Skip to content

chore(deps): bump the minor-patch group across 1 directory with 2 updates#849

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/minor-patch-577a0ff32d
Closed

chore(deps): bump the minor-patch group across 1 directory with 2 updates#849
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/minor-patch-577a0ff32d

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 11, 2026
edited
Loading

Bumps the minor-patch group with 2 updates in the / directory: golang.org/x/crypto and modernc.org/sqlite.

Updates golang.org/x/crypto from 0.50.0 to 0.51.0

Commits
  • b8a14a8 go.mod: update golang.org/x dependencies
  • 9d9d507 x509roots/fallback/bundle: fix bundle test with Go 1.27+
  • fd0b90d acme: include Problem in OrderError.Error
  • b9e5359 pbkdf2: turn into a wrapper for crypto/pbkdf2
  • cc0e4fc hkdf: forward Extract to the standard library
  • a8e9237 x509roots/fallback: update bundle
  • See full diff in compare view

Updates modernc.org/sqlite from 1.50.0 to 1.50.1

Changelog

Sourced from modernc.org/sqlite's changelog.

Changelog

  • 2026-05-10 v1.50.1:

  • 2026-04-24 v1.50.0:

    • Upgrade to sqlite-vec v0.1.9.
    • Introduce ColumnInfo, enabling dynamic query builders and ORMs to retrieve underlying SQLite C-API metadata (OriginName, TableName, DatabaseName, and DeclType).
    • This feature is exposed via the idiomatic database/sql escape hatch (*sql.Conn).Raw(), avoiding custom statement handles and keeping the standard library workflow intact.
    • See [GitLab merge request #113](https://gitlab.com/cznic/sqlite/-/merge_requests/113), thanks Josh Bleecher Snyder!

  • 2026-04-17 v1.49.0: Upgrade to SQLite 3.53.0.

  • 2026-04-06 v1.48.2:

