Commit a67e783
authored
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
chore: Bump modernc.org/sqlite from 1.48.1 to 1.48.2 (#768)
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.48.1
to 1.48.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md">modernc.org/sqlite's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<ul>
<li>
<p>2026-04-06 v1.48.2:</p>
<ul>
<li>Fix ABI mapping mismatch in the pre-update hook trampoline that
caused silent truncation of large 64-bit RowIDs.</li>
<li>Ensure the Go trampoline signature correctly aligns with the public
<code>sqlite3_preupdate_hook</code> C API, preventing data corruption
for high-entropy keys (e.g., Snowflake IDs).</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/98">#98</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/98">https://gitlab.com/cznic/sqlite/-/merge_requests/98</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix the memory allocator used in
<code>(*conn).Deserialize</code>.</li>
<li>Replace <code>tls.Alloc</code> with <code>sqlite3_malloc64</code> to
prevent internal allocator corruption. This ensures the buffer is safely
owned by SQLite, which may resize or free it due to the
<code>SQLITE_DESERIALIZE_RESIZEABLE</code> and
<code>SQLITE_DESERIALIZE_FREEONCLOSE</code> flags.</li>
<li>Prevent a memory leak by properly freeing the allocated buffer if
fetching the main database name fails before handing ownership to
SQLite.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/100">#100</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/100">https://gitlab.com/cznic/sqlite/-/merge_requests/100</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix <code>(*conn).Deserialize</code> to explicitly reject
<code>nil</code> or empty byte slices.</li>
<li>Prevent silent database disconnection and connection pool corruption
caused by SQLite's default behavior when
<code>sqlite3_deserialize</code> receives a 0-length buffer.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/101">#101</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/101">https://gitlab.com/cznic/sqlite/-/merge_requests/101</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix <code>commitHookTrampoline</code> and
<code>rollbackHookTrampoline</code> signatures by removing the unused
<code>pCsr</code> parameter.</li>
<li>Aligns internal hook callbacks accurately with the underlying SQLite
C API, cleaning up the code to prevent potential future confusion or
bugs.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/102">#102</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/102">https://gitlab.com/cznic/sqlite/-/merge_requests/102</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix <code>checkptr</code> instrumentation failures during <code>go
test -race</code> when registering and using virtual tables
(<code>vtab</code>).</li>
<li>Allocate <code>sqlite3_module</code> instances using the C allocator
(<code>libc.Xcalloc</code>) instead of the Go heap. This ensures
transpiled C code can safely perform pointer operations on the struct
without tripping Go's pointer checks.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/103">#103</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/103">https://gitlab.com/cznic/sqlite/-/merge_requests/103</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix data race on <code>mutex.id</code> in the <code>mutexTry</code>
non-recursive path.</li>
<li>Ensure consistent atomic writes (<code>atomic.StoreInt32</code>) to
prevent data races with atomic loads in <code>mutexHeld</code> and
<code>mutexNotheld</code> during concurrent execution.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/104">#104</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/104">https://gitlab.com/cznic/sqlite/-/merge_requests/104</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix resource leak in <code>(*Backup).Commit</code> where the
destination connection was not closed on error.</li>
<li>Ensure <code>dstConn</code> is properly closed when
<code>sqlite3_backup_finish</code> fails, preventing file descriptor,
TLS, and memory leaks.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/105">#105</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/105">https://gitlab.com/cznic/sqlite/-/merge_requests/105</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix <code>Exec</code> to fully drain rows when encountering
<code>SQLITE_ROW</code>, preventing silent data loss in DML
statements.</li>
<li>Previously, <code>Exec</code> aborted after the first row, meaning
<code>INSERT</code>, <code>UPDATE</code>, or <code>DELETE</code>
statements with a <code>RETURNING</code> clause would fail to process
subsequent rows. The execution path now correctly loops until
<code>SQLITE_DONE</code> and properly respects context cancellations
during the drain loop, fully aligning with native C
<code>sqlite3_exec</code> semantics.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/106">#106</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/106">https://gitlab.com/cznic/sqlite/-/merge_requests/106</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix "Shadowed err value (stmt.go)".</li>
<li>See [GitLab issue <a
href="https://gitlab.com/cznic/sqlite/issues/249">#249</a>](<a
href="https://gitlab.com/cznic/sqlite/-/work_items/249">https://gitlab.com/cznic/sqlite/-/work_items/249</a>),
thanks Emrecan BATI!</li>
<li>Fix silent omission of virtual table savepoint callbacks by
correctly setting the sqlite3_module version.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/107">#107</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/107">https://gitlab.com/cznic/sqlite/-/merge_requests/107</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix <code>vfsRead</code> to properly handle partial and fragmented
reads from <code>io.Reader</code>.</li>
<li>Replace <code>f.Read</code> with <code>io.ReadFull</code> to ensure
the buffer is fully populated, preventing premature
<code>SQLITE_IOERR_SHORT_READ</code> errors on valid mid-stream partial
reads. Unread tail bytes at EOF are now efficiently zero-filled using
the built-in <code>clear</code> function.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/108">#108</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/108">https://gitlab.com/cznic/sqlite/-/merge_requests/108</a>),
thanks Josh Bleecher Snyder!</li>
<li>Refactor internal error formatting to safely handle uninitialized or
closed database pointers.</li>
<li>Prevent a misleading "out of memory" error message when an
operation fails and the underlying SQLite database handle is
<code>NULL</code> (<code>db == 0</code>).</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/109">#109</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/109">https://gitlab.com/cznic/sqlite/-/merge_requests/109</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix error handling in database backup and restore initialization
(<code>sqlite3_backup_init</code>).</li>
<li>Ensure error codes and messages are accurately read from the
destination database handle rather than hardcoding the source or remote
handle. This prevents swallowed errors or mismatched "not an
error" messages when a backup or restore operation fails to
start.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/111">#111</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/111">https://gitlab.com/cznic/sqlite/-/merge_requests/111</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix database handle and C-heap memory leaks when
<code>sqlite3_open_v2</code> fails.</li>
<li>Ensure <code>sqlite3_close_v2</code> is called on the partially
allocated database handle during a failed open, and explicitly close
<code>libc.TLS</code> in <code>newConn</code> to prevent resource
leakage.</li>
<li>Prevent misleading "out of memory" error messages on
failed connections by correctly extracting the exact error string from
the allocated handle before it is closed.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/112">#112</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/112">https://gitlab.com/cznic/sqlite/-/merge_requests/112</a>),
thanks Josh Bleecher Snyder!</li>
</ul>
</li>
<li>
<p>2026-04-03 v1.48.1:</p>
<ul>
<li>Fix memory leaks and double-free vulnerabilities in the
multi-statement query execution path.</li>
<li>Ensure bind-parameter allocations are reliably freed via strict
ownership transfer if an error occurs mid-loop or if multiple statements
bind parameters.</li>
<li>Fix a resource leak where a subsequent statement's error could
orphan a previously generated <code>rows</code> object without closing
it, leaking the prepared statement handle.</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/df1697738de700bdbfe7a6ed822a8ddef14f1c98"><code>df16977</code></a>
CHANGELOG.md: add !112</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/172c3955c2894135d87e8a773248796afda13f77"><code>172c395</code></a>
Merge branch 'fix-openv2-handle-leak' into 'master'</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/27197307bbdb9c5c2a6dc683803f9c6e956e35a6"><code>2719730</code></a>
fix openV2 handle leak, TLS leak, and misleading error on failed
open</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/53c87f6f1d6ec3da80e5d094b823eb6e98292857"><code>53c87f6</code></a>
CHANGELOG.md: add !111</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/c324f373b73b9c1ee7c499bd4af630a8a84b0de2"><code>c324f37</code></a>
Merge branch 'fix-backup-restore-error-handle' into 'master'</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/fc791df12206f8b75bca585ff4dc2df078e35165"><code>fc791df</code></a>
read error from correct db handle on backup init failure</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/1620515255ac994489fdb3dd7a9437750ce5a2e5"><code>1620515</code></a>
CHANGELOG.md: add !109</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/72aaab4e35f35c8a500a97d868ca3007695ccce6"><code>72aaab4</code></a>
Merge branch 'errstr-for-db' into 'master'</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/2ae65f7f7e2831c44c0817b605cef87ccb94e126"><code>2ae65f7</code></a>
extract errstrForDB from conn.errstr</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/eeec006a0cd8791d7d6e05451b09188db6226406"><code>eeec006</code></a>
CHANGELOG.md: add !108</li>
<li>Additional commits viewable in <a
href="https://gitlab.com/cznic/sqlite/compare/v1.48.1...v1.48.2">compare
view</a></li>
</ul>
</details>
<br />
<details>
<summary>Most Recent Ignore Conditions Applied to This Pull
Request</summary>
| Dependency Name | Ignore Conditions |
| --- | --- |
| modernc.org/sqlite | [>= 1.34.a, < 1.35] |
</details>
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>1 parent 0895627 commit a67e783
2 files changed
Lines changed: 3 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
51 | 51 | | |
52 | 52 | | |
53 | 53 | | |
54 | | - | |
| 54 | + | |
55 | 55 | | |
56 | 56 | | |
57 | 57 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
284 | 284 | | |
285 | 285 | | |
286 | 286 | | |
287 | | - | |
288 | | - | |
| 287 | + | |
| 288 | + | |
289 | 289 | | |
290 | 290 | | |
291 | 291 | | |
| |||
0 commit comments