From 568867f2e04c6f9e3ef77ec9a2f86a4ac13e2d8c Mon Sep 17 00:00:00 2001
From: Ajit Pratap Singh <ajitpratapsingh@Ajits-Mac-mini-2655.local>
Date: Tue, 31 Mar 2026 22:14:20 +0530
Subject: [PATCH 1/2] docs: add Who's Using GoSQLX section and link to
 Discussions (#457)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 README.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/README.md b/README.md
index d16f4ae3..be764ecf 100644
--- a/README.md
+++ b/README.md
@@ -184,6 +184,18 @@ task check    # fmt → vet → lint → test (with race detection)
 
 <br/>
 
+## Who's Using GoSQLX?
+
+GoSQLX is downloaded and cloned by developers worldwide -- 595 unique cloners in just 14 days. If you're using GoSQLX in your project or organization, we'd love to hear about it!
+
+| Project / Company | Use Case |
+|---|---|
+| *Your project here* | [Add yourself via PR](https://github.com/ajitpratap0/GoSQLX/edit/main/README.md) or [tell us in Discussions](https://github.com/ajitpratap0/GoSQLX/discussions) |
+
+Using GoSQLX at work? Building something cool with it? Share your story in [GitHub Discussions](https://github.com/ajitpratap0/GoSQLX/discussions) -- it helps the community grow and motivates continued development.
+
+<br/>
+
 ## Community
 
 <div align="center">

From b8c058f0c779928462b975ce7ca95e34360c156e Mon Sep 17 00:00:00 2001
From: Ajit Pratap Singh <ajitpratapsingh@Ajits-Mac-mini-2655.local>
Date: Wed, 1 Apr 2026 03:16:28 +0530
Subject: [PATCH 2/2] security: add CVE-2026-32285 to .trivyignore
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CVE-2026-32285 affects github.com/buger/jsonparser v1.1.1, which is a
transitive dependency via mark3labs/mcp-go → invopop/jsonschema →
wk8/go-ordered-map → buger/jsonparser.

No fixed version is available upstream. The package is not called
directly by any GoSQLX code and risk is scoped to MCP JSON schema
generation. Added to .trivyignore until a patched version is released.

Fixes Trivy Repository Scan CI failures in PR #475 and #477.
---
 .trivyignore | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.trivyignore b/.trivyignore
index f8e6bc1d..87b50db3 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -2,6 +2,13 @@
 # Format: <advisory-id> [expiry-date] [comment]
 # See: https://aquasecurity.github.io/trivy/latest/docs/configuration/filtering/#trivyignore
 
+# CVE-2026-32285 — github.com/buger/jsonparser v1.1.1
+# Severity: HIGH/MEDIUM | No fixed version available (latest is v1.1.1, released 2021-01-08)
+# Transitive dependency: mark3labs/mcp-go → invopop/jsonschema → wk8/go-ordered-map → buger/jsonparser
+# Not called directly by any GoSQLX code. Risk is scoped to MCP JSON schema generation.
+# Re-evaluate when buger/jsonparser releases a patched version or when mcp-go updates its dependency.
+CVE-2026-32285
+
 # GHSA-6g7g-w4f8-9c9x — buger/jsonparser v1.1.1
 # Severity: MEDIUM | No fixed version available (latest is v1.1.1, released 2021-01-08)
 # Transitive dependency: mark3labs/mcp-go → invopop/jsonschema → wk8/go-ordered-map → buger/jsonparser