fix(deps): bump the go-deps group with 4 updates by dependabot[bot] · Pull Request #227 · SimplyLiz/CodeMCP

dependabot · 2026-04-28T08:56:42Z

Bumps the go-deps group with 4 updates: github.com/sourcegraph/go-diff, golang.org/x/crypto, golang.org/x/sys and modernc.org/sqlite.

Updates github.com/sourcegraph/go-diff from 0.7.0 to 0.8.0

Release notes

Sourced from github.com/sourcegraph/go-diff's releases.

v0.8.0

What's Changed

remove unnecessary dependencies by @yuxiang-zhang in sourcegraph/go-diff#69

Make strict dropCR behavior optional via ParseOptions by @EmmanuelAC1 in sourcegraph/go-diff#78

Add new functionaltiy for reversing diffs. by @vslashg in sourcegraph/go-diff#72

Full Changelog: sourcegraph/go-diff@v0.7.0...v0.8.0

Commits

654d317 bump minimum go 1.14 -> 1.20
a839d2c Add new functionaltiy for reversing diffs. (#72)
3751ac7 add go test github workflow (#79)
205a5dd remove outdated scip workflow
c9dad3b diff: simplify readLine branching
922f9d3 diff: share lineReader cache initialization
45b1037 diff: remove stale lineReader comment
6ebdcc0 Make strict dropCR behavior optional via ParseOptions (#78)
005b930 chore: removed the inactive badge travis (#73)
9f2e185 Merge pull request #71 from sourcegraph/nsc/lsifgo-to-scipgo
Additional commits viewable in compare view

Updates golang.org/x/crypto from 0.49.0 to 0.50.0

Commits

03ca0dc go.mod: update golang.org/x dependencies
8400f4a ssh: respect signer's algorithm preference in pickSignatureAlgorithm
81c6cb3 ssh: swap cbcMinPaddingSize to cbcMinPacketSize to get encLength
See full diff in compare view

Updates golang.org/x/sys from 0.42.0 to 0.43.0

Commits

f33a730 windows: support nil security descriptor on GetNamedSecurityInfo
493d172 cpu: add runtime import in cpu_darwin_arm64_other.go
2c2be75 windows: use syscall.SyscallN in Proc.Call
a76ec62 cpu: roll back "use IsProcessorFeaturePresent to calculate ARM64 on windows"
See full diff in compare view

Updates modernc.org/sqlite from 1.48.0 to 1.50.0

Changelog

Sourced from modernc.org/sqlite's changelog.

Changelog

2026-04-24 v1.50.0:

Upgrade to sqlite-vec v0.1.9.

Introduce ColumnInfo, enabling dynamic query builders and ORMs to retrieve underlying SQLite C-API metadata (OriginName, TableName, DatabaseName, and DeclType).

This feature is exposed via the idiomatic database/sql escape hatch (*sql.Conn).Raw(), avoiding custom statement handles and keeping the standard library workflow intact.

See [GitLab merge request #113](https://gitlab.com/cznic/sqlite/-/merge_requests/113), thanks Josh Bleecher Snyder!

2026-04-17 v1.49.0: Upgrade to SQLite 3.53.0.

Added -DSQLITE_ENABLE_DBPAGE_VTAB to the transpilation. See "The SQLITE_DBPAGE Virtual Table" for details.

2026-04-06 v1.48.2:

Fix ABI mapping mismatch in the pre-update hook trampoline that caused silent truncation of large 64-bit RowIDs.

Ensure the Go trampoline signature correctly aligns with the public sqlite3_preupdate_hook C API, preventing data corruption for high-entropy keys (e.g., Snowflake IDs).

See [GitLab merge request #98](https://gitlab.com/cznic/sqlite/-/merge_requests/98), thanks Josh Bleecher Snyder!

Fix the memory allocator used in (*conn).Deserialize.

Replace tls.Alloc with sqlite3_malloc64 to prevent internal allocator corruption. This ensures the buffer is safely owned by SQLite, which may resize or free it due to the SQLITE_DESERIALIZE_RESIZEABLE and SQLITE_DESERIALIZE_FREEONCLOSE flags.

Prevent a memory leak by properly freeing the allocated buffer if fetching the main database name fails before handing ownership to SQLite.

See [GitLab merge request #100](https://gitlab.com/cznic/sqlite/-/merge_requests/100), thanks Josh Bleecher Snyder!

Fix (*conn).Deserialize to explicitly reject nil or empty byte slices.

Prevent silent database disconnection and connection pool corruption caused by SQLite's default behavior when sqlite3_deserialize receives a 0-length buffer.

See [GitLab merge request #101](https://gitlab.com/cznic/sqlite/-/merge_requests/101), thanks Josh Bleecher Snyder!

Fix commitHookTrampoline and rollbackHookTrampoline signatures by removing the unused pCsr parameter.

Aligns internal hook callbacks accurately with the underlying SQLite C API, cleaning up the code to prevent potential future confusion or bugs.

See [GitLab merge request #102](https://gitlab.com/cznic/sqlite/-/merge_requests/102), thanks Josh Bleecher Snyder!

Fix checkptr instrumentation failures during go test -race when registering and using virtual tables (vtab).

Allocate sqlite3_module instances using the C allocator (libc.Xcalloc) instead of the Go heap. This ensures transpiled C code can safely perform pointer operations on the struct without tripping Go's pointer checks.

See [GitLab merge request #103](https://gitlab.com/cznic/sqlite/-/merge_requests/103), thanks Josh Bleecher Snyder!

Fix data race on mutex.id in the mutexTry non-recursive path.

Ensure consistent atomic writes (atomic.StoreInt32) to prevent data races with atomic loads in mutexHeld and mutexNotheld during concurrent execution.

See [GitLab merge request #104](https://gitlab.com/cznic/sqlite/-/merge_requests/104), thanks Josh Bleecher Snyder!

Fix resource leak in (*Backup).Commit where the destination connection was not closed on error.

Ensure dstConn is properly closed when sqlite3_backup_finish fails, preventing file descriptor, TLS, and memory leaks.

See [GitLab merge request #105](https://gitlab.com/cznic/sqlite/-/merge_requests/105), thanks Josh Bleecher Snyder!

Fix Exec to fully drain rows when encountering SQLITE_ROW, preventing silent data loss in DML statements.

Previously, Exec aborted after the first row, meaning INSERT, UPDATE, or DELETE statements with a RETURNING clause would fail to process subsequent rows. The execution path now correctly loops until SQLITE_DONE and properly respects context cancellations during the drain loop, fully aligning with native C sqlite3_exec semantics.

See [GitLab merge request #106](https://gitlab.com/cznic/sqlite/-/merge_requests/106), thanks Josh Bleecher Snyder!

Fix "Shadowed err value (stmt.go)".

See [GitLab issue #249](https://gitlab.com/cznic/sqlite/-/work_items/249), thanks Emrecan BATI!

Fix silent omission of virtual table savepoint callbacks by correctly setting the sqlite3_module version.

See [GitLab merge request #107](https://gitlab.com/cznic/sqlite/-/merge_requests/107), thanks Josh Bleecher Snyder!

Fix vfsRead to properly handle partial and fragmented reads from io.Reader.

Replace f.Read with io.ReadFull to ensure the buffer is fully populated, preventing premature SQLITE_IOERR_SHORT_READ errors on valid mid-stream partial reads. Unread tail bytes at EOF are now efficiently zero-filled using the built-in clear function.

See [GitLab merge request #108](https://gitlab.com/cznic/sqlite/-/merge_requests/108), thanks Josh Bleecher Snyder!

Refactor internal error formatting to safely handle uninitialized or closed database pointers.

Prevent a misleading "out of memory" error message when an operation fails and the underlying SQLite database handle is NULL (db == 0).

See [GitLab merge request #109](https://gitlab.com/cznic/sqlite/-/merge_requests/109), thanks Josh Bleecher Snyder!

Fix error handling in database backup and restore initialization (sqlite3_backup_init).

Ensure error codes and messages are accurately read from the destination database handle rather than hardcoding the source or remote handle. This prevents swallowed errors or mismatched "not an error" messages when a backup or restore operation fails to start.

See [GitLab merge request #111](https://gitlab.com/cznic/sqlite/-/merge_requests/111), thanks Josh Bleecher Snyder!

... (truncated)

Commits

e220cc9 CHANGELOG.md: add !113
a58d5e5 Merge branch 'columns' into 'master'
119d8b1 add ColumnInfo, for inspecting query columns
c353a4f upgrade to sqlite-vec v0.1.9
fe575e4 doc.go: update SQLite version
3ccb9ca upgrade to SQLite 3.53.0
df16977 CHANGELOG.md: add !112
172c395 Merge branch 'fix-openv2-handle-leak' into 'master'
2719730 fix openV2 handle leak, TLS leak, and misleading error on failed open
53c87f6 CHANGELOG.md: add !111
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go-deps group with 4 updates: [github.com/sourcegraph/go-diff](https://github.com/sourcegraph/go-diff), [golang.org/x/crypto](https://github.com/golang/crypto), [golang.org/x/sys](https://github.com/golang/sys) and [modernc.org/sqlite](https://gitlab.com/cznic/sqlite). Updates `github.com/sourcegraph/go-diff` from 0.7.0 to 0.8.0 - [Release notes](https://github.com/sourcegraph/go-diff/releases) - [Commits](sourcegraph/go-diff@v0.7.0...v0.8.0) Updates `golang.org/x/crypto` from 0.49.0 to 0.50.0 - [Commits](golang/crypto@v0.49.0...v0.50.0) Updates `golang.org/x/sys` from 0.42.0 to 0.43.0 - [Commits](golang/sys@v0.42.0...v0.43.0) Updates `modernc.org/sqlite` from 1.48.0 to 1.50.0 - [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md) - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.48.0...v1.50.0) --- updated-dependencies: - dependency-name: github.com/sourcegraph/go-diff dependency-version: 0.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: golang.org/x/crypto dependency-version: 0.50.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: golang.org/x/sys dependency-version: 0.43.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps - dependency-name: modernc.org/sqlite dependency-version: 1.50.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-deps ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-04-28T09:00:05Z

🟢 Change Impact Analysis

Metric	Value
Risk Level	LOW 🟢
Files Changed	1
Symbols Changed	1
Directly Affected	0
Transitively Affected	0

Blast Radius: 0 modules, 0 files, 0 unique callers

📝 Changed Symbols (1)

Symbol	File	Type	Confidence
`go.mod`	`go.mod`	modified	30%

Recommendations

ℹ️ coverage: 1 symbols have low mapping confidence. Index may be stale.
- Action: Run 'ckb index' to refresh the SCIP index

_{Generated by CKB}

github-actions · 2026-04-28T09:01:01Z

CKB Analysis

🎯 1 changed → 0 affected · 🔥 2 hotspots · 📚 197 stale

Risk factors: Touches 2 hotspot(s)

👥 Suggested: @lisa.welsch1985@gmail.com (100%), @talantyyr@gmail.com (100%), @lisa@tastehub.io (50%)

Metric	Value
Impact Analysis	1 symbols → 0 affected	🟢
Doc Coverage	6.598984771573605%	⚠️
Complexity	0 violations	✅
Coupling	0 gaps	✅
Blast Radius	0 modules, 0 files	✅
Index	indexed (0s)	🆕

🎯 Change Impact Analysis · 🟢 LOW · 1 changed → 0 affected

Metric	Value
Symbols Changed	1
Directly Affected	0
Transitively Affected	0
Modules in Blast Radius	0
Files in Blast Radius	0

Symbols changed in this PR:

go.mod [modified] (30%) — go.mod

Recommendations:

ℹ️ 1 symbols have low mapping confidence. Index may be stale.
- Action: Run 'ckb index' to refresh the SCIP index

🔥 Hotspots · 2 volatile files

File	Churn Score
`go.mod`	7.17
`go.sum`	8.51

💡 Quick wins · 10 suggestions

🟡 Add tests → internal/webhooks/webhooks_test.go
🟡 Add tests → internal/daemon/daemon_test.go
🟡 Add tests → internal/query/navigation_extended_test.go
🟡 Add tests → internal/backends/scip/references.go
🟡 Add tests → internal/webhooks/format_test.go
🟢 Assign backup owner → internal/webhooks/webhooks_test.go
🟢 Assign backup owner → internal/daemon/daemon_test.go
🟢 Assign backup owner → internal/query/navigation_extended_test.go

📚 Stale docs · 197 broken references

docs/CONTRIBUTING.md:108 → errors.New
docs/CONTRIBUTING.md:108 → errors.SYMBOL_NOT_FOUND
docs/CONTRIBUTING.md:111 → errors.Wrap
docs/backlog/index-refresh-improvements.md:36 → watcher.Add
docs/backlog/index-refresh-improvements.md:36 → filepath.Join
docs/backlog/index-refresh-improvements.md:97 → time.Second
docs/featureplans/change-impact-analysis-checklist.md:208 → coverage.out
docs/featureplans/change-impact-analysis-checklist.md:214 → lcov.info
docs/featureplans/change-impact-analysis-checklist.md:309 → coverage.out
docs/featureplans/change-impact-analysis.md:448 → scip.SCIPIndex
docs/featureplans/change-impact-analysis.md:478 → context.Context
docs/featureplans/change-impact-analysis.md:669 → coverage.out
docs/features/a2a/overview.md:41 → index.initialized
docs/features/a2a/overview.md:42 → index.fresh
docs/features/a2a/overview.md:43 → index.commitsBehind

_{Generated by CKB · Run details}

github-actions · 2026-04-28T09:05:27Z

CKB Review: ✅ PASS — 98/100

2 files (+77 changes) · 2 modules

Changes 2 files across 2 modules. No blocking issues found.

Check	Status	Detail
hotspots	ℹ️ INFO	2 hotspot file(s) touched
blast-radius	ℹ️ INFO	No symbols with callers in changes
dead-code	✅ PASS	No dead code in changed files
unwired	✅ PASS	All exported symbols are reachable from entrypoints
breaking	✅ PASS	No breaking API changes
risk	✅ PASS	Risk score: 0.20 (low)
test-gaps	✅ PASS	All changed functions have tests
coupling	✅ PASS	No missing co-change files
secrets	✅ PASS	No secrets detected
complexity	✅ PASS	No significant complexity increase
comment-drift	✅ PASS	No comment/code drift detected
format-consistency	✅ PASS	No format consistency issues
bug-patterns	✅ PASS	No bug patterns detected
health	✅ PASS	No significant health changes
tests	✅ PASS	0 test(s) cover the changes
arch-health	⚪ SKIP	Cartographer not compiled in this build
layers	⚪ SKIP	Cartographer not compiled in this build

Change Breakdown

Category	Files	Review Priority
config	2	🟢 Quick check

Code Health

Estimated review: ~19min (trivial)

Reviewers: lisa.welsch1985 (100%) · talantyyr (100%) · lisa (50%)

dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Apr 28, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix(deps): bump the go-deps group with 4 updates#227

fix(deps): bump the go-deps group with 4 updates#227
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/go_modules/develop/go-deps-fe3bba37eb

dependabot Bot commented on behalf of github Apr 28, 2026

Uh oh!

github-actions Bot commented Apr 28, 2026

Uh oh!

github-actions Bot commented Apr 28, 2026

Uh oh!

github-actions Bot commented Apr 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github Apr 28, 2026

v0.8.0

What's Changed

Changelog

Uh oh!

github-actions Bot commented Apr 28, 2026

🟢 Change Impact Analysis

Recommendations

Uh oh!

github-actions Bot commented Apr 28, 2026

CKB Analysis

Uh oh!

github-actions Bot commented Apr 28, 2026

CKB Review: ✅ PASS — 98/100

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants