Skip to content

[6.1] Dependency Cleanup #3843

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
paulmedynski wants to merge 7 commits into
base: release/6.1
Choose a base branch
from
Open

[6.1] Dependency Cleanup #3843

paulmedynski wants to merge 7 commits into from
+277 −157

Conversation

@paulmedynski
Copy link
Contributor

@paulmedynski paulmedynski commented Dec 12, 2025
edited
Loading

Description

  • Upgraded Azure.Identity to 1.17.1 to avoid deprecation. This forced a major version upgrade of some transitive packages:
    • Microsoft.IdentityModel.Abstractions (8.14.0)
    • System.Diagnostics.DiagnosticSource (.NET 8 - 8.0.1, .NET 9 - 9.0.11)
  • Removed unused dependencies across all driver and test projects.
  • Updated some dependencies, avoiding transitive vulnerabilities.
  • Updated nuspec files to remove/update dependencies accordingly.

Noteworthy Package Upgrades

MDS - .NET Framework 4.6.2

Package Previous Dependency Type Previous Version Current Dependency Type Current Version
Azure.Core Direct 1.47.1 Direct 1.50.0
Azure.Identity Direct 1.14.2 Direct 1.17.1
Microsoft.Identity.Client Transitive 4.73.1 Direct 4.80.0
Microsoft.IdentityModel.Abstractions Transitive 7.7.1 Transitive 8.14.0
System.Buffers Direct 4.5.1 Direct 4.6.1
System.Data.Common None Direct 4.3.0
System.Diagnostics.DiagnosticSource Transitive 8.0.1 Direct 8.0.1
System.IdentityModel.Tokens.Jwt Transitive 7.7.1 Direct 7.7.1
System.Memory Transitive 4.5.5 Direct 4.6.3
System.Text.Json Direct 8.0.5 Direct 8.0.6
System.Text.RegularExpressions None Direct 4.3.1

MDS - .NET Standard 2.0

Package Previous Dependency Type Previous Version Current Dependency Type Current Version
Azure.Core Direct 1.47.1 Direct 1.50.0
Azure.Identity Direct 1.14.2 Direct 1.17.1
Microsoft.Bcl.Cryptography Direct 8.0.0 None
Microsoft.Identity.Client Transitive 4.73.1 Direct 4.80.0
Microsoft.IdentityModel.Abstractions Transitive 7.7.1 Transitive 8.14.0
System.Diagnostics.DiagnosticSource Transitive 8.0.1 Direct 8.0.1
System.IdentityModel.Tokens.Jwt Transitive 7.7.1 Direct 7.7.1
System.Text.Json Direct 8.0.5 Direct 8.0.6

MDS - .NET 8.0

Package Previous Dependency Type Previous Version Current Dependency Type Current Version
Azure.Core Direct 1.47.1 Direct 1.50.0
Azure.Identity Direct 1.14.2 Direct 1.17.1
Microsoft.Bcl.Cryptography Direct 8.0.0 None
Microsoft.Identity.Client Transitive 4.73.1 Direct 4.80.0
Microsoft.IdentityModel.Abstractions Transitive 7.7.1 Transitive 8.14.0
System.Diagnostics.DiagnosticSource Transitive 6.0.1 Direct 8.0.1
System.IdentityModel.Tokens.Jwt Transitive 7.7.1 Direct 7.7.1

MDS - .NET 9.0

Package Previous Dependency Type Previous Version Current Dependency Type Current Version
Azure.Core Direct 1.47.1 Direct 1.50.0
Azure.Identity Direct 1.14.2 Direct 1.17.1
Microsoft.Bcl.Cryptography Direct 8.0.0 None
Microsoft.Extensions.Caching.Memory Direct 9.0.5 Direct 9.0.11
Microsoft.Identity.Client Transitive 4.73.1 Direct 4.80.0
Microsoft.IdentityModel.Abstractions Transitive 7.7.1 Transitive 8.14.0
System.Configuration.ConfigurationManager Direct 9.0.5 Direct 9.0.11
System.Diagnostics.DiagnosticSource Transitive 6.0.1 Direct 9.0.11
System.IdentityModel.Tokens.Jwt Transitive 7.7.1 Direct 7.7.1
System.Security.Cryptography.Pkcs Direct 9.0.5 Direct 9.0.11

AKV - .NET Framework 4.6.2

Package Previous Dependency Type Previous Version Current Dependency Type Current Version
Azure.Core Direct 1.47.1 Direct 1.50.0
Azure.Security.KeyVault.Keys Direct 4.7.0 Direct 4.8.0
Microsoft.IdentityModel.Abstractions Transitive 7.7.1 Transitive 8.14.0

AKV - .NET 8.0

Package Previous Dependency Type Previous Version Current Dependency Type Current Version
Azure.Core Direct 1.47.1 Direct 1.50.0
Azure.Security.KeyVault.Keys Direct 4.7.0 Direct 4.8.0
Microsoft.IdentityModel.Abstractions Transitive 7.7.1 Transitive 8.14.0
System.Diagnostics.DiagnosticSource Transitive 6.0.1 Transitive 8.0.1
System.Text.Encodings.Web Direct 8.0.0 None

AKV - .NET 9.0

Package Previous Dependency Type Previous Version Current Dependency Type Current Version
Azure.Core Direct 1.47.1 Direct 1.50.0
Azure.Security.KeyVault.Keys Direct 4.7.0 Direct 4.8.0
Microsoft.IdentityModel.Abstractions Transitive 7.7.1 Transitive 8.14.0
Microsoft.Extensions.Caching.Memory Direct 9.0.5 Direct 9.0.11
System.Diagnostics.DiagnosticSource Transitive 6.0.1 Transitive 9.0.11
System.Text.Encodings.Web Direct 8.0.0 None

Issues

Resolves #3807.

Testing

  • CI will validate the changes.
  • Manually inspected the full package dependency tree for the driver projects to ensure no unintentional major version increments.
  • Manually inspected CI runs to observe that tests are being executed for the expected target frameworks and architectures.

@paulmedynski
- Removed unused dependencies across all driver and test projects.
b1eb044 
- Updated some dependencies, avoiding transitive vulnerabilities.
- Updated nuspec files to remove/update dependencies accordingly.
Copilot AI review requested due to automatic review settings December 12, 2025 14:06
Copilot AI reviewed Dec 12, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR performs a dependency cleanup across the Microsoft.Data.SqlClient driver and related test projects. The changes update several dependencies to address transitive vulnerabilities, remove unused dependencies (Microsoft.Bcl.Cryptography, System.Memory, System.Text.Encodings.Web), and update nuspec files to reflect the new dependency structure. The code changes suppress warnings for deliberately used obsolete APIs in Azure Active Directory authentication methods.

  • Removed unused dependencies: Microsoft.Bcl.Cryptography, System.Memory, and System.Text.Encodings.Web across driver and test projects
  • Updated Azure and identity-related packages to newer versions (Azure.Core 1.50.0, Azure.Identity 1.17.0, Azure.Security.KeyVault.Keys 4.8.0)
  • Updated System.Buffers from 4.5.1 to 4.6.1 and System.Text.Json from 8.0.5 to 8.0.6 for net462
  • Added pragma warning suppressions for obsolete APIs in authentication code

Reviewed changes

Copilot reviewed 17 out of 17 changed files in this pull request and generated 8 comments.

Show a summary per file
File Description
tools/specs/add-ons/Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.nuspec Updated Azure package dependencies and Microsoft.Extensions.Caching.Memory for net9.0 to 9.0.11
tools/specs/Microsoft.Data.SqlClient.nuspec Updated multiple dependencies across all target frameworks; removed Microsoft.Bcl.Cryptography, System.Text.Encodings.Web, and System.Text.Json from various targets
src/Microsoft.Data.SqlClient/tests/tools/Microsoft.Data.SqlClient.TestUtilities/Microsoft.Data.SqlClient.TestUtilities.csproj Removed unused Microsoft.Bcl.Cryptography dependency
src/Microsoft.Data.SqlClient/tests/tools/Microsoft.Data.SqlClient.ExtUtilities/Microsoft.Data.SqlClient.ExtUtilities.csproj Changed approach from pinning System.Formats.Asn1 to referencing MDS 5.1.8 to avoid transitive vulnerability
src/Microsoft.Data.SqlClient/tests/ManualTests/SQL/ConnectivityTests/AADConnectionTest.cs Added pragma warning suppressions for obsolete AcquireTokenByUsernamePassword API
src/Microsoft.Data.SqlClient/tests/ManualTests/Microsoft.Data.SqlClient.ManualTesting.Tests.csproj Removed unused Microsoft.Bcl.Cryptography dependency
src/Microsoft.Data.SqlClient/tests/ManualTests/DataCommon/DataTestUtility.cs Added pragma warning suppressions for obsolete AcquireTokenByUsernamePassword API
src/Microsoft.Data.SqlClient/tests/FunctionalTests/Microsoft.Data.SqlClient.FunctionalTests.csproj Removed unused Microsoft.Bcl.Cryptography dependency
src/Microsoft.Data.SqlClient/tests/Directory.Packages.props Changed approach to reference MDS 5.1.8 instead of pinning System.Formats.Asn1
src/Microsoft.Data.SqlClient/src/Microsoft/Data/SqlClient/ActiveDirectoryAuthenticationProvider.cs Added pragma warning suppressions for obsolete APIs (AcquireTokenByUsernamePassword and SharedTokenCacheUsername)
src/Microsoft.Data.SqlClient/src/Microsoft.Data.SqlClient.csproj Removed unused Microsoft.Bcl.Cryptography and System.Memory dependencies
src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj Removed unused Microsoft.Bcl.Cryptography and System.Text.Encodings.Web dependencies
src/Microsoft.Data.SqlClient/netfx/ref/Microsoft.Data.SqlClient.csproj Removed unused Microsoft.Bcl.Cryptography and System.Text.Encodings.Web dependencies
src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj Removed unused Microsoft.Bcl.Cryptography dependency and System.Text.Json reference (provided by framework)
src/Microsoft.Data.SqlClient/netcore/ref/Microsoft.Data.SqlClient.csproj Removed unused Microsoft.Bcl.Cryptography dependency and System.Text.Json reference (provided by framework)
src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.csproj Removed unused System.Text.Encodings.Web dependency
src/Directory.Packages.props Updated package versions and reorganized framework-specific dependencies; removed System.Memory and some test dependencies; updated Microsoft.NET.Test.Sdk, xunit, and other test packages

paulmedynski
paulmedynski commented Dec 12, 2025
View reviewed changes
Copy link
Contributor Author

@paulmedynski paulmedynski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Commentary for reviewers.

@paulmedynski
- Replaced Microsoft.SqlServer.Server project refs with package refs …
e942a0b 
…to avoid strong-name errors.

- Added System.Text.Json back for .NET Standard 2.0.
paulmedynski
paulmedynski commented Dec 12, 2025
View reviewed changes
@paulmedynski
- Reverting the addition of Microsoft.SqlServer.Server to the MDS .NE…
bfaef22 
…T Framework project.

- Inhibiting dependency on Microsoft.SqlServer.Server in UDT test projects for .NET Framework.
- Fixed duplicate MDS package version in test utilities.
Copilot AI review requested due to automatic review settings December 12, 2025 16:46
Copilot AI reviewed Dec 12, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 22 out of 22 changed files in this pull request and generated 1 comment.

@codecov
Copy link

codecov bot commented Dec 12, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.18%. Comparing base (8291391) to head (a1a5c54).
⚠️ Report is 1 commits behind head on release/6.1.

Additional details and impacted files 
@@               Coverage Diff               @@
##           release/6.1    #3843      +/-   ##
===============================================
- Coverage        66.21%   64.18%   -2.03%     
===============================================
  Files              279      279              
  Lines            53293    53302       +9     
===============================================
- Hits             35286    34211    -1075     
- Misses           18007    19091    +1084
Flag Coverage Δ
addons 90.82% <ø> (ø)
netcore 68.34% <100.00%> (-4.41%) ⬇️
netfx 67.71% <100.00%> (+1.84%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@paulmedynski paulmedynski marked this pull request as ready for review December 12, 2025 19:26
@paulmedynski paulmedynski requested a review from a team as a code owner December 12, 2025 19:26
paulmedynski
paulmedynski commented Dec 12, 2025
View reviewed changes
@paulmedynski paulmedynski linked an issue Dec 12, 2025 that may be closed by this pull request
[6.1] Remove unused dependencies #3807
Open
@mdaigle mdaigle mentioned this pull request Dec 16, 2025
Merged
@paulmedynski
- Added several direct dependencies that were mistakenly removed earl…
1f7a52f 
…ier.

- Minor tweaks to build tasks to work on Linux with the dotnet CLI.
Copilot AI review requested due to automatic review settings December 17, 2025 17:42
Copilot AI reviewed Dec 17, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 26 out of 26 changed files in this pull request and generated 1 comment.

paulmedynski
paulmedynski commented Dec 17, 2025
View reviewed changes
@paulmedynski
- Upgraded AzureIdentity to 1.17.1, DiagnosticSource to 8.0.1 and 9.0…
1223d9b 
….11, and Microsoft.Identity.Client to 4.79.2.
cheenamalhotra
cheenamalhotra previously approved these changes Jan 5, 2026
View reviewed changes
Copilot AI review requested due to automatic review settings January 7, 2026 19:12
Copilot AI reviewed Jan 7, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 26 out of 26 changed files in this pull request and generated 1 comment.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mdaigle mdaigle mdaigle left review comments

Copilot code review Copilot Copilot left review comments

@cheenamalhotra cheenamalhotra cheenamalhotra approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[6.1] Remove unused dependencies

4 participants

@paulmedynski @mdaigle @cheenamalhotra