Skip to content

Bump the dotnet-dependencies group with 14 updates#192

Merged
Chris-Wolfgang merged 5 commits into
mainfrom
dependabot/nuget/benchmarks/Wolfgang.AuditTrail.EntityFrameworkCore.Benchmarks/dotnet-dependencies-809765b443
Jul 5, 2026
Merged

Bump the dotnet-dependencies group with 14 updates#192
Chris-Wolfgang merged 5 commits into
mainfrom
dependabot/nuget/benchmarks/Wolfgang.AuditTrail.EntityFrameworkCore.Benchmarks/dotnet-dependencies-809765b443

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 4, 2026

Copy link
Copy Markdown
Contributor

Updated Meziantou.Analyzer from 3.0.117 to 3.0.119.

Release notes

Sourced from Meziantou.Analyzer's releases.

3.0.119

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/3.0.119

What's Changed

Full Changelog: meziantou/Meziantou.Analyzer@3.0.118...3.0.119

3.0.118

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/3.0.118

What's Changed

Full Changelog: meziantou/Meziantou.Analyzer@3.0.117...3.0.118

Commits viewable in compare view.

Updated Microsoft.CodeAnalysis.BannedApiAnalyzers from 4.14.0 to 5.6.0.

Release notes

Sourced from Microsoft.CodeAnalysis.BannedApiAnalyzers's releases.

5.0.4

Release

5.0.2

Release Notes
Install Instructions

Repos

5.0.1

Release Notes
Install Instructions

Repo

Commits viewable in compare view.

Updated Microsoft.CodeAnalysis.PublicApiAnalyzers from 3.3.4 to 5.6.0.

Release notes

Sourced from Microsoft.CodeAnalysis.PublicApiAnalyzers's releases.

5.0.4

Release

5.0.2

Release Notes
Install Instructions

Repos

5.0.1

Release Notes
Install Instructions

Repo

4.2.0-4.22266.5

Release

4.2.0-3.22151.16

Release

4.2.0-1.22108.11

Release

4.0.0-2.21354.7

Release

4.0.0-2.21254.26

Release

4.0.0-1.21277.15

Release

3.10.0-3.21201.20

Release

3.10.0-2.21153.36

Release

3.10.0-1.21102.26

Release

3.7.0-3.20312.3

Release Notes
Install Instructions

Repos

3.7.0-3.20269.11

Release Notes
Install Instructions

Repos

3.7.0-2.20277.1

Release Notes
Install Instructions

Repos

3.6.0

Release Notes
Install Instructions

Commits viewable in compare view.

Updated Microsoft.Data.SqlClient from 6.1.1 to 7.0.2.

Release notes

Sourced from Microsoft.Data.SqlClient's releases.

7.0.2

This update brings the following changes since the 7.0.1 release:

Important — package version alignment: Starting with 7.0.2, the Microsoft.Data.SqlClient driver and its companion packages share a single aligned version. The following packages now ship together as 7.0.2:

  • Microsoft.Data.SqlClient
  • Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider
  • Microsoft.Data.SqlClient.Extensions.Azure
  • Microsoft.Data.SqlClient.Extensions.Abstractions
  • Microsoft.Data.SqlClient.Internal.Logging

(Microsoft.SqlServer.Server continues to version independently and remains at 1.0.0.)

Applications must reference the same versions of Microsoft.Data.SqlClient and its extensions for best compatibility. In particular, applications that reference Microsoft.Data.SqlClient.Extensions.Azure must upgrade it to 7.0.2 when upgrading Microsoft.Data.SqlClient to 7.0.2.

Breaking change (.NET Framework only): As part of this alignment, the AssemblyVersion of Microsoft.Data.SqlClient.Extensions.Azure, Microsoft.Data.SqlClient.Extensions.Abstractions, and Microsoft.Data.SqlClient.Internal.Logging changed from 1.0.0.0 to 7.0.0.0 (the Microsoft.Data.SqlClient and Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider assembly versions are unchanged). On .NET Framework, AssemblyVersion is part of the strong-name identity, so applications that drop these assemblies into an existing deployment without rebuilding must rebuild against the 7.0.2 packages (or add binding redirects). Applications on .NET / .NET Core are not affected.

Companion package release notes

The following companion packages ship aligned as 7.0.2. See their individual release notes for package-specific changes (including the Microsoft.Data.SqlClient.Extensions.Azure WAM broker support):

Fixed

  • Fixed a NullReferenceException in SqlCommand.Cancel(). The diagnostic message built during cancellation dereferenced the active connection directly; it now uses a null-conditional access so cancellation no longer throws when the connection has already been torn down.
    (#​4372,#​4373)

  • Fixed a NullReferenceException in SqlDataReader when calling GetBytes/GetChars with a null destination buffer. The argument-validation path that constructs the InvalidDestinationBufferIndex exception now guards against the null buffer so the correct ArgumentException is surfaced instead of an NRE.
    (#​4159,#​4206)

  • Fixed Always Encrypted column master key signature verification incorrectly reusing cached results. The SignatureVerificationCache lookup logic was corrected so signature verification outcomes are cached and retrieved against the correct key, preventing stale or mismatched verification results.
    (#​4339,#​4343)

Changed

Hardened TDS token parsing with data-length bounds checks

What Changed:

  • Added bounds checking when parsing TDS token and feature-extension-acknowledgment data lengths. The parser now validates the declared length of incoming token data against the available buffer before reading, rejecting malformed or out-of-range length values instead of reading past the intended boundary.
    (#​4340,#​4358)

Who Benefits:

  • All consumers benefit from improved resilience against malformed or hostile TDS responses. A server (or man-in-the-middle) sending an invalid token length can no longer drive the parser to read beyond the declared payload.

Impact:
... (truncated)

7.0.1

This update brings the following changes since the 7.0.0 release:

Fixed

  • Fixed SqlBulkCopy failing on SQL Server 2016 with Invalid column name 'graph_type' error. The column metadata query now uses dynamic SQL so that references to the graph_type column (introduced in SQL Server 2017) are not compiled on older versions that lack the column. (#​3714, #​4092, #​4147)

  • Fixed SqlBulkCopy failing on Azure Synapse Analytics dedicated SQL pools. The column-list query previously used a variable-assignment pattern that Synapse does not support; it now uses STRING_AGG when targeting Synapse (engine edition 6) and falls back to the variable-assignment approach for SQL Server 2016 compatibility. (#​4149, #​4176, #​4182)

  • Fixed SqlDataReader.GetFieldType() and GetProviderSpecificFieldType() returning typeof(byte[]) instead of typeof(SqlVector<float>) for vector float32 columns. The methods now follow the same type-determination logic as GetValue(). (#​4104, #​4105, #​4152)

  • Added missing System.Data.Common (v4.3.0) NuGet package dependency for .NET Framework consumers. The inbox System.Data.Common assembly on .NET Framework predates APIs such as IDbColumnSchemaGenerator; without the explicit NuGet dependency, consumers encountered CS0012 compilation errors when using these types through Microsoft.Data.SqlClient. (#​4063, #​4074)

Changed

  • Enabled the User Agent TDS feature extension unconditionally. The Switch.Microsoft.Data.SqlClient.EnableUserAgent AppContext switch has been removed; the driver now always sends User Agent information during login. (#​4124, #​4154)

  • Added type forwards from the core Microsoft.Data.SqlClient assembly to public types that were moved to the Microsoft.Data.SqlClient.Extensions.Abstractions package: SqlAuthenticationMethod, SqlAuthenticationParameters, SqlAuthenticationProvider, SqlAuthenticationProviderException, and SqlAuthenticationToken. This ensures binary compatibility for assemblies compiled against earlier versions of Microsoft.Data.SqlClient where these types lived in the core assembly. (#​4067, #​4117)

  • Fixed API documentation include paths and duplicate doc snippets. (#​4084, #​4086, #​4107, #​4161)

Contributors

We thank the following public contributors. Their efforts toward this project are very much appreciated.

Target Platform Support

  • .NET Framework 4.6.2+ (Windows x86, Windows x64, Windows ARM64)
  • .NET 8.0+ (Windows x86, Windows x64, Windows ARM, Windows ARM64, Linux, macOS)

Dependencies

.NET 9.0

  • Microsoft.Bcl.Cryptography 9.0.13
  • Microsoft.Data.SqlClient.Extensions.Abstractions 1.0.0
  • Microsoft.Data.SqlClient.Internal.Logging 1.0.0
  • Microsoft.Data.SqlClient.SNI.runtime 6.0.2
  • Microsoft.Extensions.Caching.Memory 9.0.13
  • Microsoft.IdentityModel.JsonWebTokens 8.16.0
  • Microsoft.IdentityModel.Protocols.OpenIdConnect 8.16.0
  • Microsoft.SqlServer.Server 1.0.0
  • System.Configuration.ConfigurationManager 9.0.13
  • System.Security.Cryptography.Pkcs 9.0.13

.NET 8.0

  • Microsoft.Bcl.Cryptography 8.0.0
  • Microsoft.Data.SqlClient.Extensions.Abstractions 1.0.0
    ... (truncated)

7.0.0

This is the general availability release of Microsoft.Data.SqlClient 7.0, a major milestone for the .NET data provider for SQL Server. This release addresses the most upvoted issue in the repository's history — extracting Azure dependencies from the core package — introduces pluggable SSPI authentication, adds enhanced routing for Azure SQL Hyperscale, and delivers async read performance improvements.

Also released as part of this milestone:

  • Released Microsoft.Data.SqlClient.Extensions.Abstractions 1.0.0. See release notes.
  • Released Microsoft.Data.SqlClient.Extensions.Azure 1.0.0. See release notes.
  • Released Microsoft.Data.SqlClient.Internal.Logging 1.0.0. See release notes.
  • Released Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider 7.0.0. See release notes.

Changes Since 7.0.0-preview4

Added

  • Added actionable error message when Entra ID authentication methods are used without the Microsoft.Data.SqlClient.Extensions.Azure package installed, guiding users to install the correct package. (#​3962, #​4046)
  • Added Azure authentication sample application. (#​3988)

Changed

Other changes

  • Renamed the Microsoft.Data.SqlClient.Extensions.Logging package to Microsoft.Data.SqlClient.Internal.Logging to indicate it is for internal use only and should not be referenced directly by application code. (#​4038)
  • Fixed non-localized exception strings. (#​4022)
  • Codebase merge and cleanup: (#​3997, #​4052)
  • Various test improvements: (#​3891, #​3996, #​4002, #​4034, #​4041, #​4044)
  • Documentation improvements (including Entra ID branding updates): (#​4021, #​4047, #​4049)
  • Updated Dependencies (#​4045):
    • Updated Azure.Core to v1.51.1
    • Updated Azure.Identity to v1.18.0
    • Updated Azure.Security.KeyVault.Keys to v4.9.0
    • Updated Microsoft.Extensions.Caching.Memory to v9.0.13 (.NET 9.0)
    • Updated Microsoft.IdentityModel.JsonWebTokens to v8.16.0
    • Updated Microsoft.IdentityModel.Protocols.OpenIdConnect to v8.16.0
    • Updated Microsoft.Bcl.Cryptography to v9.0.13 (.NET 9.0)
    • Updated System.Configuration.ConfigurationManager to v9.0.13 (.NET 9.0)
    • Updated System.Diagnostics.DiagnosticSource to v10.0.3
    • Updated System.Security.Cryptography.Pkcs to v9.0.13 (.NET 9.0)
    • Updated System.Text.Json to v10.0.3
    • Updated System.Threading.Channels to v10.0.3
    • Updated System.ValueTuple to v4.6.2

Cumulative Changes Since 6.1

This section summarizes all changes across the 7.0 preview cycle for users upgrading from the latest 6.1 stable release.

Changed

Azure Dependencies Removed from Core Package

What Changed:

  • The core Microsoft.Data.SqlClient package no longer depends on Azure.Core, Azure.Identity, or their transitive dependencies (e.g., Microsoft.Identity.Client, Microsoft.Web.WebView2). Azure Active Directory / Entra ID authentication functionality (ActiveDirectoryAuthenticationProvider and related types) has been extracted into a new Microsoft.Data.SqlClient.Extensions.Azure package. (#​1108, #​3680, #​3902, #​3904, #​3908, #​3917, #​3982, #​3978, #​3986)
    ... (truncated)

7.0.0-preview4

Changed

Azure Dependencies Removed from Core Package

What Changed:

  • The core Microsoft.Data.SqlClient package no longer depends on Azure.Core, Azure.Identity, or their transitive dependencies (e.g., Microsoft.Identity.Client, Microsoft.Web.WebView2). Azure Active Directory / Entra authentication functionality (ActiveDirectoryAuthenticationProvider and related types) has been extracted into a new Microsoft.Data.SqlClient.Extensions.Azure package that can be installed separately when needed. (#​1108, #​3680, #​3902, #​3904, #​3908, #​3917, #​3982, #​3978, #​3986)
  • To support this separation, two additional packages were introduced: Microsoft.Data.SqlClient.Extensions.Abstractions (shared types between the core driver and extensions) and Microsoft.Data.SqlClient.Extensions.Logging (shared ETW tracing infrastructure). (#​3626, #​3628, #​3967)

Who Benefits:

  • All users benefit from a significantly lighter core package. Previously, the Azure dependency chain pulled in numerous assemblies (including Azure.Core, Azure.Identity, Microsoft.Identity.Client, and Microsoft.Web.WebView2) even for applications that only needed basic SQL Server connectivity. This was the most upvoted open issue in the repository (#​1108).
  • Users who do not use Azure AD authentication no longer carry Azure-related assemblies in their build output, reducing deployment size and eliminating confusion about unexpected dependencies.
  • Users who do use Azure AD authentication can now manage Azure dependency versions independently from the core driver.

Impact:

  • Applications using Azure AD authentication (e.g., ActiveDirectoryPassword, ActiveDirectoryInteractive, ActiveDirectoryDefault, etc.) must now install the Microsoft.Data.SqlClient.Extensions.Azure NuGet package separately. No code changes are required beyond adding the package reference.

Added

Expose SSPI Context Provider as Public API

What Changed:

  • Added the SspiContextProvider abstract class and a public SspiContextProvider property on SqlConnection, allowing applications to supply a custom SSPI context provider for integrated authentication. This enables custom Kerberos ticket negotiation and NTLM username/password authentication scenarios that the driver does not natively support. (#​2253, #​2494)

Who Benefits:

  • Users authenticating across untrusted domains, non-domain-joined machines, or cross-platform environments where configuring integrated authentication on the client is difficult or impossible.
  • Users running in containers who need manual Kerberos negotiation without deploying sidecars or external ticket-refresh mechanisms.
  • Users who need NTLM username/password authentication to SQL Server, which the driver does not provide natively.

Impact:

  • Applications can set a custom SspiContextProvider on SqlConnection before opening the connection. The provider handles the authentication token exchange during integrated authentication. This is an additive API — existing authentication behavior is unchanged when no custom provider is set. See SspiContextProvider_CustomProvider.cs for a sample implementation.
  • Note: The SspiContextProvider is a part of the connection pool key. Care should be taken when using this property to ensure the implementation returns a stable identity per resource.

Expose Default Transient Error List

What Changed:

  • Exposed the default transient error codes list via the new SqlConfigurableRetryFactory.BaselineTransientErrors static property (returns a ReadOnlyCollection<int>), making it easier to extend the set of transient errors without copy-pasting from the repository source. (#​3903)

Who Benefits:

  • Developers implementing custom retry logic who want to extend the built-in transient error list rather than replacing it.

Impact:

... (truncated)

7.0.0-preview3

Preview Release 7.0.0-preview3.25342.7 - December 8, 2025

Added

Support for .NET 10

What Changed:

  • Updated pipelines and test suites to compile the driver using the .NET 10 SDK. Cleaned up unnecessary dependency references.
    (#​3686)

Who Benefits:

  • Developers targeting .NET 10.

Impact:

  • Addressed .NET 10 warnings regarding unused/unnecessary dependencies.

Enable SqlClientDiagnosticListener in SqlCommand on .NET Framework

What Changed:

  • Enabled SqlClientDiagnosticListener functionality on SqlCommand for .NET Framework.
    (#​3658)

Who Benefits:

  • Developers requiring diagnostic information on .NET Framework.

Impact:

  • Improved observability and diagnostics for SqlCommand on .NET Framework.

Enable User Agent Extension

What Changed:

  • Enabled User Agent Feature Extension.
    (#​3606)

Who Benefits:

  • Telemetry and diagnostics consumers.

Impact:

  • When the Switch.Microsoft.Data.SqlClient.EnableUserAgent app context switch is enabled, the driver sends more detailed user agent strings. This switch is disabled by default. This change will assist with troubleshooting and quantifying driver usage by version and operating system.

Fixed

... (truncated)

7.0.0-preview2

This update brings the following changes since the 7.0.0-preview1 release:

Bug Fixes

  • Fixed a debug assertion in connection pool (no impact to production code) (#​3587)
  • Prevent uninitialized performance counters escaping CreatePerformanceCounters (#​3623)
  • Fix SetProvider to return immediately if user-defined authentication provider found (#​3620)
  • Allow SqlBulkCopy to operate on hidden columns (#​3590)
  • Fix connection pool concurrency issue (#​3632)

Added

App Context Switch for Ignoring Server-Provided Failover Partner

What Changed:

  • A new app context switch Switch.Microsoft.Data.SqlClient.IgnoreServerProvidedFailoverPartner was introduced to let the client ignore server-provided failover partner info in Basic Availability Groups (BAGs). When the switch is enabled, only the failover partner specified in the connection string is used; server-supplied partner values are skipped. This context switch was introduced in PR #​3625.

Who Benefits:

  • Applications connecting to SQL Server BAGs using TCP and custom ports, especially where the server's provided partner name lacks the protocol, host, or port. This avoids connection failures when the server-provided partner is incompatible or incomplete.
  • Teams who manage availability groups and rely on client-side control of failover behavior in heterogeneous networking environments.

Impact:

  • If your environment might be affected (i.e., you operate a BAG with custom ports, or have experienced failures after failover), you can enable the new switch in your application:
AppContext.SetSwitch("Switch.Microsoft.Data.SqlClient.IgnoreServerProvidedFailoverPartner", true);
  • Then, ensure your connection string includes your preferred failover partner (with correct tcp:host,port) so that the client uses that instead of the server's suggestion.
  • Without enabling this, by default, the client continues to prefer the server-provided partner, maintaining backwards compatibility.

Other Additions

  • Add app context switch for enabling asynchronous multi-packet improvements (#​3605)

Changed

Deprecation of SqlAuthenticationMethod.ActiveDirectoryPassword

What Changed:

  • Username/Password authentication for Microsoft Entra (formerly Active Directory) has been deprecated. SqlAuthenticationMethod.ActiveDirectoryPassword is now marked as [Obsolete]. This change occurred in PR #​3671

Who benefits:

... (truncated)

7.0.0-preview1

Changes Since 6.1.0

This update brings the following changes since the 6.1.0 release:

Breaking Changes

  • Removed Constrained Execution Region error handling blocks and associated SqlConnection cleanup which may affect how potentially-broken connections are expunged from the pool. (#​3535)

Bug Fixes

  • Packet multiplexing disabled by default, and several bug fixes. (#​3534, #​3537)

Added

  • SqlColumnEncryptionCertificateStoreProvider now works on Windows, Linux, and macOS. (#​3014)

Changed

Changes Since 6.0.2

This update brings the following changes since the 6.0.2 release. Changes already noted above are omitted:

Additions

Added dedicated SQL Server vector datatype support

What Changed:

  • Optimized vector communications between MDS and SQL Server 2025, employing a custom binary format over the TDS protocol. (#​3433, #​3443)
  • Reduced processing load compared to existing JSON-based vector support.
  • Initial support for 32-bit single-precision floating point vectors.

Who Benefits:

  • Applications moving large vector data sets will see beneficial improvements to processing times and memory requirements.
  • Vector-specific APIs are ready to support future numeric representations with a consistent look-and-feel.

Impact:
... (truncated)

6.1.6

This update brings the following changes since the 6.1.5 release:

Added

WAM broker support for the supported Entra ID authentication modes (Windows only)

What Changed:

  • Added support for the Web Account Manager (WAM) broker for the supported Microsoft Entra ID authentication modes. A new ActiveDirectoryAuthenticationProviderOptions options bag and a corresponding ActiveDirectoryAuthenticationProvider(ActiveDirectoryAuthenticationProviderOptions options) constructor were introduced, exposing a UseWamBroker property (alongside ApplicationClientId and DeviceCodeFlowCallback).
    (#​4288, #​4387)
  • Added a cross-platform SetParentActivityOrWindowFunc(Func<object> parentActivityOrWindowFunc) method so callers can supply a parent window handle on Windows or a parent Activity/UIViewController on Android/iOS/MAUI.

Who Benefits:

  • Applications using ActiveDirectoryInteractive and other supported Entra ID authentication modes on Windows benefit from the WAM broker's improved security (tokens are brokered by the OS), single sign-on with the logged-in Windows account, and support for Conditional Access and Windows Hello.

Impact:

  • When you supply your ApplicationClientId, WAM is opt-in via ActiveDirectoryAuthenticationProviderOptions.UseWamBroker. Consider enabling it when you want OS-brokered tokens, single sign-on with the signed-in Windows account, Windows Hello, and Conditional Access support.
  • UseWamBroker is a Windows-only setting and has no effect on non-Windows platforms, where interactive Entra ID flows always use the system browser.
  • Prefer the new options-bag constructor over the positional-argument overloads in new code.
var options = new ActiveDirectoryAuthenticationProviderOptions
{
    ApplicationClientId = "<your-app-client-id>",
    // Enable WAM (Windows only) for OS-brokered tokens, SSO, Windows Hello, and Conditional Access.
    UseWamBroker = true,
};
var provider = new ActiveDirectoryAuthenticationProvider(options);
// Supply the parent window/activity that owns the interactive sign-in prompt.
provider.SetParentActivityOrWindowFunc(() => parentWindowHandle);
SqlAuthenticationProvider.SetProvider(SqlAuthenticationMethod.ActiveDirectoryInteractive, provider);

Changed

Hardened TDS token parsing with data-length bounds checks

What Changed:

  • Added bounds checking when parsing TDS token data lengths. The parser now validates the declared length of incoming token data against the available buffer before reading, rejecting malformed or out-of-range length values instead of reading past the intended boundary.
    (#​4340, #​4359)

Who Benefits:

  • All consumers benefit from improved resilience against malformed or hostile TDS responses. A server (or man-in-the-middle) sending an invalid token length can no longer drive the parser to read beyond the declared payload.

Impact:
... (truncated)

6.1.5

This update brings the following changes since the 6.1.4 release:

Fixed

  • Fixed a connection performance regression where SPN (Service Principal Name) generation was triggered for non-integrated authentication modes (e.g., SQL authentication) on the native SNI path, causing unnecessary DNS lookups and significantly slower connection times. Only affects .NET on Windows (not .NET Framework). (#​3523, #​3946)
  • Fixed ExecuteScalar to properly propagate errors when the server sends data followed by an error token. Previously, errors such as conversion failures during WHERE clause evaluation were silently consumed during SqlDataReader.Close() instead of being thrown to the caller, which could result in transactions being unexpectedly zombied. (#​3736, #​3947)
  • Fixed SqlDataReader.GetFieldType and SqlDataReader.GetProviderSpecificFieldType to return the correct type (SqlVector<float>) for vector float32 columns. Previously, these methods did not follow the same type-resolution logic as GetValue, returning an incorrect type for vector columns. (#​4104, #​4151)

