Merged PRs

dolt

• 11073: dolt revert to more closely match git

  Related: https://github.com/dolthub/doltlite/issues/961

• 11067: proto,go/serial: Bump some bazel version, some module versions.

• 11059: Fix SchemaTable.Updater panic on direct UPDATE dolt_schemas
  A direct UPDATE dolt_schemas reached SchemaTable.Updater, which panicked with "should never be called" — an unprivileged user could crash the SQL server with it. dolt_schemas is not directly modifiable via SQL, so this returns a clean error unconditionally instead of panicking; adds a regression test.

• 11058: go: sqle: Fix a dolt_branch_control bypass involving the session table cache.
  On a new connection, a SELECT against information_schema.tables or information_schema.columns would populate the session's table cache is a Table value that embedded a revision-less Database value. An incoming write request against the cached table would run its permissions check against the revision-less database, instead of the revisioned database which correctly encoded the branch the write was running against. This allowed connections to bypass dolt_branch_control, elevating to write permissions on all branches.

• 11057: Branch_control regression tests for more user-table write shapes
  Adds branch_control regression tests for the user-table write shapes that TestBranchControlBlocks wasn't already pinning; all were already correctly gated, so this is pure regression coverage with no behavior change.

• 11050: Gate branch_control on writable dolt system tables
  Most writable dolt system tables had no branch_control check, so a read- or merge-permission user could write to them; this gates the user-space tables (dolt_docs/ignore/query_catalog/nonlocal/tests via the shared createWriteableSystemTable helper), dolt_constraint_violations_, dolt_workspace_, and ConflictRootObjectTable with Permissions_Write. dolt_branches/dolt_remotes (already read-only), dolt_branch_control/namespace (own admin gating), and dolt_conflicts_ (already gated) are left as-is; tests cover every writer factory and pin the read-only behavior.

• 11049: Audit and test branch control coverage for dolt procedures
  Survey of dprocedures/dolt_*.go turned up four procedures with no branch_control check that mutate branch or working-set state. Three of them belong under Permissions_Write:

  • dolt_rebase — mutates the active rebase plan and the working set
  • dolt_stash — push/pop/apply/drop/clear all write through to working state
  • dolt_update_column_tag — schema change committed to the working root
    Gate added at the procedure entry in each.
    dolt_undrop was the fourth — leaving it alone. It restores a dropped database, not a table on the current branch, so the branch-control entry for the current branch isn't a sensible gate. MySQL SUPER already covers it.
    Test side: every other dolt_* procedure now has at least one branch_control assertion.

• 11047: Gate DOLT_CHECKOUT('<table>') with branch_control Write permission
  dolt_checkout(<table>) was previously ungated, so a user with a read or merge permission on a branch could clear working set changes. This gates dolt_checkout(<table>) while leaving dolt_checkout(<branch>) ungated

go-mysql-server

• 3551: star expression used in function
• 3546: Cache context to use for String() methods
  This is a replacement for:
  • https://github.com/dolthub/go-mysql-server/pull/3525
    This accomplishes the same effective goal of passing context in the areas that we previously were not (primarily the String() function, which is load-bearing). The above PR changed the interfaces such that nodes and expressions no longer respected the fmt.Stringer interface. This PR instead caches the context inside of all nodes that need a context in their String() function by providing that context at node creation time. This was a tactic that we were already using before my original context threading PR:
  • https://github.com/dolthub/go-mysql-server/pull/3513
    ...and should therefore be no worse than we were before I embarked on this journey.
    It's worth noting that the information_schema tables do not have a proper context inside of their String() function, as those tables are created when the engine is created, and SQL contexts only exist inside of connections/sessions. For now this doesn't impact anything as the Schema(ctx) methods (which use the context from String()) return a precomputed schema, however there are comments in place that warn about the nil context if those methods are ever modified.
• 3532: replace all decimal.Decimal with *apd.Decimal

Closed Issues

• 11066: Connection Close hangs indefinitely when attempting to usthe implicit sql transaction commit of aCALL DOLT_COMMIT`
• 11046: Overflowing TEXT type does not error and silently truncates, and mysql session variables do not work to make it error.