soroushdes/soroushasadi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix SQLite advisory: bump SQLitePCLRaw to 3.0.x

Browse Source 
The transitive SQLitePCLRaw.lib.e_sqlite3 2.1.11 (via EF Core 10 Sqlite) is
flagged High by GHSA-2m69-gcr7-jv3q, and the 2.x line has no patched release
(first_patched_version: null). Pin SQLitePCLRaw.bundle_e_sqlite3 3.0.3, which
is outside the vulnerable range (<= 2.1.11). Runtime-verified: EnsureCreated
and a DB read both succeed; `dotnet list package --vulnerable` is now clean.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
soroush.asadi
2026-06-26 03:06:10 +03:30
parent dd882287df
commit cfff934bdd
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
SoroushAsadi.Web.csproj
+3
View File
@@ -13,6 +13,9 @@
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
<PrivateAssets>all</PrivateAssets>
</PackageReference>
<!-- Override the transitive SQLitePCLRaw 2.1.11 (GHSA-2m69-gcr7-jv3q, no 2.x patch)
with the 3.0.x line, which is outside the vulnerable range (<= 2.1.11). -->
<PackageReference Include="SQLitePCLRaw.bundle_e_sqlite3" Version="3.0.3" />
</ItemGroup>
</Project>