Open
fix: upgrade sqlite-net-base to 1.11.272-beta, address GHSA-2m69-gcr7-jv3q#14
Conversation
…cr7-jv3q - Upgrade sqlite-net-base from 1.10.196-beta to 1.11.272-beta in all projects - Add explicit SQLitePCLRaw.bundle_green 2.1.11 to ToDoSampleApp.csproj - Bump package version to 3.1.0 with updated release notes - Update README: fix .NET 10 header, add Security section, update Installation section referencing MAUI discussion #36070 (GHSA-2m69-gcr7-jv3q)
Copilot
AI
changed the title
fix: upgrade sqlite-net-base to 1.11.272-beta and address GHSA-2m69-gcr7-jv3q
fix: upgrade sqlite-net-base to 1.11.272-beta, address GHSA-2m69-gcr7-jv3q
Jun 25, 2026
Copilot created this pull request from a session on behalf of
yurkinh
June 25, 2026 12:39
View session
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the library and sample apps to use newer sqlite-net-base and an explicit SQLitePCLRaw.bundle_green bundle to avoid the vulnerable SQLite binary pulled transitively by sqlite-net-pcl 1.9.172, and documents the recommended safe package combination.
Changes:
- Bump
SQLiteNetExtensions.Modernpackage version to3.1.0and upgradesqlite-net-baseto1.11.272-beta. - Add an explicit
SQLitePCLRaw.bundle_green 2.1.11reference toToDoSampleApp. - Update README to reflect .NET 10, add a Security section, and update installation guidance.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| src/SQLiteNetExtensions.Modern/SQLiteNetExtensions.Modern/SQLiteNetExtensions.csproj | Bumps package version and upgrades sqlite-net-base for the shipped NuGet. |
| sample/ToDoSampleApp/ToDoSampleApp.csproj | Upgrades sqlite-net-base and adds explicit SQLitePCLRaw.bundle_green to avoid relying on transitive bundle selection. |
| sample/IntegratedTestsSampleApp/IntegratedTestsSampleApp.csproj | Upgrades sqlite-net-base to align with the library/samples while retaining the bundle reference. |
| README.md | Documents the vulnerability context and the recommended safe package combination; updates .NET version messaging. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # SQLiteNetExtensions.Modern | ||
|
|
||
| This is a .NET 9 migration of the [TwinCoders]([https://bitbucket.org/twincoders]) [SQLiteNetExtensions](https://bitbucket.org/twincoders/sqlite-net-extensions/src/master/) | ||
| This is a .NET 10 migration of the [TwinCoders]([https://bitbucket.org/twincoders]) [SQLiteNetExtensions](https://bitbucket.org/twincoders/sqlite-net-extensions/src/master/) |
Comment on lines
11
to
+13
| ### What's new | ||
| ## .NET 10 | ||
| * Migrated extensions to .NET 10 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
sqlite-net-pcl 1.9.172(still referenced in the official MAUI docs) transitively pulls inSQLitePCLRaw.lib.e_sqlite3 2.1.2, which bundles a vulnerable SQLite binary (GHSA-2m69-gcr7-jv3q, high severity). See dotnet/maui#36070.This project already avoids the vulnerable package by using
sqlite-net-base+ an explicit bundle reference. This PR upgrades to the latest versions and makes the safe setup consistent across all projects.Package updates
sqlite-net-base:1.10.196-beta→1.11.272-beta(library + both sample apps)SQLitePCLRaw.bundle_green 2.1.11added explicitly toToDoSampleApp.csproj(was only a transitive dependency before)PackageVersionbumped to3.1.0Recommended consumer setup:
README
sqlite-net-pcl 1.9.172