Skip to content

Bump sqlite3 from 1.4.4 to 1.5.2

Dependabot requested to merge dependabot/bundler/sqlite3-1.5.2 into master

Bumps sqlite3 from 1.4.4 to 1.5.2.

Release notes

Sourced from sqlite3's releases.

1.5.2 / 2022-10-01

Packaging

This version correctly vendors the tarball for sqlite v3.39.4 in the vanilla "ruby" platform gem package, so that users will not require network access at installation.

v1.5.0 and v1.5.1 mistakenly packaged the tarball for sqlite v3.38.5 in the vanilla "ruby" platform gem, resulting in downloading the intended tarball over the network at installation time (or, if the network was not available, failure to install). Note that the precompiled native gems were not affected by this issue. #352

sha256 checksums:

94626203958f9abf5e7d28b0337af6d00fb10cabfc3d65e70eb95b878080a812  sqlite3-1.5.2-aarch64-linux.gem
ada7a8ec6b13165ebb56dfc8df9f896d2b41c78e92e2ba0b5bca969b6c376e1d  sqlite3-1.5.2-arm-linux.gem
472d837f79273bbfb7d626c787a0f3e9f0bd0a3855ed5bfee1ef70bee8808ced  sqlite3-1.5.2-arm64-darwin.gem
750bf833b72550244c672cb3467b68b5c89b3e8be2c893a2749cdbc3841ee898  sqlite3-1.5.2-x64-mingw-ucrt.gem
e750e17784cd76b59f5dd9a3366f9b0d76626872700f0f59194f2f4c439cbb01  sqlite3-1.5.2-x64-mingw32.gem
caf0a7717375addb46157b1090ad02316a9491531d69e2389f56058ce784518e  sqlite3-1.5.2-x86-linux.gem
caff6c75b13874ce828514a95aa437744e042390fdeb0f73decde16235d3fe2f  sqlite3-1.5.2-x86_64-darwin.gem
245f2ef5dd9c6a2b3df41b4af41fa659c8917d0cc231d4c1b03b4d199ae412e7  sqlite3-1.5.2-x86_64-linux.gem
9b3153b5703b4619534135c16ff7c4e8ba1adbd8548ff61bb4a002dd632bcd5e  sqlite3-1.5.2.gem

1.5.1 / 2022-09-29

Dependencies

  • Vendored sqlite is updated to v3.39.4.

Security

The vendored version of sqlite, v3.39.4, should be considered to be a security release. From the release notes:

Version 3.39.4 is a minimal patch against the prior release that addresses issues found since the prior release. In particular, a potential vulnerability in the FTS3 extension has been fixed, so this should be considered a security update.

In order to exploit the vulnerability, an attacker must have full SQL access and must be able to construct a corrupt database with over 2GB of FTS3 content. The problem arises from a 32-bit signed integer overflow.

For more information please see GHSA-mgvv-5mxp-xq67.

sha256:

... (truncated)

Changelog

Sourced from sqlite3's changelog.

1.5.2 / 2022-10-01

Packaging

This version correctly vendors the tarball for sqlite v3.39.4 in the vanilla "ruby" platform gem package, so that users will not require network access at installation.

v1.5.0 and v1.5.1 mistakenly packaged the tarball for sqlite v3.38.5 in the vanilla "ruby" platform gem, resulting in downloading the intended tarball over the network at installation time (or, if the network was not available, failure to install). Note that the precompiled native gems were not affected by this issue. #352

1.5.1 / 2022-09-29

Dependencies

  • Vendored sqlite is updated to v3.39.4.

Security

The vendored version of sqlite, v3.39.4, should be considered to be a security release. From the release notes:

Version 3.39.4 is a minimal patch against the prior release that addresses issues found since the prior release. In particular, a potential vulnerability in the FTS3 extension has been fixed, so this should be considered a security update.

In order to exploit the vulnerability, an attacker must have full SQL access and must be able to construct a corrupt database with over 2GB of FTS3 content. The problem arises from a 32-bit signed integer overflow.

For more information please see GHSA-mgvv-5mxp-xq67.

1.5.0 / 2022-09-08

Packaging

Faster, more reliable installation

Native (precompiled) gems are available for Ruby 2.6, 2.7, 3.0, and 3.1 on all these platforms:

  • aarch64-linux
  • arm-linux
  • arm64-darwin
  • x64-mingw32 and x64-mingw-ucrt
  • x86-linux
  • x86_64-darwin
  • x86_64-linux

If you are using one of these Ruby versions on one of these platforms, the native gem is the recommended way to install sqlite3-ruby.

See the README for more information.

... (truncated)

Commits
  • 5c443e2 version bump to v1.5.2
  • 5ab9cd8 Merge pull request #352 from sparklemotion/351-fix-tarball-packaging
  • d37f248 fix: native.rake and test-gem-file-contents use dependencies.yml
  • df549ed refactor: extract mini_portile recipe config to dependencies.yml
  • 8ab3ecc version bump to 1.5.1
  • b026da1 Merge pull request #349 from sparklemotion/flavorjones-update-sqlite-3.39.4
  • 8ebb39d dep: update packaged sqlite3 to v3.39.4
  • 4bf6f66 doc: clarify how to avoid installing a native gem
  • 31ea008 version bump to 1.5.0 (final)
  • 23721a7 rb_gc_register_address() must be called after the variable was assigned (#345)
  • Additional commits viewable in compare view

Merge request reports