Skip to content

chore(deps)(deps): bump github.com/microsoft/go-mssqldb from 1.9.8 to 1.10.0#86

Merged
aksOps merged 1 commit into
mainfrom
dependabot/go_modules/github.com/microsoft/go-mssqldb-1.10.0
Jun 18, 2026
Merged

chore(deps)(deps): bump github.com/microsoft/go-mssqldb from 1.9.8 to 1.10.0#86
aksOps merged 1 commit into
mainfrom
dependabot/go_modules/github.com/microsoft/go-mssqldb-1.10.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 4, 2026

Copy link
Copy Markdown
Contributor

Bumps github.com/microsoft/go-mssqldb from 1.9.8 to 1.10.0.

Release notes

Sourced from github.com/microsoft/go-mssqldb's releases.

v1.10.0

1.10.0 (2026-04-25)

Features

  • add devcontainer for VS Code and GitHub Codespaces (#317) (b55beeb)
  • add FailoverPartnerSPN connection string parameter (#327) (ea77c2e)
  • add NewConnectorWithProcessQueryText for mssql driver compatibility (#341) (2be611f)
  • add nullable civil types for date/time parameters (#325) (c10fa99)

Bug Fixes

  • allow named pipe protocol support for ARM64 Windows (#232) (a82c058)
  • configure release-please with PAT and correct component mapping (#349) (23bac05)
  • detect server-aborted transactions to prevent silent auto-commit (XACT_ABORT) (#370) (586ea53)
  • expose TrustServerCertificate in msdsn.Config and URL round-trip (#312) (9937cfe)
  • handle COLINFO (0xA5) and TABNAME (0xA4) TDS tokens returned by tables with triggers (#343) (7c905ad)
  • implement driver.DriverContext interface (#365) (1b610a0), closes #236
  • make readCancelConfirmation respect context cancellation (#359) (65e137f)
  • replace broken AppVeyor badge with GitHub Actions badge (#334) (d3429f5)
  • return interface{} scanType for sql_variant instead of nil (#362) (296a83a), closes #186
  • sanitize credentials from connection string parsing errors (#319) (93f5ef0)
  • surface server errors from Rows.Close() during token drain (#361) (ea69792), closes #244
Changelog

Sourced from github.com/microsoft/go-mssqldb's changelog.

1.10.0 (2026-04-25)

Features

  • add devcontainer for VS Code and GitHub Codespaces (#317) (b55beeb)
  • add FailoverPartnerSPN connection string parameter (#327) (ea77c2e)
  • add NewConnectorWithProcessQueryText for mssql driver compatibility (#341) (2be611f)
  • add nullable civil types for date/time parameters (#325) (c10fa99)

Bug Fixes

  • allow named pipe protocol support for ARM64 Windows (#232) (a82c058)
  • configure release-please with PAT and correct component mapping (#349) (23bac05)
  • detect server-aborted transactions to prevent silent auto-commit (XACT_ABORT) (#370) (586ea53)
  • expose TrustServerCertificate in msdsn.Config and URL round-trip (#312) (9937cfe)
  • handle COLINFO (0xA5) and TABNAME (0xA4) TDS tokens returned by tables with triggers (#343) (7c905ad)
  • implement driver.DriverContext interface (#365) (1b610a0), closes #236
  • make readCancelConfirmation respect context cancellation (#359) (65e137f)
  • replace broken AppVeyor badge with GitHub Actions badge (#334) (d3429f5)
  • return interface{} scanType for sql_variant instead of nil (#362) (296a83a), closes #186
  • sanitize credentials from connection string parsing errors (#319) (93f5ef0)
  • surface server errors from Rows.Close() during token drain (#361) (ea69792), closes #244

1.9.6

Features

  • Added new serverCertificate connection parameter for byte-for-byte certificate validation, matching Microsoft.Data.SqlClient behavior. This parameter skips hostname validation, chain validation, and expiry checks, only verifying that the server's certificate exactly matches the provided file. This is useful when the server's hostname doesn't match the certificate CN/SAN. (#304)
  • The existing certificate parameter maintains backward compatibility with traditional X.509 chain validation including hostname checks, expiry validation, and chain-of-trust verification.
  • serverCertificate cannot be used with certificate or hostnameincertificate parameters to prevent conflicting validation methods.

1.9.3

Bug fixes

  • Fix parsing of ADO connection strings with double-quoted values containing semicolons (#282)

1.9.2

Bug fixes

  • Fix race condition in message queue query model (#277)

1.9.1

Bug fixes

  • Fix bulk insert failure with datetime values near midnight due to day overflow (#271)

... (truncated)

Commits
  • f92e6f0 chore(main): release 1.10.0 (#351)
  • 03094d0 ci: add least-privilege permissions and pin actions to SHA (#354)
  • 65e137f fix: make readCancelConfirmation respect context cancellation (#359)
  • c10fa99 feat: add nullable civil types for date/time parameters (#325)
  • 9937cfe fix: expose TrustServerCertificate in msdsn.Config and URL round-trip (#312)
  • 429c61d chore(deps): bump googleapis/release-please-action from 4.4.1 to 5.0.0 in the...
  • ea77c2e feat: add FailoverPartnerSPN connection string parameter (#327)
  • 04d26c2 ci: add devcontainer build validation workflow (#355)
  • b55beeb feat: add devcontainer for VS Code and GitHub Codespaces (#317)
  • 586ea53 fix: detect server-aborted transactions to prevent silent auto-commit (XACT_A...
  • Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot @github

dependabot Bot commented on behalf of github May 4, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: area:backend, type:dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@socket-security

socket-security Bot commented May 4, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedgolang/​github.com/​microsoft/​go-mssqldb@​v1.9.8 ⏵ v1.10.076100100100100

View full report

@sonarqubecloud

sonarqubecloud Bot commented May 4, 2026

Copy link
Copy Markdown

@aksOps

aksOps commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

@dependabot rebase

Bumps [github.com/microsoft/go-mssqldb](https://github.com/microsoft/go-mssqldb) from 1.9.8 to 1.10.0.
- [Release notes](https://github.com/microsoft/go-mssqldb/releases)
- [Changelog](https://github.com/microsoft/go-mssqldb/blob/main/CHANGELOG.md)
- [Commits](microsoft/go-mssqldb@v1.9.8...v1.10.0)

---
updated-dependencies:
- dependency-name: github.com/microsoft/go-mssqldb
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/github.com/microsoft/go-mssqldb-1.10.0 branch from 68a8934 to 86bdedc Compare June 18, 2026 08:03
@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: golang github.com/microsoft/go-mssqldb is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: go.modgolang/github.com/microsoft/go-mssqldb@v1.10.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore golang/github.com/microsoft/go-mssqldb@v1.10.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@sonarqubecloud

Copy link
Copy Markdown

@aksOps aksOps merged commit 8dd1346 into main Jun 18, 2026
12 checks passed
@aksOps aksOps deleted the dependabot/go_modules/github.com/microsoft/go-mssqldb-1.10.0 branch June 18, 2026 08:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant