fix(deps): update rust crate sqlx to 0.8.0 #51
No reviewers
Labels
No labels
bug
duplicate
enhancement
help wanted
infeasible
invalid
question
wontfix
bug
duplicate
enhancement
help wanted
invalid
question
renovate-bot
renovate-security
security
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: LibrePages/librepages#51
Loading…
Reference in a new issue
No description provided.
Delete branch "renovate/sqlx-0.x"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
0.6.2
->0.8.0
Release Notes
launchbadge/sqlx (sqlx)
v0.8.2
Compare Source
10 pull requests were merged this release cycle.
This release addresses a few regressions that have occurred, and refines SQLx's MSRV policy (see the FAQ).
Added
Changed
Cargo.toml
files in examples [[@carschandler]]Fixed
#[sqlx(no_pg_array)]
being forbidden on#[derive(Type)]
structs.PgListener
,PgStream::recv()
[[@abonander]]unknown message: "\\0"
errorv0.8.1
Compare Source
16 pull requests were merged this release cycle.
This release contains a fix for RUSTSEC-2024-0363.
Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated:
#3440 (comment)
MySQL and SQLite do not appear to be exploitable, but upgrading is recommended nonetheless.
Added
MySqlConnectOptions::no_engine_substitution()
[[@kolinfluence]]MySqlConnectOptions::no_engine_subsitution()
(oops) in favor of the correctly spelled version.Changed
spec_error
module [[@abonander]]Use at your own risk.
libsqlite3-sys=0.30.1
to support sqlite 3.46 [[@CommanderStorm]]ring
(the existing implementation),and
aws-lc-rs
which has optional FIPS certification.runtime-tokio-rustls
,runtime-async-std-rustls
,tls-rustls
)enable the
ring
provider of RusTLS to match the existing behavior so this should not be a breaking change.tls-rustls-aws-lc-rs
feature to use theaws-lc-rs
provider.runtime-tokio-rustls
orruntime-async-std-rustls
,this will necessitate switching to the appropriate non-legacy runtime feature:
runtime-tokio
orruntime-async-std
Fixed
sqlx::Type
[[@alu]]node12
inSQLx
action [[@hamirmahal]]v0.18.1
to avoid yankedv0.14.3
[[@CommanderStorm]]v0.8.0
Compare Source
70 pull requests were merged this release cycle.
#2697 was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation.
Breaking
#[sqlx::test]
usages are applied in the correct order now.MigrateError
.-- no-transaction
to the beginning.Migration
i64
as intermediate when decoding [[@abonander]]#[derive(sqlx::Type)]
in Postgres [[@abonander]]#[sqlx(no_pg_array)]
where conflicts occur.PgTypeInfo::with_name()
infers types that start with_
to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior.FromRow
, returnError::ColumnDecode
forTryFrom
errors [[@abonander]]#[sqlx(try_from = "T")]
now returnError::ColumnDecode
instead ofError::ColumnNotFound
.#[sqlx(default)]
on an individual field or the struct itself would have previously suppressed the error.This doesn't seem like good behavior as it could result in some potentially very difficult bugs.
From
and apply the default explicitly.#[sqlx(rename)]
and#[sqlx(rename_all)]
to match the expected behavior (rename
wins).ConnectOptions::to_url_lossy()
to match what parsing expects.Added
MySqlTime
, auditmysql::types
for panics [[@abonander]]NonZero*
scalar types [[@AlphaKeks]]Changed
Send
trait bound from argument binding [[@bobozaur]]libsqlite3-sys
are not considered breaking changes as per our semver guarantees.MySqlConnection
to reduce sizes of futures [[@stepantubanov]]sqlx migrate add ...
[[@CommanderStorm]]Fixed
ConnectionHandleRaw
type [[@abonander]]docker compose
instead ofdocker-compose
[[@abonander]]path
ownership problems when usingsqlx_macros_unstable
[[@lily-mosquitoes]]sqlx_postgres::any
[[@Zarathustra2]]migrate
error message. (#3275) [[@nk9]]persistent
query setting when preparing queries with theAny
driver [[@etorreborre]]select_input_type!()
being unhygenic [[@CommanderStorm]]M
orC
Notice fields are not UTF-8 [[@YgorSouza]]json
-feature should activatesqlx-postgres?/json
as well [[@CommanderStorm]]clock
andstd
features ofworkspace.dependencies.chrono
.v0.7.4
Compare Source
38 pull requests were merged this release cycle.
