Update vulnerable dependency

[johnkors]

Hi, re: https://github.com/dotnet/corefx/issues/19535

I scanned Nlog.Web.AspNetCore using dotnet retire and found use of a vulnerable dependency. This PR bumps the package that brings this dependency in.

Dependency chain resulting in use of vulnerable dependency System.Text.Encodings.Web/4.0.0 :

Microsoft.AspNetCore.Routing.Abstractions/1.0.3
=>
Microsoft.AspNetCore.Http.Abstractions/1.0.2
=>
System.Text.Encodings.Web/4.0.0

[codecov]

Codecov Report

Merging #150 into master will not change coverage.
The diff coverage is n/a.

@@          Coverage Diff           @@
##           master    #150   +/-   ##
======================================
  Coverage    57.7%   57.7%           
======================================
  Files          29      29           
  Lines         383     383           
  Branches       92      92           
======================================
  Hits          221     221           
  Misses        125     125           
  Partials       37      37

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7f93f9f...f7f3779. Read the comment docs.

[304NotModified]

ah cool thanks!

Could you also analyse NLog.extensions.Logging and NLog? Or isn't that needed?

[johnkors]

NLog.Web.AspNetCore references these other two projects, so AFAIK - any dependency they bring in would also be present for analysis (it checks the /obj/project.assets.json file of .NET Core projects). So I think they're already checked :)

[304NotModified]

oops,we broke the build but AppVeyor showing green.