[auto-bump] [no-release-notes] dependency by jycor

[coffeegoddd]

☕ An Automated Dependency Version Bump PR 👑

Initial Changes

The changes contained in this PR were produced by `go get`ing the dependency.

```bash
go get github.com/dolthub/[dependency]/go@[commit]
```

[github-actions]

	Main	PR
covering_index_scan_postgres	1350.93/s	1352.52/s	+0.1%
index_join_postgres	190.77/s	190.18/s	-0.4%
index_join_scan_postgres	199.37/s	199.03/s	-0.2%
index_scan_postgres	12.23/s	12.21/s	-0.2%
oltp_point_select	2509.74/s	2495.59/s	-0.6%
oltp_read_only	1885.55/s	1879.04/s	-0.4%
select_random_points	131.30/s	133.44/s	+1.6%
select_random_ranges	1094.45/s	1080.29/s	-1.3%
table_scan_postgres	12.01/s	11.94/s	-0.6%
types_table_scan_postgres	5.52/s	5.50/s	-0.4%

[github-actions]

	Main	PR
Total	42090	42090
Successful	18017	18017
Failures	24073	24073
Partial Successes1	5372	5372

	Main	PR
Successful	42.8059%	42.8059%
Failures	57.1941%	57.1941%

Footnotes

1. These are tests that we're marking as Successful, however they do not match the expected output in some way. This is due to small differences, such as different wording on the error messages, or the column names being incorrect while the data itself is correct. ↩

[itoqa]

Ito Test Report ✅

10 test cases ran. 1 additional finding, 9 passed.

Across 10 executed tests, 9 passed and 1 failed, with successful validation of startup safety and concurrency guards, authorization behavior (including permission-denied enforcement, fail-open schema-resolution handling, and malformed-identifier rejection), row-type DDL protections under concurrent activity, and replication startup/handoff behavior with deterministic outcomes and no confirmed corruption.
The only confirmed defect is a medium-severity first-boot bootstrap issue where a custom superuser (for example, DOLTGRES_USER=qa_admin) causes creation of only the user-named database and not postgres, which conflicts with code paths that assume postgres and can break default connection assumptions on fresh installs.

✅ Passed (9)

Category	Summary	Screenshot
Bootstrap	Startup from an existing Dolt data directory failed fast with an explicit safety error and no listener on port 5432.
Bootstrap	Concurrent first-start produced single-winner behavior: one instance started, the other failed deterministically with "database exists," with no duplicate metadata observed.
Permissions	Unprivileged role was denied SELECT and DELETE on a protected table as expected.	N/A
Permissions	Schema-resolution errors in authorization follow the intended fail-open path and defer failure downstream.	N/A
Permissions	Malformed schema identifier arity is rejected with an explicit unsupported-count error.	N/A
Replication	Valid replication configuration started asynchronous replication while SQL service remained available.
Replication	Concurrent-write replication handoff converged deterministically by write order; no application bug was confirmed.
Rowtype	Created a dependent composite-rowtype table and verified ALTER TABLE ADD COLUMN ... DEFAULT was rejected with a dependency error; post-check confirmed the status column was not added.
Rowtype	Under concurrent dependent-row updates and source-table ADD COLUMN, ALTER completed and concurrent writes failed deterministically with repeated cannot cast type record to employees errors; dependent rows and resulting schema remained consistent with no mixed encodings or silent corruption.

ℹ️ Additional Findings (1)

These findings are unrelated to the current changes but were observed during testing.

Category	Summary	Screenshot
Bootstrap	🟠 First boot with DOLTGRES_USER=qa_admin creates only qa_admin and not postgres, breaking expected default bootstrap shape.

🟠 First boot misses postgres default database

• What failed: The server creates only one default database (qa_admin) and does not also provide postgres; expected behavior is that first-run bootstrap includes postgres as a baseline default database.
• Impact: Fresh installs with custom superuser names cannot rely on a postgres database existing, which breaks common default connection assumptions and can disrupt flows that implicitly target postgres. Users can sometimes work around this by explicitly selecting another database.
• Steps to reproduce:
  1. Create a brand-new empty working directory and set DOLTGRES_USER=qa_admin with DOLTGRES_PASSWORD=qa_pass.
  2. Start doltgres and wait for localhost:5432 to accept connections.
  3. Connect and list databases to verify whether both postgres and qa_admin exist.
• Stub / mock context: Authentication checks were bypassed for local connections during the run, but database bootstrap creation logic was exercised directly and the missing postgres database outcome matches the production server code path.
• Code analysis: I reviewed the bootstrap path in server/server.go and confirmed first-run initialization calls createDefaultDatabase only once, with the created name coming from getDefaultDatabaseName(user). I also verified replication DSN construction hardcodes postgres, which is inconsistent when bootstrap created only a user-named database.
• Why this is likely a bug: The production bootstrap path can leave the server without a postgres database while other production logic assumes postgres, showing an internal inconsistency in real code rather than a test harness artifact.

Relevant code:

server/server.go (lines 199-226)

func createDefaultDatabase(cfg doltservercfg.ServerConfig) error {
    user, password := auth.GetSuperUserAndPassword()
    dbName := getDefaultDatabaseName(user)

    dsn := fmt.Sprintf("postgres://%s:%s@localhost:%d", user, password, cfg.Port())
    // ...
    _, err = conn.Exec(ctx, fmt.Sprintf("CREATE DATABASE %s;", dbName))
    return err
}

func getDefaultDatabaseName(userName string) string {
    defaultDbName := os.Getenv(DefaultDbNameEnvVar)
    if defaultDbName != "" {
        return defaultDbName
    }
    return userName
}

server/server.go (lines 254-260)

replicationDns := fmt.Sprintf(
    "postgres://%s:%s@localhost:%d/%s",
    ssCfg.User(),
    ssCfg.Password(),
    ssCfg.Port(),
    "postgres", // TODO: this needs to come from config
)

Commit: 4a35a78

View Full Run

---

Tell us how we did: Give Ito Feedback

[github-actions]

This PR has been superseded by #2713