b461b2bcf8
The patched native SQLite bundle shipped: SQLitePCLRaw.bundle_e_sqlite3 2.1.12 is the first version outside the CVE-2025-6965 / GHSA-2m69-gcr7-jv3q vulnerable range (<= 2.1.11), embedding the SQLite 3.50.2+ fix. - Bump Microsoft.Data.Sqlite 9.0.0 -> 10.0.7 (aligns with the EF Core 10.0.7 family). This alone still pulls the native bundle 2.1.11, so: - Add a surgical direct pin of SQLitePCLRaw.bundle_e_sqlite3 2.1.12 in Core.AlarmHistorian (the sole consumer), overriding the transitive 2.1.11 without enabling CentralPackageTransitivePinningEnabled (which breaks the Roslyn 5.0/4.12 split). - Remove the temporary NuGetAuditSuppress from Directory.Build.props. Verified: dotnet restore/build clean with audit active (no GHSA-2m69), every in-solution project resolves lib.e_sqlite3 2.1.12, AlarmHistorian tests 29/29 green against the real native bundle. Closes #458