Bump the non-major-versions group with 1 update

[dependabot]

Updated Microsoft.Data.SqlClient from 6.1.5 to 6.1.6.

Release notes

Sourced from Microsoft.Data.SqlClient's releases.

6.1.6

This update brings the following changes since the 6.1.5 release:

Added

WAM broker support for the supported Entra ID authentication modes (Windows only)

What Changed:

• Added support for the Web Account Manager (WAM) broker for the supported Microsoft Entra ID authentication modes. A new ActiveDirectoryAuthenticationProviderOptions options bag and a corresponding ActiveDirectoryAuthenticationProvider(ActiveDirectoryAuthenticationProviderOptions options) constructor were introduced, exposing a UseWamBroker property (alongside ApplicationClientId and DeviceCodeFlowCallback).
  (#​4288, #​4387)
• Added a cross-platform SetParentActivityOrWindowFunc(Func<object> parentActivityOrWindowFunc) method so callers can supply a parent window handle on Windows or a parent Activity/UIViewController on Android/iOS/MAUI.

Who Benefits:

• Applications using ActiveDirectoryInteractive and other supported Entra ID authentication modes on Windows benefit from the WAM broker's improved security (tokens are brokered by the OS), single sign-on with the logged-in Windows account, and support for Conditional Access and Windows Hello.

Impact:

• When you supply your ApplicationClientId, WAM is opt-in via ActiveDirectoryAuthenticationProviderOptions.UseWamBroker. Consider enabling it when you want OS-brokered tokens, single sign-on with the signed-in Windows account, Windows Hello, and Conditional Access support.
• UseWamBroker is a Windows-only setting and has no effect on non-Windows platforms, where interactive Entra ID flows always use the system browser.
• Prefer the new options-bag constructor over the positional-argument overloads in new code.

var options = new ActiveDirectoryAuthenticationProviderOptions
{
    ApplicationClientId = "<your-app-client-id>",
    // Enable WAM (Windows only) for OS-brokered tokens, SSO, Windows Hello, and Conditional Access.
    UseWamBroker = true,
};
var provider = new ActiveDirectoryAuthenticationProvider(options);
// Supply the parent window/activity that owns the interactive sign-in prompt.
provider.SetParentActivityOrWindowFunc(() => parentWindowHandle);
SqlAuthenticationProvider.SetProvider(SqlAuthenticationMethod.ActiveDirectoryInteractive, provider);

Changed

Hardened TDS token parsing with data-length bounds checks

What Changed:

• Added bounds checking when parsing TDS token data lengths. The parser now validates the declared length of incoming token data against the available buffer before reading, rejecting malformed or out-of-range length values instead of reading past the intended boundary.
  (#​4340, #​4359)

Who Benefits:

• All consumers benefit from improved resilience against malformed or hostile TDS responses. A server (or man-in-the-middle) sending an invalid token length can no longer drive the parser to read beyond the declared payload.

Impact:
... (truncated)

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Superseded by #230.