Skip to content

build(deps): bump modernc.org/sqlite from 1.44.3 to 1.48.1#16

Merged
grokify merged 1 commit intomainfrom
dependabot/go_modules/modernc.org/sqlite-1.48.1
Apr 6, 2026
Merged

build(deps): bump modernc.org/sqlite from 1.44.3 to 1.48.1#16
grokify merged 1 commit intomainfrom
dependabot/go_modules/modernc.org/sqlite-1.48.1

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 6, 2026
edited
Loading

Bumps modernc.org/sqlite from 1.44.3 to 1.48.1.

Changelog

Sourced from modernc.org/sqlite's changelog.

Changelog

  • 2026-04-06 v1.48.2:

    • Fix ABI mapping mismatch in the pre-update hook trampoline that caused silent truncation of large 64-bit RowIDs.
    • Ensure the Go trampoline signature correctly aligns with the public sqlite3_preupdate_hook C API, preventing data corruption for high-entropy keys (e.g., Snowflake IDs).
    • See [GitLab merge request #98](https://gitlab.com/cznic/sqlite/-/merge_requests/98), thanks Josh Bleecher Snyder!
    • Fix the memory allocator used in (*conn).Deserialize.
    • Replace tls.Alloc with sqlite3_malloc64 to prevent internal allocator corruption. This ensures the buffer is safely owned by SQLite, which may resize or free it due to the SQLITE_DESERIALIZE_RESIZEABLE and SQLITE_DESERIALIZE_FREEONCLOSE flags.
    • Prevent a memory leak by properly freeing the allocated buffer if fetching the main database name fails before handing ownership to SQLite.
    • See [GitLab merge request #100](https://gitlab.com/cznic/sqlite/-/merge_requests/100), thanks Josh Bleecher Snyder!
    • Fix (*conn).Deserialize to explicitly reject nil or empty byte slices.
    • Prevent silent database disconnection and connection pool corruption caused by SQLite's default behavior when sqlite3_deserialize receives a 0-length buffer.
    • See [GitLab merge request #101](https://gitlab.com/cznic/sqlite/-/merge_requests/101), thanks Josh Bleecher Snyder!
    • Fix commitHookTrampoline and rollbackHookTrampoline signatures by removing the unused pCsr parameter.
    • Aligns internal hook callbacks accurately with the underlying SQLite C API, cleaning up the code to prevent potential future confusion or bugs.
    • See [GitLab merge request #102](https://gitlab.com/cznic/sqlite/-/merge_requests/102), thanks Josh Bleecher Snyder!
    • Fix checkptr instrumentation failures during go test -race when registering and using virtual tables (vtab).
    • Allocate sqlite3_module instances using the C allocator (libc.Xcalloc) instead of the Go heap. This ensures transpiled C code can safely perform pointer operations on the struct without tripping Go's pointer checks.
    • See [GitLab merge request #103](https://gitlab.com/cznic/sqlite/-/merge_requests/103), thanks Josh Bleecher Snyder!
    • Fix data race on mutex.id in the mutexTry non-recursive path.
    • Ensure consistent atomic writes (atomic.StoreInt32) to prevent data races with atomic loads in mutexHeld and mutexNotheld during concurrent execution.
    • See [GitLab merge request #104](https://gitlab.com/cznic/sqlite/-/merge_requests/104), thanks Josh Bleecher Snyder!
    • Fix resource leak in (*Backup).Commit where the destination connection was not closed on error.
    • Ensure dstConn is properly closed when sqlite3_backup_finish fails, preventing file descriptor, TLS, and memory leaks.
    • See [GitLab merge request #105](https://gitlab.com/cznic/sqlite/-/merge_requests/105), thanks Josh Bleecher Snyder!

  • 2026-04-03 v1.48.1:

    • Fix memory leaks and double-free vulnerabilities in the multi-statement query execution path.
    • Ensure bind-parameter allocations are reliably freed via strict ownership transfer if an error occurs mid-loop or if multiple statements bind parameters.
    • Fix a resource leak where a subsequent statement's error could orphan a previously generated rows object without closing it, leaking the prepared statement handle.
    • See [GitLab merge request #96](https://gitlab.com/cznic/sqlite/-/merge_requests/96), thanks Josh Bleecher Snyder!

  • 2026-03-27 v1.48.0:

    • Add _timezone DSN query parameter to apply IANA timezones (e.g., "America/New_York") to both reads and writes.
    • Writes will convert time.Time values to the target timezone before formatting as a string.
    • Reads will interpret timezone-less strings as being in the target timezone.
    • Does not impact _inttotime integer values, which will always safely evaluate as UTC.
    • Add support for _time_format=datetime URI parameter to format time.Time values identically to SQLite's native datetime() function and CURRENT_TIMESTAMP (YYYY-MM-DD HH:MM:SS).
    • See [GitLab merge request #94](https://gitlab.com/cznic/sqlite/-/merge_requests/94) and [GitLab merge request #95](https://gitlab.com/cznic/sqlite/-/merge_requests/95), thanks Josh Bleecher Snyder!

  • 2026-03-17 v1.47.0: Add CGO-free version of the vector extensions from https://github.com/asg017/sqlite-vec. See vec_test.go for example usage. From the GitHub project page:

    • Important: sqlite-vec is a pre-v1, so expect breaking changes!
    • Store and query float, int8, and binary vectors in vec0 virtual tables
    • Written in pure C, no dependencies, runs anywhere SQLite runs (Linux/MacOS/Windows, in the browser with WASM, Raspberry Pis, etc.)
    • Store non-vector data in metadata, auxiliary, or partition key columns
    • See [GitLab merge request #93](https://gitlab.com/cznic/sqlite/-/merge_requests/93), thanks Zhenghao Zhang!

  • 2026-03-16 v1.46.2: Upgrade to SQLite 3.51.3.

  • 2026-02-17 v1.46.1:

... (truncated)

Commits
  • 51d1f91 CHANGELOG.md: document v1.48.1...
  • 50a8b7f CHANGELOG.md: document v1.48.1
  • 6050024 Merge branch 'multi-stmt-double-free' into 'master'
  • ef93ba8 improve memory safety of allocs in stmt.query
  • 2a97c68 add conn.freeAllocs
  • 19b8429 update {CHANGELOG,README}.md
  • 78ddab8 Merge branch 'datetime-format' into 'master'
  • 2e04523 Merge branch 'add-timezone' into 'master'
  • 77706c1 add _time_format=datetime support
  • 1895822 add _timezone DSN query parameter
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 6, 2026
@dependabot dependabot bot mentioned this pull request Apr 6, 2026
Closed
@dependabot
build(deps): bump modernc.org/sqlite from 1.44.3 to 1.48.1
711dd1f 
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.44.3 to 1.48.1.
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.44.3...v1.48.1)

---
updated-dependencies:
- dependency-name: modernc.org/sqlite
  dependency-version: 1.48.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/go_modules/modernc.org/sqlite-1.48.1 branch from 3a9349d to 711dd1f Compare April 6, 2026 13:01
@grokify grokify merged commit 5f8b23a into main Apr 6, 2026
0 of 8 checks passed
@dependabot dependabot bot deleted the dependabot/go_modules/modernc.org/sqlite-1.48.1 branch April 6, 2026 13:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@grokify