When I tried to build my projects this weekend, the build failed because warnings are treated as errors:

Warning As Error: Package ‘SQLitePCLRaw.lib.e_sqlite3’ 2.1.11 has a known high severity vulnerability, https://github.com/advisories/GHSA-2m69-gcr7-jv3q

This appears to come through as a transitive dependency from packages such as Microsoft.Data.Sqlite.

It turns out that this SQLite vulnerability is still affecting .NET 10. The related EF Core issue is currently assigned to the 10.0.11 milestone.

A current workaround suggested in the issue discussion is to add a newer SQLitePCLRaw.bundle_e_sqlite3 package version, such as 3.0.0 or later, as a direct project dependency.

GitHub issue: https://github.com/dotnet/efcore/issues/38257

This shows the importance of having guardrails, regardless of whether a project is built by AI or by humans. That’s why I like the TreatWarningsAsErrors flag: it prevented a known vulnerability from being shipped.