Bump third-party dependencies

Packages.props

@@ -5,19 +5,19 @@
     <PackageReference Update="EntityFramework" Version="6.4.4" />
     <PackageReference Update="MartinCostello.Logging.XUnit" Version="0.1.0" />
     <PackageReference Update="Microsoft.Bcl.HashCode" Version="1.1.0" />
-    <PackageReference Update="Microsoft.CodeAnalysis.FxCopAnalyzers" Version="3.3.0" />
+    <PackageReference Update="Microsoft.CodeAnalysis.FxCopAnalyzers" Version="3.3.1" />
     <PackageReference Update="Microsoft.IdentityModel.JsonWebTokens" Version="6.8.0" />
     <PackageReference Update="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="6.8.0" />
     <PackageReference Update="Microsoft.NETFramework.ReferenceAssemblies" Version="1.0.0" />
     <PackageReference Update="Microsoft.Owin.Security" Version="4.1.1" />
     <PackageReference Update="Microsoft.Owin.Testing" Version="4.1.1" />
-    <PackageReference Update="MongoDB.Bson" Version="2.11.2" />
-    <PackageReference Update="MongoDB.Driver" Version="2.11.2" />
-    <PackageReference Update="Moq" Version="4.14.7" />
-    <PackageReference Update="Portable.BouncyCastle" Version="1.8.6.7" />
-    <PackageReference Update="Quartz.Extensions.DependencyInjection" Version="3.2.2" />
-    <PackageReference Update="Quartz.Extensions.Hosting" Version="3.2.2" />
-    <PackageReference Update="System.Linq.Async" Version="4.1.1" />
+    <PackageReference Update="MongoDB.Bson" Version="2.11.4" />
+    <PackageReference Update="MongoDB.Driver" Version="2.11.4" />
+    <PackageReference Update="Moq" Version="4.15.1" />
+    <PackageReference Update="Portable.BouncyCastle" Version="1.8.8" />
+    <PackageReference Update="Quartz.Extensions.DependencyInjection" Version="3.2.3" />
+    <PackageReference Update="Quartz.Extensions.Hosting" Version="3.2.3" />
+    <PackageReference Update="System.Linq.Async" Version="5.0.0" />
     <PackageReference Update="TunnelVisionLabs.ReferenceAssemblyAnnotator" Version="1.0.0-alpha.160" />
   </ItemGroup>
 

src/OpenIddict.Server/OpenIddictServerHandlers.Discovery.cs

@@ -393,14 +393,14 @@ namespace OpenIddict.Server
 
                         // Ensure the issuer ends with a trailing slash, as it is necessary
                         // for Uri's constructor to correctly compute correct absolute URLs.
-                        if (!issuer.OriginalString.EndsWith("/"))
+                        if (!issuer.OriginalString.EndsWith("/", StringComparison.Ordinal))
                         {
                             issuer = new Uri(issuer.OriginalString + "/", UriKind.Absolute);
                         }
 
                         // Ensure the endpoint does not start with a leading slash, as it is necessary
                         // for Uri's constructor to correctly compute correct absolute URLs.
-                        if (endpoint.OriginalString.StartsWith("/"))
+                        if (endpoint.OriginalString.StartsWith("/", StringComparison.Ordinal))
                         {
                             endpoint = new Uri(endpoint.OriginalString.Substring(1, endpoint.OriginalString.Length - 1), UriKind.Relative);
                         }

src/OpenIddict.Server/OpenIddictServerHandlers.cs

@@ -1459,7 +1459,7 @@ namespace OpenIddict.Server
 
                 // Restore the internal claims resolved from the authorization code/refresh token.
                 foreach (var claims in notification.Principal.Claims
-                    .Where(claim => claim.Type.StartsWith(Claims.Prefixes.Private))
+                    .Where(claim => claim.Type.StartsWith(Claims.Prefixes.Private, StringComparison.OrdinalIgnoreCase))
                     .GroupBy(claim => claim.Type))
                 {
                     // If the specified principal already contains one claim of the iterated type, ignore them.
@@ -4258,14 +4258,14 @@ namespace OpenIddict.Server
 
                     // Ensure the issuer ends with a trailing slash, as it is necessary
                     // for Uri's constructor to correctly compute correct absolute URLs.
-                    if (!issuer.OriginalString.EndsWith("/"))
+                    if (!issuer.OriginalString.EndsWith("/", StringComparison.Ordinal))
                     {
                         issuer = new Uri(issuer.OriginalString + "/", UriKind.Absolute);
                     }
 
                     // Ensure the endpoint does not start with a leading slash, as it is necessary
                     // for Uri's constructor to correctly compute correct absolute URLs.
-                    if (endpoint.OriginalString.StartsWith("/"))
+                    if (endpoint.OriginalString.StartsWith("/", StringComparison.Ordinal))
                     {
                         endpoint = new Uri(endpoint.OriginalString.Substring(1, endpoint.OriginalString.Length - 1), UriKind.Relative);
                     }

src/OpenIddict.Validation/OpenIddictValidationConfiguration.cs

@@ -123,12 +123,12 @@ namespace OpenIddict.Validation
                             throw new InvalidOperationException(SR.GetResourceString(SR.ID0137));
                         }
 
-                        if (!issuer.OriginalString.EndsWith("/"))
+                        if (!issuer.OriginalString.EndsWith("/", StringComparison.Ordinal))
                         {
                             issuer = new Uri(issuer.OriginalString + "/", UriKind.Absolute);
                         }
 
-                        if (options.MetadataAddress.OriginalString.StartsWith("/"))
+                        if (options.MetadataAddress.OriginalString.StartsWith("/", StringComparison.Ordinal))
                         {
                             options.MetadataAddress = new Uri(options.MetadataAddress.OriginalString.Substring(
                                 1, options.MetadataAddress.OriginalString.Length - 1), UriKind.Relative);