deps(hub): bump modernc.org/sqlite from 1.34.4 to 1.50.1 in /hub#15
Closed
dependabot[bot] wants to merge 1 commit into
Closed
deps(hub): bump modernc.org/sqlite from 1.34.4 to 1.50.1 in /hub#15dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.34.4 to 1.50.1. - [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md) - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.34.4...v1.50.1) --- updated-dependencies: - dependency-name: modernc.org/sqlite dependency-version: 1.50.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
Author
|
Superseded by #17. |
dependabot
Bot
deleted the
dependabot/go_modules/hub/modernc.org/sqlite-1.50.1
branch
June 1, 2026 00:36
physercoe
pushed a commit
that referenced
this pull request
Jul 5, 2026
… forbidden-pattern #15 Director picked B2 (zero-knowledge vault) from the desktop-breakglass-ssh fork. ADR-052 records the full design: backend = xterm.js + Tauri russh (not libghostty); two terminal paths (managed host = hub-brokered keyless audited PTY = primary; personal = direct russh + client keys); non-secret host/connection metadata syncs (extend ssh_hint); private keys share via a zero-knowledge vault — the hub stores client-side-encrypted key material it can NEVER decrypt (AEAD-sealed secrets, vault key wrapped per enrolled device via keychain/passkey; hub = blind blob store; cross-client so mobile + desktop both enroll). Load-bearing: this AMENDS forbidden-pattern #15. The rule's intent is "the hub can never authenticate as the user" — a vault of opaque ciphertext the hub can't decrypt or use preserves that, so #15 is narrowed from "no SSH secrets on the hub" to "no secrets the hub can read or use; zero-knowledge vault ciphertext permitted." forbidden-patterns.md #15 is updated on ADR acceptance, not before. Vault replaces the cleartext backup. Two security fixes travel with it: authenticate the A2A relay + the hub PTY-relay workstream (D-6). B3 (SSH-CA short-lived certs) noted as the managed-host end-state (B2 now, B3 later). Co-Authored-By: Claude Opus 4.8 <[email protected]>
physercoe
added a commit
that referenced
this pull request
Jul 5, 2026
…DR-052 (#299) * docs: accept ADR-052; amend forbidden-pattern #15 for the zero-knowledge vault Director accepted B2. ADR-052 → Accepted; D-6 (hub PTY-relay + A2A-relay auth) marked DEFERRED per direction. forbidden-pattern #15 amended: narrows "no SSH secrets on the hub" → "no secrets the hub can read or use; client-side-encrypted zero-knowledge vault ciphertext permitted" (the hub never holds the vault key or plaintext, so it can never authenticate as the user). This is the carve-out that authorizes the vault sync store landing in the next commit. Co-Authored-By: Claude Opus 4.8 <[email protected]> * feat(hub): zero-knowledge SSH key-vault sync service (ADR-052 D-4) The hub as a blind cross-device sync store for the client-side-encrypted SSH key vault. It holds only opaque ciphertext it can never decrypt, keyed to the calling principal (server-derived from the token scope, never client-supplied — a caller can only ever reach their own vault). Migration 0061 adds key_vaults (one sealed blob per principal, versioned) + key_vault_devices (per-device public key + the vault key wrapped to it, both opaque). Endpoints under /v1/teams/{team}/vault (bearer + teamGate): GET /vault pull the sealed blob (404 if none) PUT /vault push with optimistic concurrency (base_version; 409 on stale/duplicate — pull and retry) GET /vault/devices list enrolled devices + wrapped keys PUT /vault/devices/{device} enroll a device (pubkey) / wrap the key to it DELETE /vault/devices/{device} revoke a device envelope Payloads capped (2 MiB); audited (vault.push / vault.device.enroll|revoke). Tests cover push/pull round-trip, optimistic-concurrency conflicts, the new-device pubkey guard, and device enroll/wrap/list/revoke. go build/vet clean; package tests green incl. -race on the vault suite. Co-Authored-By: Claude Opus 4.8 <[email protected]> * docs: ADR-052 — vault syncs the whole connection+key bundle; recovery escrow Two director refinements: - D-3 revised: the vault seals the WHOLE personal setup — connection bookmarks (host/port/username/auth-method/jump/tmux) AND keys/passphrases/passwords — as one client-encrypted bundle, so a new device is directly reusable. Personal connection metadata now lives INSIDE the zero-knowledge vault (hub-blind, not even hostnames visible), superseding the earlier "sync via hub-visible ssh_hint" framing; ssh_hint keeps its separate team-host-binding purpose. - D-4: recovery escrow decided. The vault key is also wrapped under a director-held recovery code (self-escrowed offline), stored on the hub as an opaque recovery envelope — so losing every enrolled device is survivable. Hub never holds the recovery key; zero-knowledge holds. Re-key re-wraps it; operator/Shamir escrow are same-slot extensions. Co-Authored-By: Claude Opus 4.8 <[email protected]> * feat(hub): vault recovery-envelope escrow slot Adds the recovery escrow to the vault sync store (ADR-052 D-4). Migration 0061 gains recovery_envelope / recovery_hint / recovery_updated_at on key_vaults (the vault key wrapped under the director's escrowed recovery key — opaque to the hub, never the recovery key itself). New endpoints: GET /v1/teams/{team}/vault/recovery fetch the recovery envelope (recovering device) PUT /v1/teams/{team}/vault/recovery set/replace it (vault must exist -> 404 if not) DELETE /v1/teams/{team}/vault/recovery clear it Audited (vault.recovery.set/clear). Test covers set-before-vault 404, missing-envelope 400, set/get round-trip, survival across a vault version bump, and clear. The whole connection+key bundle (D-3) needs no hub change — the vault blob is opaque, so a bigger sealed bundle just flows through the existing store. go build/vet clean; vault suite green incl. -race. Co-Authored-By: Claude Opus 4.8 <[email protected]> --------- Co-authored-by: Ubuntu <[email protected]> Co-authored-by: Claude Opus 4.8 <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps modernc.org/sqlite from 1.34.4 to 1.50.1.
Changelog
Sourced from modernc.org/sqlite's changelog.
... (truncated)
Commits
b95ed45upgrade to SQLite 3.53.1e220cc9CHANGELOG.md: add !113a58d5e5Merge branch 'columns' into 'master'119d8b1add ColumnInfo, for inspecting query columnsc353a4fupgrade to sqlite-vec v0.1.9fe575e4doc.go: update SQLite version3ccb9caupgrade to SQLite 3.53.0df16977CHANGELOG.md: add !112172c395Merge branch 'fix-openv2-handle-leak' into 'master'2719730fix openV2 handle leak, TLS leak, and misleading error on failed openDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)