build(deps): bump the dependencies group across 2 directories with 10 updates

[dependabot]

Bumps the dependencies group with 6 updates in the / directory:

Package	From	To
github.com/containerd/containerd/v2	2.2.3	2.3.0
github.com/fsnotify/fsnotify	1.9.0	1.10.0
github.com/huandu/go-sqlbuilder	1.40.2	1.41.0
github.com/vektah/gqlparser/v2	2.5.32	2.5.33
google.golang.org/grpc	1.80.0	1.81.0
gopkg.in/ini.v1	1.67.1	1.67.2

Bumps the dependencies group with 3 updates in the /e2e directory: github.com/go-sql-driver/mysql, github.com/microsoft/go-mssqldb and modernc.org/sqlite.

Updates github.com/containerd/containerd/v2 from 2.2.3 to 2.3.0

Release notes

Sourced from github.com/containerd/containerd/v2's releases.

containerd 2.3.0

Welcome to the v2.3.0 release of containerd!

The third minor release of containerd 2.x focuses on continued stability alongside new features and improvements. This is the third time-based release for containerd.

Starting with containerd 2.3, the project has moved to release cadence aligned with the Kubernetes release schedule, with new minor releases about every 4 months. The containerd 2.3 release is also the first annual LTS (Long Term Stable) release under this new schedule, with support planned for at least two years. Direct upgrades between sequential LTS releases (e.g., 1.7 to 2.3) will be tested and supported.

Highlights

• Add transfer types for container filesystem copy (#13165)
• Add option to inject trace ID to logs (#13117)
• Propagate OpenTelemetry traces in outgoing RPCs from plugin clients (#13113)
• Update plugin config migration to run on load (#12608)
• Update sandbox API to include spec field (#12840)

Container Runtime Interface (CRI)

• Allow containers to use user namespaces with host networking (#12518)
• Wire UpdatePodSandboxResources to Sandbox API (#13118)
• Unpack images with per-layer labels for specific runtime (#12835)
• Populate ImageId field in container status (#12787)
• Set annotations parameter in CreateSandbox request (#12566)
• Add background stats collector to calculate UsageNanoCores for containers and pod sandboxes (#12629)

Image Distribution

• Support zstd-wrapped EROFS layers (#13185)
• Add os.features support for EROFS native container images (#13091)
• Add EROFS layer media type (#12567)

Image Storage

• Add dmverity support to the erofs snapshotter (#12502)
• Use fsmount API to avoid PAGE_SIZE limit for erofs (#12783)

Node Resource Interface (NRI)

• Pass container user (uid, gids) to plugins (#12769)
• Pass seccomp policy to plugins (#12768)
• Pass any POSIX rlimits to plugins (#12765)
• Pass extended container status to NRI. (#12770)
• Pass injected CDI devices to plugins (#12767)
• Pass linux sysctl to plugins (#12766)
• Use dedicated RPC calls for all pod and container life-cycle events via the NRI wire protocol (containerd/nri#274)
• Add basic metrics collection for the NRI framework (containerd/nri#277)

... (truncated)

Changelog

Sourced from github.com/containerd/containerd/v2's changelog.

Versioning and Release

This document details the versioning and release plan for containerd. Stability is a top goal for this project, and we hope that this document and the processes it entails will help to achieve that. It covers the release process, versioning numbering, backporting, API stability and support horizons.

If you rely on containerd, it would be good to spend time understanding the areas of the API that are and are not supported and how they impact your project in the future.

This document will be considered a living document. Supported timelines, backport targets and API stability guarantees will be updated here as they change.

If there is something that you require or this document leaves out, please reach out by filing an issue.

Releases

Releases of containerd will be versioned using dotted triples, similar to Semantic Version. For the purposes of this document, we will refer to the respective components of this triple as <major>.<minor>.<patch>. The version number may have additional information, such as alpha, beta and release candidate qualifications. Such releases will be considered "pre-releases".

Major and Minor Releases

Major and minor releases of containerd will be made from main. Releases of containerd will be marked with GPG signed tags and announced at https://github.com/containerd/containerd/releases. The tag will be of the format v<major>.<minor>.<patch> and should be made with the command git tag -s v<major>.<minor>.<patch>.

After a minor release, a branch will be created, with the format release/<major>.<minor> from the minor tag. All further patch releases will be done from that branch. For example, once we release v1.0.0, a branch release/1.0 will be created from that tag. All future patch releases will be done against that branch.

Release Cadence

Since containerd v2.3 in April 2026, minor releases are provided on a time basis with a cadence of 4 months. New minor releases are scheduled for April, August, and December of each year. This cadence is synchronized with the Kubernetes release schedule to ensure that new features in containerd can be smoothly adopted by new Kubernetes releases.

The maintainers will maintain a roadmap and milestones for each release, however,

... (truncated)

Commits

• 2976f38 Merge pull request #13325 from dmcgowan/prepare-v2.3.0
• 77eeb2d Prepare release notes for v2.3.0
• c55ada3 Update api to v1.11.0
• ebf4404 Update release document
• f49640e Merge pull request #13321 from dmcgowan/remove-erofs-fsmerge-threshold
• e3d5fe8 Merge pull request #13322 from dmcgowan/prepare-api-v1.11.0
• ee17fa1 Merge pull request #13317 from fuweid/fix-merge-issue
• b7f8c35 erofs: remove fsmerge threshold from snapshotter
• 8f2fce4 Prepare release notes for v1.11.0
• ce2955c Merge pull request #13319 from mxpv/depr
• Additional commits viewable in compare view

Updates github.com/fsnotify/fsnotify from 1.9.0 to 1.10.0

Release notes

Sourced from github.com/fsnotify/fsnotify's releases.

v1.10.0

This version of fsnotify needs Go 1.23.

Changes and fixes

• inotify: improve initialization error message (#731)

• inotify: send Rename event if recursive watch is renamed (#696)

• inotify: avoid copying event buffers when reading names (#741)

• kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#748)

• kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#740)

• windows: fix nil pointer dereference in remWatch (#736)

• windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#709, #749)

#696: fsnotify/fsnotify#696 #709: fsnotify/fsnotify#709 #731: fsnotify/fsnotify#731 #736: fsnotify/fsnotify#736 #740: fsnotify/fsnotify#740 #741: fsnotify/fsnotify#741 #748: fsnotify/fsnotify#748 #749: fsnotify/fsnotify#749

Changelog

Sourced from github.com/fsnotify/fsnotify's changelog.

1.10.0 2026-04-30

This version of fsnotify needs Go 1.23.

Changes and fixes

• inotify: improve initialization error message (#731)

• inotify: send Rename event if recursive watch is renamed (#696)

• inotify: avoid copying event buffers when reading names (#741)

• kqueue: skip dangling symlinks (ENOENT) in watchDirectoryFiles, so a bad entry no longer aborts Watcher.Add for the whole directory (#748)

• kqueue: drop watches directly in Close() to fix a file descriptor leak when recycling watchers (#740)

• windows: fix nil pointer dereference in remWatch (#736)

• windows: lock watch field updates against concurrent WatchList to fix a race introduced in v1.9.0 (#709, #749)

#696: fsnotify/fsnotify#696 #709: fsnotify/fsnotify#709 #731: fsnotify/fsnotify#731 #736: fsnotify/fsnotify#736 #740: fsnotify/fsnotify#740 #741: fsnotify/fsnotify#741 #748: fsnotify/fsnotify#748 #749: fsnotify/fsnotify#749

Commits

• 8d01d7b Release 1.10.0
• 602284e Update changelog
• 7f03e59 kqueue: skip ENOENT entries in watchDirectoryFiles (#748)
• dab9dde windows: lock watch field updates against concurrent WatchList (#709) (#749)
• eadf267 kqueue: drop watches directly in Close() instead of going through remove() (#...
• fdcafbf avoid copying inotify event buffers (#741)
• 7cf61a8 update minimum Go version requirement to 1.23 in README.md (#747)
• 907df2a run go fix ./... (#746)
• e53b542 all: bump minimum Go version to 1.23 (#744)
• 0ead6d1 windows: re-enable chanClosed check in TestClose/events_not_read (#743)
• Additional commits viewable in compare view

Updates github.com/huandu/go-sqlbuilder from 1.40.2 to 1.41.0

Release notes

Sourced from github.com/huandu/go-sqlbuilder's releases.

v1.41.0

• [NEW] Add an option NoExpand to change default field "expand" behavior for backward compatibility. See #237 for details.

NOTE: Starting from v1.40.0, the Struct utility type defaults to expanding non-primitive struct fields. This change caused unexpected behavior for some users. To address this without reverting the features introduced in v1.40.0, we have introduced a NoExpand configuration. When set to true, all fields will default to no expansion (preserving legacy behavior). You can still opt-in to expansion for specific fields by using the fieldopt:"expand" tag.

Full Changelog: huandu/go-sqlbuilder@v1.40.0...v1.41.0

Commits

• 4483721 fix #237: add option NoExpand to control default field "expand" behavior
• See full diff in compare view

Updates github.com/vektah/gqlparser/v2 from 2.5.32 to 2.5.33

Release notes

Sourced from github.com/vektah/gqlparser/v2's releases.

v2.5.33

What's Changed

• fix: allow repeatable directives on GraphQL document by @​fredzqm in vektah/gqlparser#418
• feat: create a new ScalarLeafsRuleWithoutSuggestions validator rule by @​XuankangLin in vektah/gqlparser#413
• refactor: format lines in scalar_leafs.go by @​XuankangLin in vektah/gqlparser#423
• Fix negative Position.Column for definitions with block string descriptions (#254) by @​riwal42c in vektah/gqlparser#422
• Update spec to 2023 version by @​StevenACoffman in vektah/gqlparser#401
• Bump picomatch from 2.3.1 to 2.3.2 in /validator/imported by @​dependabot[bot] in vektah/gqlparser#420
• Bump @​babel/preset-env from 7.29.0 to 7.29.2 in /validator/imported in the actions-deps group by @​dependabot[bot] in vektah/gqlparser#419
• Bump brace-expansion from 1.1.12 to 1.1.13 in /validator/imported by @​dependabot[bot] in vektah/gqlparser#421
• Bump prettier from 3.8.1 to 3.8.2 in /validator/imported in the actions-deps group by @​dependabot[bot] in vektah/gqlparser#424
• Bump prettier from 3.8.2 to 3.8.3 in /validator/imported in the actions-deps group by @​dependabot[bot] in vektah/gqlparser#425
• Bump minimatch from 3.0.4 to 3.1.5 in /validator/imported by @​dependabot[bot] in vektah/gqlparser#417

New Contributors

• @​XuankangLin made their first contribution in vektah/gqlparser#413
• @​riwal42c made their first contribution in vektah/gqlparser#422

Full Changelog: vektah/gqlparser@v2.5.32...v2.5.33

Commits

• 41b7913 Bump minimatch from 3.0.4 to 3.1.5 in /validator/imported (#417)
• 3c33bbe Bump prettier in /validator/imported in the actions-deps group (#425)
• f63b51f Update spec to 2023 version (#401)
• 1f1383c Bump prettier in /validator/imported in the actions-deps group (#424)
• 0219010 Fix negative Position.Column for definitions with block string descriptions (...
• 16bf3c4 refactor: format lines in scalar_leafs.go (#423)
• be67708 Bump brace-expansion from 1.1.12 to 1.1.13 in /validator/imported (#421)
• 61efb18 feat: create a new ScalarLeafsRuleWithoutSuggestions validator rule (#413)
• a9bb464 feat(validator): handle repeatable directives correctly (#418)
• b239ec3 Bump @​babel/preset-env in /validator/imported in the actions-deps group (#419)
• Additional commits viewable in compare view

Updates google.golang.org/grpc from 1.80.0 to 1.81.0

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.81.0

Behavior Changes

• balancer/rls: Switch gauge metrics to asynchronous emission (once per collection cycle) to reduce telemetry noise and align with other gRPC language implementations. (#8808)

Dependencies

• Minimum supported Go version is now 1.25. (#8969)

Bug Fixes

• xds: Use the leaf cluster's security config for the TLS handshake instead of the aggregate cluster's config. (#8956)
• transport: Send a RST_STREAM when receiving an END_STREAM when the stream is not already half-closed. (#8832)
• xds: Fix ADS resource name validation to prevent a panic. (#8970)

New Features

• grpc/stats: Add support for custom labels in per-call metrics (gRFC A108). (#9008)
• xds: Add support for Server Name Indication (SNI) and SAN validation (gRFC A101). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_SNI=true environment variable. (#9016)
• xds: Add support to control which fields get propagated from ORCA backend metric reports to LRS load reports (gRFC A85). Disabled by default. To enable, set GRPC_EXPERIMENTAL_XDS_ORCA_LRS_PROPAGATION=true. (#9005)
• xds: Add metrics to track xDS client connectivity and cached resource state (gRFC A78). (#8807)
• stats/otel: Enhance grpc.subchannel.disconnections metric by adding disconnection reason to the grpc.disconnect_error label (gRFC A94). This provides granular insights into why subchannels are closing. (#8973)
• mem: Add mem.Buffer.Slice() API to slice the buffer like a slice. (#8977)
  • Special Thanks: @​ash2k

Performance Improvements

• alts: Pool read buffers to lower memory utilization when sockets are unreadable. (#8964)
• transport: Pool HTTP/2 framer read buffers to reduce idle memory consumption. Currently limited to Linux for ALTS and non-encrypted transports (TCP, Unix). To disable, set GRPC_GO_EXPERIMENTAL_HTTP_FRAMER_READ_BUFFER_POOLING=false and report any issues. (#9032)

Commits

• cb18228 Change version to 1.81.0 (#9062)
• 96748f9 Cherry-pick #9105 to 1.81.x (#9106)
• 9183222 Cherry pick #9055, #9032 to v1.81.x (#9095)
• 5cba6da Revert "deps: update dependencies for all modules (#9065)" (#9067)
• af8a936 deps: update dependencies for all modules (#9065)
• cdc60df transport: optimize heap allocations in ready reader and update syscall conne...
• 208d053 xds/resolver: pass complete XDSConfig in RPC context for HTTP filters (gRFC A...
• 50fe1cc test: Fix flaky test TestServerStreaming_ClientCallRecvMsgTwice in `end2end...
• d574bad build(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 (#9050)
• b8bf4d0 build(deps): bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 in /inte...
• Additional commits viewable in compare view

Updates google.golang.org/protobuf from 1.36.11 to 1.36.12-0.20260120151049-f2248ac996af

Updates gopkg.in/ini.v1 from 1.67.1 to 1.67.2

Updates github.com/go-sql-driver/mysql from 1.9.3 to 1.10.0

Release notes

Sourced from github.com/go-sql-driver/mysql's releases.

v1.10.0

What's Changed

• add Go 1.24 to the test matrix by @​shogo82148 in go-sql-driver/mysql#1681
• modernize for Go 1.22 by @​methane in go-sql-driver/mysql#1695
• test stability improvement. by @​methane in go-sql-driver/mysql#1698
• simplify collation tests by @​methane in go-sql-driver/mysql#1700
• fix bigint unsigned null column scan to err type int64 by @​elonnzhang in go-sql-driver/mysql#1612
• Transaction Commit/Rollback returns conn's cached error, if present by @​brad-defined in go-sql-driver/mysql#1691
• add BenchmarkReceive10kRowsCompress by @​methane in go-sql-driver/mysql#1704
• optimize readPacket by @​methane in go-sql-driver/mysql#1705
• MariaDB Metadata skipping and DEPRECATE_EOF by @​rusher in go-sql-driver/mysql#1708
• Optimization: statements reuse previous column name by @​methane in go-sql-driver/mysql#1711
• update outdated MySQL internals documentation links by @​demouth in go-sql-driver/mysql#1714
• fix PING on compressed connections by @​methane in go-sql-driver/mysql#1721
• add DeepWiki badge by @​methane in go-sql-driver/mysql#1722
• Update edwards25519 dependency to v1.1.1 by @​williamhaw in go-sql-driver/mysql#1749
• Configure Dependabot for Go modules by @​methane in go-sql-driver/mysql#1755
• Bump dominikh/staticcheck-action from 1.3.1 to 1.4.1 by @​dependabot[bot] in go-sql-driver/mysql#1759
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in go-sql-driver/mysql#1760
• Bump actions/setup-go from 5 to 6 by @​dependabot[bot] in go-sql-driver/mysql#1757
• fix staticcheck error by @​methane in go-sql-driver/mysql#1761
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in go-sql-driver/mysql#1758
• Fix getSystemVar buffer reuse by @​morgo in go-sql-driver/mysql#1754
• Consolidate Dependabot update noise by grouping weekly dependency PRs by @​Copilot in go-sql-driver/mysql#1762
• Bump filippo.io/edwards25519 from 1.1.1 to 1.2.0 by @​dependabot[bot] in go-sql-driver/mysql#1756
• CI: Update GitHub Actions Go matrix to 1.24–1.26 by @​Copilot in go-sql-driver/mysql#1763
• Enhance interpolateParams to correctly handle placeholders by @​rusher in go-sql-driver/mysql#1732
• modernize by @​methane in go-sql-driver/mysql#1764
• release v1.10.0 by @​methane in go-sql-driver/mysql#1765

New Contributors

• @​elonnzhang made their first contribution in go-sql-driver/mysql#1612
• @​brad-defined made their first contribution in go-sql-driver/mysql#1691
• @​rusher made their first contribution in go-sql-driver/mysql#1708
• @​demouth made their first contribution in go-sql-driver/mysql#1714
• @​williamhaw made their first contribution in go-sql-driver/mysql#1749
• @​dependabot[bot] made their first contribution in go-sql-driver/mysql#1759
• @​morgo made their first contribution in go-sql-driver/mysql#1754
• @​Copilot made their first contribution in go-sql-driver/mysql#1762

Full Changelog: go-sql-driver/mysql@v1.9.2...v1.10.0

Changelog

Sourced from github.com/go-sql-driver/mysql's changelog.

v1.10.0 (2026-04-28)

• Fix getSystemVar("max_allowed_packet") potentially returned wrong value. (#1754) This affects only when maxAllowedPacket=0 is set.

• Bump filippo.io/edwards25519 from 1.1.1 to 1.2.0. (#1756) While older versions have reported CVEs, they do not affect go-mysql.

• Update Go versions to 1.24-1.26. (#1763)

• Enhance interpolateParams to correctly handle placeholders. (#1732) The question mark (?) within strings and comments will no longer be treated as a placeholder.

Commits

• a065b60 release v1.10.0 (#1765)
• 09e4187 modernize (#1764)
• 6c44a9a Enhance interpolateParams to correctly handle placeholders (#1732)
• 688ce56 Update supported Go version to 1.24–1.26 (#1763)
• 118d07f Bump filippo.io/edwards25519 from 1.1.1 to 1.2.0 (#1756)
• d6b2d3e Consolidate Dependabot update noise by grouping weekly dependency PRs (#1762)
• 037dfd8 Fix getSystemVar buffer reuse (#1754)
• 900f330 Bump actions/checkout from 4 to 6 (#1758)
• ab9e380 fix staticcheck error (#1761)
• f298c66 Bump actions/setup-go from 5 to 6 (#1757)
• Additional commits viewable in compare view

Updates github.com/microsoft/go-mssqldb from 1.9.8 to 1.10.0

Release notes

Sourced from github.com/microsoft/go-mssqldb's releases.

v1.10.0

1.10.0 (2026-04-25)

Features

• add devcontainer for VS Code and GitHub Codespaces (#317) (b55beeb)
• add FailoverPartnerSPN connection string parameter (#327) (ea77c2e)
• add NewConnectorWithProcessQueryText for mssql driver compatibility (#341) (2be611f)
• add nullable civil types for date/time parameters (#325) (c10fa99)

Bug Fixes

• allow named pipe protocol support for ARM64 Windows (#232) (a82c058)
• configure release-please with PAT and correct component mapping (#349) (23bac05)
• detect server-aborted transactions to prevent silent auto-commit (XACT_ABORT) (#370) (586ea53)
• expose TrustServerCertificate in msdsn.Config and URL round-trip (#312) (9937cfe)
• handle COLINFO (0xA5) and TABNAME (0xA4) TDS tokens returned by tables with triggers (#343) (7c905ad)
• implement driver.DriverContext interface (#365) (1b610a0), closes #236
• make readCancelConfirmation respect context cancellation (#359) (65e137f)
• replace broken AppVeyor badge with GitHub Actions badge (#334) (d3429f5)
• return interface{} scanType for sql_variant instead of nil (#362) (296a83a), closes #186
• sanitize credentials from connection string parsing errors (#319) (93f5ef0)
• surface server errors from Rows.Close() during token drain (#361) (ea69792), closes #244

Changelog

Sourced from github.com/microsoft/go-mssqldb's changelog.

1.10.0 (2026-04-25)

Features

• add devcontainer for VS Code and GitHub Codespaces (#317) (b55beeb)
• add FailoverPartnerSPN connection string parameter (#327) (ea77c2e)
• add NewConnectorWithProcessQueryText for mssql driver compatibility (#341) (2be611f)
• add nullable civil types for date/time parameters (#325) (c10fa99)

Bug Fixes

• allow named pipe protocol support for ARM64 Windows (#232) (a82c058)
• configure release-please with PAT and correct component mapping (#349) (23bac05)
• detect server-aborted transactions to prevent silent auto-commit (XACT_ABORT) (#370) (586ea53)
• expose TrustServerCertificate in msdsn.Config and URL round-trip (#312) (9937cfe)
• handle COLINFO (0xA5) and TABNAME (0xA4) TDS tokens returned by tables with triggers (#343) (7c905ad)
• implement driver.DriverContext interface (#365) (1b610a0), closes #236
• make readCancelConfirmation respect context cancellation (#359) (65e137f)
• replace broken AppVeyor badge with GitHub Actions badge (#334) (d3429f5)
• return interface{} scanType for sql_variant instead of nil (#362) (296a83a), closes #186
• sanitize credentials from connection string parsing errors (#319) (93f5ef0)
• surface server errors from Rows.Close() during token drain (#361) (ea69792), closes #244

1.9.6

Features

• Added new serverCertificate connection parameter for byte-for-byte certificate validation, matching Microsoft.Data.SqlClient behavior. This parameter skips hostname validation, chain validation, and expiry checks, only verifying that the server's certificate exactly matches the provided file. This is useful when the server's hostname doesn't match the certificate CN/SAN. (#304)
• The existing certificate parameter maintains backward compatibility with traditional X.509 chain validation including hostname checks, expiry validation, and chain-of-trust verification.
• serverCertificate cannot be used with certificate or hostnameincertificate parameters to prevent conflicting validation methods.

1.9.3

Bug fixes

• Fix parsing of ADO connection strings with double-quoted values containing semicolons (#282)

1.9.2

Bug fixes

• Fix race condition in message queue query model (#277)

1.9.1

Bug fixes

• Fix bulk insert failure with datetime values near midnight due to day overflow (#271)

... (truncated)

Commits

• f92e6f0 chore(main): release 1.10.0 (#351)
• 03094d0 ci: add least-privilege permissions and pin actions to SHA (#354)
• 65e137f fix: make readCancelConfirmation respect context cancellation (#359)
• c10fa99 feat: add nullable civil types for date/time parameters (#325)
• 9937cfe fix: expose TrustServerCertificate in msdsn.Config and URL round-trip (#312)
• 429c61d chore(deps): bump googleapis/release-please-action from 4.4.1 to 5.0.0 in the...
• ea77c2e feat: add FailoverPartnerSPN connection string parameter (#327)
• 04d26c2 ci: add devcontainer build validation workflow (#355)
• b55beeb feat: add devcontainer for VS Code and GitHub Codespaces (#317)
• 586ea53 fix: detect server-aborted transactions to prevent silent auto-commit (XACT_A...
• Additional commits viewable in compare view

Updates modernc.org/sqlite from 1.49.1 to 1.50.0

Changelog

Sourced from modernc.org/sqlite's changelog.

Changelog

• 2026-05-10 v1.50.1:

  • Upgrade to SQLite 3.53.1.

• 2026-04-24 v1.50.0:

  • Upgrade to sqlite-vec v0.1.9.
  • Introduce ColumnInfo, enabling dynamic query builders and ORMs to retrieve underlying SQLite C-API metadata (OriginName, TableName, DatabaseName, and DeclType).
  • This feature is exposed via the idiomatic database/sql escape hatch (*sql.Conn).Raw(), avoiding custom statement handles and keeping the standard library workflow intact.
  • See [GitLab merge request #113](https://gitlab.com/cznic/sqlite/-/merge_requests/113), thanks Josh Bleecher Snyder!

• 2026-04-17 v1.49.0: Upgrade to SQLite 3.53.0.

  • Added -DSQLITE_ENABLE_DBPAGE_VTAB to the transpilation. See "The SQLITE_DBPAGE Virtual Table" for details.

• 2026-04-06 v1.48.2:

  • Fix ABI mapping mismatch in the pre-update hook trampoline that caused silent truncation of large 64-bit RowIDs.
  • Ensure the Go trampoline signature correctly aligns with the public sqlite3_preupdate_hook C API, preventing data corruption for high-entropy keys (e.g., Snowflake IDs).
  • See [GitLab merge request #98](https://gitlab.com/cznic/sqlite/-/merge_requests/98), thanks Josh Bleecher Snyder!
  • Fix the memory allocator used in (*conn).Deserialize.
  • Replace tls.Alloc with sqlite3_malloc64 to prevent internal allocator corruption. This ensures the buffer is safely owned by SQLite, which may resize or free it due to the SQLITE_DESERIALIZE_RESIZEABLE and SQLITE_DESERIALIZE_FREEONCLOSE flags.
  • Prevent a memory leak by properly freeing the allocated buffer if fetching the main database name fails before handing ownership to SQLite.
  • See [GitLab merge request #100](https://gitlab.com/cznic/sqlite/-/merge_requests/100), thanks Josh Bleecher Snyder!
  • Fix (*conn).Deserialize to explicitly reject nil or empty byte slices.
  • Prevent silent database disconnection and connection pool corruption caused by SQLite's default behavior when sqlite3_deserialize receives a 0-length buffer.
  • See [GitLab merge request #101](https://gitlab.com/cznic/sqlite/-/merge_requests/101), thanks Josh Bleecher Snyder!
  • Fix commitHookTrampoline and rollbackHookTrampoline signatures by removing the unused pCsr parameter.
  • Aligns internal hook callbacks accurately with the underlying SQLite C API, cleaning up the code to prevent potential future confusion or bugs.
  • See [GitLab merge request #102](https://gitlab.com/cznic/sqlite/-/merge_requests/102), thanks Josh Bleecher Snyder!
  • Fix checkptr instrumentation failures during go test -race when registering and using virtual tables (vtab).
  • Allocate sqlite3_module instances using the C allocator (libc.Xcalloc) instead of the Go heap. This ensures transpiled C code can safely perform pointer operations on the struct without tripping Go's pointer checks.
  • See [GitLab merge request #103](https://gitlab.com/cznic/sqlite/-/merge_requests/103), thanks Josh Bleecher Snyder!
  • Fix data race on mutex.id in the mutexTry non-recursive path.
  • Ensure consistent atomic writes (atomic.StoreInt32) to prevent data races with atomic loads in mutexHeld and mutexNotheld during concurrent execution.
  • See [GitLab merge request #104](https://gitlab.com/cznic/sqlite/-/merge_requests/104), thanks Josh Bleecher Snyder!
  • Fix resource leak in (*Backup).Commit where the destination connection was not closed on error.
  • Ensure dstConn is properly closed when sqlite3_backup_finish fails, preventing file descriptor, TLS, and memory leaks.
  • See [GitLab merge request #105](https://gitlab.com/cznic/sqlite/-/merge_requests/105), thanks Josh Bleecher Snyder!
  • Fix Ex...

    Description has been truncated

[srenatus]

@dependabot recreate

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.