[release/8.0] Switch Microsoft.Data.Sqlite and EFCore.Sqlite to SQLite3MC.PCLRaw.bundle#38534
[release/8.0] Switch Microsoft.Data.Sqlite and EFCore.Sqlite to SQLite3MC.PCLRaw.bundle#38534ViveliDuCh wants to merge 2 commits into
Conversation
There was a problem hiding this comment.
Pull request overview
Backports the SQLite bundle swap on release/8.0 so the shipped Microsoft.Data.Sqlite and Microsoft.EntityFrameworkCore.Sqlite packages depend on SQLite3MC.PCLRaw.bundle (instead of SQLitePCLRaw.bundle_e_sqlite3), addressing reported SQLite vulnerability concerns.
Changes:
- Update
Microsoft.Data.Sqliteto referenceSQLite3MC.PCLRaw.bundlev2.3.5. - Update
EFCore.Sqliteto referenceSQLite3MC.PCLRaw.bundlev2.3.5.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| src/Microsoft.Data.Sqlite/Microsoft.Data.Sqlite.csproj | Switch default bundled SQLite dependency to SQLite3MC.PCLRaw.bundle v2.3.5. |
| src/EFCore.Sqlite/EFCore.Sqlite.csproj | Switch default bundled SQLite dependency to SQLite3MC.PCLRaw.bundle v2.3.5. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| <ItemGroup> | ||
| <PackageReference Include="SQLitePCLRaw.bundle_e_sqlite3" Version="2.1.6" /> | ||
| <PackageReference Include="SQLite3MC.PCLRaw.bundle" Version="2.3.5" /> | ||
| </ItemGroup> |
There was a problem hiding this comment.
Addressed — added Microsoft.Data.Sqlite.sqlite3mc.Tests (refs SQLite3MC.PCLRaw.bundle 2.3.5, wired into the slnf + InternalsVisibleTo), so CI now loads and exercises the shipped e_sqlite3mc bundle directly; 672 tests pass.
| <ItemGroup> | ||
| <PackageReference Include="SQLitePCLRaw.bundle_e_sqlite3" Version="2.1.6" /> | ||
| <PackageReference Include="SQLite3MC.PCLRaw.bundle" Version="2.3.5" /> | ||
| </ItemGroup> |
There was a problem hiding this comment.
EFCore.Sqlite.Core loads SQLite via Microsoft.Data.Sqlite.Core, so the new sqlite3mc.Tests already validates the exact Core + e_sqlite3mc stack EF ships on — no separate EF variant added, matching main which keeps its EF tests on bundle_e_sqlite3.
Fixes #38257
Backports #38402
Backports the SQLite bundle swap (
SQLitePCLRaw.bundle_e_sqlite32.1.6 toSQLite3MC.PCLRaw.bundle2.3.5) torelease/8.0. See #38402 for the full rationale and dotnet/EntityFramework.Docs#5385 for the breaking-change docs.8.0-specific notes
SQLitePCLRaw3.x prerequisite migration is needed: release/8.0 does not use Central Package Management, so the new bundle's transitiveSQLitePCLRaw.core3.0.2 simply coexists with the unchanged 2.1.6 references in the sibling test projects, with no central version pins to update..csprojedits (Microsoft.Data.SqliteandEFCore.Sqlite). No benchmark csproj edit is needed on this branch (no explicit bundle reference exists there).Risk
Low to medium. Two-file servicing change. Opt-out remains available via the
.Corepackages.Testing
No new tests. Covered by existing Microsoft.Data.Sqlite and EFCore.Sqlite suites; branch builds clean and related tests pass.