Skip to content

Bump sqlite3 from 5.1.7 to 6.0.1#12

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/sqlite3-6.0.1
Closed

Bump sqlite3 from 5.1.7 to 6.0.1#12
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/sqlite3-6.0.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 10, 2026
edited
Loading

Bumps sqlite3 from 5.1.7 to 6.0.1.

Release notes

Sourced from sqlite3's releases.

v6.0.1

  • Fixed prebuilt binaries for alpine/musl

Full Changelog: TryGhost/node-sqlite3@v6.0.0...v6.0.1

v6.0.0

What's Changed

New Contributors

Full Changelog: TryGhost/node-sqlite3@v5.1.7...v6.0.0

Commits
Maintainer changes

This version was pushed to npm by jonatan-ghost, a new releaser for sqlite3 since your current version.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 10, 2026
@dependabot
Bump sqlite3 from 5.1.7 to 6.0.1
0b88c9c 
Bumps [sqlite3](https://github.com/TryGhost/node-sqlite3) from 5.1.7 to 6.0.1.
- [Release notes](https://github.com/TryGhost/node-sqlite3/releases)
- [Commits](TryGhost/node-sqlite3@v5.1.7...v6.0.1)

---
updated-dependencies:
- dependency-name: sqlite3
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/sqlite3-6.0.1 branch from 6d42d25 to 0b88c9c Compare April 10, 2026 09:47
@jasonacollins
Copy link
Copy Markdown
Owner

jasonacollins commented Apr 10, 2026

Holding off on this bump. Two concerns:

  1. Upstream marked as unmaintained. Mark repository as unmaintained TryGhost/node-sqlite3#1844 marked the repo unmaintained immediately before v6 was cut, and v6.0.0/6.0.1 were published by a new releaser who had not previously shipped this package. Worth waiting and re-evaluating before pulling in.
  2. Node floor conflict. v6 modernised CI for Node 20+/22+/24+ while package.json still declares "engines": { "node": ">=16.0.0" }. Merging as-is would silently break that contract; any future bump needs to raise the engines floor first.

Longer term, the better move is likely migrating to better-sqlite3 (actively maintained, synchronous API, generally faster) rather than tracking this package further. Leaving on 5.1.7 for now. Dependabot can reopen if it wants to.

@jasonacollins jasonacollins deleted the dependabot/npm_and_yarn/sqlite3-6.0.1 branch April 10, 2026 10:04
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Apr 10, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jasonacollins