This is an automated email from the ASF dual-hosted git repository.
zeroshade pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow-adbc.git
The following commit(s) were added to refs/heads/main by this push:
new e2c15e3b4 chore(go/adbc): bump modernc.org/sqlite from 1.48.0 to
1.48.1 in /go/adbc (#4191)
e2c15e3b4 is described below
commit e2c15e3b4c30817a1d0c0cbc610d52b8e6dbe8b4
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Tue Apr 7 18:59:54 2026 -0400
chore(go/adbc): bump modernc.org/sqlite from 1.48.0 to 1.48.1 in /go/adbc
(#4191)
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.48.0
to 1.48.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md";>modernc.org/sqlite's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<ul>
<li>
<p>2026-04-06 v1.48.2:</p>
<ul>
<li>Fix ABI mapping mismatch in the pre-update hook trampoline that
caused silent truncation of large 64-bit RowIDs.</li>
<li>Ensure the Go trampoline signature correctly aligns with the public
<code>sqlite3_preupdate_hook</code> C API, preventing data corruption
for high-entropy keys (e.g., Snowflake IDs).</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/98";>#98</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/98";>https://gitlab.com/cznic/sqlite/-/merge_requests/98</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix the memory allocator used in
<code>(*conn).Deserialize</code>.</li>
<li>Replace <code>tls.Alloc</code> with <code>sqlite3_malloc64</code> to
prevent internal allocator corruption. This ensures the buffer is safely
owned by SQLite, which may resize or free it due to the
<code>SQLITE_DESERIALIZE_RESIZEABLE</code> and
<code>SQLITE_DESERIALIZE_FREEONCLOSE</code> flags.</li>
<li>Prevent a memory leak by properly freeing the allocated buffer if
fetching the main database name fails before handing ownership to
SQLite.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/100";>#100</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/100";>https://gitlab.com/cznic/sqlite/-/merge_requests/100</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix <code>(*conn).Deserialize</code> to explicitly reject
<code>nil</code> or empty byte slices.</li>
<li>Prevent silent database disconnection and connection pool corruption
caused by SQLite's default behavior when
<code>sqlite3_deserialize</code> receives a 0-length buffer.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/101";>#101</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/101";>https://gitlab.com/cznic/sqlite/-/merge_requests/101</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix <code>commitHookTrampoline</code> and
<code>rollbackHookTrampoline</code> signatures by removing the unused
<code>pCsr</code> parameter.</li>
<li>Aligns internal hook callbacks accurately with the underlying SQLite
C API, cleaning up the code to prevent potential future confusion or
bugs.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/102";>#102</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/102";>https://gitlab.com/cznic/sqlite/-/merge_requests/102</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix <code>checkptr</code> instrumentation failures during <code>go
test -race</code> when registering and using virtual tables
(<code>vtab</code>).</li>
<li>Allocate <code>sqlite3_module</code> instances using the C allocator
(<code>libc.Xcalloc</code>) instead of the Go heap. This ensures
transpiled C code can safely perform pointer operations on the struct
without tripping Go's pointer checks.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/103";>#103</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/103";>https://gitlab.com/cznic/sqlite/-/merge_requests/103</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix data race on <code>mutex.id</code> in the <code>mutexTry</code>
non-recursive path.</li>
<li>Ensure consistent atomic writes (<code>atomic.StoreInt32</code>) to
prevent data races with atomic loads in <code>mutexHeld</code> and
<code>mutexNotheld</code> during concurrent execution.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/104";>#104</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/104";>https://gitlab.com/cznic/sqlite/-/merge_requests/104</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix resource leak in <code>(*Backup).Commit</code> where the
destination connection was not closed on error.</li>
<li>Ensure <code>dstConn</code> is properly closed when
<code>sqlite3_backup_finish</code> fails, preventing file descriptor,
TLS, and memory leaks.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/105";>#105</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/105";>https://gitlab.com/cznic/sqlite/-/merge_requests/105</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix <code>Exec</code> to fully drain rows when encountering
<code>SQLITE_ROW</code>, preventing silent data loss in DML
statements.</li>
<li>Previously, <code>Exec</code> aborted after the first row, meaning
<code>INSERT</code>, <code>UPDATE</code>, or <code>DELETE</code>
statements with a <code>RETURNING</code> clause would fail to process
subsequent rows. The execution path now correctly loops until
<code>SQLITE_DONE</code> and properly respects context cancellations
during the drain loop, fully aligning with native C
<code>sqlite3_exec</code> semantics.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/106";>#106</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/106";>https://gitlab.com/cznic/sqlite/-/merge_requests/106</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix "Shadowed err value (stmt.go)".</li>
<li>See [GitLab issue <a
href="https://gitlab.com/cznic/sqlite/issues/249";>#249</a>](<a
href="https://gitlab.com/cznic/sqlite/-/work_items/249";>https://gitlab.com/cznic/sqlite/-/work_items/249</a>),
thanks Emrecan BATI!</li>
<li>Fix silent omission of virtual table savepoint callbacks by
correctly setting the sqlite3_module version.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/107";>#107</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/107";>https://gitlab.com/cznic/sqlite/-/merge_requests/107</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix <code>vfsRead</code> to properly handle partial and fragmented
reads from <code>io.Reader</code>.</li>
<li>Replace <code>f.Read</code> with <code>io.ReadFull</code> to ensure
the buffer is fully populated, preventing premature
<code>SQLITE_IOERR_SHORT_READ</code> errors on valid mid-stream partial
reads. Unread tail bytes at EOF are now efficiently zero-filled using
the built-in <code>clear</code> function.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/108";>#108</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/108";>https://gitlab.com/cznic/sqlite/-/merge_requests/108</a>),
thanks Josh Bleecher Snyder!</li>
<li>Refactor internal error formatting to safely handle uninitialized or
closed database pointers.</li>
<li>Prevent a misleading "out of memory" error message when an
operation fails and the underlying SQLite database handle is
<code>NULL</code> (<code>db == 0</code>).</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/109";>#109</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/109";>https://gitlab.com/cznic/sqlite/-/merge_requests/109</a>),
thanks Josh Bleecher Snyder!</li>
</ul>
</li>
<li>
<p>2026-04-03 v1.48.1:</p>
<ul>
<li>Fix memory leaks and double-free vulnerabilities in the
multi-statement query execution path.</li>
<li>Ensure bind-parameter allocations are reliably freed via strict
ownership transfer if an error occurs mid-loop or if multiple statements
bind parameters.</li>
<li>Fix a resource leak where a subsequent statement's error could
orphan a previously generated <code>rows</code> object without closing
it, leaking the prepared statement handle.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/96";>#96</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/96";>https://gitlab.com/cznic/sqlite/-/merge_requests/96</a>),
thanks Josh Bleecher Snyder!</li>
</ul>
</li>
<li>
<p>2026-03-27 v1.48.0:</p>
<ul>
<li>Add <code>_timezone</code> DSN query parameter to apply IANA
timezones (e.g., "America/New_York") to both reads and
writes.</li>
<li>Writes will convert <code>time.Time</code> values to the target
timezone before formatting as a string.</li>
<li>Reads will interpret timezone-less strings as being in the target
timezone.</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/51d1f91256bcb466efed1dd68e0cba740727b64c";><code>51d1f91</code></a>
CHANGELOG.md: document v1.48.1...</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/50a8b7f6450f1beb34a8e4e5455c3d70226d5c29";><code>50a8b7f</code></a>
CHANGELOG.md: document v1.48.1</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/60500243df654c8ef068a91517de0ec30bc34a44";><code>6050024</code></a>
Merge branch 'multi-stmt-double-free' into 'master'</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/ef93ba85ea85f92ab04b4a51ff501dfd4b7e4667";><code>ef93ba8</code></a>
improve memory safety of allocs in stmt.query</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/2a97c686c0d08529ca1138200bf6afe3d8dda66b";><code>2a97c68</code></a>
add conn.freeAllocs</li>
<li>See full diff in <a
href="https://gitlab.com/cznic/sqlite/compare/v1.48.0...v1.48.1";>compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
---
go/adbc/go.mod | 2 +-
go/adbc/go.sum | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/go/adbc/go.mod b/go/adbc/go.mod
index 98ac20164..272dc329e 100644
--- a/go/adbc/go.mod
+++ b/go/adbc/go.mod
@@ -46,7 +46,7 @@ require (
google.golang.org/api v0.273.1
google.golang.org/grpc v1.79.3
google.golang.org/protobuf v1.36.11
- modernc.org/sqlite v1.48.0
+ modernc.org/sqlite v1.48.1
)
require (
diff --git a/go/adbc/go.sum b/go/adbc/go.sum
index 99639121c..86460c694 100644
--- a/go/adbc/go.sum
+++ b/go/adbc/go.sum
@@ -453,8 +453,8 @@ modernc.org/opt v0.1.4
h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
modernc.org/sortutil v1.2.1/go.mod
h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
-modernc.org/sqlite v1.48.0 h1:ElZyLop3Q2mHYk5IFPPXADejZrlHu7APbpB0sF78bq4=
-modernc.org/sqlite v1.48.0/go.mod
h1:hWjRO6Tj/5Ik8ieqxQybiEOUXy0NJFNp2tpvVpKlvig=
+modernc.org/sqlite v1.48.1 h1:S85iToyU6cgeojybE2XJlSbcsvcWkQ6qqNXJHtW5hWA=
+modernc.org/sqlite v1.48.1/go.mod
h1:hWjRO6Tj/5Ik8ieqxQybiEOUXy0NJFNp2tpvVpKlvig=
modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
modernc.org/strutil v1.2.1/go.mod
h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
