Skip to content

fix(deps): replace SQLitePCLRaw audit suppression with patched version pin#10

Merged
JerrettDavis merged 1 commit into
mainfrom
fix/sqlite-pcl-raw-version-bump
Jun 23, 2026
Merged

fix(deps): replace SQLitePCLRaw audit suppression with patched version pin#10
JerrettDavis merged 1 commit into
mainfrom
fix/sqlite-pcl-raw-version-bump

Conversation

@JerrettDavis

Copy link
Copy Markdown
Owner

Summary

  • Pins SQLitePCLRaw.lib.e_sqlite3 to 3.50.3 in Directory.Packages.props, which is the patched release fixing GHSA-2m69-gcr7-jv3q (same fix proven on QuickApiMapper #125, McpManager #116, WrapGod #227, PokManagerUI #121, JD.AI #547)
  • Adds an explicit PackageReference for SQLitePCLRaw.lib.e_sqlite3 in JD.Worker.Core (the only project pulling it transitively via Microsoft.Data.Sqlite)
  • Removes the now-unnecessary NuGetAuditSuppress entry for GHSA-2m69-gcr7-jv3q from Directory.Build.props

Test plan

  • CI=true dotnet restore — clean, no NU1903 warnings
  • CI=true dotnet build --no-restore — 13 projects, 0 errors, 0 warnings
  • CI + CodeQL green on GitHub Actions
  • Dependabot alert for GHSA-2m69-gcr7-jv3q clears after merge

🤖 Generated with Claude Code

…n pin

Pin SQLitePCLRaw.lib.e_sqlite3 to 3.50.3 which fixes GHSA-2m69-gcr7-jv3q.
Add explicit PackageReference in JD.Worker.Core (which pulls it transitively
via Microsoft.Data.Sqlite). Remove the now-unnecessary NuGetAuditSuppress
entry from Directory.Build.props.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@JerrettDavis JerrettDavis merged commit 9e5054b into main Jun 23, 2026
3 checks passed
@JerrettDavis JerrettDavis deleted the fix/sqlite-pcl-raw-version-bump branch June 23, 2026 03:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant