[auto-bump] [no-release-notes] dependency by reltuk#2873
Conversation
|
|
This PR has been superseded by #2874 |
|
SummaryCoverage exercised core database behavior across happy-path operations, edge-case dependency enforcement, and unsupported-statement error handling, with these areas behaving consistently. It also included an abuse-focused permissions scenario that revealed an existing server-file access weakness while overall data and schema behavior remained stable. Safe to merge — the run shows no regressions tied to this PR, and the main functional behaviors under test remained stable. The one high-severity finding appears to be a pre-existing security gap in code outside this change, so it should be tracked separately rather than treated as a merge blocker for this PR. Tests run by ItoAdditional Findings DetailsThese findings are unrelated to the current changes but were observed during testing. 🟠 Non-superusers can read server files via COPY FROM
Evidence PackageTip Reply with @itoqa to send us feedback on this test run. |
Footnotes
|

☕ An Automated Dependency Version Bump PR 👑
Initial Changes
The changes contained in this PR were produced by `go get`ing the dependency.
```bash
go get github.com/dolthub/[dependency]/go@[commit]
```