The transitive SQLitePCLRaw.lib.e_sqlite3 2.1.11 (via EF Core 10 Sqlite) is
flagged High by GHSA-2m69-gcr7-jv3q, and the 2.x line has no patched release
(first_patched_version: null). Pin SQLitePCLRaw.bundle_e_sqlite3 3.0.3, which
is outside the vulnerable range (<= 2.1.11). Runtime-verified: EnsureCreated
and a DB read both succeed; `dotnet list package --vulnerable` is now clean.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Full rewrite of the portfolio site from Next.js 14 to .NET 10:
- ASP.NET Core 10 Razor Pages, no Node.js dependency
- EF Core 10 + SQLite (same schema as before — data survives upgrade)
- Cookie authentication (same single-password model)
- Resend contact form via HttpClient
- Bilingual FA/EN via locale cookie + BasePageModel
- All UI ported to Razor Pages with Tailwind CDN + custom CSS
- Vanilla JS: particles, typewriter, cursor, animations, portfolio modal
- Dockerfile: SDK 10.0-alpine → aspnet 10.0-alpine (no npm/Node needed)
- CI/CD: dropped NPM_TOKEN, ADMIN_SESSION_SECRET — pure dotnet publish
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
soroush.asadi