Bump Microsoft.Data.SqlClient from 6.1.4 to 7.0.0

[dependabot]

Updated Microsoft.Data.SqlClient from 6.1.4 to 7.0.0.

Release notes

Sourced from Microsoft.Data.SqlClient's releases.

7.0.0-preview4

Changed

Azure Dependencies Removed from Core Package

What Changed:

• The core Microsoft.Data.SqlClient package no longer depends on Azure.Core, Azure.Identity, or their transitive dependencies (e.g., Microsoft.Identity.Client, Microsoft.Web.WebView2). Azure Active Directory / Entra authentication functionality (ActiveDirectoryAuthenticationProvider and related types) has been extracted into a new Microsoft.Data.SqlClient.Extensions.Azure package that can be installed separately when needed. (#​1108, #​3680, #​3902, #​3904, #​3908, #​3917, #​3982, #​3978, #​3986)
• To support this separation, two additional packages were introduced: Microsoft.Data.SqlClient.Extensions.Abstractions (shared types between the core driver and extensions) and Microsoft.Data.SqlClient.Extensions.Logging (shared ETW tracing infrastructure). (#​3626, #​3628, #​3967)

Who Benefits:

• All users benefit from a significantly lighter core package. Previously, the Azure dependency chain pulled in numerous assemblies (including Azure.Core, Azure.Identity, Microsoft.Identity.Client, and Microsoft.Web.WebView2) even for applications that only needed basic SQL Server connectivity. This was the most upvoted open issue in the repository (#​1108).
• Users who do not use Azure AD authentication no longer carry Azure-related assemblies in their build output, reducing deployment size and eliminating confusion about unexpected dependencies.
• Users who do use Azure AD authentication can now manage Azure dependency versions independently from the core driver.

Impact:

• Applications using Azure AD authentication (e.g., ActiveDirectoryPassword, ActiveDirectoryInteractive, ActiveDirectoryDefault, etc.) must now install the Microsoft.Data.SqlClient.Extensions.Azure NuGet package separately. No code changes are required beyond adding the package reference.

Added

Expose SSPI Context Provider as Public API

What Changed:

• Added the SspiContextProvider abstract class and a public SspiContextProvider property on SqlConnection, allowing applications to supply a custom SSPI context provider for integrated authentication. This enables custom Kerberos ticket negotiation and NTLM username/password authentication scenarios that the driver does not natively support. (#​2253, #​2494)

Who Benefits:

• Users authenticating across untrusted domains, non-domain-joined machines, or cross-platform environments where configuring integrated authentication on the client is difficult or impossible.
• Users running in containers who need manual Kerberos negotiation without deploying sidecars or external ticket-refresh mechanisms.
• Users who need NTLM username/password authentication to SQL Server, which the driver does not provide natively.

Impact:

• Applications can set a custom SspiContextProvider on SqlConnection before opening the connection. The provider handles the authentication token exchange during integrated authentication. This is an additive API — existing authentication behavior is unchanged when no custom provider is set. See SspiContextProvider_CustomProvider.cs for a sample implementation.
• Note: The SspiContextProvider is a part of the connection pool key. Care should be taken when using this property to ensure the implementation returns a stable identity per resource.

Expose Default Transient Error List

What Changed:

• Exposed the default transient error codes list via the new SqlConfigurableRetryFactory.BaselineTransientErrors static property (returns a ReadOnlyCollection<int>), making it easier to extend the set of transient errors without copy-pasting from the repository source. (#​3903)

Who Benefits:

• Developers implementing custom retry logic who want to extend the built-in transient error list rather than replacing it.

Impact:

... (truncated)

7.0.0-preview3

Preview Release 7.0.0-preview3.25342.7 - December 8, 2025

Added

Support for .NET 10

What Changed:

• Updated pipelines and test suites to compile the driver using the .NET 10 SDK. Cleaned up unnecessary dependency references.
  (#​3686)

Who Benefits:

• Developers targeting .NET 10.

Impact:

• Addressed .NET 10 warnings regarding unused/unnecessary dependencies.

Enable SqlClientDiagnosticListener in SqlCommand on .NET Framework

What Changed:

• Enabled SqlClientDiagnosticListener functionality on SqlCommand for .NET Framework.
  (#​3658)

Who Benefits:

• Developers requiring diagnostic information on .NET Framework.

Impact:

• Improved observability and diagnostics for SqlCommand on .NET Framework.

Enable User Agent Extension

What Changed:

• Enabled User Agent Feature Extension.
  (#​3606)

Who Benefits:

• Telemetry and diagnostics consumers.

Impact:

• When the Switch.Microsoft.Data.SqlClient.EnableUserAgent app context switch is enabled, the driver sends more detailed user agent strings. This switch is disabled by default. This change will assist with troubleshooting and quantifying driver usage by version and operating system.

Fixed

... (truncated)

7.0.0-preview2

This update brings the following changes since the 7.0.0-preview1 release:

Bug Fixes

• Fixed a debug assertion in connection pool (no impact to production code) (#​3587)
• Prevent uninitialized performance counters escaping CreatePerformanceCounters (#​3623)
• Fix SetProvider to return immediately if user-defined authentication provider found (#​3620)
• Allow SqlBulkCopy to operate on hidden columns (#​3590)
• Fix connection pool concurrency issue (#​3632)

Added

App Context Switch for Ignoring Server-Provided Failover Partner

What Changed:

• A new app context switch Switch.Microsoft.Data.SqlClient.IgnoreServerProvidedFailoverPartner was introduced to let the client ignore server-provided failover partner info in Basic Availability Groups (BAGs). When the switch is enabled, only the failover partner specified in the connection string is used; server-supplied partner values are skipped. This context switch was introduced in PR #​3625.

Who Benefits:

• Applications connecting to SQL Server BAGs using TCP and custom ports, especially where the server's provided partner name lacks the protocol, host, or port. This avoids connection failures when the server-provided partner is incompatible or incomplete.
• Teams who manage availability groups and rely on client-side control of failover behavior in heterogeneous networking environments.

Impact:

• If your environment might be affected (i.e., you operate a BAG with custom ports, or have experienced failures after failover), you can enable the new switch in your application:

AppContext.SetSwitch("Switch.Microsoft.Data.SqlClient.IgnoreServerProvidedFailoverPartner", true);

• Then, ensure your connection string includes your preferred failover partner (with correct tcp:host,port) so that the client uses that instead of the server's suggestion.
• Without enabling this, by default, the client continues to prefer the server-provided partner, maintaining backwards compatibility.

Other Additions

• Add app context switch for enabling asynchronous multi-packet improvements (#​3605)

Changed

Deprecation of SqlAuthenticationMethod.ActiveDirectoryPassword

What Changed:

• Username/Password authentication for Microsoft Entra (formerly Active Directory) has been deprecated. SqlAuthenticationMethod.ActiveDirectoryPassword is now marked as [Obsolete]. This change occurred in PR #​3671

Who benefits:

• Teams moving toward stronger, passwordless or MFA-compliant auth (in line with changes across MSAL/Azure.Identity and Entra MFA enforcement). This aligns Microsoft.Data.SqlClient with Microsoft's direction to avoid username/password (ROPC) flows. See https://learn.microsoft.com/en-us/entra/identity/authentication/concept-mandatory-multifactor-authentication for more explanation of why this change is being made across Microsoft products/services.

... (truncated)

7.0.0-preview1

Changes Since 6.1.0

This update brings the following changes since the 6.1.0 release:

Breaking Changes

• Removed Constrained Execution Region error handling blocks and associated SqlConnection cleanup which may affect how potentially-broken connections are expunged from the pool. (#​3535)

Bug Fixes

• Packet multiplexing disabled by default, and several bug fixes. (#​3534, #​3537)

Added

• SqlColumnEncryptionCertificateStoreProvider now works on Windows, Linux, and macOS. (#​3014)

Changed

• Updated SqlVector.Null to return a nullable SqlVector instance in the reference API to match the implementation. (#​3521)

• Performance improvements for all built-in SqlColumnEncryptionKeyStoreProvider implementations. (#​3554)

• Various test improvements. (#​3456, #​2968, #​3458, #​3494, #​3559, #​3575)

• Codebase merge project and related cleanup. (#​3436, #​3434, #​3448, #​3454, #​3462, #​3435, #​3492, #​3473, #​3469, #​3394, #​3493, #​3593)

• Documentation improvements. (#​3490)

• Updated Azure.Identity dependency to v1.14.2. (#​3538)

Changes Since 6.0.2

This update brings the following changes since the 6.0.2 release. Changes already noted above are omitted:

Additions

Added dedicated SQL Server vector datatype support

What Changed:

• Optimized vector communications between MDS and SQL Server 2025, employing a custom binary format over the TDS protocol. (#​3433, #​3443)
• Reduced processing load compared to existing JSON-based vector support.
• Initial support for 32-bit single-precision floating point vectors.

Who Benefits:

• Applications moving large vector data sets will see beneficial improvements to processing times and memory requirements.
• Vector-specific APIs are ready to support future numeric representations with a consistent look-and-feel.

Impact:
... (truncated)

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Summary by cubic

Upgrade Microsoft.Data.SqlClient from 6.1.4 to 7.0.0. The core driver is lighter and no longer brings in Azure dependencies; apps using Entra/Azure AD auth must add the new extension.

• Migration
  • If you use Entra/Azure AD auth (e.g., ActiveDirectoryInteractive/Default/ManagedIdentity), add Microsoft.Data.SqlClient.Extensions.Azure.
  • ActiveDirectoryPassword is now obsolete. Move to ActiveDirectoryDefault, ManagedIdentity, or interactive/device code flows.

^{Written for commit c396ddb. Summary will update on new commits.}

High-level PR Summary

This PR updates the Microsoft.Data.SqlClient dependency from version 6.1.4 to 7.0.0, which introduces several significant changes including the removal of Azure dependencies from the core package (now requiring a separate Microsoft.Data.SqlClient.Extensions.Azure package for Azure AD authentication), new APIs for custom SSPI context providers and transient error handling, support for .NET 10, SQL Server vector datatype optimizations, and the deprecation of ActiveDirectoryPassword authentication method. This is a major version bump that may require applications using Azure AD authentication to install an additional NuGet package.

⏱️ Estimated Review Time: 5-15 minutes

💡 Review Order Suggestion

Order	File Path
1	Directory.Packages.props

[recurseml]

Review by RecurseML

🔍 Review performed on 3bf8610..c396ddb

✨ No bugs found, your code is sparkling clean

✅ Files analyzed, no issues (1)

• Directory.Packages.props

[cubic-dev-ai]

1 issue found across 1 file

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="Directory.Packages.props">

<violation number="1" location="Directory.Packages.props:21">
P1: This major-version bump drops Entra/Azure authentication support unless you also add the new `Microsoft.Data.SqlClient.Extensions.Azure` package. Existing consumers using `Authentication=Active Directory ...` connection strings will regress at runtime.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P1: This major-version bump drops Entra/Azure authentication support unless you also add the new Microsoft.Data.SqlClient.Extensions.Azure package. Existing consumers using Authentication=Active Directory ... connection strings will regress at runtime.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At Directory.Packages.props, line 21:

<comment>This major-version bump drops Entra/Azure authentication support unless you also add the new `Microsoft.Data.SqlClient.Extensions.Azure` package. Existing consumers using `Authentication=Active Directory ...` connection strings will regress at runtime.</comment>

<file context>
@@ -18,7 +18,7 @@
 
     <!-- Database Providers -->
-    <PackageVersion Include="Microsoft.Data.SqlClient" Version="6.1.4" />
+    <PackageVersion Include="Microsoft.Data.SqlClient" Version="7.0.0" />
     <PackageVersion Include="Microsoft.Data.Sqlite" Version="10.0.5" />
     <PackageVersion Include="MySqlConnector" Version="2.5.0" />
</file context>