    • Fix ABI mapping mismatch in the pre-update hook trampoline that caused silent truncation of large 64-bit RowIDs.
    • Ensure the Go trampoline signature correctly aligns with the public sqlite3_preupdate_hook C API, preventing data corruption for high-entropy keys (e.g., Snowflake IDs).
    • See [GitLab merge request #98](https://gitlab.com/cznic/sqlite/-/merge_requests/98), thanks Josh Bleecher Snyder!
    • Fix the memory allocator used in (*conn).Deserialize.
    • Replace tls.Alloc with sqlite3_malloc64 to prevent internal allocator corruption. This ensures the buffer is safely owned by SQLite, which may resize or free it due to the SQLITE_DESERIALIZE_RESIZEABLE and SQLITE_DESERIALIZE_FREEONCLOSE flags.
    • Prevent a memory leak by properly freeing the allocated buffer if fetching the main database name fails before handing ownership to SQLite.
    • See [GitLab merge request #100](https://gitlab.com/cznic/sqlite/-/merge_requests/100), thanks Josh Bleecher Snyder!
    • Fix (*conn).Deserialize to explicitly reject nil or empty byte slices.
    • Prevent silent database disconnection and connection pool corruption caused by SQLite's default behavior when sqlite3_deserialize receives a 0-length buffer.
    • See [GitLab merge request #101](https://gitlab.com/cznic/sqlite/-/merge_requests/101), thanks Josh Bleecher Snyder!
    • Fix commitHookTrampoline and rollbackHookTrampoline signatures by removing the unused pCsr parameter.
    • Aligns internal hook callbacks accurately with the underlying SQLite C API, cleaning up the code to prevent potential future confusion or bugs.
    • See [GitLab merge request #102](https://gitlab.com/cznic/sqlite/-/merge_requests/102), thanks Josh Bleecher Snyder!
    • Fix checkptr instrumentation failures during go test -race when registering and using virtual tables (vtab).
    • Allocate sqlite3_module instances using the C allocator (libc.Xcalloc) instead of the Go heap. This ensures transpiled C code can safely perform pointer operations on the struct without tripping Go's pointer checks.
    • See [GitLab merge request #103](https://gitlab.com/cznic/sqlite/-/merge_requests/103), thanks Josh Bleecher Snyder!
    • Fix data race on mutex.id in the mutexTry non-recursive path.
    • Ensure consistent atomic writes (atomic.StoreInt32) to prevent data races with atomic loads in mutexHeld and mutexNotheld during concurrent execution.
    • See [GitLab merge request #104](https://gitlab.com/cznic/sqlite/-/merge_requests/104), thanks Josh Bleecher Snyder!
    • Fix resource leak in (*Backup).Commit where the destination connection was not closed on error.
    • Ensure dstConn is properly closed when sqlite3_backup_finish fails, preventing file descriptor, TLS, and memory leaks.
    • See [GitLab merge request #105](https://gitlab.com/cznic/sqlite/-/merge_requests/105), thanks Josh Bleecher Snyder!
    • Fix Exec to fully drain rows when encountering SQLITE_ROW, preventing silent data loss in DML statements.
    • Previously, Exec aborted after the first row, meaning INSERT, UPDATE, or DELETE statements with a RETURNING clause would fail to process subsequent rows. The execution path now correctly loops until SQLITE_DONE and properly respects context cancellations during the drain loop, fully aligning with native C sqlite3_exec semantics.
    • See [GitLab merge request #106](https://gitlab.com/cznic/sqlite/-/merge_requests/106), thanks Josh Bleecher Snyder!
    • Fix "Shadowed err value (stmt.go)".
    • See [GitLab issue #249](https://gitlab.com/cznic/sqlite/-/work_items/249), thanks Emrecan BATI!
    • Fix silent omission of virtual table savepoint callbacks by correctly setting the sqlite3_module version.
    • See [GitLab merge request #107](https://gitlab.com/cznic/sqlite/-/merge_requests/107), thanks Josh Bleecher Snyder!
    • Fix vfsRead to properly handle partial and fragmented reads from io.Reader.
    • Replace f.Read with io.ReadFull to ensure the buffer is fully populated, preventing premature SQLITE_IOERR_SHORT_READ errors on valid mid-stream partial reads. Unread tail bytes at EOF are now efficiently zero-filled using the built-in clear function.
    • See [GitLab merge request #108](https://gitlab.com/cznic/sqlite/-/merge_requests/108), thanks Josh Bleecher Snyder!
    • Refactor internal error formatting to safely handle uninitialized or closed database pointers.
    • Prevent a misleading "out of memory" error message when an operation fails and the underlying SQLite database handle is NULL (db == 0).
    • See [GitLab merge request #109](https://gitlab.com/cznic/sqlite/-/merge_requests/109), thanks Josh Bleecher Snyder!

... (truncated)

Commits

View in Codesmith
Need help on this PR? Tag @codesmith with what you need.

  • Let Codesmith autofix CI failures and bot reviews

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels May 11, 2026
@dosubot dosubot Bot added the size:S This PR changes 10-29 lines, ignoring generated files. label May 11, 2026
@dependabot
chore(deps): bump the minor-patch group across 1 directory with 2 upd…
f92767e 
…ates

Bumps the minor-patch group with 2 updates in the / directory: [golang.org/x/crypto](https://github.com/golang/crypto) and [modernc.org/sqlite](https://gitlab.com/cznic/sqlite).


Updates `golang.org/x/crypto` from 0.50.0 to 0.51.0
- [Commits](golang/crypto@v0.50.0...v0.51.0)

Updates `modernc.org/sqlite` from 1.50.0 to 1.50.1
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.50.0...v1.50.1)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.51.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-patch
- dependency-name: modernc.org/sqlite
  dependency-version: 1.50.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump the minor-patch group with 2 updates chore(deps): bump the minor-patch group across 1 directory with 2 updates May 12, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/minor-patch-577a0ff32d branch from c77ab2f to f92767e Compare May 12, 2026 13:19
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 13, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this May 13, 2026
@dependabot dependabot Bot deleted the dependabot/go_modules/minor-patch-577a0ff32d branch May 13, 2026 08:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code size:S This PR changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants