Skip to content

build(deps): bump github.com/KARTIKrocks/sqlguard from 0.1.0 to 0.1.1 in /integrations/entguard in the go-dependencies group across 1 directory#25

Merged
KARTIKrocks merged 1 commit into
mainfrom
dependabot/go_modules/integrations/entguard/go-dependencies-9d840decb7
Jul 9, 2026
Merged

build(deps): bump github.com/KARTIKrocks/sqlguard from 0.1.0 to 0.1.1 in /integrations/entguard in the go-dependencies group across 1 directory#25
KARTIKrocks merged 1 commit into
mainfrom
dependabot/go_modules/integrations/entguard/go-dependencies-9d840decb7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.


Bumps the go-dependencies group with 1 update in the /integrations/entguard directory: github.com/KARTIKrocks/sqlguard.

Updates github.com/KARTIKrocks/sqlguard from 0.1.0 to 0.1.1

Changelog

Sourced from github.com/KARTIKrocks/sqlguard's changelog.

[0.1.1] - 2026-07-09

Fixes explain against current MySQL and MariaDB servers, where it previously failed on every query. No public API changed.

Fixed

  • explain on MySQL 9: the plan is now requested as EXPLAIN FORMAT=TRADITIONAL. MySQL 9 defaults @@explain_format to TREE, which returns a single free-text column instead of the tabular plan, so every Analyze call failed to scan. The clause is also accepted by MySQL 5.7/8 and MariaDB, so no server version detection is needed.
  • explain on MariaDB: plan columns are read by name rather than by position. MariaDB emits ten columns where MySQL emits twelve (no partitions, no filtered), which made the positional scan fail.
  • WithAllowDML on MySQL and MariaDB: both reject every statement inside a READ ONLY transaction (error 1792), including an EXPLAIN that only plans it. The MySQL path now uses a regular transaction; safety still comes from input validation, plain EXPLAIN never executing the statement, and the transaction always being rolled back. PostgreSQL is unaffected and keeps its read-only transaction.
  • False positive on UNION: a UNION RESULT row names a temporary table (<union1,2>) with type=ALL and no key, and was reported as an unindexed full table scan. Rows naming a derived or temporary table are now skipped.
  • Fails closed on an unrecognized MySQL plan: if the server returns a plan without the expected columns, Analyze now returns an error naming the missing column instead of silently reporting zero issues. A false negative in a query linter is worse than a hard failure.

Added

  • test/integration: an unpublished module that runs explain against live PostgreSQL, MySQL and MariaDB (make db-up && make test-integration). The tabular EXPLAIN output it parses is version-dependent, so no unit test can guard these regressions. Kept as its own module so the database drivers stay out of the core import graph, and behind an integration build tag so the default go test ./... needs no Docker.

Changed

  • Local development now uses a committed go.work instead of per-module replace directives. Without it the satellite modules compiled against the published core even in CI, so a breaking change to analyzer/ or middleware/ could pass a green build. Consumers are unaffected; use GOWORK=off to reproduce a consumer's build. make release-prep and its replace-restoring dance are gone — releasing is documented in CONTRIBUTING.md.
Commits
  • bac4394 Merge pull request #18 from KARTIKrocks/fix/explain-mysql9-mariadb
  • f1daa36 Address CodeRabbit review: fail closed on unknown plan shape
  • c9bb54f Fix EXPLAIN on MySQL 9 and MariaDB, add live-database integration tests
  • f012b74 CI tooling fixes and docs cleanup (#17)
  • 361e007 Add gosec + correctness linters to golangci-lint (#16)
  • b29c907 Add GitHub Sponsors FUNDING.yml
  • faf7141 build(deps): bump golang.org/x/tools in the go-dependencies group (#13)
  • 550fc29 build(deps): bump gorm.io/gorm in /integrations/gormguard (#14)
  • f06dcb1 build(deps): bump xorm.io/xorm in /integrations/xormguard (#15)
  • fac02dc build(deps): bump github.com/mattn/go-sqlite3 in /integrations/entguard (#10)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file go Pull requests that update go code labels Jul 9, 2026
Bumps the go-dependencies group with 1 update in the /integrations/entguard directory: [github.com/KARTIKrocks/sqlguard](https://github.com/KARTIKrocks/sqlguard).


Updates `github.com/KARTIKrocks/sqlguard` from 0.1.0 to 0.1.1
- [Release notes](https://github.com/KARTIKrocks/sqlguard/releases)
- [Changelog](https://github.com/KARTIKrocks/sqlguard/blob/main/CHANGELOG.md)
- [Commits](v0.1.0...v0.1.1)

---
updated-dependencies:
- dependency-name: github.com/KARTIKrocks/sqlguard
  dependency-version: 0.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: go-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title build(deps): bump github.com/KARTIKrocks/sqlguard from 0.1.0 to 0.1.1 in /integrations/entguard in the go-dependencies group build(deps): bump github.com/KARTIKrocks/sqlguard from 0.1.0 to 0.1.1 in /integrations/entguard in the go-dependencies group across 1 directory Jul 9, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/integrations/entguard/go-dependencies-9d840decb7 branch from 8bb1593 to f229ca6 Compare July 9, 2026 16:22
@KARTIKrocks KARTIKrocks merged commit 7de3144 into main Jul 9, 2026
14 checks passed
@dependabot dependabot Bot deleted the dependabot/go_modules/integrations/entguard/go-dependencies-9d840decb7 branch July 9, 2026 16:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file go Pull requests that update go code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant