fix(deps): bump the go-deps group with 2 updates

[dependabot]

Bumps the go-deps group with 2 updates: golang.org/x/crypto and modernc.org/sqlite.

Updates golang.org/x/crypto from 0.47.0 to 0.48.0

Commits

• e08b067 go.mod: update golang.org/x dependencies
• 7d0074c scrypt: fix panic on parameters <= 0
• See full diff in compare view

Updates modernc.org/sqlite from 1.44.3 to 1.45.0

Changelog

Sourced from modernc.org/sqlite's changelog.

Changelog

• 2026-02-09 v1.45.0:

• Introduce vtab subpackage (modernc.org/sqlite/vtab) exposing Module, Table, Cursor, and IndexInfo API for Go virtual tables.

• Wire vtab registration into the driver: vtab.RegisterModule installs modules globally and each new connection calls sqlite3_create_module_v2.

• Implement vtab trampolines for xCreate/xConnect/xBestIndex/xDisconnect/xDestroy/xOpen/xClose/xFilter/xNext/xEof/xColumn/xRowid.

• Map SQLite’s sqlite3_index_info into vtab.IndexInfo, including constraints, ORDER BY terms, and constraint usage (ArgIndex → xFilter argv[]).

• Add an in‑repo dummy vtab module and test (module_test.go) that validates registration, basic scanning, and constraint visibility.

• See merge request 90, thanks Adrian Witas!

• 2026-01-19 v1.44.3: Resolves issue 243.

• 2026-01-18 v1.44.2: Upgrade to SQLite 3.51.2.

• 2026-01-13 v1.44.0: Upgrade to SQLite 3.51.1.

• 2025-10-10 v1.39.1: Upgrade to SQLite 3.50.4.

• 2025-06-09 v1.38.0: Upgrade to SQLite 3.50.1.

• 2025-02-26 v1.36.0: Upgrade to SQLite 3.49.0.

• 2024-11-16 v1.34.0: Implement ResetSession and IsValid methods in connection

• 2024-07-22 v1.31.0: Support windows/386.

• 2024-06-04 v1.30.0: Upgrade to SQLite 3.46.0, release notes at https://sqlite.org/releaselog/3_46_0.html.

• 2024-02-13 v1.29.0: Upgrade to SQLite 3.45.1, release notes at https://sqlite.org/releaselog/3_45_1.html.

• 2023-12-14: v1.28.0: Add (*Driver).RegisterConnectionHook, ConnectionHookFn, ExecQuerierContext, RegisterConnectionHook.

• 2023-08-03 v1.25.0: enable SQLITE_ENABLE_DBSTAT_VTAB.

• 2023-07-11 v1.24.0: Add (*conn).{Serialize,Deserialize,NewBackup,NewRestore} methods, add Backup type.

• 2023-06-01 v1.23.0: Allow registering aggregate functions.

• 2023-04-22 v1.22.0: Support linux/s390x.

• 2023-02-23 v1.21.0: Upgrade to SQLite 3.41.0, release notes at https://sqlite.org/releaselog/3_41_0.html.

• 2022-11-28 v1.20.0: Support linux/ppc64le.

... (truncated)

Commits

• b8975b7 CHANGELOG.md: document v1.45.0
• 394a108 attempt to fix test build broken by bc68721f
• bc68721 Merge branch 'branch' into 'master'
• c228a98 - Enable configurable vtab options and add MATCH coverage. Expose Context.Con...
• d3d9b0d Merge branch 'fix-_time_format-docs' into 'master'
• 17d0166 fix(docs): _time_format=sqlite corresponds to format 4
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

🟢 Change Impact Analysis

Metric	Value
Risk Level	LOW 🟢
Files Changed	1
Symbols Changed	1
Directly Affected	0
Transitively Affected	0

Blast Radius: 0 modules, 0 files, 0 unique callers

📝 Changed Symbols (1)

Symbol	File	Type	Confidence
go.mod	go.mod	modified	30%

Recommendations

• ℹ️ coverage: 1 symbols have low mapping confidence. Index may be stale.
  • Action: Run 'ckb index' to refresh the SCIP index

---

_{Generated by CKB}

[github-actions]

CKB Analysis

🎯 1 changed → 0 affected · 🔥 2 hotspots · 📚 143 stale

Risk factors: Touches 2 hotspot(s)

Metric	Value
Impact Analysis	1 symbols → 0 affected	🟢
Doc Coverage	9.090909090909092%	⚠️
Complexity	0 violations	✅
Coupling	0 gaps	✅
Blast Radius	0 modules, 0 files	✅
Index	indexed (0s)	🆕

🎯 Change Impact Analysis · 🟢 LOW · 1 changed → 0 affected

Metric	Value
Symbols Changed	1
Directly Affected	0
Transitively Affected	0
Modules in Blast Radius	0
Files in Blast Radius	0

Symbols changed in this PR:

• go.mod [modified] (30%) — go.mod

Recommendations:

• ℹ️ 1 symbols have low mapping confidence. Index may be stale.
  • Action: Run 'ckb index' to refresh the SCIP index

🔥 Hotspots · 2 volatile files

File	Churn Score
go.mod	8.70
go.sum	10.09

💡 Quick wins · 10 suggestions

• 🟡 Add tests → internal/query/engine_test.go
• 🟡 Add tests → internal/incremental/store_test.go
• 🟡 Add tests → internal/api/index_processor.go
• 🟡 Add tests → internal/identity/identity_test.go
• 🟡 Add tests → internal/backends/scip/references.go
• 🟢 Assign backup owner → internal/query/engine_test.go
• 🟢 Assign backup owner → internal/incremental/store_test.go
• 🟢 Assign backup owner → internal/api/index_processor.go

📚 Stale docs · 143 broken references

• docs/CONTRIBUTING.md:108 → errors.New
• docs/CONTRIBUTING.md:108 → errors.SYMBOL_NOT_FOUND
• docs/CONTRIBUTING.md:111 → errors.Wrap
• docs/backlog/index-refresh-improvements.md:36 → watcher.Add
• docs/backlog/index-refresh-improvements.md:36 → filepath.Join
• docs/backlog/index-refresh-improvements.md:97 → time.Second
• docs/featureplans/change-impact-analysis-checklist.md:208 → coverage.out
• docs/featureplans/change-impact-analysis-checklist.md:214 → lcov.info
• docs/featureplans/change-impact-analysis-checklist.md:309 → coverage.out
• docs/featureplans/change-impact-analysis.md:448 → scip.SCIPIndex
• docs/featureplans/change-impact-analysis.md:478 → context.Context
• docs/featureplans/change-impact-analysis.md:669 → coverage.out
• docs/ideas.md:16 → provenance.backends
• docs/ideas.md:21 → queryPolicy.coalesceWindowMs
• docs/ideas.md:302 → confidence.factors

---

_{Generated by CKB · Run details}

[github-actions]

🔐 Security Audit Results

⚠️ Security gate passed with warnings - 8 issue(s) found (review recommended)

Category	Findings
🔑 Secrets	✅ 0
🛡️ SAST	✅ 0
📦 Dependencies	⚠️ 8
📜 Licenses	⚠️ 144 non-permissive

📦 Dependency Vulnerabilities

Found 8 vulnerability(ies) across 2 scanner(s)

Details

Trivy (4 findings)

• CVE-2026-22036 (MEDIUM): undici - undici: Undici: Denial of Service via excessive de...
• CVE-2025-54410 (LOW): github.com/docker/docker - github.com/moby/moby: Moby's Firewalld reload remo...
• GHSA-vrw8-fxc6-2r93 (MEDIUM): github.com/go-chi/chi/v5 - chi Allows Host Header Injection which Leads to Op...
• CVE-2025-47908 (MEDIUM): github.com/rs/cors - github.com/rs/cors: Denial of service via maliciou...

OSV-Scanner (4 findings)

• github.com/docker/docker: 2 vulnerabilities
• github.com/go-chi/chi/v5: 1 vulnerabilities
• github.com/rs/cors: 2 vulnerabilities
• stdlib: 1 vulnerabilities

📜 License Issues

Found 144 non-permissive license(s)

Details

• github.com/BurntSushi/toml: MIT (notice)
• github.com/google/uuid: BSD-3-Clause (notice)
• github.com/klauspost/compress: Apache-2.0 (notice)
• github.com/klauspost/compress: BSD-3-Clause (notice)
• github.com/klauspost/compress: MIT (notice)
• github.com/pelletier/go-toml/v2: MIT (notice)
• github.com/smacker/go-tree-sitter: MIT (notice)
• github.com/sourcegraph/go-diff: MIT (notice)
• github.com/sourcegraph/scip: Apache-2.0 (notice)
• github.com/spf13/cobra: Apache-2.0 (notice)
• ... and 134 more

---

_{Generated by CKB Security Audit | View Details | Security Tab}