[5.1] Dependency Cleanup

[paulmedynski]

Description

• Removed unused dependencies across all driver and test projects.
• Updated some dependencies, avoiding transitive vulnerabilities.
• Updated nuspec files to remove/update dependencies accordingly.

NOTE: Some packages have DOWNGRADED major versions due to migrating from Direct dependencies to Transitive dependencies. This will have no effect on downstream apps, since the intermediate packages were already compatible with the previous Direct dependency versions. If apps were directly using those packages at-or-above the previous versions, NuGet will automatically resolve the transitive dependencies as it was doing before.

Details

MDS

Package	Target Framework	Previous Dependency Type	Previous Version	Current Dependency Type	Current Version
Microsoft.Bcl.AsyncInterfaces	net462	Transitive	6.0.0	Transitive	1.1.1
System.Buffers	net462	Direct	4.5.1	Direct	4.6.1
System.Buffers	netstandard2.0	Direct	4.5.1	Direct	4.6.1
System.Diagnostics.DiagnosticSource	net6.0	Direct	6.0.1	Transitive	6.0.1
System.Text.Encodings.Web	net462	Direct	6.0.1	Transitive	4.7.2
System.Text.Encodings.Web	net6.0	Direct	6.0.1	Transitive	4.7.2
System.Text.Encodings.Web	netstandard2.0	Direct	6.0.1	Transitive	4.7.2
System.Text.Encodings.Web	netstandard2.1	Direct	6.0.1	Transitive	4.7.2
System.Text.Json	net462	Direct	6.0.11	Transitive	4.7.2

AKV

Package	Target Framework	Previous Dependency Type	Previous Version	Current Dependency Type	Current Version
System.Buffers	net462	Direct	4.5.1	Direct	4.6.1
System.Buffers	netstandard2.0	Direct	4.5.1	Direct	4.6.1
System.Text.Encodings.Web	net462	Direct	6.0.1	Transitive	4.7.2
System.Text.Encodings.Web	net6.0	Direct	6.0.1	Transitive	4.7.2
System.Text.Encodings.Web	netstandard2.0	Direct	6.0.1	Transitive	4.7.2

Issues

Resolves #3809.

Testing

• CI will validate the changes.
• Manually inspected the full package dependency tree for the driver projects to ensure no major version increments.
• Manuall inspected CI runs to observe that tests are being executed for the expected target frameworks and architectures.

[Copilot]

Pull request overview

This PR removes unused dependencies and updates some dependency versions across the Microsoft.Data.SqlClient driver and test projects to eliminate transitive vulnerabilities without introducing breaking changes.

Key Changes:

• Removed unused dependencies (System.Text.Encodings.Web, System.Text.Json, System.Diagnostics.DiagnosticSource, System.Private.Uri, Microsoft.Win32.Registry)
• Updated test and common dependency versions (e.g., Microsoft.NET.Test.Sdk, Newtonsoft.Json, System.Buffers, Microsoft.Extensions.Hosting)
• Reorganized and improved comments in Versions.props for better clarity

Reviewed changes

Copilot reviewed 10 out of 10 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
tools/specs/add-ons/Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.nuspec	Removed System.Text.Encodings.Web dependency from all target frameworks
tools/specs/Microsoft.Data.SqlClient.nuspec	Removed multiple unused dependencies across all target frameworks
tools/props/Versions.props	Updated dependency versions, removed obsolete version properties, and reorganized comments for clarity
src/Microsoft.Data.SqlClient/tests/ManualTests/Microsoft.Data.SqlClient.ManualTesting.Tests.csproj	Removed unused package references
src/Microsoft.Data.SqlClient/tests/FunctionalTests/Microsoft.Data.SqlClient.Tests.csproj	Removed unused package references
src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj	Removed unused package references
src/Microsoft.Data.SqlClient/netfx/ref/Microsoft.Data.SqlClient.csproj	Removed unused package references
src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj	Removed unused package references
src/Microsoft.Data.SqlClient/netcore/ref/Microsoft.Data.SqlClient.csproj	Removed unused package references and conditional ItemGroup
src/Microsoft.Data.SqlClient/add-ons/AzureKeyVaultProvider/Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider.csproj	Removed unused package reference

[paulmedynski]

Commentary for reviewers.

[paulmedynski]

Updated from 4.5.1 -> 4.6.1

[paulmedynski]

Moved from line 26 unchanged.

[paulmedynski]

Moved from line 32 unchanged.

[paulmedynski]

Moved from line 40 unchanged.

[paulmedynski]

Moved from line 47 unchanged.

[paulmedynski]

Moved from line 42 unchanged.

[paulmedynski]

Moved from line 58 unchanged.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.13%. Comparing base (cc5c81a) to head (a55bdcf).

Additional details and impacted files

@@               Coverage Diff               @@
##           release/5.1    #3838      +/-   ##
===============================================
- Coverage        71.51%   71.13%   -0.39%     
===============================================
  Files              293      293              
  Lines            61928    61928              
===============================================
- Hits             44289    44053     -236     
- Misses           17639    17875     +236     

Flag	Coverage Δ
addons	92.38% <ø> (ø)
netcore	74.39% <ø> (-0.64%)	⬇️
netfx	69.95% <ø> (+0.03%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull request overview

Copilot reviewed 10 out of 10 changed files in this pull request and generated no new comments.