Commit bab7540
authored
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
chore: Bump modernc.org/sqlite from 1.48.0 to 1.48.1 (#752)
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.48.0
to 1.48.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md">modernc.org/sqlite's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<ul>
<li>
<p>2026-04-06 v1.48.2:</p>
<ul>
<li>Fix ABI mapping mismatch in the pre-update hook trampoline that
caused silent truncation of large 64-bit RowIDs.</li>
<li>Ensure the Go trampoline signature correctly aligns with the public
<code>sqlite3_preupdate_hook</code> C API, preventing data corruption
for high-entropy keys (e.g., Snowflake IDs).</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/98">#98</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/98">https://gitlab.com/cznic/sqlite/-/merge_requests/98</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix the memory allocator used in
<code>(*conn).Deserialize</code>.</li>
<li>Replace <code>tls.Alloc</code> with <code>sqlite3_malloc64</code> to
prevent internal allocator corruption. This ensures the buffer is safely
owned by SQLite, which may resize or free it due to the
<code>SQLITE_DESERIALIZE_RESIZEABLE</code> and
<code>SQLITE_DESERIALIZE_FREEONCLOSE</code> flags.</li>
<li>Prevent a memory leak by properly freeing the allocated buffer if
fetching the main database name fails before handing ownership to
SQLite.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/100">#100</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/100">https://gitlab.com/cznic/sqlite/-/merge_requests/100</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix <code>(*conn).Deserialize</code> to explicitly reject
<code>nil</code> or empty byte slices.</li>
<li>Prevent silent database disconnection and connection pool corruption
caused by SQLite's default behavior when
<code>sqlite3_deserialize</code> receives a 0-length buffer.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/101">#101</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/101">https://gitlab.com/cznic/sqlite/-/merge_requests/101</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix <code>commitHookTrampoline</code> and
<code>rollbackHookTrampoline</code> signatures by removing the unused
<code>pCsr</code> parameter.</li>
<li>Aligns internal hook callbacks accurately with the underlying SQLite
C API, cleaning up the code to prevent potential future confusion or
bugs.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/102">#102</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/102">https://gitlab.com/cznic/sqlite/-/merge_requests/102</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix <code>checkptr</code> instrumentation failures during <code>go
test -race</code> when registering and using virtual tables
(<code>vtab</code>).</li>
<li>Allocate <code>sqlite3_module</code> instances using the C allocator
(<code>libc.Xcalloc</code>) instead of the Go heap. This ensures
transpiled C code can safely perform pointer operations on the struct
without tripping Go's pointer checks.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/103">#103</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/103">https://gitlab.com/cznic/sqlite/-/merge_requests/103</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix data race on <code>mutex.id</code> in the <code>mutexTry</code>
non-recursive path.</li>
<li>Ensure consistent atomic writes (<code>atomic.StoreInt32</code>) to
prevent data races with atomic loads in <code>mutexHeld</code> and
<code>mutexNotheld</code> during concurrent execution.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/104">#104</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/104">https://gitlab.com/cznic/sqlite/-/merge_requests/104</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix resource leak in <code>(*Backup).Commit</code> where the
destination connection was not closed on error.</li>
<li>Ensure <code>dstConn</code> is properly closed when
<code>sqlite3_backup_finish</code> fails, preventing file descriptor,
TLS, and memory leaks.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/105">#105</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/105">https://gitlab.com/cznic/sqlite/-/merge_requests/105</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix <code>Exec</code> to fully drain rows when encountering
<code>SQLITE_ROW</code>, preventing silent data loss in DML
statements.</li>
<li>Previously, <code>Exec</code> aborted after the first row, meaning
<code>INSERT</code>, <code>UPDATE</code>, or <code>DELETE</code>
statements with a <code>RETURNING</code> clause would fail to process
subsequent rows. The execution path now correctly loops until
<code>SQLITE_DONE</code> and properly respects context cancellations
during the drain loop, fully aligning with native C
<code>sqlite3_exec</code> semantics.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/106">#106</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/106">https://gitlab.com/cznic/sqlite/-/merge_requests/106</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix "Shadowed err value (stmt.go)".</li>
<li>See [GitLab issue <a
href="https://gitlab.com/cznic/sqlite/issues/249">#249</a>](<a
href="https://gitlab.com/cznic/sqlite/-/work_items/249">https://gitlab.com/cznic/sqlite/-/work_items/249</a>),
thanks Emrecan BATI!</li>
<li>Fix silent omission of virtual table savepoint callbacks by
correctly setting the sqlite3_module version.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/107">#107</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/107">https://gitlab.com/cznic/sqlite/-/merge_requests/107</a>),
thanks Josh Bleecher Snyder!</li>
</ul>
</li>
<li>
<p>2026-04-03 v1.48.1:</p>
<ul>
<li>Fix memory leaks and double-free vulnerabilities in the
multi-statement query execution path.</li>
<li>Ensure bind-parameter allocations are reliably freed via strict
ownership transfer if an error occurs mid-loop or if multiple statements
bind parameters.</li>
<li>Fix a resource leak where a subsequent statement's error could
orphan a previously generated <code>rows</code> object without closing
it, leaking the prepared statement handle.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/96">#96</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/96">https://gitlab.com/cznic/sqlite/-/merge_requests/96</a>),
thanks Josh Bleecher Snyder!</li>
</ul>
</li>
<li>
<p>2026-03-27 v1.48.0:</p>
<ul>
<li>Add <code>_timezone</code> DSN query parameter to apply IANA
timezones (e.g., "America/New_York") to both reads and
writes.</li>
<li>Writes will convert <code>time.Time</code> values to the target
timezone before formatting as a string.</li>
<li>Reads will interpret timezone-less strings as being in the target
timezone.</li>
<li>Does not impact <code>_inttotime</code> integer values, which will
always safely evaluate as UTC.</li>
<li>Add support for <code>_time_format=datetime</code> URI parameter to
format <code>time.Time</code> values identically to SQLite's native
<code>datetime()</code> function and <code>CURRENT_TIMESTAMP</code>
(<code>YYYY-MM-DD HH:MM:SS</code>).</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/94">#94</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/94">https://gitlab.com/cznic/sqlite/-/merge_requests/94</a>)
and [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/95">#95</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/95">https://gitlab.com/cznic/sqlite/-/merge_requests/95</a>),
thanks Josh Bleecher Snyder!</li>
</ul>
</li>
<li>
<p>2026-03-17 v1.47.0: Add CGO-free version of the vector extensions
from <a
href="https://github.com/asg017/sqlite-vec">https://github.com/asg017/sqlite-vec</a>.
See <code>vec_test.go</code> for example usage. From the GitHub project
page:</p>
<ul>
<li><strong>Important:</strong> sqlite-vec is a pre-v1, so expect
breaking changes!</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/51d1f91256bcb466efed1dd68e0cba740727b64c"><code>51d1f91</code></a>
CHANGELOG.md: document v1.48.1...</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/50a8b7f6450f1beb34a8e4e5455c3d70226d5c29"><code>50a8b7f</code></a>
CHANGELOG.md: document v1.48.1</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/60500243df654c8ef068a91517de0ec30bc34a44"><code>6050024</code></a>
Merge branch 'multi-stmt-double-free' into 'master'</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/ef93ba85ea85f92ab04b4a51ff501dfd4b7e4667"><code>ef93ba8</code></a>
improve memory safety of allocs in stmt.query</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/2a97c686c0d08529ca1138200bf6afe3d8dda66b"><code>2a97c68</code></a>
add conn.freeAllocs</li>
<li>See full diff in <a
href="https://gitlab.com/cznic/sqlite/compare/v1.48.0...v1.48.1">compare
view</a></li>
</ul>
</details>
<br />
<details>
<summary>Most Recent Ignore Conditions Applied to This Pull
Request</summary>
| Dependency Name | Ignore Conditions |
| --- | --- |
| modernc.org/sqlite | [>= 1.34.a, < 1.35] |
</details>
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>1 parent f0498c2 commit bab7540
2 files changed
Lines changed: 3 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
49 | 49 | | |
50 | 50 | | |
51 | 51 | | |
52 | | - | |
| 52 | + | |
53 | 53 | | |
54 | 54 | | |
55 | 55 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
286 | 286 | | |
287 | 287 | | |
288 | 288 | | |
289 | | - | |
290 | | - | |
| 289 | + | |
| 290 | + | |
291 | 291 | | |
292 | 292 | | |
293 | 293 | | |
| |||
0 commit comments