Skip to content

[release/8.0] Switch Microsoft.Data.Sqlite and EFCore.Sqlite to SQLite3MC.PCLRaw.bundle#38534

Open
ViveliDuCh wants to merge 2 commits into
release/8.0from
backport/sqlite3mc-to-release/8.0
Open

[release/8.0] Switch Microsoft.Data.Sqlite and EFCore.Sqlite to SQLite3MC.PCLRaw.bundle#38534
ViveliDuCh wants to merge 2 commits into
release/8.0from
backport/sqlite3mc-to-release/8.0

Conversation

@ViveliDuCh

@ViveliDuCh ViveliDuCh commented Jun 30, 2026

Copy link
Copy Markdown
Member

Fixes #38257
Backports #38402

Backports the SQLite bundle swap (SQLitePCLRaw.bundle_e_sqlite3 2.1.6 to SQLite3MC.PCLRaw.bundle 2.3.5) to release/8.0. See #38402 for the full rationale and dotnet/EntityFramework.Docs#5385 for the breaking-change docs.

8.0-specific notes

  • No SQLitePCLRaw 3.x prerequisite migration is needed: release/8.0 does not use Central Package Management, so the new bundle's transitive SQLitePCLRaw.core 3.0.2 simply coexists with the unchanged 2.1.6 references in the sibling test projects, with no central version pins to update.
  • Change is two inline .csproj edits (Microsoft.Data.Sqlite and EFCore.Sqlite). No benchmark csproj edit is needed on this branch (no explicit bundle reference exists there).

Risk

Low to medium. Two-file servicing change. Opt-out remains available via the .Core packages.

Testing

No new tests. Covered by existing Microsoft.Data.Sqlite and EFCore.Sqlite suites; branch builds clean and related tests pass.

@ViveliDuCh ViveliDuCh self-assigned this Jun 30, 2026
@ViveliDuCh ViveliDuCh requested a review from AndriySvyryd June 30, 2026 06:19
@ViveliDuCh ViveliDuCh marked this pull request as ready for review June 30, 2026 06:19
Copilot AI review requested due to automatic review settings June 30, 2026 06:19

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Backports the SQLite bundle swap on release/8.0 so the shipped Microsoft.Data.Sqlite and Microsoft.EntityFrameworkCore.Sqlite packages depend on SQLite3MC.PCLRaw.bundle (instead of SQLitePCLRaw.bundle_e_sqlite3), addressing reported SQLite vulnerability concerns.

Changes:

  • Update Microsoft.Data.Sqlite to reference SQLite3MC.PCLRaw.bundle v2.3.5.
  • Update EFCore.Sqlite to reference SQLite3MC.PCLRaw.bundle v2.3.5.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
src/Microsoft.Data.Sqlite/Microsoft.Data.Sqlite.csproj Switch default bundled SQLite dependency to SQLite3MC.PCLRaw.bundle v2.3.5.
src/EFCore.Sqlite/EFCore.Sqlite.csproj Switch default bundled SQLite dependency to SQLite3MC.PCLRaw.bundle v2.3.5.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines 26 to 28
<ItemGroup>
<PackageReference Include="SQLitePCLRaw.bundle_e_sqlite3" Version="2.1.6" />
<PackageReference Include="SQLite3MC.PCLRaw.bundle" Version="2.3.5" />
</ItemGroup>

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed — added Microsoft.Data.Sqlite.sqlite3mc.Tests (refs SQLite3MC.PCLRaw.bundle 2.3.5, wired into the slnf + InternalsVisibleTo), so CI now loads and exercises the shipped e_sqlite3mc bundle directly; 672 tests pass.

Comment on lines 49 to 51
<ItemGroup>
<PackageReference Include="SQLitePCLRaw.bundle_e_sqlite3" Version="2.1.6" />
<PackageReference Include="SQLite3MC.PCLRaw.bundle" Version="2.3.5" />
</ItemGroup>

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

EFCore.Sqlite.Core loads SQLite via Microsoft.Data.Sqlite.Core, so the new sqlite3mc.Tests already validates the exact Core + e_sqlite3mc stack EF ships on — no separate EF variant added, matching main which keeps its EF tests on bundle_e_sqlite3.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants