Skip to content

fix: upgrade sqlite-net-base to 1.11.272-beta, address GHSA-2m69-gcr7-jv3q#14

Open
yurkinh with Copilot wants to merge 1 commit into
mainfrom
copilot/updates-based-on-discussion-36070
Open

fix: upgrade sqlite-net-base to 1.11.272-beta, address GHSA-2m69-gcr7-jv3q#14
yurkinh with Copilot wants to merge 1 commit into
mainfrom
copilot/updates-based-on-discussion-36070

Conversation

Copilot AI commented Jun 25, 2026

Copy link
Copy Markdown

sqlite-net-pcl 1.9.172 (still referenced in the official MAUI docs) transitively pulls in SQLitePCLRaw.lib.e_sqlite3 2.1.2, which bundles a vulnerable SQLite binary (GHSA-2m69-gcr7-jv3q, high severity). See dotnet/maui#36070.

This project already avoids the vulnerable package by using sqlite-net-base + an explicit bundle reference. This PR upgrades to the latest versions and makes the safe setup consistent across all projects.

Package updates

  • sqlite-net-base: 1.10.196-beta1.11.272-beta (library + both sample apps)
  • SQLitePCLRaw.bundle_green 2.1.11 added explicitly to ToDoSampleApp.csproj (was only a transitive dependency before)
  • Library PackageVersion bumped to 3.1.0

Recommended consumer setup:

<PackageReference Include="SQLiteNetExtensions.Modern" Version="3.1.0" />
<PackageReference Include="sqlite-net-base" Version="1.11.272-beta" />
<PackageReference Include="SQLitePCLRaw.bundle_green" Version="2.1.11" />

README

  • Fixed headline ("NET 9" → "NET 10")
  • Added Security section documenting GHSA-2m69-gcr7-jv3q and the safe package combination
  • Updated Installation section with the recommended package set and an explicit warning against sqlite-net-pcl 1.9.172

…cr7-jv3q

- Upgrade sqlite-net-base from 1.10.196-beta to 1.11.272-beta in all projects
- Add explicit SQLitePCLRaw.bundle_green 2.1.11 to ToDoSampleApp.csproj
- Bump package version to 3.1.0 with updated release notes
- Update README: fix .NET 10 header, add Security section, update Installation section
  referencing MAUI discussion #36070 (GHSA-2m69-gcr7-jv3q)
Copilot AI changed the title fix: upgrade sqlite-net-base to 1.11.272-beta and address GHSA-2m69-gcr7-jv3q fix: upgrade sqlite-net-base to 1.11.272-beta, address GHSA-2m69-gcr7-jv3q Jun 25, 2026
Copilot AI requested a review from yurkinh June 25, 2026 12:39
@yurkinh yurkinh marked this pull request as ready for review June 25, 2026 12:47
@yurkinh yurkinh requested review from MykhailoDav and Copilot June 25, 2026 12:47

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the library and sample apps to use newer sqlite-net-base and an explicit SQLitePCLRaw.bundle_green bundle to avoid the vulnerable SQLite binary pulled transitively by sqlite-net-pcl 1.9.172, and documents the recommended safe package combination.

Changes:

  • Bump SQLiteNetExtensions.Modern package version to 3.1.0 and upgrade sqlite-net-base to 1.11.272-beta.
  • Add an explicit SQLitePCLRaw.bundle_green 2.1.11 reference to ToDoSampleApp.
  • Update README to reflect .NET 10, add a Security section, and update installation guidance.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
src/SQLiteNetExtensions.Modern/SQLiteNetExtensions.Modern/SQLiteNetExtensions.csproj Bumps package version and upgrades sqlite-net-base for the shipped NuGet.
sample/ToDoSampleApp/ToDoSampleApp.csproj Upgrades sqlite-net-base and adds explicit SQLitePCLRaw.bundle_green to avoid relying on transitive bundle selection.
sample/IntegratedTestsSampleApp/IntegratedTestsSampleApp.csproj Upgrades sqlite-net-base to align with the library/samples while retaining the bundle reference.
README.md Documents the vulnerability context and the recommended safe package combination; updates .NET version messaging.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread README.md
# SQLiteNetExtensions.Modern

This is a .NET 9 migration of the [TwinCoders]([https://bitbucket.org/twincoders]) [SQLiteNetExtensions](https://bitbucket.org/twincoders/sqlite-net-extensions/src/master/)
This is a .NET 10 migration of the [TwinCoders]([https://bitbucket.org/twincoders]) [SQLiteNetExtensions](https://bitbucket.org/twincoders/sqlite-net-extensions/src/master/)
Comment thread README.md
Comment on lines 11 to +13
### What's new
## .NET 10
* Migrated extensions to .NET 10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants