fix(deps): update rust crate sqlx to 0.8.0 #51
No reviewers
Labels
No labels
bug
duplicate
enhancement
help wanted
infeasible
invalid
question
wontfix
bug
duplicate
enhancement
help wanted
invalid
question
renovate-bot
renovate-security
security
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: LibrePages/librepages#51
Loading…
Reference in a new issue
No description provided.
Delete branch "renovate/sqlx-0.x"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
0.6.2->0.8.0Release Notes
launchbadge/sqlx (sqlx)
v0.8.2Compare Source
10 pull requests were merged this release cycle.
This release addresses a few regressions that have occurred, and refines SQLx's MSRV policy (see the FAQ).
Added
Changed
Cargo.tomlfiles in examples [[@carschandler]]Fixed
#[sqlx(no_pg_array)]being forbidden on#[derive(Type)]structs.PgListener,PgStream::recv()[[@abonander]]unknown message: "\\0"errorv0.8.1Compare Source
16 pull requests were merged this release cycle.
This release contains a fix for RUSTSEC-2024-0363.
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
#3440 (comment)
MySQL and SQLite do not appear to be exploitable, but upgrading is recommended nonetheless.
Added
MySqlConnectOptions::no_engine_substitution()[[@kolinfluence]]MySqlConnectOptions::no_engine_subsitution()(oops) in favor of the correctly spelled version.Changed
spec_errormodule [[@abonander]]Use at your own risk.
libsqlite3-sys=0.30.1to support sqlite 3.46 [[@CommanderStorm]]ring(the existing implementation),and
aws-lc-rswhich has optional FIPS certification.runtime-tokio-rustls,runtime-async-std-rustls,tls-rustls)enable the
ringprovider of RusTLS to match the existing behavior so this should not be a breaking change.tls-rustls-aws-lc-rsfeature to use theaws-lc-rsprovider.runtime-tokio-rustlsorruntime-async-std-rustls,this will necessitate switching to the appropriate non-legacy runtime feature:
runtime-tokioorruntime-async-stdFixed
sqlx::Type[[@alu]]node12inSQLxaction [[@hamirmahal]]v0.18.1to avoid yankedv0.14.3[[@CommanderStorm]]v0.8.0Compare Source
70 pull requests were merged this release cycle.
#2697 was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
Breaking
#[sqlx::test]usages are applied in the correct order now.MigrateError.-- no-transactionto the beginning.Migrationi64as intermediate when decoding [[@abonander]]#[derive(sqlx::Type)]in Postgres [[@abonander]]#[sqlx(no_pg_array)]where conflicts occur.PgTypeInfo::with_name()infers types that start with_to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.FromRow, returnError::ColumnDecodeforTryFromerrors [[@abonander]]#[sqlx(try_from = "T")]now returnError::ColumnDecodeinstead ofError::ColumnNotFound.#[sqlx(default)]on an individual field or the struct itself would have previously suppressed the error.This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
Fromand apply the default explicitly.#[sqlx(rename)]and#[sqlx(rename_all)]to match the expected behavior (renamewins).ConnectOptions::to_url_lossy()to match what parsing expects.Added
MySqlTime, auditmysql::typesfor panics [[@abonander]]NonZero*scalar types [[@AlphaKeks]]Changed
Sendtrait bound from argument binding [[@bobozaur]]libsqlite3-sysare not considered breaking changes as per our semver guarantees.MySqlConnectionto reduce sizes of futures [[@stepantubanov]]sqlx migrate add ...[[@CommanderStorm]]Fixed
ConnectionHandleRawtype [[@abonander]]docker composeinstead ofdocker-compose[[@abonander]]pathownership problems when usingsqlx_macros_unstable[[@lily-mosquitoes]]sqlx_postgres::any[[@Zarathustra2]]migrateerror message. (#3275) [[@nk9]]persistentquery setting when preparing queries with theAnydriver [[@etorreborre]]select_input_type!()being unhygenic [[@CommanderStorm]]MorCNotice fields are not UTF-8 [[@YgorSouza]]json-feature should activatesqlx-postgres?/jsonas well [[@CommanderStorm]]clockandstdfeatures ofworkspace.dependencies.chrono.v0.7.4Compare Source
38 pull requests were merged this release cycle.
This is officially the last release of the 0.7.x release cycle.
As of this release, development of 0.8.0 has begun on
mainand only high-priority bugfixes may be backported.Added
to_url_lossyto connect options [[@lily-mosquitoes]]query!for cargo-free systems [[@kshramt]]raw_sqlAPI [[@abonander]]prepared statement interfaces
query*()andquery!().query*()functions.execute_many()andfetch_many()on interfaces that use prepared statements.interface is the only way to execute SQL. All other database flavors forbid multiple statements in
one prepared statement string as an extra defense against SQL injection.
raw_sqlAPI retains this functionality because it explicitly does not use prepared statements.Raw or text-mode query interfaces generally allow multiple statements in one query string, and this is
supported by all current databases. Due to their nature, however, one cannot use bind parameters with them.
Changed
create_newinstead ofatomic-file-write[[@mattfbacon]]PgConnectOptions[[@Fyko]]#[sqlx::test][[@ciffelia]]Fixed
sqlx::migrate::Migrator.migrate!().v0.7.338 pull requests were merged this release cycle.
Added
fixtures_pathin sqlx::test args [[@ripa1995]]fn PgConnectOptions::get_host(&self)[[@boris-lok]]FromRowfor the unit type [[@nanoqsh]]MySqlConnectOptions::get_database()[[@shiftrightonce]]Textadapter [[@abonander]]Changed
BOOLEANand the query macros [[@abonander]]NUMERICsupport [[@abonander]]libsqlite3-systo 0.27.0libsqlite3-sysis considered semver-exempt;see the release notes for 0.7.0 below for details.
Fixed
rust_decimal::Decimalfor high-precision values [[@abonander]]sqlx migrate addhelp text [[@cryeprecision]]try_stream!()[[@abonander]]cargo build[[@nyurik]]AtomicUsizefor thread IDs [[@abonander]]v0.7.223 pull requests were merged this release cycle.
Added
FromRowderive [[@95ulisse]]Type,Decode, andEncodeforBox<str>andBox<[u8]>[[@grant0417]]Changed
remove_dir_allcrate fromsqlx-cli, fixes RUSTSEC-2023-0018 [[@aldur]]Fixed
min_connections[[@hakoerber]]v0.7.1Compare Source
This release mainly addresses issues reported with the 0.7.0 release.
16 pull requests were merged this release cycle.
Added
PgHasArrayTypewith#[derive(sqlx::Type)][[@abonander]]#[derive(sqlx::Type)]with#[sqlx(transparent)]regarding
PgHasArrayTypenot being implemented, add#[sqlx(no_pg_array)]to fix.Changed
Fixed
CloneforPoolOptionsmanually (#2548) [[@alilleybrinker]]tls-native-tlsin the documentation. [[@denschub]]v0.7.0Compare Source
At least 70 pull requests were merged this release cycle! (The exact count is muddied with pull requests for alpha
releases and such.) And we gained 43 new contributors! Thank you to everyone who helped make this release a reality.
Breaking
Many revisions were made to query analysis in the SQLite driver; these are all potentially breaking changes
as they can change the output of
sqlx::query!()et al. We'd like to thank [[@tyrelr]] for their numerous PRs tothis area.
The MSSQL driver has been removed as it was not nearly at the same maturity level as the other drivers.
As previously announced, we have plans to introduce a fully featured replacement as a premium offering,
alongside drivers for other proprietary databases, with the goal to support full-time development on SQLx.
If interested, please email your inquiry to sqlx@launchbadge.com.
The offline mode for the queries has been changed to use a separate file per
query!()invocation,which is intended to reduce the number of conflicts when merging branches in a project that both modified queries.
This means that CLI flag
--mergedis no longer supported. See [#2363] for details and make sure that yoursqlx-cliversion is in sync with thesqlxversion in your project.The type ascription override syntax for the query macros has been deprecated,
as parse support for it has been removed in
syn 2.0, which we'll be upgrading to in the next breaking release.This can be replaced with type overrides using casting syntax (
as).See [#2483] for details.
mssqlfeature and associated database driver has been deleted from the source tree. It will return as part of our planned SQLx Pro offering as a from-scratch rewrite with extra features (such as TLS) and type integrations that were previously missing.runtime-actix-*features have been deleted. They were previously changed to be aliases of theirruntime-tokio-*counterparts for backwards compatibility reasons, but their continued existence is misleading as SQLx has no special knowledge of Actix anymore.runtime-actix-*feature with itsruntime-tokio-*equivalent.git2feature has been removed. This was a requested integration from a while ago that over time made less and less sense to be part of SQLx itself. We have to be careful with the crates we add to our public API as each one introduces yet another semver hazard. The expected replacement is to make#[derive(sqlx::Type)]useful enough that users can write wrapper types for whatever they want to use without SQLx needing to be specifically aware of it.Executorimpls forTransactionandPoolConnectionhave been deleted because they cannot exist in the new crate architecture without rewriting theExecutortrait entirely.impl Executoris expected, as they both dereference to the inner connection type which will still implement it:&mut transaction->&mut *transaction&mut connection->&mut *connectionthe driver crates cannot provide their own impls due to the orphan rule.
This will mean another major release of SQLx but ideally most API usage will not need to change significantly, if at all.
Migratorare now#[doc(hidden)]and semver-exempt; they weren't meant to be public.offlinefeature has been removed from thesqlxfacade crate and is enabled unconditionally as most users are expected to have enabled it anyway and disabling it doesn't seem to appreciably affect compile times.decimalfeature has been renamed torust_decimalto match the crate it actually provides integrations for.AnyDriverandAnyConnectionnow require eithersqlx::any::install_drivers()orsqlx::any::install_default_drivers()to be called at some point during the process' lifetime before the first connection is made, as the set of possible drivers is now determined at runtime. This was determined to be the least painful way to provide knowledge of database drivers toAnywithout them being hardcoded.AnyEncodetrait has been removed.libsqlite3-systo be semver-exempt,and we reserve the right to upgrade it as necessary. If you are using
libsqlite3-sysdirectly or a crate thatlinks it such as
rusqlite, you should pin the versions of both crates to avoid breakages fromcargo update:time: Assume UTC when decoding a DATETIME column in sqlite [[@nstinus]]OffsetDateTimeto be the first type used when deserializing atimestamptype.Added
try_fromwhen derivingFromRow[[@95ulisse]]PRAGMA optimize;on close of a connection [[@miles170]]Connection::shrink_buffers,PoolConnection::close[[@abonander]]sqlx_macros_unstablein config.toml [[@df51d]]AsMutfor advisory lock types (#2520) [[@alilleybrinker]]Changed
tracing[[@CosmicHorrorDev]]let elsestatements in favor of macro [[@OverHash]]dirswithhome&etcetera[[@utkarshgupta137]]ConnectOptionstypes implFromStr[[@abonander]]Fixed
search_path[[@95ulisse]]sqlx::test[[@kenkoooo]]try_acquire[[@abonander]]tracked_path[[@df51d]]PrepareOkfails to decode [[@stepantubanov]]v0.6.3Compare Source
This is a hotfix to address the breakage caused by transitive dependencies upgrading to
syn = "2".We set
default-features = falsefor our dependency onsyn = "1"to be good crates.io citizens,but failed to enable the features we actually used, which went undetected because we transitively depended on
synwith the default features enabled through other crates,and so they were also on for us because features are additive.
When those other dependencies upgraded to
syn = "2"it was no longer enabling those features for us,and so compilation broke for projects that don't also depend on
syn = "1", transitively or otherwise.There is no PR for this fix as there was no longer a dedicated development branch for
0.6,but discussion can be found in issue #2418.
As of this release, the
0.7release is in alpha and so development is no longer occurring against0.6.This fix will be forward-ported to
0.7.Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.
⚠️ Artifact update problem
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below:
File name: Cargo.lock
1fcc66236cto7f075786d67f075786d6tof08879c6b0fix(deps): update rust crate sqlx to 0.7.0to fix(deps): update rust crate sqlx to 0.8.0View command line instructions
Checkout
From your project repository, check out a new branch and test the changes.Merge
Merge the changes and update on Forgejo.