Skip to content

build(deps): bump github.com/KARTIKrocks/sqlguard from 0.1.0 to 0.1.1 in /integrations/gormguard in the go-dependencies group#20

Merged
KARTIKrocks merged 1 commit into
mainfrom
dependabot/go_modules/integrations/gormguard/go-dependencies-9d840decb7
Jul 9, 2026
Merged

build(deps): bump github.com/KARTIKrocks/sqlguard from 0.1.0 to 0.1.1 in /integrations/gormguard in the go-dependencies group#20
KARTIKrocks merged 1 commit into
mainfrom
dependabot/go_modules/integrations/gormguard/go-dependencies-9d840decb7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

Bumps the go-dependencies group in /integrations/gormguard with 1 update: github.com/KARTIKrocks/sqlguard.

Updates github.com/KARTIKrocks/sqlguard from 0.1.0 to 0.1.1

Changelog

Sourced from github.com/KARTIKrocks/sqlguard's changelog.

[0.1.1] - 2026-07-09

Fixes explain against current MySQL and MariaDB servers, where it previously failed on every query. No public API changed.

Fixed

  • explain on MySQL 9: the plan is now requested as EXPLAIN FORMAT=TRADITIONAL. MySQL 9 defaults @@explain_format to TREE, which returns a single free-text column instead of the tabular plan, so every Analyze call failed to scan. The clause is also accepted by MySQL 5.7/8 and MariaDB, so no server version detection is needed.
  • explain on MariaDB: plan columns are read by name rather than by position. MariaDB emits ten columns where MySQL emits twelve (no partitions, no filtered), which made the positional scan fail.
  • WithAllowDML on MySQL and MariaDB: both reject every statement inside a READ ONLY transaction (error 1792), including an EXPLAIN that only plans it. The MySQL path now uses a regular transaction; safety still comes from input validation, plain EXPLAIN never executing the statement, and the transaction always being rolled back. PostgreSQL is unaffected and keeps its read-only transaction.
  • False positive on UNION: a UNION RESULT row names a temporary table (<union1,2>) with type=ALL and no key, and was reported as an unindexed full table scan. Rows naming a derived or temporary table are now skipped.
  • Fails closed on an unrecognized MySQL plan: if the server returns a plan without the expected columns, Analyze now returns an error naming the missing column instead of silently reporting zero issues. A false negative in a query linter is worse than a hard failure.

Added

  • test/integration: an unpublished module that runs explain against live PostgreSQL, MySQL and MariaDB (make db-up && make test-integration). The tabular EXPLAIN output it parses is version-dependent, so no unit test can guard these regressions. Kept as its own module so the database drivers stay out of the core import graph, and behind an integration build tag so the default go test ./... needs no Docker.

Changed

  • Local development now uses a committed go.work instead of per-module replace directives. Without it the satellite modules compiled against the published core even in CI, so a breaking change to analyzer/ or middleware/ could pass a green build. Consumers are unaffected; use GOWORK=off to reproduce a consumer's build. make release-prep and its replace-restoring dance are gone — releasing is documented in CONTRIBUTING.md.
Commits
  • bac4394 Merge pull request #18 from KARTIKrocks/fix/explain-mysql9-mariadb
  • f1daa36 Address CodeRabbit review: fail closed on unknown plan shape
  • c9bb54f Fix EXPLAIN on MySQL 9 and MariaDB, add live-database integration tests
  • f012b74 CI tooling fixes and docs cleanup (#17)
  • 361e007 Add gosec + correctness linters to golangci-lint (#16)
  • b29c907 Add GitHub Sponsors FUNDING.yml
  • faf7141 build(deps): bump golang.org/x/tools in the go-dependencies group (#13)
  • 550fc29 build(deps): bump gorm.io/gorm in /integrations/gormguard (#14)
  • f06dcb1 build(deps): bump xorm.io/xorm in /integrations/xormguard (#15)
  • fac02dc build(deps): bump github.com/mattn/go-sqlite3 in /integrations/entguard (#10)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the go-dependencies group in /integrations/gormguard with 1 update: [github.com/KARTIKrocks/sqlguard](https://github.com/KARTIKrocks/sqlguard).


Updates `github.com/KARTIKrocks/sqlguard` from 0.1.0 to 0.1.1
- [Release notes](https://github.com/KARTIKrocks/sqlguard/releases)
- [Changelog](https://github.com/KARTIKrocks/sqlguard/blob/main/CHANGELOG.md)
- [Commits](v0.1.0...v0.1.1)

---
updated-dependencies:
- dependency-name: github.com/KARTIKrocks/sqlguard
  dependency-version: 0.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jul 9, 2026
@KARTIKrocks KARTIKrocks merged commit f3f0ad4 into main Jul 9, 2026
14 of 15 checks passed
@dependabot dependabot Bot deleted the dependabot/go_modules/integrations/gormguard/go-dependencies-9d840decb7 branch July 9, 2026 16:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant