Skip to content

Bump the nuget group with 6 updates#15

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/nuget-49732a72e3
Open

Bump the nuget group with 6 updates#15
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/nuget-49732a72e3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 18, 2026

Copy link
Copy Markdown
Contributor

Updated Microsoft.Data.SqlClient from 7.0.1 to 7.0.2.

Release notes

Sourced from Microsoft.Data.SqlClient's releases.

7.0.2

This update brings the following changes since the 7.0.1 release:

Important — package version alignment: Starting with 7.0.2, the Microsoft.Data.SqlClient driver and its companion packages share a single aligned version. The following packages now ship together as 7.0.2:

  • Microsoft.Data.SqlClient
  • Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider
  • Microsoft.Data.SqlClient.Extensions.Azure
  • Microsoft.Data.SqlClient.Extensions.Abstractions
  • Microsoft.Data.SqlClient.Internal.Logging

(Microsoft.SqlServer.Server continues to version independently and remains at 1.0.0.)

Applications must reference the same versions of Microsoft.Data.SqlClient and its extensions for best compatibility. In particular, applications that reference Microsoft.Data.SqlClient.Extensions.Azure must upgrade it to 7.0.2 when upgrading Microsoft.Data.SqlClient to 7.0.2.

Breaking change (.NET Framework only): As part of this alignment, the AssemblyVersion of Microsoft.Data.SqlClient.Extensions.Azure, Microsoft.Data.SqlClient.Extensions.Abstractions, and Microsoft.Data.SqlClient.Internal.Logging changed from 1.0.0.0 to 7.0.0.0 (the Microsoft.Data.SqlClient and Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider assembly versions are unchanged). On .NET Framework, AssemblyVersion is part of the strong-name identity, so applications that drop these assemblies into an existing deployment without rebuilding must rebuild against the 7.0.2 packages (or add binding redirects). Applications on .NET / .NET Core are not affected.

Companion package release notes

The following companion packages ship aligned as 7.0.2. See their individual release notes for package-specific changes (including the Microsoft.Data.SqlClient.Extensions.Azure WAM broker support):

Fixed

  • Fixed a NullReferenceException in SqlCommand.Cancel(). The diagnostic message built during cancellation dereferenced the active connection directly; it now uses a null-conditional access so cancellation no longer throws when the connection has already been torn down.
    (#​4372,#​4373)

  • Fixed a NullReferenceException in SqlDataReader when calling GetBytes/GetChars with a null destination buffer. The argument-validation path that constructs the InvalidDestinationBufferIndex exception now guards against the null buffer so the correct ArgumentException is surfaced instead of an NRE.
    (#​4159,#​4206)

  • Fixed Always Encrypted column master key signature verification incorrectly reusing cached results. The SignatureVerificationCache lookup logic was corrected so signature verification outcomes are cached and retrieved against the correct key, preventing stale or mismatched verification results.
    (#​4339,#​4343)

Changed

Hardened TDS token parsing with data-length bounds checks

What Changed:

  • Added bounds checking when parsing TDS token and feature-extension-acknowledgment data lengths. The parser now validates the declared length of incoming token data against the available buffer before reading, rejecting malformed or out-of-range length values instead of reading past the intended boundary.
    (#​4340,#​4358)

Who Benefits:

  • All consumers benefit from improved resilience against malformed or hostile TDS responses. A server (or man-in-the-middle) sending an invalid token length can no longer drive the parser to read beyond the declared payload.

Impact:
... (truncated)

Commits viewable in compare view.

Updated Microsoft.Data.Sqlite from 10.0.8 to 10.0.10.

Release notes

Sourced from Microsoft.Data.Sqlite's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.NET.Test.Sdk from 18.6.0 to 18.8.1.

Release notes

Sourced from Microsoft.NET.Test.Sdk's releases.

18.8.1

What's Changed

Full Changelog: microsoft/vstest@v18.8.0...v18.8.1

18.8.0

What's Changed

Full Changelog: microsoft/vstest@v18.7.0...v18.8.0

18.7.0

What's Changed

New Contributors

Full Changelog: microsoft/vstest@v18.6.0...v18.7.0

Commits viewable in compare view.

Updated Microsoft.SourceLink.GitHub from 10.0.300 to 10.0.301.

Release notes

Sourced from Microsoft.SourceLink.GitHub's releases.

10.0.301

You can build .NET 10.0 from the repository by cloning the release tag v10.0.301 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

Commits viewable in compare view.

Updated Microsoft.SqlServer.DacFx from 170.3.93 to 170.4.83.

Release notes

Sourced from Microsoft.SqlServer.DacFx's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Testcontainers.MsSql from 4.12.0 to 4.13.0.

Release notes

Sourced from Testcontainers.MsSql's releases.

4.13.0

What's Changed

Thank you to everyone who contributed and shared their feedback 🤜🤛.

The NuGet packages for this release have been attested for supply chain security using actions/attest. This confirms the integrity and provenance of the artifacts and helps ensure they can be trusted: #​33686956.

🚀 Features

  • feat: Add Aspire dashboard module (#​1194) @​NikiforovAll
  • feat: Add image name substitution hook (#​1710) @​HofmeisterAn
  • feat(CosmosDb): Add get method AccountEndpoint (#​1707) @​srollinet
  • feat: Improve image build failure messages (#​1700) @​HofmeisterAn

🐛 Bug Fixes

  • fix: Restore tar archive write performance regressed by padding trim (#​1719) @​HofmeisterAn
  • chore: Bump Docker.DotNet from 4.3.2 to 4.3.3 (#​1714) @​HofmeisterAn
  • chore(AspireDashboard): Cover connection string provider (#​1713) @​HofmeisterAn

📖 Documentation

  • docs: Add missing TC languages and reorder docs navigation (#​1711) @​mdelapenya
  • docs: Add note about unsupported BuildKit Dockerfile features (#​1696) @​HofmeisterAn
  • docs: Explain immutable builder behavior (#​1693) @​HofmeisterAn

🧹 Housekeeping

  • chore: Enable Dependabot cooldown (#​1716) @​HofmeisterAn
  • chore: Add nuget.config (#​1715) @​Rob-Hague
  • chore(AspireDashboard): Cover connection string provider (#​1713) @​HofmeisterAn
  • chore: Bump Docker.DotNet from 4.2.0 to 4.3.2 (#​1712) @​HofmeisterAn
  • chore: Bump sshd-docker image from 1.3.0 to 1.4.0 (#​1709) @​HofmeisterAn
  • chore: Rename runtime label and add buildkit and stale labels (#​1703) @​HofmeisterAn
  • fix: Guard expensive argument evaluation when logging (#​1702) @​HofmeisterAn
  • chore: Defer container ID truncation in logging (#​1701) @​HofmeisterAn
  • chore: Migrate to LoggerMessageAttribute (#​1697) @​HofmeisterAn

📦 Dependency Updates

  • chore(deps): Bump the actions group with 2 updates (#​1721) @dependabot[bot]
  • chore(deps): Bump the actions group with 7 updates (#​1717) @dependabot[bot]
  • chore: Bump Docker.DotNet from 4.3.2 to 4.3.3 (#​1714) @​HofmeisterAn
  • chore: Bump Docker.DotNet from 4.2.0 to 4.3.2 (#​1712) @​HofmeisterAn
  • chore(deps): Bump the actions group with 4 updates (#​1698) @dependabot[bot]

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps Microsoft.Data.SqlClient from 7.0.1 to 7.0.2
Bumps Microsoft.Data.Sqlite from 10.0.8 to 10.0.10
Bumps Microsoft.NET.Test.Sdk from 18.6.0 to 18.8.1
Bumps Microsoft.SourceLink.GitHub from 10.0.300 to 10.0.301
Bumps Microsoft.SqlServer.DacFx from 170.3.93 to 170.4.83
Bumps Testcontainers.MsSql from 4.12.0 to 4.13.0

---
updated-dependencies:
- dependency-name: Microsoft.Data.SqlClient
  dependency-version: 7.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget
- dependency-name: Microsoft.Data.SqlClient
  dependency-version: 7.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget
- dependency-name: Microsoft.Data.Sqlite
  dependency-version: 10.0.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget
- dependency-name: Microsoft.Data.Sqlite
  dependency-version: 10.0.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget
- dependency-name: Microsoft.Data.Sqlite
  dependency-version: 10.0.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget
- dependency-name: Microsoft.Data.Sqlite
  dependency-version: 10.0.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget
- dependency-name: Microsoft.NET.Test.Sdk
  dependency-version: 18.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget
- dependency-name: Microsoft.NET.Test.Sdk
  dependency-version: 18.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget
- dependency-name: Microsoft.NET.Test.Sdk
  dependency-version: 18.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget
- dependency-name: Microsoft.SourceLink.GitHub
  dependency-version: 10.0.301
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget
- dependency-name: Microsoft.SqlServer.DacFx
  dependency-version: 170.4.83
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget
- dependency-name: Microsoft.SqlServer.DacFx
  dependency-version: 170.4.83
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget
- dependency-name: Testcontainers.MsSql
  dependency-version: 4.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget
- dependency-name: Testcontainers.MsSql
  dependency-version: 4.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels Jul 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants