Merge pull request #14 from gms1/feature/bump_sqlite_3.51.3_3.53.0

gms1 · web-flow · commit a4bcddf4c1ec · 2026-04-17T21:04:17.000+02:00
Feature/bump sqlite 3.51.3 3.53.0
diff --git a/README.md b/README.md
@@ -20,7 +20,7 @@ Asynchronous, non-blocking [SQLite3](https://sqlite.org/) bindings for [Node.js]
  - [Extension support](https://github.com/gms1/node-sqlite3/wiki/API#databaseloadextensionpath-callback), including bundled support for the [json1 extension](https://www.sqlite.org/json1.html)
  - Big test suite
  - Written in modern C++ and tested for memory leaks
- - Bundles SQLite v3.51.3, or you can build using a local SQLite
+ - Bundles SQLite v3.53.0, or you can build using a local SQLite
 
 # Installing
 
diff --git a/deps/common-sqlite.gypi b/deps/common-sqlite.gypi
@@ -1,6 +1,6 @@
 {
   'variables': {
-      'sqlite_version%':'3510300',
+      'sqlite_version%':'3530000',
       "toolset%":'',
   },
   'target_defaults': {
diff --git a/deps/sqlite-autoconf-3510300.tar.gz b/deps/sqlite-autoconf-3510300.tar.gz
diff --git a/deps/sqlite-autoconf-3530000.tar.gz b/deps/sqlite-autoconf-3530000.tar.gz
diff --git a/memory-bank/activeContext.md b/memory-bank/activeContext.md
@@ -2,33 +2,14 @@
 
 ## Current Status
 
-**Last Updated**: 2026-03-29
+**Last Updated**: 2026-04-17
 
 ## Current Work
 
-### Security Hardening Documentation
-
-**Status**: ✅ COMPLETE
-
-Documented the security hardening implementation in [`binding.gyp`](../binding.gyp):
-
-- Added comprehensive "Security Hardening" section to [`build-system.md`](build-system.md)
-- Documented platform-specific hardening flags:
-  - **Linux**: `-fstack-protector-strong`, `-fPIC`, RELRO, `_FORTIFY_SOURCE=2`, CET
-  - **Windows**: BufferSecurityCheck, ControlFlowGuard, ASLR, DEP, /sdl
-  - **macOS**: `-fstack-protector-strong`, libc++
-- Added hardening decision entry to [`decisionLog.md`](decisionLog.md)
-- Updated [`progress.md`](progress.md) with completed work
-
 ## Pending Tasks
 
 No active tasks currently assigned.
 
-## Recent Changes
-
-- Security hardening documentation added to memory bank
-- Memory-bank structure updated with hardening details
-
 ## Open Questions
 
 None currently.
diff --git a/memory-bank/decisionLog.md b/memory-bank/decisionLog.md
@@ -2,6 +2,23 @@
 
 ## Technical Decisions
 
+### 2026-04-17: SQLite Version Bump Script Design
+
+**Decision**: Create `tools/bin/bump-sqlite.sh` as a standalone bash script in `tools/bin/` (not a per-script subdirectory)
+
+**Rationale**:
+- `tools/bin/` is the designated directory for all utility scripts — avoids creating a sub-directory per script
+- Bash script chosen over Node.js: simpler for git operations, no dependency installation needed
+- 17-step workflow: parse args → clean tree → checkout main → fetch → check newer → cooldown → pull → create branch → download/replace → update gypi → update readme → check other changes → build → lint → test → commit → push
+- `FROM_VERSION` global variable set in step 5 (before any file modifications) and reused in steps 8, 9, 10, 16 — avoids re-reading the gypi file after it has been updated
+- Auto-detection of latest SQLite version from sqlite.org download page (optional `<new-version>` argument)
+- Cooldown period (default 7 days) to let new SQLite releases settle before adoption
+
+**Files Created**:
+- `tools/bin/bump-sqlite.sh` — Main script
+
+---
+
 ### 2026-04-10: Queue Processing Deadlock Fix
 
 **Decision**: Track `pending` counter to detect synchronous operations in `Database::Process()`
diff --git a/memory-bank/development.md b/memory-bank/development.md
@@ -198,6 +198,18 @@ Uses ESLint with configuration in `.eslintrc.js`.
 - Follow existing naming conventions
 - Add JSDoc comments for public APIs
 
+## Tools
+
+### SQLite Version Bump
+
+The `tools/bin/bump-sqlite.sh` script automates upgrading the bundled SQLite version:
+
+```bash
+# Auto-detect latest version
+tools/bin/bump-sqlite.sh --usage
+
+```
+
 ## Benchmarks
 
 ### Driver Comparison Benchmarks
diff --git a/memory-bank/progress.md b/memory-bank/progress.md
@@ -1,5 +1,15 @@
 # Progress Log
 
+## 2026-04-17:
+
+### SQLite Version Bump Script
+- Created [`tools/bin/bump-sqlite.sh`](../tools/bin/bump-sqlite.sh) — automated 17-step script for upgrading bundled SQLite
+- Features: auto-detect latest version from sqlite.org, cooldown period check, checksum verification, dry-run mode
+- Bugs fixed during real-world testing:
+  - `git rm` instead of `rm` for old tarball (stages deletion for commit)
+  - `${tmp_dir:-}` in EXIT trap to avoid unbound variable error
+  - `FROM_VERSION` global variable to preserve original version for commit message (gypi file already updated by step 10)
+
 ## 2026-04-10:
 
 ### v6.3.0
diff --git a/memory-bank/project-overview.md b/memory-bank/project-overview.md
@@ -37,6 +37,11 @@ node-sqlite3/
 │   ├── common-sqlite.gypi  # Common build config
 │   └── sqlite-autoconf-*.tar.gz  # SQLite source
 ├── test/                   # Test suite (mocha)
+├── tools/                  # Development tools
+│   ├── bin/                # Utility scripts
+│   │   └── bump-sqlite.sh  # SQLite version bump automation
+│   ├── benchmark-drivers/  # Driver comparison benchmarks
+│   └── benchmark-internal/ # Internal performance benchmarks
 └── binding.gyp             # node-gyp build configuration
 ```
 
diff --git a/tools/bin/bump-sqlite.sh b/tools/bin/bump-sqlite.sh

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`'variables': {`
`3`		`- 'sqlite_version%':'3510300',`
	`3`	`+ 'sqlite_version%':'3530000',`
`4`	`4`	`"toolset%":'',`
`5`	`5`	`},`
`6`	`6`	`'target_defaults': {`