This is officially the last release of the 0.7.x release cycle.
As of this release, development of 0.8.0 has begun on
main
and only high-priority bugfixes may be backported.Added
to_url_lossy
to connect options [[@lily-mosquitoes]]query!
for cargo-free systems [[@kshramt]]raw_sql
API [[@abonander]]prepared statement interfaces
query*()
andquery!()
.query*()
functions.execute_many()
andfetch_many()
on interfaces that use prepared statements.interface is the only way to execute SQL. All other database flavors forbid multiple statements in
one prepared statement string as an extra defense against SQL injection.
raw_sql
API retains this functionality because it explicitly does not use prepared statements.Raw or text-mode query interfaces generally allow multiple statements in one query string, and this is
supported by all current databases. Due to their nature, however, one cannot use bind parameters with them.
Changed
create_new
instead ofatomic-file-write
[[@mattfbacon]]PgConnectOptions
[[@Fyko]]#[sqlx::test]
[[@ciffelia]]Fixed
sqlx::migrate::Migrator
.migrate!()
.v0.7.3
38 pull requests were merged this release cycle.
Added
fixtures_path
in sqlx::test args [[@ripa1995]]fn PgConnectOptions::get_host(&self)
[[@boris-lok]]FromRow
for the unit type [[@nanoqsh]]MySqlConnectOptions::get_database()
[[@shiftrightonce]]Text
adapter [[@abonander]]Changed
BOOLEAN
and the query macros [[@abonander]]NUMERIC
support [[@abonander]]libsqlite3-sys
to 0.27.0libsqlite3-sys
is considered semver-exempt;see the release notes for 0.7.0 below for details.
Fixed
rust_decimal::Decimal
for high-precision values [[@abonander]]sqlx migrate add
help text [[@cryeprecision]]try_stream!()
[[@abonander]]cargo build
[[@nyurik]]AtomicUsize
for thread IDs [[@abonander]]v0.7.2
23 pull requests were merged this release cycle.
Added
FromRow
derive [[@95ulisse]]Type
,Decode
, andEncode
forBox<str>
andBox<[u8]>
[[@grant0417]]Changed
remove_dir_all
crate fromsqlx-cli
, fixes RUSTSEC-2023-0018 [[@aldur]]Fixed
min_connections
[[@hakoerber]]v0.7.1
Compare Source
This release mainly addresses issues reported with the 0.7.0 release.
16 pull requests were merged this release cycle.
Added
PgHasArrayType
with#[derive(sqlx::Type)]
[[@abonander]]#[derive(sqlx::Type)]
with#[sqlx(transparent)]
regarding
PgHasArrayType
not being implemented, add#[sqlx(no_pg_array)]
to fix.Changed
Fixed
Clone
forPoolOptions
manually (#2548) [[@alilleybrinker]]tls-native-tls
in the documentation. [[@denschub]]v0.7.0
Compare Source
At least 70 pull requests were merged this release cycle! (The exact count is muddied with pull requests for alpha
releases and such.) And we gained 43 new contributors! Thank you to everyone who helped make this release a reality.
Breaking
Many revisions were made to query analysis in the SQLite driver; these are all potentially breaking changes
as they can change the output of
sqlx::query!()
et al. We'd like to thank [[@tyrelr]] for their numerous PRs tothis area.
The MSSQL driver has been removed as it was not nearly at the same maturity level as the other drivers.
As previously announced, we have plans to introduce a fully featured replacement as a premium offering,
alongside drivers for other proprietary databases, with the goal to support full-time development on SQLx.
If interested, please email your inquiry to sqlx@launchbadge.com.
The offline mode for the queries has been changed to use a separate file per
query!()
invocation,which is intended to reduce the number of conflicts when merging branches in a project that both modified queries.
This means that CLI flag
--merged
is no longer supported. See [#2363] for details and make sure that yoursqlx-cli
version is in sync with thesqlx
version in your project.The type ascription override syntax for the query macros has been deprecated,
as parse support for it has been removed in
syn 2.0
, which we'll be upgrading to in the next breaking release.This can be replaced with type overrides using casting syntax (
as
).See [#2483] for details.
mssql
feature and associated database driver has been deleted from the source tree. It will return as part of our planned SQLx Pro offering as a from-scratch rewrite with extra features (such as TLS) and type integrations that were previously missing.runtime-actix-*
features have been deleted. They were previously changed to be aliases of theirruntime-tokio-*
counterparts for backwards compatibility reasons, but their continued existence is misleading as SQLx has no special knowledge of Actix anymore.runtime-actix-*
feature with itsruntime-tokio-*
equivalent.git2
feature has been removed. This was a requested integration from a while ago that over time made less and less sense to be part of SQLx itself. We have to be careful with the crates we add to our public API as each one introduces yet another semver hazard. The expected replacement is to make#[derive(sqlx::Type)]
useful enough that users can write wrapper types for whatever they want to use without SQLx needing to be specifically aware of it.Executor
impls forTransaction
andPoolConnection
have been deleted because they cannot exist in the new crate architecture without rewriting theExecutor
trait entirely.impl Executor
is expected, as they both dereference to the inner connection type which will still implement it:&mut transaction
->&mut *transaction
&mut connection
->&mut *connection
the driver crates cannot provide their own impls due to the orphan rule.
This will mean another major release of SQLx but ideally most API usage will not need to change significantly, if at all.
Migrator
are now#[doc(hidden)]
and semver-exempt; they weren't meant to be public.offline
feature has been removed from thesqlx
facade crate and is enabled unconditionally as most users are expected to have enabled it anyway and disabling it doesn't seem to appreciably affect compile times.decimal
feature has been renamed torust_decimal
to match the crate it actually provides integrations for.AnyDriver
andAnyConnection
now require eithersqlx::any::install_drivers()
orsqlx::any::install_default_drivers()
to be called at some point during the process' lifetime before the first connection is made, as the set of possible drivers is now determined at runtime. This was determined to be the least painful way to provide knowledge of database drivers toAny
without them being hardcoded.AnyEncode
trait has been removed.libsqlite3-sys
to be semver-exempt,and we reserve the right to upgrade it as necessary. If you are using
libsqlite3-sys
directly or a crate thatlinks it such as
rusqlite
, you should pin the versions of both crates to avoid breakages fromcargo update
:time
: Assume UTC when decoding a DATETIME column in sqlite [[@nstinus]]OffsetDateTime
to be the first type used when deserializing atimestamp
type.Added
try_from
when derivingFromRow
[[@95ulisse]]PRAGMA optimize;
on close of a connection [[@miles170]]Connection::shrink_buffers
,PoolConnection::close
[[@abonander]]sqlx_macros_unstable
in config.toml [[@df51d]]AsMut
for advisory lock types (#2520) [[@alilleybrinker]]Changed
tracing
[[@CosmicHorrorDev]]let else
statements in favor of macro [[@OverHash]]dirs
withhome
&etcetera
[[@utkarshgupta137]]ConnectOptions
types implFromStr
[[@abonander]]Fixed
search_path
[[@95ulisse]]sqlx::test
[[@kenkoooo]]try_acquire
[[@abonander]]tracked_path
[[@df51d]]PrepareOk
fails to decode [[@stepantubanov]]v0.6.3
Compare Source
This is a hotfix to address the breakage caused by transitive dependencies upgrading to
syn = "2"
.We set
default-features = false
for our dependency onsyn = "1"
to be good crates.io citizens,but failed to enable the features we actually used, which went undetected because we transitively depended on
syn
with the default features enabled through other crates,and so they were also on for us because features are additive.
When those other dependencies upgraded to
syn = "2"
it was no longer enabling those features for us,and so compilation broke for projects that don't also depend on
syn = "1"
, transitively or otherwise.There is no PR for this fix as there was no longer a dedicated development branch for
0.6
,but discussion can be found in issue #2418.
As of this release, the
0.7
release is in alpha and so development is no longer occurring against0.6
.This fix will be forward-ported to
0.7
.Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.
⚠️ Artifact update problem
Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.
♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below:
File name: Cargo.lock
1fcc66236c
to7f075786d6
7f075786d6
tof08879c6b0
fix(deps): update rust crate sqlx to 0.7.0to fix(deps): update rust crate sqlx to 0.8.0View command line instructions
Checkout
From your project repository, check out a new branch and test the changes.Merge
Merge the changes and update on Forgejo.Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.