Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump sqlite3 from 1.7.3 to 2.1.1 #229

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 28, 2024

Bumps sqlite3 from 1.7.3 to 2.1.1.

Release notes

Sourced from sqlite3's releases.

2.1.1 / 2024-10-22

Dependencies

8e66a55e17ab5251d8a3e86c95fa79676d7b6f9657f5a2bade6604d69e15fc6f  sqlite3-2.1.1-aarch64-linux-gnu.gem
74bb21dade2c31eb9de8bcb410ed0a5b5e2d3bfe8643ad129b38d8452e2e46ce  sqlite3-2.1.1-aarch64-linux-musl.gem
964d03e90952b355827a6c981511304c36d6cb552a894112720655793d09b78c  sqlite3-2.1.1-arm64-darwin.gem
c42e2888360ba68bcb11e56b6df253ccdd650208f9ee25acbe0df1d3b8776113  sqlite3-2.1.1-arm-linux-gnu.gem
2e3adc9f0d42287376ee3dbf2176fd01a100c6588271ad8418ea70758a161a06  sqlite3-2.1.1-arm-linux-musl.gem
08ef9a277f25665bf237f16f7c68ec22b79100d1abe256e566a5e23337a62cf6  sqlite3-2.1.1.gem
8b027802f064007e0dc87f26eda4479aaf3e7ae1e8708c9b851522ea7c1dfa64  sqlite3-2.1.1-x64-mingw-ucrt.gem
b38eac8abe54341d4cc8ffa4285f78755e07852f82559b2815e7b85e353d398c  sqlite3-2.1.1-x86_64-darwin.gem
f2cd96fe785f6928d1696751b54dac854dda880db67cd54525838d5849a5c1b9  sqlite3-2.1.1-x86_64-linux-gnu.gem
e7f43e4f0fbe575ebaf437489bd12c90464c8d287af14d3879359e4ac1e6a820  sqlite3-2.1.1-x86_64-linux-musl.gem
b2e0d4479c505af22e93172abc0e34979c5d8ba55d7139be3bc725cea2b34e75  sqlite3-2.1.1-x86-linux-gnu.gem
d4babefc2e142cc230f20aae94cc87348006ebaf5f514ba5fcb45fdc73461e42  sqlite3-2.1.1-x86-linux-musl.gem

2.1.0 / 2024-09-24

Ruby

Fork safety improvements

Sqlite itself is not fork-safe. Specifically, writing in a child process to a database connection that was created in the parent process may corrupt the database file. To mitigate this risk, sqlite3-ruby has implemented the following changes:

  • All open writable database connections carried across a fork() will immediately be closed in the child process to mitigate the risk of corrupting the database file.
  • These connections will be incompletely closed ("discarded") which will result in a one-time memory leak in the child process.

If it's at all possible, we strongly recommend that you close writable database connections in the parent before forking. If absolutely necessary (and you know what you're doing), you may suppress the fork safety warnings by calling SQLite3::ForkSafety.suppress_warnings!.

See the README's "Fork Safety" section and adr/2024-09-fork-safety.md for more information. [#558, #565, #566] @​flavorjones

Improved

  • Use sqlite3_close_v2 to close databases in a deferred manner if there are unclosed prepared statements. Previously closing a database while statements were open resulted in a BusyException. See https://www.sqlite.org/c3ref/close.html for more context. #557 @​flavorjones
  • When setting a Database busy_handler, fire the write barrier to prevent potential crashes during the GC mark phase. #556 @​jhawthorn

... (truncated)

Changelog

Sourced from sqlite3's changelog.

2.1.1 / 2024-10-22

Dependencies

2.1.0 / 2024-09-24

Ruby

Fork safety improvements

Sqlite itself is not fork-safe. Specifically, writing in a child process to a database connection that was created in the parent process may corrupt the database file. To mitigate this risk, sqlite3-ruby has implemented the following changes:

  • All open writable database connections carried across a fork() will immediately be closed in the child process to mitigate the risk of corrupting the database file.
  • These connections will be incompletely closed ("discarded") which will result in a one-time memory leak in the child process.

If it's at all possible, we strongly recommend that you close writable database connections in the parent before forking. If absolutely necessary (and you know what you're doing), you may suppress the fork safety warnings by calling SQLite3::ForkSafety.suppress_warnings!.

See the README's "Fork Safety" section and adr/2024-09-fork-safety.md for more information. [#558, #565, #566] @​flavorjones

Improved

  • Use sqlite3_close_v2 to close databases in a deferred manner if there are unclosed prepared statements. Previously closing a database while statements were open resulted in a BusyException. See https://www.sqlite.org/c3ref/close.html for more context. #557 @​flavorjones
  • When setting a Database busy_handler, fire the write barrier to prevent potential crashes during the GC mark phase. #556 @​jhawthorn

Documentation

2.0.4 / 2024-08-13

Dependencies

2.0.3 / 2024-07-29

Improved

  • Database#quote avoids allocating strings where reusing frozen strings is preferable. #548 @​casperisfine

... (truncated)

Commits
  • 557ce1b version bump to v2.1.1
  • 98d1ab4 Merge pull request #570 from sparklemotion/flavorjones-dep-sqlite-3.47.0
  • 3ebf4eb dep: bump sqlite to v3.47.0
  • 89d0abd Merge pull request #568 from sparklemotion/dependabot/bundler/rake-compiler-1...
  • 89cb4ad build(deps-dev): update rake-compiler requirement from 1.2.7 to 1.2.8
  • 9a18cb9 version bump to v2.1.0
  • 04d111c version bump to v2.1.0.rc3
  • 81fb037 Merge pull request #566 from sparklemotion/flavorjones-suppress-fork-warnings
  • c90b177 feat: SQLite3::ForkSafety.suppress_warnings!
  • 4b6d614 version bump to v2.1.0.rc2
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [sqlite3](https://github.com/sparklemotion/sqlite3-ruby) from 1.7.3 to 2.1.1.
- [Release notes](https://github.com/sparklemotion/sqlite3-ruby/releases)
- [Changelog](https://github.com/sparklemotion/sqlite3-ruby/blob/main/CHANGELOG.md)
- [Commits](sparklemotion/sqlite3-ruby@v1.7.3...v2.1.1)

---
updated-dependencies:
- dependency-name: sqlite3
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added Mend: dependency security vulnerability Security vulnerability detected by Mend ruby Pull requests that update Ruby code labels Oct 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Mend: dependency security vulnerability Security vulnerability detected by Mend ruby Pull requests that update Ruby code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants