chore(deps): bump the minor-patch group across 1 directory with 3 updates

[dependabot]

Bumps the minor-patch group with 3 updates in the / directory: golang.org/x/crypto, golang.org/x/tools and modernc.org/sqlite.

Updates golang.org/x/crypto from 0.52.0 to 0.53.0

Commits

• 45460e0 go.mod: update golang.org/x dependencies
• d37c95e pkcs12: limit PBKDF iteration count to prevent CPU exhaustion
• e2ffffe ssh: reject incomplete gssapi-with-mic configurations
• 60e158a ssh/test: isolate CLI tests from user SSH config and agent
• 1b77d23 ssh/knownhosts: reject lines with multiple or unknown markers
• 3872a2b ssh/knownhosts: verify declared key type matches decoded key
• 9f72ecc ssh/knownhosts: treat only ASCII space and tab as whitespace
• 8f405a4 ssh: validate ECDSA curve matches expected algorithm
• bb41b3d ssh: improve DH GEX group selection using PreferredBits
• e04e721 ssh/agent: validate ed25519 private key length in Add
• Additional commits viewable in compare view

Updates golang.org/x/tools from 0.45.0 to 0.46.0

Commits

• 3d6f8df go/packages: propagate PATH in TestConfigEnvDoesNotInheritProcessEnv
• 47abf61 gopls: move internal/tool into gopls/internal/tool
• 19cebc5 go/packages/gopackages: use standard flag package instead of internal/tool
• e965c10 gopls/internal/test/marker: update hover test
• 96efd3d gopls/internal/golang/stubmethods: support generic interfaces
• 83be7b7 go.mod: update golang.org/x dependencies
• bf05c11 internal/typesinternal: ForEachElement: test generic methods
• 99df0ab go/callgraph/static: support generic methods
• 6942095 go/ssa: fix instantiation of generic methods on non-generic receivers
• 070e85d go/callgraph/rta: skip generic methods in fingerprinting
• Additional commits viewable in compare view

Updates modernc.org/sqlite from 1.51.0 to 1.52.0

Changelog

Sourced from modernc.org/sqlite's changelog.

Changelog

• 2026-06-10 v1.53.0:

  • Add a Go-facing wrapper for SQLITE_CONFIG_PCACHE2. PageCache is the factory and Cache the per-database instance, both idiomatic Go interfaces; Page exposes the raw Buf and Extra pointers that SQLite reads through the C pcache contract. RegisterPageCache and MustRegisterPageCache install the module process-globally before the first sql.Open; subsequent Open calls are gated through a one-shot Xsqlite3_config(SQLITE_CONFIG_PCACHE2) so a too-late Register returns ErrPageCacheTooLate rather than silently falling through to the built-in pcache1. The binding owns the sqlite3_pcache_page stub and re-consults the implementation on every Fetch, reusing the stub only when the returned Page value is unchanged, which keeps a bounded/evicting purgeable cache safe by construction.
  • See [GitLab merge request #126](https://gitlab.com/cznic/sqlite/-/merge_requests/126), thanks Ian Chechin!
  • Add modernc.org/sqlite/pcache, the reference page-cache implementation that accompanies the #126 SQLITE_CONFIG_PCACHE2 wrapper. pcache.New returns a *Pool satisfying the PageCache interface; register it once with sqlite.MustRegisterPageCache(pcache.New()) and every connection opened afterwards draws its pages from it. Each Pool.Create mints a fresh per-database Cache: a bounded, LRU-evicting page store that honours the PRAGMA cache_size soft cap and releases the least-recently-unpinned page when it must make room. Page memory — the Buf and Extra buffers SQLite reads through — is allocated with libc.Xmalloc/libc.Xcalloc and therefore lives off the Go heap, which keeps SQLite's interior pointer arithmetic on the page extras from tripping the race detector's checkptr enforcement. Pool.Stats reports aggregate lifetime counters (hits, misses, allocs, evictions, rekeys, truncates, caches) across every cache a Pool has created, so hit/miss/eviction behaviour is observable without instrumenting individual caches. Cross-connection page sharing is out of scope for now; each Create returns an independent per-database cache.
  • Validated end-to-end against the #126 stress workload (cache_size=16, 4000 BLOB rows with DELETE and incremental_vacuum, integrity_check clean under -race) and benchmarked for the memory-utilization goal tracked in [GitLab issue #204](https://gitlab.com/cznic/sqlite/-/issues/204).
  • See [GitLab merge request #127](https://gitlab.com/cznic/sqlite/-/merge_requests/127), thanks Ian Chechin!
  • Add an opt-in _dqs DSN query parameter that disables SQLite's double-quoted string literal compatibility quirk on a per-connection basis. When _dqs=0 (or any strconv.ParseBool false value) is supplied, the driver calls sqlite3_db_config with SQLITE_DBCONFIG_DQS_DDL and SQLITE_DBCONFIG_DQS_DML set to off before any statement is prepared, so a double-quoted identifier that fails to resolve raises a parse error instead of silently falling back to a string literal. Absence of the parameter, or _dqs=1, leaves SQLite's default behavior unchanged; existing DSNs continue to work byte-for-byte. Resolves [GitLab issue #61](https://gitlab.com/cznic/sqlite/-/issues/61).
  • See [GitLab merge request #128](https://gitlab.com/cznic/sqlite/-/merge_requests/128), thanks Ian Chechin!
  • Add an opt-in _error_rc DSN query parameter for clearer error reporting on open-time failures. When _error_rc=1 (or any strconv.ParseBool true value) is supplied, error strings synthesised from a (rc, db) pair only append sqlite3_errmsg(db) when sqlite3_extended_errcode(db) is consistent with the operation rc (full match first, primary code &0xff as fallback). On mismatch the canonical sqlite3_errstr(rc) is used alone, so an open-time SQLITE_CANTOPEN no longer carries the temporary handle's stale "out of memory" errmsg. Absence of the parameter, or _error_rc=0, preserves the legacy "errstr: errmsg" form byte-for-byte; existing callers that parse error strings are unaffected. The driver's *Error.Code() returns the same SQLite result code in both modes. Parsed before sqlite3_open_v2 so open-time errors are covered. Resolves [GitLab issue #230](https://gitlab.com/cznic/sqlite/-/issues/230).
  • See [GitLab merge request #129](https://gitlab.com/cznic/sqlite/-/merge_requests/129), thanks Ian Chechin!

• 2026-06-06 v1.52.0:

  • Upgrade to SQLite 3.53.2.
  • Add Backup.Remaining and Backup.PageCount, thin wrappers around the existing sqlite3_backup_remaining and sqlite3_backup_pagecount C symbols. Together they expose the per-Step progress counters that the underlying backup object already maintains, enabling progress reporting during online backups without dropping to modernc.org/sqlite/lib directly.
  • See [GitLab merge request #122](https://gitlab.com/cznic/sqlite/-/merge_requests/122), thanks Ian Chechin!
  • Drop the redundant second copy in (*conn).columnText, the path that backs every Rows.Scan into a Go string for a TEXT column. The value's bytes are still copied once out of SQLite-owned memory into a fresh Go buffer; that buffer is then reinterpreted as the result string with unsafe.String rather than copied a second time by the implicit string([]byte) conversion. This removes one allocation per TEXT value per row and roughly halves the bytes allocated on that path; on the new BenchmarkColumnTextScan cases it is ~13–20% faster for payloads of 256 B and larger, with no measurable change for very short strings. Purely internal: no API or behavioral change, and the returned string never aliases SQLite's buffer.
  • See [GitLab merge request #123](https://gitlab.com/cznic/sqlite/-/merge_requests/123), thanks Ian Chechin!
  • Cache each result column's declared type once per result set in newRows instead of recomputing it on every row. The TEXT branch of Rows.Next calls ColumnTypeDatabaseTypeName for every TEXT column on every row (independent of any DSN flag), which previously did a libc.GoString + strings.ToUpper each time; that lookup is now a single index into a cached, pre-uppercased []string, and ColumnTypeScanType reads the same cache and drops its per-call strings.ToLower. The declared type is fixed for the lifetime of a prepared statement, so the C round-trip is paid once per column rather than once per column per row, removing exactly 1 alloc + 8 B per TEXT column per row from the Next hot path. The new BenchmarkTextToTimeScan cases show ~7% faster on a 1000-row DATETIME SELECT under _texttotime=1. Purely internal: ColumnTypeDatabaseTypeName and ColumnTypeScanType return identical values, no API or behavioral change.
  • See [GitLab merge request #124](https://gitlab.com/cznic/sqlite/-/merge_requests/124), thanks Ian Chechin!
  • Cache, per result column, the parseTimeFormats index that first parsed a TEXT-stored DATE/DATETIME/TIMESTAMP value, and try that format first on later rows instead of re-walking the list from the top. (*conn).parseTime previously ran time.Parse down the format list on every such row; for the canonical SQLite TEXT datetime format every row paid two failed time.Parse attempts — each allocating a *time.ParseError — before the match. On a 1000-row DATETIME TEXT SELECT this cuts ~50% of allocs/op and ~57% of B/op and is ~37% faster. The fall-through chain is preserved exactly: the seven formats are mutually exclusive, so the cached hint can never select a different match than the in-order scan, and the parsed driver.Value is identical to before. Purely internal: no API or behavioral change.
  • See [GitLab merge request #125](https://gitlab.com/cznic/sqlite/-/merge_requests/125), thanks Ian Chechin!

• 2026-05-28 v1.51.0:

  • Pool the []driver.Value slice passed to scalar/aggregate UDF callbacks and to vtab Filter/Insert/Update callbacks, eliminating the dominant per-row allocation on UDF-heavy queries. Benchmarks on a 1000-row, 3-arg noop scalar UDF show ~40% fewer bytes/op and ~15% fewer allocs/op.
  • Document the matching "arguments are not valid past return" contract on vtab.Cursor.Filter and vtab.Updater.Insert/Update, consistent with the existing rule for FunctionImpl.Scalar / AggregateFunction.Step / WindowInverse.
  • Resolves [GitLab issue #226](https://gitlab.com/cznic/sqlite/-/issues/226). See [GitLab merge request #114](https://gitlab.com/cznic/sqlite/-/merge_requests/114), thanks Ian Chechin!
  • Add FileControl.FileControlDataVersion, a wrapper around SQLITE_FCNTL_DATA_VERSION for observing pager-cache data-version changes, including those made on the same connection. Useful as a primitive for application-level cache invalidation.
  • Exposed via the idiomatic database/sql escape hatch (*sql.Conn).Raw(), consistent with the existing FileControlPersistWAL.
  • See [GitLab merge request #115](https://gitlab.com/cznic/sqlite/-/merge_requests/115), thanks Ian Chechin!
  • Fix a regression where in-memory connections (:memory:, file::memory:, shared-cache memory URIs) were discarded by database/sql after a context-cancelled query, taking the entire in-memory store with them. The fix for #198 had added an sqlite3_is_interrupted check to the connection validator that mistakenly applied to in-memory connections too, re-introducing the bug originally fixed by !74. File-backed connections keep the existing behaviour and are still discarded after an interrupt.
  • Resolves [GitLab issue #196](https://gitlab.com/cznic/sqlite/-/issues/196). See [GitLab merge request #116](https://gitlab.com/cznic/sqlite/-/merge_requests/116), thanks Ian Chechin!
  • Add an opt-in FunctionImpl.VolatileArgs flag that hands TEXT and BLOB arguments to scalar and aggregate UDF callbacks as zero-copy views (unsafe.String/unsafe.Slice) over SQLite's own value buffers, eliminating the per-argument libc.GoString/make([]byte) copy that the #226 slice-pooling left as the remaining per-row allocation. On the same 1000-row, 3-arg (INTEGER/TEXT/BLOB) noop scalar UDF this removes a further ~35% of allocs/op and ~11% of bytes/op on top of #226.
  • The views are valid only for the duration of the callback and must not be retained past return or across rows; a callback that needs to keep a value must copy it. With VolatileArgs unset (the default) arguments keep the existing copied, caller-owned semantics, so the flag is fully backward compatible; it has no effect on integer, float, time, or NULL arguments.
  • See [GitLab merge request #120](https://gitlab.com/cznic/sqlite/-/merge_requests/120), thanks Ian Chechin!
  • Extend the opt-in VolatileArgs zero-copy TEXT/BLOB argument access from #120 to the virtual-table Cursor.Filter (xFilter) and Updater.Insert/Update (xUpdate) callbacks. A vtab.Module opts in by implementing the new optional vtab.VolatileArgsOpter interface (VolatileArgs() bool); the flag is read once at module registration and shared by every table created from it. On a vtab call carrying one TEXT and one BLOB argument this removes 2 allocs/op (one libc.GoString, one make([]byte)) on each of the Filter and Update paths.
  • The same safety contract as #120 applies: the views are valid only for the duration of the callback and must not be retained past return or across rows; a callback that needs to keep a value must copy it. Modules that do not implement VolatileArgsOpter (the default for all existing modules) are byte-for-byte unchanged, and the flag has no effect on integer, float, time, or NULL arguments.
  • See [GitLab merge request #121](https://gitlab.com/cznic/sqlite/-/merge_requests/121), thanks Ian Chechin!

• 2026-05-10 v1.50.1:

  • Upgrade to SQLite 3.53.1.

• 2026-04-24 v1.50.0:

  • Upgrade to sqlite-vec v0.1.9.
  • Introduce ColumnInfo, enabling dynamic query builders and ORMs to retrieve underlying SQLite C-API metadata (OriginName, TableName, DatabaseName, and DeclType).
  • This feature is exposed via the idiomatic database/sql escape hatch (*sql.Conn).Raw(), avoiding custom statement handles and keeping the standard library workflow intact.
  • See [GitLab merge request #113](https://gitlab.com/cznic/sqlite/-/merge_requests/113), thanks Josh Bleecher Snyder!

• 2026-04-17 v1.49.0: Upgrade to SQLite 3.53.0.

... (truncated)

Commits

• 66b4d20 release v1.52.0, upgrade to SQLite 3.53.2
• e3f64ec rows: clarify parseFmtIdx mixed-column cost; CHANGELOG.md: document #125
• 4485793 Merge branch 'perf/cache-parse-time-format' into 'master'
• 3638d17 rows: cache the parseTime format index per result column
• 7da793e CHANGELOG.md: document #124
• 51e6714 Merge branch 'perf/cache-column-decltype' into 'master'
• 8a6f33c rows: lock down ColumnTypeScanType under the decltype cache
• f8fb6dd rows: cache the column decltype lookup once per result set
• b17c0c7 CHANGELOG.md: document #123
• c80a08f Merge branch 'perf/column-text-zero-copy' into 'master'
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions