Skip to content

chore(deps): bump the go-minor-patch group in /sast-engine with 2 updates#699

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/sast-engine/go-minor-patch-45a0a5ab8a
Closed

chore(deps): bump the go-minor-patch group in /sast-engine with 2 updates#699
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/go_modules/sast-engine/go-minor-patch-45a0a5ab8a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 22, 2026

Copy link
Copy Markdown
Contributor

Bumps the go-minor-patch group in /sast-engine with 2 updates: github.com/posthog/posthog-go and modernc.org/sqlite.

Updates github.com/posthog/posthog-go from 1.12.5 to 1.12.6

Release notes

Sourced from github.com/posthog/posthog-go's releases.

1.12.6

Unreleased

Changelog

Sourced from github.com/posthog/posthog-go's changelog.

1.12.6

Patch Changes

  • 9289d53: Reject semver values with leading zeros in local flag evaluation. Per semver 2.0.0 §2, numeric identifiers must not include leading zeros — values like 1.07.3 are not valid semver and should not match targeting conditions. Both override values and flag values are now validated; invalid inputs surface an InconclusiveMatchError so the condition does not match.
Commits
  • a99dc57 chore: release v1.12.6 [version bump] [skip ci]
  • 9289d53 fix: reject leading-zero semver values in local evaluation (#200)
  • 4caaa1e chore: pin github actions to commit shas (#202)
  • See full diff in compare view

Updates modernc.org/sqlite from 1.50.0 to 1.50.1

Changelog

Sourced from modernc.org/sqlite's changelog.

Changelog

  • 2026-05-21 v1.51.2:

    • Add FileControl.FileControlDataVersion, a wrapper around SQLITE_FCNTL_DATA_VERSION for observing pager-cache data-version changes, including those made on the same connection. Useful as a primitive for application-level cache invalidation.
    • Exposed via the idiomatic database/sql escape hatch (*sql.Conn).Raw(), consistent with the existing FileControlPersistWAL.
    • See [GitLab merge request #115](https://gitlab.com/cznic/sqlite/-/merge_requests/115), thanks Ian Chechin!

  • 2026-05-10 v1.50.1:

  • 2026-04-24 v1.50.0:

    • Upgrade to sqlite-vec v0.1.9.
    • Introduce ColumnInfo, enabling dynamic query builders and ORMs to retrieve underlying SQLite C-API metadata (OriginName, TableName, DatabaseName, and DeclType).
    • This feature is exposed via the idiomatic database/sql escape hatch (*sql.Conn).Raw(), avoiding custom statement handles and keeping the standard library workflow intact.
    • See [GitLab merge request #113](https://gitlab.com/cznic/sqlite/-/merge_requests/113), thanks Josh Bleecher Snyder!

  • 2026-04-17 v1.49.0: Upgrade to SQLite 3.53.0.

  • 2026-04-06 v1.48.2:

    • Fix ABI mapping mismatch in the pre-update hook trampoline that caused silent truncation of large 64-bit RowIDs.
    • Ensure the Go trampoline signature correctly aligns with the public sqlite3_preupdate_hook C API, preventing data corruption for high-entropy keys (e.g., Snowflake IDs).
    • See [GitLab merge request #98](https://gitlab.com/cznic/sqlite/-/merge_requests/98), thanks Josh Bleecher Snyder!
    • Fix the memory allocator used in (*conn).Deserialize.
    • Replace tls.Alloc with sqlite3_malloc64 to prevent internal allocator corruption. This ensures the buffer is safely owned by SQLite, which may resize or free it due to the SQLITE_DESERIALIZE_RESIZEABLE and SQLITE_DESERIALIZE_FREEONCLOSE flags.
    • Prevent a memory leak by properly freeing the allocated buffer if fetching the main database name fails before handing ownership to SQLite.
    • See [GitLab merge request #100](https://gitlab.com/cznic/sqlite/-/merge_requests/100), thanks Josh Bleecher Snyder!
    • Fix (*conn).Deserialize to explicitly reject nil or empty byte slices.
    • Prevent silent database disconnection and connection pool corruption caused by SQLite's default behavior when sqlite3_deserialize receives a 0-length buffer.
    • See [GitLab merge request #101](https://gitlab.com/cznic/sqlite/-/merge_requests/101), thanks Josh Bleecher Snyder!
    • Fix commitHookTrampoline and rollbackHookTrampoline signatures by removing the unused pCsr parameter.
    • Aligns internal hook callbacks accurately with the underlying SQLite C API, cleaning up the code to prevent potential future confusion or bugs.
    • See [GitLab merge request #102](https://gitlab.com/cznic/sqlite/-/merge_requests/102), thanks Josh Bleecher Snyder!
    • Fix checkptr instrumentation failures during go test -race when registering and using virtual tables (vtab).
    • Allocate sqlite3_module instances using the C allocator (libc.Xcalloc) instead of the Go heap. This ensures transpiled C code can safely perform pointer operations on the struct without tripping Go's pointer checks.
    • See [GitLab merge request #103](https://gitlab.com/cznic/sqlite/-/merge_requests/103), thanks Josh Bleecher Snyder!
    • Fix data race on mutex.id in the mutexTry non-recursive path.
    • Ensure consistent atomic writes (atomic.StoreInt32) to prevent data races with atomic loads in mutexHeld and mutexNotheld during concurrent execution.
    • See [GitLab merge request #104](https://gitlab.com/cznic/sqlite/-/merge_requests/104), thanks Josh Bleecher Snyder!
    • Fix resource leak in (*Backup).Commit where the destination connection was not closed on error.
    • Ensure dstConn is properly closed when sqlite3_backup_finish fails, preventing file descriptor, TLS, and memory leaks.
    • See [GitLab merge request #105](https://gitlab.com/cznic/sqlite/-/merge_requests/105), thanks Josh Bleecher Snyder!
    • Fix Exec to fully drain rows when encountering SQLITE_ROW, preventing silent data loss in DML statements.
    • Previously, Exec aborted after the first row, meaning INSERT, UPDATE, or DELETE statements with a RETURNING clause would fail to process subsequent rows. The execution path now correctly loops until SQLITE_DONE and properly respects context cancellations during the drain loop, fully aligning with native C sqlite3_exec semantics.
    • See [GitLab merge request #106](https://gitlab.com/cznic/sqlite/-/merge_requests/106), thanks Josh Bleecher Snyder!
    • Fix "Shadowed err value (stmt.go)".
    • See [GitLab issue #249](https://gitlab.com/cznic/sqlite/-/work_items/249), thanks Emrecan BATI!
    • Fix silent omission of virtual table savepoint callbacks by correctly setting the sqlite3_module version.
    • See [GitLab merge request #107](https://gitlab.com/cznic/sqlite/-/merge_requests/107), thanks Josh Bleecher Snyder!
    • Fix vfsRead to properly handle partial and fragmented reads from io.Reader.

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the go-minor-patch group
8d50689 
Bumps the go-minor-patch group in /sast-engine with 2 updates: [github.com/posthog/posthog-go](https://github.com/posthog/posthog-go) and [modernc.org/sqlite](https://gitlab.com/cznic/sqlite).


Updates `github.com/posthog/posthog-go` from 1.12.5 to 1.12.6
- [Release notes](https://github.com/posthog/posthog-go/releases)
- [Changelog](https://github.com/PostHog/posthog-go/blob/main/CHANGELOG.md)
- [Commits](PostHog/posthog-go@v1.12.5...v1.12.6)

Updates `modernc.org/sqlite` from 1.50.0 to 1.50.1
- [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md)
- [Commits](https://gitlab.com/cznic/sqlite/compare/v1.50.0...v1.50.1)

---
updated-dependencies:
- dependency-name: github.com/posthog/posthog-go
  dependency-version: 1.12.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
- dependency-name: modernc.org/sqlite
  dependency-version: 1.50.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels May 22, 2026
@safedep

safedep Bot commented May 22, 2026
edited
Loading

Copy link
Copy Markdown

SafeDep Report Summary

Green Malicious Packages Badge Green Vulnerable Packages Badge Green Risky License Badge

Package Details
Package Malware Vulnerability Risky License Report
icon github.com/posthog/posthog-go @ v1.12.6
sast-engine/go.mod		 ok icon
 ok icon
 ok icon
 🔗
icon github.com/spf13/pflag @ v1.0.10
sast-engine/go.mod		 ok icon
 ok icon
 ok icon
 🔗
icon modernc.org/sqlite @ v1.50.1
sast-engine/go.mod		 ok icon
 ok icon
 ok icon
 🔗

View complete scan results →

This report is generated by SafeDep Github App

@CLAassistant

CLAassistant commented May 22, 2026

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@github-actions

github-actions Bot commented May 22, 2026

Copy link
Copy Markdown

Code Pathfinder Security Scan

Pass Critical High Medium Low Info

No security issues detected.

Metric Value
Files Scanned 2
Rules 205

Powered by Code Pathfinder

@code-pathfinder

code-pathfinder Bot commented May 22, 2026

Copy link
Copy Markdown

Pathfinder Report

No security findings on the changed files. This pull request is clean.

View report on the dashboard

Powered by Code Pathfinder.

@dependabot @github

dependabot Bot commented on behalf of github May 22, 2026

Copy link
Copy Markdown
Contributor Author

The group that created this PR has been removed from your configuration.

@dependabot dependabot Bot closed this May 22, 2026
@dependabot dependabot Bot deleted the dependabot/go_modules/sast-engine/go-minor-patch-45a0a5ab8a branch May 22, 2026 01:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@CLAassistant