Skip to content

deps(hub): bump modernc.org/sqlite from 1.34.4 to 1.50.1 in /hub#15

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/hub/modernc.org/sqlite-1.50.1
Closed

deps(hub): bump modernc.org/sqlite from 1.34.4 to 1.50.1 in /hub#15
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/hub/modernc.org/sqlite-1.50.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 18, 2026

Copy link
Copy Markdown

Bumps modernc.org/sqlite from 1.34.4 to 1.50.1.

Changelog

Sourced from modernc.org/sqlite's changelog.

Changelog

  • 2026-05-10 v1.50.1:

  • 2026-04-24 v1.50.0:

    • Upgrade to sqlite-vec v0.1.9.
    • Introduce ColumnInfo, enabling dynamic query builders and ORMs to retrieve underlying SQLite C-API metadata (OriginName, TableName, DatabaseName, and DeclType).
    • This feature is exposed via the idiomatic database/sql escape hatch (*sql.Conn).Raw(), avoiding custom statement handles and keeping the standard library workflow intact.
    • See [GitLab merge request #113](https://gitlab.com/cznic/sqlite/-/merge_requests/113), thanks Josh Bleecher Snyder!
  • 2026-04-17 v1.49.0: Upgrade to SQLite 3.53.0.

  • 2026-04-06 v1.48.2:

    • Fix ABI mapping mismatch in the pre-update hook trampoline that caused silent truncation of large 64-bit RowIDs.
    • Ensure the Go trampoline signature correctly aligns with the public sqlite3_preupdate_hook C API, preventing data corruption for high-entropy keys (e.g., Snowflake IDs).
    • See [GitLab merge request #98](https://gitlab.com/cznic/sqlite/-/merge_requests/98), thanks Josh Bleecher Snyder!
    • Fix the memory allocator used in (*conn).Deserialize.
    • Replace tls.Alloc with sqlite3_malloc64 to prevent internal allocator corruption. This ensures the buffer is safely owned by SQLite, which may resize or free it due to the SQLITE_DESERIALIZE_RESIZEABLE and SQLITE_DESERIALIZE_FREEONCLOSE flags.
    • Prevent a memory leak by properly freeing the allocated buffer if fetching the main database name fails before handing ownership to SQLite.
    • See [GitLab merge request #100](https://gitlab.com/cznic/sqlite/-/merge_requests/100), thanks Josh Bleecher Snyder!
    • Fix (*conn).Deserialize to explicitly reject nil or empty byte slices.
    • Prevent silent database disconnection and connection pool corruption caused by SQLite's default behavior when sqlite3_deserialize receives a 0-length buffer.
    • See [GitLab merge request #101](https://gitlab.com/cznic/sqlite/-/merge_requests/101), thanks Josh Bleecher Snyder!
    • Fix commitHookTrampoline and rollbackHookTrampoline signatures by removing the unused pCsr parameter.
    • Aligns internal hook callbacks accurately with the underlying SQLite C API, cleaning up the code to prevent potential future confusion or bugs.
    • See [GitLab merge request #102](https://gitlab.com/cznic/sqlite/-/merge_requests/102), thanks Josh Bleecher Snyder!
    • Fix checkptr instrumentation failures during go test -race when registering and using virtual tables (vtab).
    • Allocate sqlite3_module instances using the C allocator (libc.Xcalloc) instead of the Go heap. This ensures transpiled C code can safely perform pointer operations on the struct without tripping Go's pointer checks.
    • See [GitLab merge request #103](https://gitlab.com/cznic/sqlite/-/merge_requests/103), thanks Josh Bleecher Snyder!
    • Fix data race on mutex.id in the mutexTry non-recursive path.
    • Ensure consistent atomic writes (atomic.StoreInt32) to prevent data races with atomic loads in mutexHeld and mutexNotheld during concurrent execution.
    • See [GitLab merge request #104](https://gitlab.com/cznic/sqlite/-/merge_requests/104), thanks Josh Bleecher Snyder!
    • Fix resource leak in (*Backup).Commit where the destination connection was not closed on error.
    • Ensure dstConn is properly closed when sqlite3_backup_finish fails, preventing file descriptor, TLS, and memory leaks.
    • See [GitLab merge request #105](https://gitlab.com/cznic/sqlite/-/merge_requests/105), thanks Josh Bleecher Snyder!
    • Fix Exec to fully drain rows when encountering SQLITE_ROW, preventing silent data loss in DML statements.
    • Previously, Exec aborted after the first row, meaning INSERT, UPDATE, or DELETE statements with a RETURNING clause would fail to process subsequent rows. The execution path now correctly loops until SQLITE_DONE and properly respects context cancellations during the drain loop, fully aligning with native C sqlite3_exec semantics.
    • See [GitLab merge request #106](https://gitlab.com/cznic/sqlite/-/merge_requests/106), thanks Josh Bleecher Snyder!
    • Fix "Shadowed err value (stmt.go)".
    • See [GitLab issue #249](https://gitlab.com/cznic/sqlite/-/work_items/249), thanks Emrecan BATI!
    • Fix silent omission of virtual table savepoint callbacks by correctly setting the sqlite3_module version.
    • See [GitLab merge request #107](https://gitlab.com/cznic/sqlite/-/merge_requests/107), thanks Josh Bleecher Snyder!
    • Fix vfsRead to properly handle partial and fragmented reads from io.Reader.
    • Replace f.Read with io.ReadFull to ensure the buffer is fully populated, preventing premature SQLITE_IOERR_SHORT_READ errors on valid mid-stream partial reads. Unread tail bytes at EOF are now efficiently zero-filled using the built-in clear function.
    • See [GitLab merge request #108](https://gitlab.com/cznic/sqlite/-/merge_requests/108), thanks Josh Bleecher Snyder!
    • Refactor internal error formatting to safely handle uninitialized or closed database pointers.
    • Prevent a misleading "out of memory" error message when an operation fails and the underlying SQLite database handle is NULL (db == 0).
    • See [GitLab merge request #109](https://gitlab.com/cznic/sqlite/-/merge_requests/109), thanks Josh Bleecher Snyder!

... (truncated)

Commits
  • b95ed45 upgrade to SQLite 3.53.1
  • e220cc9 CHANGELOG.md: add !113
  • a58d5e5 Merge branch 'columns' into 'master'
  • 119d8b1 add ColumnInfo, for inspecting query columns
  • c353a4f upgrade to sqlite-vec v0.1.9
  • fe575e4 doc.go: update SQLite version
  • 3ccb9ca upgrade to SQLite 3.53.0
  • df16977 CHANGELOG.md: add !112
  • 172c395 Merge branch 'fix-openv2-handle-leak' into 'master'
  • 2719730 fix openV2 handle leak, TLS leak, and misleading error on failed open
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.34.4 to 1.50.1.
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.34.4...v1.50.1)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-version: 1.50.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @github

dependabot Bot commented on behalf of github May 18, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: dependencies, go. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot @github

dependabot Bot commented on behalf of github Jun 1, 2026

Copy link
Copy Markdown
Author

Superseded by #17.

@dependabot dependabot Bot closed this Jun 1, 2026
@dependabot
dependabot Bot deleted the dependabot/go_modules/hub/modernc.org/sqlite-1.50.1 branch June 1, 2026 00:36
physercoe pushed a commit that referenced this pull request Jul 5, 2026
… forbidden-pattern #15

Director picked B2 (zero-knowledge vault) from the desktop-breakglass-ssh fork. ADR-052
records the full design: backend = xterm.js + Tauri russh (not libghostty); two terminal
paths (managed host = hub-brokered keyless audited PTY = primary; personal = direct
russh + client keys); non-secret host/connection metadata syncs (extend ssh_hint);
private keys share via a zero-knowledge vault — the hub stores client-side-encrypted key
material it can NEVER decrypt (AEAD-sealed secrets, vault key wrapped per enrolled device
via keychain/passkey; hub = blind blob store; cross-client so mobile + desktop both enroll).

Load-bearing: this AMENDS forbidden-pattern #15. The rule's intent is "the hub can never
authenticate as the user" — a vault of opaque ciphertext the hub can't decrypt or use
preserves that, so #15 is narrowed from "no SSH secrets on the hub" to "no secrets the hub
can read or use; zero-knowledge vault ciphertext permitted." forbidden-patterns.md #15 is
updated on ADR acceptance, not before. Vault replaces the cleartext backup. Two security
fixes travel with it: authenticate the A2A relay + the hub PTY-relay workstream (D-6).

B3 (SSH-CA short-lived certs) noted as the managed-host end-state (B2 now, B3 later).

Co-Authored-By: Claude Opus 4.8 <[email protected]>
physercoe added a commit that referenced this pull request Jul 5, 2026
…DR-052 (#299)

* docs: accept ADR-052; amend forbidden-pattern #15 for the zero-knowledge vault

Director accepted B2. ADR-052 → Accepted; D-6 (hub PTY-relay + A2A-relay auth)
marked DEFERRED per direction. forbidden-pattern #15 amended: narrows "no SSH
secrets on the hub" → "no secrets the hub can read or use; client-side-encrypted
zero-knowledge vault ciphertext permitted" (the hub never holds the vault key or
plaintext, so it can never authenticate as the user). This is the carve-out that
authorizes the vault sync store landing in the next commit.

Co-Authored-By: Claude Opus 4.8 <[email protected]>

* feat(hub): zero-knowledge SSH key-vault sync service (ADR-052 D-4)

The hub as a blind cross-device sync store for the client-side-encrypted SSH key
vault. It holds only opaque ciphertext it can never decrypt, keyed to the calling
principal (server-derived from the token scope, never client-supplied — a caller
can only ever reach their own vault). Migration 0061 adds key_vaults (one sealed
blob per principal, versioned) + key_vault_devices (per-device public key + the
vault key wrapped to it, both opaque).

Endpoints under /v1/teams/{team}/vault (bearer + teamGate):
  GET  /vault                    pull the sealed blob (404 if none)
  PUT  /vault                    push with optimistic concurrency (base_version;
                                 409 on stale/duplicate — pull and retry)
  GET  /vault/devices            list enrolled devices + wrapped keys
  PUT  /vault/devices/{device}   enroll a device (pubkey) / wrap the key to it
  DELETE /vault/devices/{device} revoke a device envelope

Payloads capped (2 MiB); audited (vault.push / vault.device.enroll|revoke). Tests
cover push/pull round-trip, optimistic-concurrency conflicts, the new-device
pubkey guard, and device enroll/wrap/list/revoke. go build/vet clean; package
tests green incl. -race on the vault suite.

Co-Authored-By: Claude Opus 4.8 <[email protected]>

* docs: ADR-052 — vault syncs the whole connection+key bundle; recovery escrow

Two director refinements:
- D-3 revised: the vault seals the WHOLE personal setup — connection bookmarks
  (host/port/username/auth-method/jump/tmux) AND keys/passphrases/passwords — as one
  client-encrypted bundle, so a new device is directly reusable. Personal connection
  metadata now lives INSIDE the zero-knowledge vault (hub-blind, not even hostnames
  visible), superseding the earlier "sync via hub-visible ssh_hint" framing; ssh_hint
  keeps its separate team-host-binding purpose.
- D-4: recovery escrow decided. The vault key is also wrapped under a director-held
  recovery code (self-escrowed offline), stored on the hub as an opaque recovery
  envelope — so losing every enrolled device is survivable. Hub never holds the
  recovery key; zero-knowledge holds. Re-key re-wraps it; operator/Shamir escrow are
  same-slot extensions.

Co-Authored-By: Claude Opus 4.8 <[email protected]>

* feat(hub): vault recovery-envelope escrow slot

Adds the recovery escrow to the vault sync store (ADR-052 D-4). Migration 0061 gains
recovery_envelope / recovery_hint / recovery_updated_at on key_vaults (the vault key
wrapped under the director's escrowed recovery key — opaque to the hub, never the
recovery key itself). New endpoints:
  GET    /v1/teams/{team}/vault/recovery   fetch the recovery envelope (recovering device)
  PUT    /v1/teams/{team}/vault/recovery   set/replace it (vault must exist -> 404 if not)
  DELETE /v1/teams/{team}/vault/recovery   clear it

Audited (vault.recovery.set/clear). Test covers set-before-vault 404, missing-envelope
400, set/get round-trip, survival across a vault version bump, and clear. The whole
connection+key bundle (D-3) needs no hub change — the vault blob is opaque, so a bigger
sealed bundle just flows through the existing store. go build/vet clean; vault suite
green incl. -race.

Co-Authored-By: Claude Opus 4.8 <[email protected]>

---------

Co-authored-by: Ubuntu <[email protected]>
Co-authored-by: Claude Opus 4.8 <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants