Skip to content

High severity vulnerability fix: upgrade SQLitePCLRaw.lib.e_sqlite3 to 3.53.3#588

Merged
xperiandri merged 2 commits into
devfrom
copilot/fix-sqlitepclraw-lib-e-sqlite3
Jul 8, 2026
Merged

High severity vulnerability fix: upgrade SQLitePCLRaw.lib.e_sqlite3 to 3.53.3#588
xperiandri merged 2 commits into
devfrom
copilot/fix-sqlitepclraw-lib-e-sqlite3

Conversation

Copilot AI commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

SQLitePCLRaw.lib.e_sqlite3 2.1.11 bundles a vulnerable SQLite version (GHSA-2m69-gcr7-jv3q); no patched release exists in the 2.x series. Version 3.x repackages a safe SQLite build.

Changes

  • Packages.props — pins SQLitePCLRaw.lib.e_sqlite3 to 3.53.3 via PackageReference Update
  • samples/relay-book-store/relay-book-store.fsproj — adds an explicit PackageReference Include to activate the version override (required because Microsoft.Build.CentralPackageVersions only applies Update to directly referenced packages; the lib was previously only a transitive dep of Microsoft.Data.Sqlite)

…rity vulnerability GHSA-2m69-gcr7-jv3q

Co-authored-by: xperiandri <2365592+xperiandri@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix vulnerability in SQLitePCLRaw.lib.e_sqlite3 by updating package Fix high severity vulnerability: upgrade SQLitePCLRaw.lib.e_sqlite3 to 3.53.3 Jul 8, 2026
Copilot AI requested a review from xperiandri July 8, 2026 14:37
@xperiandri xperiandri marked this pull request as ready for review July 8, 2026 14:47
@xperiandri xperiandri enabled auto-merge (squash) July 8, 2026 14:48
@xperiandri xperiandri disabled auto-merge July 8, 2026 14:58
@xperiandri xperiandri changed the title Fix high severity vulnerability: upgrade SQLitePCLRaw.lib.e_sqlite3 to 3.53.3 High severity vulnerability fix: upgrade SQLitePCLRaw.lib.e_sqlite3 to 3.53.3 Jul 8, 2026
@xperiandri xperiandri changed the title High severity vulnerability fix: upgrade SQLitePCLRaw.lib.e_sqlite3 to 3.53.3 High severity vulnerability fix: upgrade SQLitePCLRaw.lib.e_sqlite3 to 3.53.3 Jul 8, 2026
@xperiandri xperiandri merged commit 15df50a into dev Jul 8, 2026
4 checks passed
@xperiandri xperiandri deleted the copilot/fix-sqlitepclraw-lib-e-sqlite3 branch July 8, 2026 14:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Error: Package 'SQLitePCLRaw.lib.e_sqlite3' 2.1.11 has a known high severity vulnerability

2 participants