soroush.asadi
cfff934bdd
The transitive SQLitePCLRaw.lib.e_sqlite3 2.1.11 (via EF Core 10 Sqlite) is flagged High by GHSA-2m69-gcr7-jv3q, and the 2.x line has no patched release (first_patched_version: null). Pin SQLitePCLRaw.bundle_e_sqlite3 3.0.3, which is outside the vulnerable range (<= 2.1.11). Runtime-verified: EnsureCreated and a DB read both succeed; `dotnet list package --vulnerable` is now clean. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
22 lines
887 B
XML
22 lines
887 B
XML
<Project Sdk="Microsoft.NET.Sdk.Web">
|
|
|
|
<PropertyGroup>
|
|
<TargetFramework>net10.0</TargetFramework>
|
|
<Nullable>enable</Nullable>
|
|
<ImplicitUsings>enable</ImplicitUsings>
|
|
<RootNamespace>SoroushAsadi</RootNamespace>
|
|
</PropertyGroup>
|
|
|
|
<ItemGroup>
|
|
<PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="10.0.0" />
|
|
<PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="10.0.0">
|
|
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
|
|
<PrivateAssets>all</PrivateAssets>
|
|
</PackageReference>
|
|
<!-- Override the transitive SQLitePCLRaw 2.1.11 (GHSA-2m69-gcr7-jv3q, no 2.x patch)
|
|
with the 3.0.x line, which is outside the vulnerable range (<= 2.1.11). -->
|
|
<PackageReference Include="SQLitePCLRaw.bundle_e_sqlite3" Version="3.0.3" />
|
|
</ItemGroup>
|
|
|
|
</Project>
|