Skip to content

ajitpratap0/GoSQLX

v1.9.0 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 3mo Vulnerability Scanning
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 2 known CVEs

Topics

ast cli dialect go lsp mysql
+13 more
parser postgresql query-analyzer security sql sql-formatter sql-injection sql-linter sql-parser sql-validator sqlite wasm zero-copy

Affected surfaces

deps

Summary

AI summary

Schema validator enhancements add catalog, cross‑reference validation, and type checking.

Full changelog

GoSQLX v1.9.0

High-performance SQL parsing SDK for Go with zero-copy tokenization and object pooling.

Changelog

New Features

  • ecadf2da090e8bb090b4e143e8ca4a56587095ab feat: add source positions to AST nodes for LSP/linter accuracy (#324) (#337)
  • a7f35b6ce189ca591b651c4ec20a3fc8824136cd feat: deepen dialect system — dialect-aware parsing (#323) (#336)
  • 2f6f09b1b7a5ea6f9f0ab3c2d8627a20f15b4eb4 feat: enhance schema validator with catalog, cross-ref validation, type checking (#344)

Bug Fixes

  • 95753a5b2f02ba8539ce58673d951c9bbd57d449 fix: address Claude review feedback across PRs #334-337 (#338)
  • fb92525f51cce4f47ade877e0f24d11764c30393 fix: address UAT bugs — error positions, MySQL VALUES(), hint grammar, ParseWithDialect (#340)
  • e18bdee30f2825a66d4cf596f5a7e2c4f5efdd42 fix: address all 19 post-UAT bugs — parser, CLI, security, AST (v1.8.0) (#348)
  • b7968b17e85050cc44c5634ca30e153be79765fd fix: address multi-agent review issues — pool safety, EOF sentinel, ReDoS guard, formatter pool (#347)
  • 9cbce267f871ae983c93ad9ff40597f2098fe37b fix: bump minimatch 10.2.1→10.2.3 (CVE-2026-27903, CVE-2026-27904) (#346)
  • 95e5b23de3c89fd36ae14f6c813572e57928f7db fix: phase 1 quick wins (#325, #332, #327, #333) (#334)

Performance

  • 203b180441bbb61378f907aace5daad609e79146 perf: add pool recycling for all 13 DDL statement types (#341)

Other

  • c054555f1e2a56ed506be7187a891041262c2516 refactor: decompose parseSelectStatement() god function (#321) (#335)
  • 2fb1acca2d07dca17836f8416fe05bb48990fd5f refactor: decompose parser package — split oversized files into focused modules (#343)
  • c64125026dd2ef6a82264441d65465a4f154e314 refactor: move formatting logic from ast to pkg/formatter (#342)
  • 84fa19a9bf7cebd31a27ffaaa2e80276fd85053b refactor: unify token type systems — eliminate conversion layer (#345)

Documentation

Full Changelog: https://github.com/ajitpratap0/GoSQLX/compare/v1.8.0...v1.9.0

Security Fixes

  • dep: bump minimatch from 10.2.1 to 10.2.3 (CVE-2026-27903, CVE-2026-27904)
  • CVE-2026-27904
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track ajitpratap0/GoSQLX

Get notified when new releases ship.

Sign up free

About ajitpratap0/GoSQLX

7 SQL tools (validate, format, parse, lint, security scan, metadata extraction, full analysis) over Streamable HTTP. Public remote server at mcp.gosqlx.dev - no install needed. 1.25M+ ops/sec, 6 SQL dialects.

All releases →

Related context

Beta — feedback welcome: [email protected]