**Describe the bug** WorkflowCore.LockProviders.SqlServer references vulnerable System.Data.SqlClient 4.8.6 dependency. **To Reproduce** Open Nuget package manager in Visual Studio for the solution and check "Show only vulnerable" on the Installed tab. **Expected behavior** Microsoft.Data.SqlClient is used in all the projects instead of abandoned System.Data.SqlClient.