Target Platform Support

  • .NET Framework 4.6.2+ (Windows x86, Windows x64, Windows ARM64)
  • .NET 8.0+ (Windows x86, Windows x64, Windows ARM64, Linux, macOS)
  • .NET Standard 2.0+ (Windows x86, Windows x64, Windows ARM64, Linux, macOS)

Dependencies

.NET Framework 4.6.2

  • Azure.Core 1.50.0
  • Azure.Identity 1.17.1
  • Microsoft.Data.SqlClient.SNI 6.0.2
  • Microsoft.Extensions.Caching.Memory 8.0.1
  • Microsoft.Identity.Client 4.80.0
  • Microsoft.IdentityModel.JsonWebTokens 7.7.1
  • Microsoft.IdentityModel.Protocols.OpenIdConnect 7.7.1
  • System.Buffers 4.6.1
  • System.Data.Common 4.3.0
  • System.Diagnostics.DiagnosticSource 8.0.1
  • System.IdentityModel.Tokens.Jwt 7.7.1
  • System.Memory 4.6.3
  • System.Security.Cryptography.Pkcs 8.0.1
  • System.Text.Json 8.0.6
  • System.Text.RegularExpressions 4.3.1

.NET 8.0

  • Azure.Core 1.50.0
  • Azure.Identity 1.17.1
  • Microsoft.Data.SqlClient.SNI.runtime 6.0.2
  • Microsoft.Extensions.Caching.Memory 8.0.1
  • Microsoft.Identity.Client 4.80.0
  • Microsoft.IdentityModel.JsonWebTokens 7.7.1
  • Microsoft.IdentityModel.Protocols.OpenIdConnect 7.7.1
  • Microsoft.SqlServer.Server 1.0.0
  • System.Configuration.ConfigurationManager 8.0.1
  • System.Diagnostics.DiagnosticSource 8.0.1
  • System.IdentityModel.Tokens.Jwt 7.7.1
  • System.Security.Cryptography.Pkcs 8.0.1

.NET 9.0

... (truncated)

6.1.4

This update brings the following changes since the 6.1.3 release:

Fixed

  • Fixed NullReferenceException issue with SqlDataAdapter when processing batch scenarios where certain SQL RPC calls may not include system parameters.
    (#​3877)
  • Fixed connection pooling issue where extra connection deactivation was causing active connection counts to go negative.
    (#​3776)

Added

AppContext Switch for enabling MultiSubnetFailover

What Changed:

  • Added new AppContext switch Switch.Microsoft.Data.SqlClient.EnableMultiSubnetFailoverByDefault to set MultiSubnetFailover=true by default in connection string.
    (#​3851)

Who Benefits:

  • Applications that need MultiSubnetFailover enabled globally without modifying connection strings.

Impact:

  • Applications can now enable MultiSubnetFailover globally using one of the following methods:
// In application code
AppContext.SetSwitch("Switch.Microsoft.Data.SqlClient.EnableMultiSubnetFailoverByDefault", true);
// In runtimeconfig.json
{
  "configProperties": {
    "Switch.Microsoft.Data.SqlClient.EnableMultiSubnetFailoverByDefault": true
  }
}
<!-- In App.Config -->
<runtime>
  <AppContextSwitchOverrides value="Switch.Microsoft.Data.SqlClient.EnableMultiSubnetFailoverByDefault=true" />
</runtime>

Changed

  • Optimized SqlStatistics execution timing by using Environment.TickCount instead of more expensive timing mechanisms.
    ... (truncated)

6.1.3

This update includes the following changes since the 6.1.2 release:

Added

App Context Switch for Ignoring Server-Provided Failover Partner

What Changed:

  • A new app context switch Switch.Microsoft.Data.SqlClient.IgnoreServerProvidedFailoverPartner was introduced to let the client ignore server-provided failover partner info in Basic Availability Groups (BAGs). When the switch is enabled, only the failover partner specified in the connection string is used; server-supplied partner values are skipped. This context switch was introduced in PR #​3702.

Who Benefits:

  • Applications connecting to SQL Server BAGs using TCP and custom ports, especially where the server's provided partner name lacks the protocol, host, or port. This avoids connection failures when the server-provided partner is incompatible or incomplete.
  • Teams who manage availability groups and rely on client-side control of failover behavior in heterogeneous networking environments.

Impact:

  • If your environment might be affected (i.e., you operate a BAG with custom ports, or have experienced failures after failover), you can enable the new switch in your application:
AppContext.SetSwitch("Switch.Microsoft.Data.SqlClient.IgnoreServerProvidedFailoverPartner", true);
  • Then, ensure your connection string includes your preferred failover partner (with correct tcp:host,port) so that the client uses that instead of the server's suggestion.
  • Without enabling this, by default, the client continues to prefer the server-provided partner, maintaining backwards compatibility.

Fixed

  • Fixed an issue to ensure reliable metrics initialization during startup, preventing missed telemetry when EventSource is enabled early. (#​3718)

Target Platform Support

  • .NET Framework 4.6.2+ (Windows ARM64, Windows x86, Windows x64)
  • .NET 8.0+ (Windows x86, Windows x64, Windows ARM64, Windows ARM, Linux, macOS)

Dependencies

.NET Framework 4.6.2+

  • Azure.Core 1.47.1
  • Azure.Identity 1.14.2
  • Microsoft.Bcl.Cryptography 8.0.0
  • Microsoft.Data.SqlClient.SNI 6.0.2
  • Microsoft.Extensions.Caching.Memory 8.0.1
  • Microsoft.IdentityModel.JsonWebTokens 7.7.1
  • Microsoft.IdentityModel.Protocols.OpenIdConnect 7.7.1
  • System.Buffers 4.5.1
  • System.Data.Common 4.3.0
  • System.Security.Cryptography.Pkcs 8.0.1
  • System.Text.Encodings.Web 8.0.0
    ... (truncated)

6.1.2

This update brings the below changes over the previous stable release:

Fixed

  • Fixed an issue where initializing PerformanceCounters would throw System.InvalidOperationException #​3629
  • Fixed an issue where a Custom SqlClientAuthenticationProvider was being overwritten by default implementation. #​3651
  • Fixed a concurrency issue in connection pooling where the number of active connections could be lower than the configured maximum pool size. #​3653

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore.SqlServer from 8.0.11 to 9.0.17.

Release notes

Sourced from Microsoft.EntityFrameworkCore.SqlServer's releases.

9.0.17

Release

What's Changed

Full Changelog: dotnet/efcore@v9.0.16...v9.0.17

9.0.16

Release

What's Changed

Full Changelog: dotnet/efcore@v9.0.15...v9.0.16

9.0.15

Release

What's Changed

Full Changelog: dotnet/efcore@v9.0.14...v9.0.15

9.0.14

Release

What's Changed

Full Changelog: dotnet/efcore@v9.0.13...v9.0.14

9.0.13

Release

What's Changed

Full Changelog: dotnet/efcore@v9.0.12...v9.0.13

9.0.12

Release

What's Changed

Full Changelog: dotnet/efcore@v9.0.11...v9.0.12

9.0.11

Release

What's Changed

Full Changelog: dotnet/efcore@v9.0.10...v9.0.11

9.0.10

Release

What's Changed

Full Changelog: dotnet/efcore@v9.0.9...v9.0.10

9.0.9

Release

What's Changed

Description has been truncated

Bumps Meziantou.Analyzer from 3.0.117 to 3.0.119
Bumps Microsoft.CodeAnalysis.BannedApiAnalyzers from 4.14.0 to 5.6.0
Bumps Microsoft.CodeAnalysis.PublicApiAnalyzers from 3.3.4 to 5.6.0
Bumps Microsoft.Data.SqlClient from 6.1.1 to 7.0.2
Bumps Microsoft.EntityFrameworkCore.SqlServer from 8.0.11 to 9.0.17
Bumps Microsoft.Extensions.DependencyInjection.Abstractions from 8.0.2 to 10.0.9
Bumps Microsoft.SourceLink.GitHub from 8.0.0 to 10.0.300
Bumps Npgsql.EntityFrameworkCore.PostgreSQL from 8.0.10 to 9.0.4
Bumps Pomelo.EntityFrameworkCore.MySql from 8.0.3 to 9.0.0
Bumps SonarAnalyzer.CSharp from 10.27.0.140913 to 10.28.0.143324
Bumps Testcontainers.MsSql from 4.12.0 to 4.13.0
Bumps Testcontainers.MySql from 4.12.0 to 4.13.0
Bumps Testcontainers.PostgreSql from 4.12.0 to 4.13.0
Bumps xunit.runner.visualstudio from 2.5.3 to 3.0.2

---
updated-dependencies:
- dependency-name: Meziantou.Analyzer
  dependency-version: 3.0.119
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-dependencies
- dependency-name: Microsoft.CodeAnalysis.BannedApiAnalyzers
  dependency-version: 5.6.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dotnet-dependencies
- dependency-name: Microsoft.CodeAnalysis.PublicApiAnalyzers
  dependency-version: 5.6.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dotnet-dependencies
- dependency-name: Microsoft.CodeAnalysis.PublicApiAnalyzers
  dependency-version: 5.6.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dotnet-dependencies
- dependency-name: Microsoft.CodeAnalysis.PublicApiAnalyzers
  dependency-version: 5.6.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dotnet-dependencies
- dependency-name: Microsoft.Data.SqlClient
  dependency-version: 7.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dotnet-dependencies
- dependency-name: Microsoft.EntityFrameworkCore.SqlServer
  dependency-version: 9.0.17
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dotnet-dependencies
- dependency-name: Microsoft.Extensions.DependencyInjection.Abstractions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dotnet-dependencies
- dependency-name: Microsoft.SourceLink.GitHub
  dependency-version: 10.0.300
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dotnet-dependencies
- dependency-name: Npgsql.EntityFrameworkCore.PostgreSQL
  dependency-version: 9.0.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dotnet-dependencies
- dependency-name: Pomelo.EntityFrameworkCore.MySql
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dotnet-dependencies
- dependency-name: SonarAnalyzer.CSharp
  dependency-version: 10.28.0.143324
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-dependencies
- dependency-name: Testcontainers.MsSql
  dependency-version: 4.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-dependencies
- dependency-name: Testcontainers.MsSql
  dependency-version: 4.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-dependencies
- dependency-name: Testcontainers.MsSql
  dependency-version: 4.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-dependencies
- dependency-name: Testcontainers.MySql
  dependency-version: 4.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-dependencies
- dependency-name: Testcontainers.PostgreSql
  dependency-version: 4.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-dependencies
- dependency-name: Testcontainers.PostgreSql
  dependency-version: 4.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-dependencies
- dependency-name: Testcontainers.PostgreSql
  dependency-version: 4.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-dependencies
- dependency-name: xunit.runner.visualstudio
  dependency-version: 3.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dotnet-dependencies
- dependency-name: xunit.runner.visualstudio
  dependency-version: 3.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dotnet-dependencies
- dependency-name: xunit.runner.visualstudio
  dependency-version: 3.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dotnet-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file dotnet .NET related changes labels Jul 4, 2026
@dependabot
dependabot Bot requested a review from Chris-Wolfgang as a code owner July 4, 2026 14:49
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file dotnet .NET related changes labels Jul 4, 2026
…ail.EntityFrameworkCore.Benchmarks/dotnet-dependencies-809765b443
…ail.EntityFrameworkCore.Benchmarks/dotnet-dependencies-809765b443
…ail.EntityFrameworkCore.Benchmarks/dotnet-dependencies-809765b443

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark 'Audit Interceptor Benchmarks'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 2.

Benchmark suite Current: ce441e5 Previous: 0e72046 Ratio
Wolfgang.AuditTrail.Benchmarks.SaveChangesBenchmarks.Insert_with_audit(BatchSize: 50) 49870543.541666664 ns (± 1255351.277189203) 21087005.69 ns (± 10592773.490147213) 2.36

This comment was automatically generated by workflow using github-action-benchmark.

CC: @Chris-Wolfgang

…ail.EntityFrameworkCore.Benchmarks/dotnet-dependencies-809765b443
@Chris-Wolfgang
Chris-Wolfgang merged commit 0ff67e4 into main Jul 5, 2026
15 checks passed
@Chris-Wolfgang
Chris-Wolfgang deleted the dependabot/nuget/benchmarks/Wolfgang.AuditTrail.EntityFrameworkCore.Benchmarks/dotnet-dependencies-809765b443 branch July 5, 2026 00:40
Chris-Wolfgang added a commit that referenced this pull request Jul 5, 2026
#192 bumped SonarAnalyzer.CSharp 10.27 -> 10.28, which strengthened S2077 (SQL
injection via string formatting) and now flags the two interpolated DROP TABLE
statements in AuditSchemaInstaller.DropTablesAsync — a pre-existing failure that
#192's stale Stage 2 run missed (it fires on net10 too, untouched by this branch).

The identifiers are already validated (EnsureSafeIdentifier) and provider-quoted
(QuoteIdentifier), and come from AuditOptions, not user input; DDL identifiers
cannot be parameterized. Extend the existing EF1002 pragma to cover S2077 with
that justification. AuditSchemaMigrator passes EF-generated CommandText (a plain
variable, not interpolated) so S2077 doesn't fire there.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Chris-Wolfgang added a commit that referenced this pull request Jul 5, 2026
The SonarAnalyzer 10.28 bump (via #192) also flags the interpolated DELETE FROM
{table} reset statements in ProviderSaveChangesBenchmarks. Table names are
hardcoded provider-switch literals (no user input); extend the existing EF1002
pragma to cover S2077. Verified the full solution builds clean with
--no-incremental (which exercises Sonar's symbolic-execution rules).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Chris-Wolfgang added a commit that referenced this pull request Jul 5, 2026
Fix #192 fallout: per-TFM DI.Abstractions alignment + S2077 pragma
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file dotnet .NET related changes

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant