Skip to content

fix(deps): bump SQLitePCLRaw.lib.e_sqlite3 to 3.50.3 (GHSA-2m69-gcr7-jv3q)#547

Merged
JerrettDavis merged 1 commit into
mainfrom
fix/deps-sqlitepcl-3.50.3
Jun 22, 2026
Merged

fix(deps): bump SQLitePCLRaw.lib.e_sqlite3 to 3.50.3 (GHSA-2m69-gcr7-jv3q)#547
JerrettDavis merged 1 commit into
mainfrom
fix/deps-sqlitepcl-3.50.3

Conversation

@JerrettDavis

Copy link
Copy Markdown
Owner

Summary

Test plan

  • dotnet restore — clean, no NU1903 advisory warnings
  • dotnet build --no-restore -warnaserror — Build succeeded, 0 warnings, 0 errors (with TreatWarningsAsErrors=true active)
  • CI Integration Tests green
  • Dependabot alert for GHSA-2m69-gcr7-jv3q closes automatically after merge

🤖 Generated with Claude Code

…jv3q)

Pin SQLitePCLRaw.lib.e_sqlite3 to 3.50.3 (patched against CVE-2025-6965 /
GHSA-2m69-gcr7-jv3q) in Directory.Packages.props and add explicit
PackageReference entries in the four projects that directly pull in
Microsoft.Data.Sqlite or Microsoft.EntityFrameworkCore.Sqlite to ensure NuGet
resolves the pinned version rather than the transitive 2.1.11.

Remove the now-unnecessary NuGetAuditSuppress for GHSA-2m69-gcr7-jv3q from
Directory.Build.props. Build verified clean: dotnet restore + dotnet build
with TreatWarningsAsErrors=true, 0 warnings, 0 errors.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@github-actions

Copy link
Copy Markdown
Contributor

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 4 package(s) with unknown licenses.
See the Details below.

License Issues

src/JD.AI.Channels.Queue/JD.AI.Channels.Queue.csproj

PackageVersionLicenseIssue Type
SQLitePCLRaw.lib.e_sqlite3>= 0NullUnknown License

src/JD.AI.Core/JD.AI.Core.csproj

PackageVersionLicenseIssue Type
SQLitePCLRaw.lib.e_sqlite3>= 0NullUnknown License

src/JD.AI.Workflows/JD.AI.Workflows.csproj

PackageVersionLicenseIssue Type
SQLitePCLRaw.lib.e_sqlite3>= 0NullUnknown License

src/JD.AI/JD.AI.csproj

PackageVersionLicenseIssue Type
SQLitePCLRaw.lib.e_sqlite3>= 0NullUnknown License
Denied Licenses: GPL-2.0, GPL-3.0, AGPL-3.0

OpenSSF Scorecard

PackageVersionScoreDetails
nuget/SQLitePCLRaw.lib.e_sqlite3 >= 0 UnknownUnknown
nuget/SQLitePCLRaw.lib.e_sqlite3 >= 0 UnknownUnknown
nuget/SQLitePCLRaw.lib.e_sqlite3 >= 0 UnknownUnknown
nuget/SQLitePCLRaw.lib.e_sqlite3 >= 0 UnknownUnknown

Scanned Files

  • src/JD.AI.Channels.Queue/JD.AI.Channels.Queue.csproj
  • src/JD.AI.Core/JD.AI.Core.csproj
  • src/JD.AI.Workflows/JD.AI.Workflows.csproj
  • src/JD.AI/JD.AI.csproj

@github-actions

Copy link
Copy Markdown
Contributor

Code Coverage

Summary
  Generated on: 06/22/2026 - 19:41:12
  Coverage date: 06/22/2026 - 19:39:12 - 06/22/2026 - 19:41:03
  Parser: MultiReport (7x Cobertura)
  Assemblies: 23
  Classes: 1067
  Files: 591
  Line coverage: 74.6%
  Covered lines: 36831
  Uncovered lines: 12480
  Coverable lines: 49311
  Total lines: 97272
  Branch coverage: 61.8% (13923 of 22510)
  Covered branches: 13923
  Total branches: 22510
  Method coverage: 86.4% (6316 of 7307)
  Full method coverage: 74.2% (5426 of 7307)
  Covered methods: 6316
  Fully covered methods: 5426
  Total methods: 7307

@github-actions

Copy link
Copy Markdown
Contributor

Test Results

7 641 tests   7 622 ✅  2m 29s ⏱️
    7 suites     19 💤
    7 files        0 ❌

Results for commit 1c333cb.

@JerrettDavis JerrettDavis merged commit f0da40b into main Jun 22, 2026
15 checks passed
@JerrettDavis JerrettDavis deleted the fix/deps-sqlitepcl-3.50.3 branch June 22, 2026 19:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant