This is an automated email from the ASF dual-hosted git repository.
zeroshade pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow-go.git
The following commit(s) were added to refs/heads/main by this push:
new a67e7830 chore: Bump modernc.org/sqlite from 1.48.1 to 1.48.2 (#768)
a67e7830 is described below
commit a67e783033d02c5564a5d7c97929ea8197cd35ab
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Mon Apr 13 16:54:49 2026 -0400
chore: Bump modernc.org/sqlite from 1.48.1 to 1.48.2 (#768)
Bumps [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) from 1.48.1
to 1.48.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md";>modernc.org/sqlite's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<ul>
<li>
<p>2026-04-06 v1.48.2:</p>
<ul>
<li>Fix ABI mapping mismatch in the pre-update hook trampoline that
caused silent truncation of large 64-bit RowIDs.</li>
<li>Ensure the Go trampoline signature correctly aligns with the public
<code>sqlite3_preupdate_hook</code> C API, preventing data corruption
for high-entropy keys (e.g., Snowflake IDs).</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/98";>#98</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/98";>https://gitlab.com/cznic/sqlite/-/merge_requests/98</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix the memory allocator used in
<code>(*conn).Deserialize</code>.</li>
<li>Replace <code>tls.Alloc</code> with <code>sqlite3_malloc64</code> to
prevent internal allocator corruption. This ensures the buffer is safely
owned by SQLite, which may resize or free it due to the
<code>SQLITE_DESERIALIZE_RESIZEABLE</code> and
<code>SQLITE_DESERIALIZE_FREEONCLOSE</code> flags.</li>
<li>Prevent a memory leak by properly freeing the allocated buffer if
fetching the main database name fails before handing ownership to
SQLite.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/100";>#100</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/100";>https://gitlab.com/cznic/sqlite/-/merge_requests/100</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix <code>(*conn).Deserialize</code> to explicitly reject
<code>nil</code> or empty byte slices.</li>
<li>Prevent silent database disconnection and connection pool corruption
caused by SQLite's default behavior when
<code>sqlite3_deserialize</code> receives a 0-length buffer.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/101";>#101</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/101";>https://gitlab.com/cznic/sqlite/-/merge_requests/101</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix <code>commitHookTrampoline</code> and
<code>rollbackHookTrampoline</code> signatures by removing the unused
<code>pCsr</code> parameter.</li>
<li>Aligns internal hook callbacks accurately with the underlying SQLite
C API, cleaning up the code to prevent potential future confusion or
bugs.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/102";>#102</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/102";>https://gitlab.com/cznic/sqlite/-/merge_requests/102</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix <code>checkptr</code> instrumentation failures during <code>go
test -race</code> when registering and using virtual tables
(<code>vtab</code>).</li>
<li>Allocate <code>sqlite3_module</code> instances using the C allocator
(<code>libc.Xcalloc</code>) instead of the Go heap. This ensures
transpiled C code can safely perform pointer operations on the struct
without tripping Go's pointer checks.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/103";>#103</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/103";>https://gitlab.com/cznic/sqlite/-/merge_requests/103</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix data race on <code>mutex.id</code> in the <code>mutexTry</code>
non-recursive path.</li>
<li>Ensure consistent atomic writes (<code>atomic.StoreInt32</code>) to
prevent data races with atomic loads in <code>mutexHeld</code> and
<code>mutexNotheld</code> during concurrent execution.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/104";>#104</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/104";>https://gitlab.com/cznic/sqlite/-/merge_requests/104</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix resource leak in <code>(*Backup).Commit</code> where the
destination connection was not closed on error.</li>
<li>Ensure <code>dstConn</code> is properly closed when
<code>sqlite3_backup_finish</code> fails, preventing file descriptor,
TLS, and memory leaks.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/105";>#105</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/105";>https://gitlab.com/cznic/sqlite/-/merge_requests/105</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix <code>Exec</code> to fully drain rows when encountering
<code>SQLITE_ROW</code>, preventing silent data loss in DML
statements.</li>
<li>Previously, <code>Exec</code> aborted after the first row, meaning
<code>INSERT</code>, <code>UPDATE</code>, or <code>DELETE</code>
statements with a <code>RETURNING</code> clause would fail to process
subsequent rows. The execution path now correctly loops until
<code>SQLITE_DONE</code> and properly respects context cancellations
during the drain loop, fully aligning with native C
<code>sqlite3_exec</code> semantics.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/106";>#106</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/106";>https://gitlab.com/cznic/sqlite/-/merge_requests/106</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix "Shadowed err value (stmt.go)".</li>
<li>See [GitLab issue <a
href="https://gitlab.com/cznic/sqlite/issues/249";>#249</a>](<a
href="https://gitlab.com/cznic/sqlite/-/work_items/249";>https://gitlab.com/cznic/sqlite/-/work_items/249</a>),
thanks Emrecan BATI!</li>
<li>Fix silent omission of virtual table savepoint callbacks by
correctly setting the sqlite3_module version.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/107";>#107</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/107";>https://gitlab.com/cznic/sqlite/-/merge_requests/107</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix <code>vfsRead</code> to properly handle partial and fragmented
reads from <code>io.Reader</code>.</li>
<li>Replace <code>f.Read</code> with <code>io.ReadFull</code> to ensure
the buffer is fully populated, preventing premature
<code>SQLITE_IOERR_SHORT_READ</code> errors on valid mid-stream partial
reads. Unread tail bytes at EOF are now efficiently zero-filled using
the built-in <code>clear</code> function.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/108";>#108</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/108";>https://gitlab.com/cznic/sqlite/-/merge_requests/108</a>),
thanks Josh Bleecher Snyder!</li>
<li>Refactor internal error formatting to safely handle uninitialized or
closed database pointers.</li>
<li>Prevent a misleading "out of memory" error message when an
operation fails and the underlying SQLite database handle is
<code>NULL</code> (<code>db == 0</code>).</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/109";>#109</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/109";>https://gitlab.com/cznic/sqlite/-/merge_requests/109</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix error handling in database backup and restore initialization
(<code>sqlite3_backup_init</code>).</li>
<li>Ensure error codes and messages are accurately read from the
destination database handle rather than hardcoding the source or remote
handle. This prevents swallowed errors or mismatched "not an
error" messages when a backup or restore operation fails to
start.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/111";>#111</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/111";>https://gitlab.com/cznic/sqlite/-/merge_requests/111</a>),
thanks Josh Bleecher Snyder!</li>
<li>Fix database handle and C-heap memory leaks when
<code>sqlite3_open_v2</code> fails.</li>
<li>Ensure <code>sqlite3_close_v2</code> is called on the partially
allocated database handle during a failed open, and explicitly close
<code>libc.TLS</code> in <code>newConn</code> to prevent resource
leakage.</li>
<li>Prevent misleading "out of memory" error messages on
failed connections by correctly extracting the exact error string from
the allocated handle before it is closed.</li>
<li>See [GitLab merge request <a
href="https://gitlab.com/cznic/sqlite/issues/112";>#112</a>](<a
href="https://gitlab.com/cznic/sqlite/-/merge_requests/112";>https://gitlab.com/cznic/sqlite/-/merge_requests/112</a>),
thanks Josh Bleecher Snyder!</li>
</ul>
</li>
<li>
<p>2026-04-03 v1.48.1:</p>
<ul>
<li>Fix memory leaks and double-free vulnerabilities in the
multi-statement query execution path.</li>
<li>Ensure bind-parameter allocations are reliably freed via strict
ownership transfer if an error occurs mid-loop or if multiple statements
bind parameters.</li>
<li>Fix a resource leak where a subsequent statement's error could
orphan a previously generated <code>rows</code> object without closing
it, leaking the prepared statement handle.</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/df1697738de700bdbfe7a6ed822a8ddef14f1c98";><code>df16977</code></a>
CHANGELOG.md: add !112</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/172c3955c2894135d87e8a773248796afda13f77";><code>172c395</code></a>
Merge branch 'fix-openv2-handle-leak' into 'master'</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/27197307bbdb9c5c2a6dc683803f9c6e956e35a6";><code>2719730</code></a>
fix openV2 handle leak, TLS leak, and misleading error on failed
open</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/53c87f6f1d6ec3da80e5d094b823eb6e98292857";><code>53c87f6</code></a>
CHANGELOG.md: add !111</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/c324f373b73b9c1ee7c499bd4af630a8a84b0de2";><code>c324f37</code></a>
Merge branch 'fix-backup-restore-error-handle' into 'master'</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/fc791df12206f8b75bca585ff4dc2df078e35165";><code>fc791df</code></a>
read error from correct db handle on backup init failure</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/1620515255ac994489fdb3dd7a9437750ce5a2e5";><code>1620515</code></a>
CHANGELOG.md: add !109</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/72aaab4e35f35c8a500a97d868ca3007695ccce6";><code>72aaab4</code></a>
Merge branch 'errstr-for-db' into 'master'</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/2ae65f7f7e2831c44c0817b605cef87ccb94e126";><code>2ae65f7</code></a>
extract errstrForDB from conn.errstr</li>
<li><a
href="https://gitlab.com/cznic/sqlite/commit/eeec006a0cd8791d7d6e05451b09188db6226406";><code>eeec006</code></a>
CHANGELOG.md: add !108</li>
<li>Additional commits viewable in <a
href="https://gitlab.com/cznic/sqlite/compare/v1.48.1...v1.48.2";>compare
view</a></li>
</ul>
</details>
<br />
<details>
<summary>Most Recent Ignore Conditions Applied to This Pull
Request</summary>
| Dependency Name | Ignore Conditions |
| --- | --- |
| modernc.org/sqlite | [>= 1.34.a, < 1.35] |
</details>
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
---
go.mod | 2 +-
go.sum | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/go.mod b/go.mod
index cf71042d..58b565d5 100644
--- a/go.mod
+++ b/go.mod
@@ -51,7 +51,7 @@ require (
gonum.org/v1/gonum v0.17.0
google.golang.org/grpc v1.80.0
google.golang.org/protobuf v1.36.11
- modernc.org/sqlite v1.48.1
+ modernc.org/sqlite v1.48.2
)
require (
diff --git a/go.sum b/go.sum
index a8269eb9..93ba87b1 100644
--- a/go.sum
+++ b/go.sum
@@ -284,8 +284,8 @@ modernc.org/opt v0.1.4
h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
modernc.org/sortutil v1.2.1/go.mod
h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
-modernc.org/sqlite v1.48.1 h1:S85iToyU6cgeojybE2XJlSbcsvcWkQ6qqNXJHtW5hWA=
-modernc.org/sqlite v1.48.1/go.mod
h1:hWjRO6Tj/5Ik8ieqxQybiEOUXy0NJFNp2tpvVpKlvig=
+modernc.org/sqlite v1.48.2 h1:5CnW4uP8joZtA0LedVqLbZV5GD7F/0x91AXeSyjoh5c=
+modernc.org/sqlite v1.48.2/go.mod
h1:hWjRO6Tj/5Ik8ieqxQybiEOUXy0NJFNp2tpvVpKlvig=
modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
modernc.org/strutil v1.2.1/go.mod
h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
