior
SDK should pull in a version of this dependency that does not have a vulnerability (e.g.https://www.nuget.org/packages/System.Net.Http.WinHttpHandler/4.5.4)

Actual behavior
SDK pulls in 4.5.0 of System.Net.Http.WinHttpHandler which has a vulnerability

Environment summary

SDK Version:
OS Version (e.g. Windows, Linux, MacOSX):
Windows

Additional context

[j82w]

There is currently working being done to release a 2.16 with the dependency version bumped. It should be released in the next few weeks. As a workaround you should be able to target 4.5.4 version, and use assembly redirects.