Skip to content

chore(deps): Bump the all group across 1 directory with 2 updates#28

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/primkit/all-3cc97c1883
Open

chore(deps): Bump the all group across 1 directory with 2 updates#28
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/go_modules/primkit/all-3cc97c1883

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Apr 15, 2026

Bumps the all group with 2 updates in the /primkit directory: github.com/benbjohnson/litestream and modernc.org/sqlite.

Updates github.com/benbjohnson/litestream from 0.5.10 to 0.5.11

Release notes

Sourced from github.com/benbjohnson/litestream's releases.

v0.5.11

Platform Support

⚠️ Windows Notice: Windows binaries are provided for convenience but Windows is NOT an officially supported platform. Use at your own risk. Community contributions for Windows improvements are welcome.

Supported Platforms: Linux (amd64, arm64, armv6, armv7), macOS (amd64, arm64)

Installation

Homebrew (macOS and Linux)

brew tap benbjohnson/litestream
brew install litestream

Debian/Ubuntu

Download the .deb file for your architecture and install:

sudo dpkg -i litestream-*.deb

RPM-based systems

Download the .rpm file for your architecture and install:

sudo rpm -i litestream-*.rpm

Binary installation

Download the appropriate archive for your platform, extract, and move to your PATH.

VFS Extension (Experimental)

SQLite loadable extensions for read-only access to Litestream replicas are available for supported platforms:

Platform File
Linux x86_64 litestream-vfs-v0.5.11-linux-amd64.tar.gz
Linux ARM64 litestream-vfs-v0.5.11-linux-arm64.tar.gz
macOS Intel litestream-vfs-v0.5.11-darwin-amd64.tar.gz
macOS Apple Silicon litestream-vfs-v0.5.11-darwin-arm64.tar.gz

Install via package managers:

pip install litestream-vfs    # Python
npm install litestream-vfs    # Node.js
gem install litestream-vfs    # Ruby

Changelog

  • ad55ec118e13ddfe02bc8cdb3ebe857de5e68c0e feat(ci): add nightly stability CI, LTX behavioral tests, and release gating (#1195)

... (truncated)

Commits
  • 016c368 fix(restore): fix v3 restore (#1229)
  • 4cb0f8c fix(db): wrap raw errors with LTXError in paths reaching replica monitor (#1227)
  • 5780f4d fix(replica): wrap missing LTX file error with LTXError in uploadLTXFile (#1225)
  • 1678a9b fix(ci): dedupe nightly stability issues (#1217)
  • ad55ec1 feat(ci): add nightly stability CI, LTX behavioral tests, and release gating ...
  • d65fa36 fix(cmd): add helpful hint when 'litestream start' is run without args (#1208)
  • 13ef323 feat(logging): add tint pretty handler, optional source info, and path cleani...
  • See full diff in compare view

Updates modernc.org/sqlite from 1.47.0 to 1.48.2

Changelog

Sourced from modernc.org/sqlite's changelog.

Changelog

  • 2026-04-06 v1.48.2:

    • Fix ABI mapping mismatch in the pre-update hook trampoline that caused silent truncation of large 64-bit RowIDs.
    • Ensure the Go trampoline signature correctly aligns with the public sqlite3_preupdate_hook C API, preventing data corruption for high-entropy keys (e.g., Snowflake IDs).
    • See [GitLab merge request #98](https://gitlab.com/cznic/sqlite/-/merge_requests/98), thanks Josh Bleecher Snyder!
    • Fix the memory allocator used in (*conn).Deserialize.
    • Replace tls.Alloc with sqlite3_malloc64 to prevent internal allocator corruption. This ensures the buffer is safely owned by SQLite, which may resize or free it due to the SQLITE_DESERIALIZE_RESIZEABLE and SQLITE_DESERIALIZE_FREEONCLOSE flags.
    • Prevent a memory leak by properly freeing the allocated buffer if fetching the main database name fails before handing ownership to SQLite.
    • See [GitLab merge request #100](https://gitlab.com/cznic/sqlite/-/merge_requests/100), thanks Josh Bleecher Snyder!
    • Fix (*conn).Deserialize to explicitly reject nil or empty byte slices.
    • Prevent silent database disconnection and connection pool corruption caused by SQLite's default behavior when sqlite3_deserialize receives a 0-length buffer.
    • See [GitLab merge request #101](https://gitlab.com/cznic/sqlite/-/merge_requests/101), thanks Josh Bleecher Snyder!
    • Fix commitHookTrampoline and rollbackHookTrampoline signatures by removing the unused pCsr parameter.
    • Aligns internal hook callbacks accurately with the underlying SQLite C API, cleaning up the code to prevent potential future confusion or bugs.
    • See [GitLab merge request #102](https://gitlab.com/cznic/sqlite/-/merge_requests/102), thanks Josh Bleecher Snyder!
    • Fix checkptr instrumentation failures during go test -race when registering and using virtual tables (vtab).
    • Allocate sqlite3_module instances using the C allocator (libc.Xcalloc) instead of the Go heap. This ensures transpiled C code can safely perform pointer operations on the struct without tripping Go's pointer checks.
    • See [GitLab merge request #103](https://gitlab.com/cznic/sqlite/-/merge_requests/103), thanks Josh Bleecher Snyder!
    • Fix data race on mutex.id in the mutexTry non-recursive path.
    • Ensure consistent atomic writes (atomic.StoreInt32) to prevent data races with atomic loads in mutexHeld and mutexNotheld during concurrent execution.
    • See [GitLab merge request #104](https://gitlab.com/cznic/sqlite/-/merge_requests/104), thanks Josh Bleecher Snyder!
    • Fix resource leak in (*Backup).Commit where the destination connection was not closed on error.
    • Ensure dstConn is properly closed when sqlite3_backup_finish fails, preventing file descriptor, TLS, and memory leaks.
    • See [GitLab merge request #105](https://gitlab.com/cznic/sqlite/-/merge_requests/105), thanks Josh Bleecher Snyder!
    • Fix Exec to fully drain rows when encountering SQLITE_ROW, preventing silent data loss in DML statements.
    • Previously, Exec aborted after the first row, meaning INSERT, UPDATE, or DELETE statements with a RETURNING clause would fail to process subsequent rows. The execution path now correctly loops until SQLITE_DONE and properly respects context cancellations during the drain loop, fully aligning with native C sqlite3_exec semantics.
    • See [GitLab merge request #106](https://gitlab.com/cznic/sqlite/-/merge_requests/106), thanks Josh Bleecher Snyder!
    • Fix "Shadowed err value (stmt.go)".
    • See [GitLab issue #249](https://gitlab.com/cznic/sqlite/-/work_items/249), thanks Emrecan BATI!
    • Fix silent omission of virtual table savepoint callbacks by correctly setting the sqlite3_module version.
    • See [GitLab merge request #107](https://gitlab.com/cznic/sqlite/-/merge_requests/107), thanks Josh Bleecher Snyder!
    • Fix vfsRead to properly handle partial and fragmented reads from io.Reader.
    • Replace f.Read with io.ReadFull to ensure the buffer is fully populated, preventing premature SQLITE_IOERR_SHORT_READ errors on valid mid-stream partial reads. Unread tail bytes at EOF are now efficiently zero-filled using the built-in clear function.
    • See [GitLab merge request #108](https://gitlab.com/cznic/sqlite/-/merge_requests/108), thanks Josh Bleecher Snyder!
    • Refactor internal error formatting to safely handle uninitialized or closed database pointers.
    • Prevent a misleading "out of memory" error message when an operation fails and the underlying SQLite database handle is NULL (db == 0).
    • See [GitLab merge request #109](https://gitlab.com/cznic/sqlite/-/merge_requests/109), thanks Josh Bleecher Snyder!
    • Fix error handling in database backup and restore initialization (sqlite3_backup_init).
    • Ensure error codes and messages are accurately read from the destination database handle rather than hardcoding the source or remote handle. This prevents swallowed errors or mismatched "not an error" messages when a backup or restore operation fails to start.
    • See [GitLab merge request #111](https://gitlab.com/cznic/sqlite/-/merge_requests/111), thanks Josh Bleecher Snyder!
    • Fix database handle and C-heap memory leaks when sqlite3_open_v2 fails.
    • Ensure sqlite3_close_v2 is called on the partially allocated database handle during a failed open, and explicitly close libc.TLS in newConn to prevent resource leakage.
    • Prevent misleading "out of memory" error messages on failed connections by correctly extracting the exact error string from the allocated handle before it is closed.
    • See [GitLab merge request #112](https://gitlab.com/cznic/sqlite/-/merge_requests/112), thanks Josh Bleecher Snyder!

  • 2026-04-03 v1.48.1:

    • Fix memory leaks and double-free vulnerabilities in the multi-statement query execution path.
    • Ensure bind-parameter allocations are reliably freed via strict ownership transfer if an error occurs mid-loop or if multiple statements bind parameters.
    • Fix a resource leak where a subsequent statement's error could orphan a previously generated rows object without closing it, leaking the prepared statement handle.

... (truncated)

Commits
  • df16977 CHANGELOG.md: add !112
  • 172c395 Merge branch 'fix-openv2-handle-leak' into 'master'
  • 2719730 fix openV2 handle leak, TLS leak, and misleading error on failed open
  • 53c87f6 CHANGELOG.md: add !111
  • c324f37 Merge branch 'fix-backup-restore-error-handle' into 'master'
  • fc791df read error from correct db handle on backup init failure
  • 1620515 CHANGELOG.md: add !109
  • 72aaab4 Merge branch 'errstr-for-db' into 'master'
  • 2ae65f7 extract errstrForDB from conn.errstr
  • eeec006 CHANGELOG.md: add !108
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): Bump the all group across 1 directory with 2 updates
3125010 
Bumps the all group with 2 updates in the /primkit directory: [github.com/benbjohnson/litestream](https://github.com/benbjohnson/litestream) and [modernc.org/sqlite](https://gitlab.com/cznic/sqlite).


Updates `github.com/benbjohnson/litestream` from 0.5.10 to 0.5.11
- [Release notes](https://github.com/benbjohnson/litestream/releases)
- [Commits](benbjohnson/litestream@v0.5.10...v0.5.11)

Updates `modernc.org/sqlite` from 1.47.0 to 1.48.2
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.47.0...v1.48.2)

---
updated-dependencies:
- dependency-name: github.com/benbjohnson/litestream
  dependency-version: 0.5.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: modernc.org/sqlite
  dependency-version: 1.48.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 15, 2026
@dependabot dependabot bot requested a review from andresvio as a code owner April 15, 2026 07:10
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andresvio andresvio Awaiting requested review from andresvio andresvio is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants