[QuickApiMapper] Pin SQLitePCLRaw.lib.e_sqlite3 to 3.50.3 to clear GHSA-2m69-gcr7-jv3q

[JerrettDavis]

Microsoft.EntityFrameworkCore.Sqlite 10.0.9 transitively pulls in
SQLitePCLRaw.bundle_e_sqlite3 2.1.11 which pins lib.e_sqlite3 to 2.1.11.
GHSA-2m69-gcr7-jv3q marks all lib.e_sqlite3 <= 2.1.11 as high severity,
with no patched 2.x version available.

Fix: add SQLitePCLRaw.lib.e_sqlite3 3.50.3 to Directory.Packages.props
and explicit PackageReferences in the two projects that directly pull
in the SQLite stack (Persistence.SQLite, Management.Api). This forces
NuGet to resolve the native binary to the secure 3.50.3 release.

Co-Authored-By: Claude Opus 4.6 noreply@anthropic.com

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

src/QuickApiMapper.Management.Api/QuickApiMapper.Management.Api.csproj

Package	Version	License	Issue Type
SQLitePCLRaw.lib.e_sqlite3	>= 0	Null	Unknown License

src/QuickApiMapper.Persistence.SQLite/QuickApiMapper.Persistence.SQLite.csproj

Package	Version	License	Issue Type
SQLitePCLRaw.lib.e_sqlite3	>= 0	Null	Unknown License

Denied Licenses:

GPL-2.0, GPL-3.0, AGPL-3.0

OpenSSF Scorecard

Package	Version	Score	Details
nuget/SQLitePCLRaw.lib.e_sqlite3	>= 0	Unknown	Unknown
nuget/SQLitePCLRaw.lib.e_sqlite3	>= 0	Unknown	Unknown

Scanned Files

• src/QuickApiMapper.Management.Api/QuickApiMapper.Management.Api.csproj
• src/QuickApiMapper.Persistence.SQLite/QuickApiMapper.Persistence.SQLite.csproj

[github-actions]

Test Results

118 tests  ±0   118 ✅ ±0   6s ⏱️ -1s
  2 suites ±0     0 💤 ±0 
  2 files   ±0     0 ❌ ±0 

Results for commit a5e45b7. ± Comparison against base commit 4ca9cbf.

[github-actions]

🔍 PR Validation Results

Version: 0.0.0-g593803b10d

📦 Detected NuGet Packages (17)

• Demo.JsonApi
• Demo.SoapApi
• QuickApiMapper.Application
• QuickApiMapper.Behaviors
• QuickApiMapper.Contracts
• QuickApiMapper.CustomTransformers
• QuickApiMapper.Extensions.RabbitMQ
• QuickApiMapper.Extensions.ServiceBus
• QuickApiMapper.Extensions.gRPC
• QuickApiMapper.Management.Contracts
• QuickApiMapper.MessageCapture.Abstractions
• QuickApiMapper.MessageCapture.InMemory
• QuickApiMapper.Persistence.Abstractions
• QuickApiMapper.Persistence.PostgreSQL
• QuickApiMapper.Persistence.SQLite
• QuickApiMapper.StandardTransformers
• QuickApiMapper.Tools.Migrator

🚀 Detected Executables (2)

• QuickApiMapper.Host.AppHost
• QuickApiMapper.Tools.Migrator

✅ Validation Steps

• Build solution
• Run unit tests
• Run integration tests
• Dry-run NuGet packaging
• Dry-run executable publishing

📊 Artifacts

Dry-run artifacts have been uploaded and will be available for 7 days.

---

This comment was automatically generated by the PR validation workflow.