Bump Microsoft.Data.SqlClient from 6.1.2 to 6.1.4

[dependabot]

Updated Microsoft.Data.SqlClient from 6.1.2 to 6.1.4.

Release notes

Sourced from Microsoft.Data.SqlClient's releases.

6.1.4

This update brings the following changes since the 6.1.3 release:

Fixed

• Fixed NullReferenceException issue with SqlDataAdapter when processing batch scenarios where certain SQL RPC calls may not include system parameters.
  (#​3877)
• Fixed connection pooling issue where extra connection deactivation was causing active connection counts to go negative.
  (#​3776)

Added

AppContext Switch for enabling MultiSubnetFailover

What Changed:

• Added new AppContext switch Switch.Microsoft.Data.SqlClient.EnableMultiSubnetFailoverByDefault to set MultiSubnetFailover=true by default in connection string.
  (#​3851)

Who Benefits:

• Applications that need MultiSubnetFailover enabled globally without modifying connection strings.

Impact:

• Applications can now enable MultiSubnetFailover globally using one of the following methods:

// In application code
AppContext.SetSwitch("Switch.Microsoft.Data.SqlClient.EnableMultiSubnetFailoverByDefault", true);

// In runtimeconfig.json
{
  "configProperties": {
    "Switch.Microsoft.Data.SqlClient.EnableMultiSubnetFailoverByDefault": true
  }
}

<!-- In App.Config -->
<runtime>
  <AppContextSwitchOverrides value="Switch.Microsoft.Data.SqlClient.EnableMultiSubnetFailoverByDefault=true" />
</runtime>

Changed

• Optimized SqlStatistics execution timing by using Environment.TickCount instead of more expensive timing mechanisms.
  ... (truncated)

6.1.3

This update includes the following changes since the 6.1.2 release:

Added

App Context Switch for Ignoring Server-Provided Failover Partner

What Changed:

• A new app context switch Switch.Microsoft.Data.SqlClient.IgnoreServerProvidedFailoverPartner was introduced to let the client ignore server-provided failover partner info in Basic Availability Groups (BAGs). When the switch is enabled, only the failover partner specified in the connection string is used; server-supplied partner values are skipped. This context switch was introduced in PR #​3702.

Who Benefits:

• Applications connecting to SQL Server BAGs using TCP and custom ports, especially where the server's provided partner name lacks the protocol, host, or port. This avoids connection failures when the server-provided partner is incompatible or incomplete.
• Teams who manage availability groups and rely on client-side control of failover behavior in heterogeneous networking environments.

Impact:

• If your environment might be affected (i.e., you operate a BAG with custom ports, or have experienced failures after failover), you can enable the new switch in your application:

AppContext.SetSwitch("Switch.Microsoft.Data.SqlClient.IgnoreServerProvidedFailoverPartner", true);

• Then, ensure your connection string includes your preferred failover partner (with correct tcp:host,port) so that the client uses that instead of the server's suggestion.
• Without enabling this, by default, the client continues to prefer the server-provided partner, maintaining backwards compatibility.

Fixed

• Fixed an issue to ensure reliable metrics initialization during startup, preventing missed telemetry when EventSource is enabled early. (#​3718)

Target Platform Support

• .NET Framework 4.6.2+ (Windows ARM64, Windows x86, Windows x64)
• .NET 8.0+ (Windows x86, Windows x64, Windows ARM64, Windows ARM, Linux, macOS)

Dependencies

.NET Framework 4.6.2+

• Azure.Core 1.47.1
• Azure.Identity 1.14.2
• Microsoft.Bcl.Cryptography 8.0.0
• Microsoft.Data.SqlClient.SNI 6.0.2
• Microsoft.Extensions.Caching.Memory 8.0.1
• Microsoft.IdentityModel.JsonWebTokens 7.7.1
• Microsoft.IdentityModel.Protocols.OpenIdConnect 7.7.1
• System.Buffers 4.5.1
• System.Data.Common 4.3.0
• System.Security.Cryptography.Pkcs 8.0.1
• System.Text.Encodings.Web 8.0.0
  ... (truncated)

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
nuget/Microsoft.Data.SqlClient	6.1.4	🟢 7	Details Check Score Reason Code-Review 🟢 9 Found 28/30 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 4 branch protection is not maximal on development and all release branches Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 9 SAST tool detected but not run on all commits Vulnerabilities 🟢 10 0 existing vulnerabilities detected

Scanned Files

• src/XtremeIdiots.Portal.Repository.DataLib/XtremeIdiots.Portal.Repository.DataLib.csproj

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud