From 01c9d1758e21e99019204d00bf88ea7ded881b4d Mon Sep 17 00:00:00 2001 From: renovate <29139614+renovate@users.noreply.github.com> Date: Sat, 24 Aug 2024 12:47:32 +0000 Subject: [PATCH] chore: bump up Rust crate sqlx to 0.8 [SECURITY] (#7965) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [sqlx](https://togithub.com/launchbadge/sqlx) | workspace.dependencies | minor | `0.7` -> `0.8` | ### GitHub Vulnerability Alerts #### [GHSA-xmrp-424f-vfpx](https://togithub.com/launchbadge/sqlx/issues/3440) The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord: > SQL Injection isn't Dead: Smuggling Queries at the Protocol Level > > (Archive link for posterity.) Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow, causing the server to interpret the rest of the string as binary protocol commands or other data. It appears SQLx _does_ perform truncating casts in a way that could be problematic, for example: This code has existed essentially since the beginning, so it is reasonable to assume that all published versions `<= 0.8.0` are affected. ## Mitigation As always, you should make sure your application is validating untrustworthy user input. Reject any input over 4 GiB, or any input that could _encode_ to a string longer than 4 GiB. Dynamically built queries are also potentially problematic if it pushes the message size over this 4 GiB bound. [`Encode::size_hint()`](https://docs.rs/sqlx/latest/sqlx/trait.Encode.html#method.size_hint) can be used for sanity checks, but do not assume that the size returned is accurate. For example, the `Json` and `Text` adapters have no reasonable way to predict or estimate the final encoded size, so they just return `size_of::()` instead. For web application backends, consider adding some middleware that limits the size of request bodies by default. ## Resolution Work has started on a branch to add `#[deny]` directives for the following Clippy lints: * [`cast_possible_truncation`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_truncation) * [`cast_possible_wrap`](https://rust-lang.github.io/rust-clippy/master/#/cast_possible_wrap) * [`cast_sign_loss`](https://rust-lang.github.io/rust-clippy/master/#/cast_sign_loss) and to manually audit the code that they flag. A fix is expected to be included in the `0.8.1` release (still WIP as of writing). --- ### Release Notes
launchbadge/sqlx (sqlx) ### [`v0.8.1`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#081---2024-08-23) [Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.8.0...v0.8.1) 16 pull requests were merged this release cycle. This release contains a fix for [RUSTSEC-2024-0363]. Postgres users are advised to upgrade ASAP as a possible exploit has been demonstrated: [#​3440 (comment)](https://togithub.com/launchbadge/sqlx/issues/3440#issuecomment-2307956901) MySQL and SQLite do not *appear* to be exploitable, but upgrading is recommended nonetheless. ##### Added - \[[#​3421]]: correct spelling of `MySqlConnectOptions::no_engine_substitution()` \[\[[@​kolinfluence](https://togithub.com/kolinfluence)]] - Deprecates `MySqlConnectOptions::no_engine_subsitution()` (oops) in favor of the correctly spelled version. ##### Changed - \[[#​3376]]: doc: hide `spec_error` module \[\[[@​abonander](https://togithub.com/abonander)]] - This is a helper module for the macros and was not meant to be exposed. - It is not expected to receive any breaking changes for the 0.8.x release, but is not designed as a public API. Use at your own risk. - \[[#​3382]]: feat: bumped to `libsqlite3-sys=0.30.1` to support sqlite 3.46 \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]] - \[[#​3385]]: chore(examples):Migrated the pg-chat example to ratatui \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]] - \[[#​3399]]: Upgrade to rustls 0.23 \[\[[@​djc](https://togithub.com/djc)]] - RusTLS now has pluggable cryptography providers: `ring` (the existing implementation), and `aws-lc-rs` which has optional FIPS certification. - The existing features activating RusTLS (`runtime-tokio-rustls`, `runtime-async-std-rustls`, `tls-rustls`) enable the `ring` provider of RusTLS to match the existing behavior so this *should not* be a breaking change. - Switch to the `tls-rustls-aws-lc-rs` feature to use the `aws-lc-rs` provider. - If using `runtime-tokio-rustls` or `runtime-async-std-rustls`, this will necessitate switching to the appropriate non-legacy runtime feature: `runtime-tokio` or `runtime-async-std` - See the RusTLS README for more details: ##### Fixed - \[[#​2786]]: fix(sqlx-cli): do not clean sqlx during prepare \[\[[@​cycraig](https://togithub.com/cycraig)]] - \[[#​3354]]: sqlite: fix inconsistent read-after-write \[\[[@​ckampfe](https://togithub.com/ckampfe)]] - \[[#​3371]]: Fix encoding and decoding of MySQL enums in `sqlx::Type` \[\[[@​alu](https://togithub.com/alu)]] - \[[#​3374]]: fix: usage of `node12` in `SQLx` action \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]] - \[[#​3380]]: chore: replace structopt with clap in examples \[\[[@​tottoto](https://togithub.com/tottoto)]] - \[[#​3381]]: Fix CI after Rust 1.80, remove dead feature references \[\[[@​abonander](https://togithub.com/abonander)]] - \[[#​3384]]: chore(tests): fixed deprecation warnings \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]] - \[[#​3386]]: fix(dependencys):bumped cargo_metadata to `v0.18.1` to avoid yanked `v0.14.3` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]] - \[[#​3389]]: fix(cli): typo in error for required DB URL \[\[[@​ods](https://togithub.com/ods)]] - \[[#​3417]]: Update version to 0.8 in README \[\[[@​soucosmo](https://togithub.com/soucosmo)]] - \[[#​3441]]: fix: audit protocol handling \[\[[@​abonander](https://togithub.com/abonander)]] - This addresses [RUSTSEC-2024-0363] and includes regression tests for MySQL, Postgres and SQLite. [#​2786]: https://togithub.com/launchbadge/sqlx/pull/2786 [#​3354]: https://togithub.com/launchbadge/sqlx/pull/3354 [#​3371]: https://togithub.com/launchbadge/sqlx/pull/3371 [#​3374]: https://togithub.com/launchbadge/sqlx/pull/3374 [#​3376]: https://togithub.com/launchbadge/sqlx/pull/3376 [#​3380]: https://togithub.com/launchbadge/sqlx/pull/3380 [#​3381]: https://togithub.com/launchbadge/sqlx/pull/3381 [#​3382]: https://togithub.com/launchbadge/sqlx/pull/3382 [#​3384]: https://togithub.com/launchbadge/sqlx/pull/3384 [#​3385]: https://togithub.com/launchbadge/sqlx/pull/3385 [#​3386]: https://togithub.com/launchbadge/sqlx/pull/3386 [#​3389]: https://togithub.com/launchbadge/sqlx/pull/3389 [#​3399]: https://togithub.com/launchbadge/sqlx/pull/3399 [#​3417]: https://togithub.com/launchbadge/sqlx/pull/3417 [#​3421]: https://togithub.com/launchbadge/sqlx/pull/3421 [#​3441]: https://togithub.com/launchbadge/sqlx/pull/3441 [RUSTSEC-2024-0363]: https://rustsec.org/advisories/RUSTSEC-2024-0363.html ### [`v0.8.0`](https://togithub.com/launchbadge/sqlx/blob/HEAD/CHANGELOG.md#080---2024-07-22) [Compare Source](https://togithub.com/launchbadge/sqlx/compare/v0.7.4...v0.8.0) 70 pull requests were merged this release cycle. [#​2697] was merged the same day as release 0.7.4 and so was missed by the automatic CHANGELOG generation. ##### Breaking - \[[#​2697]]: fix(macros): only enable chrono when time is disabled \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]] - \[[#​2973]]: Generic Associated Types in Database, replacing HasValueRef, HasArguments, HasStatement \[\[[@​nitn3lav](https://togithub.com/nitn3lav)]] - \[[#​2482]]: chore: bump syn to 2.0 \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]] - Deprecated type ascription syntax in the query macros was removed. - \[[#​2736]]: Fix describe on PostgreSQL views with rules \[\[[@​tsing](https://togithub.com/tsing)]] - Potentially breaking: nullability inference changes for Postgres. - \[[#​2869]]: Implement PgHasArrayType for all references \[\[[@​tylerhawkes](https://togithub.com/tylerhawkes)]] - Conflicts with existing manual implementations. - \[[#​2940]]: fix: Decode and Encode derives ([#​1031](https://togithub.com/launchbadge/sqlx/issues/1031)) \[\[[@​benluelo](https://togithub.com/benluelo)]] - Changes lifetime obligations for field types. - \[[#​3064]]: Sqlite explain graph \[\[[@​tyrelr](https://togithub.com/tyrelr)]] - Potentially breaking: nullability inference changes for SQLite. - \[[#​3123]]: Reorder attrs in sqlx::test macro \[\[[@​bobozaur](https://togithub.com/bobozaur)]] - Potentially breaking: attributes on `#[sqlx::test]` usages are applied in the correct order now. - \[[#​3126]]: Make Encode return a result \[\[[@​FSMaxB](https://togithub.com/FSMaxB)]] - \[[#​3130]]: Add version information for failed cli migration ([#​3129](https://togithub.com/launchbadge/sqlx/issues/3129)) \[\[[@​FlakM](https://togithub.com/FlakM)]] - Breaking changes to `MigrateError`. - \[[#​3181]]: feat: no tx migration \[\[[@​cleverjam](https://togithub.com/cleverjam)]] - (Postgres only) migrations that should not run in a transaction can be flagged by adding `-- no-transaction` to the beginning. - Breaking change: added field to `Migration` - \[[#​3184]]: \[BREAKING} fix(sqlite): always use `i64` as intermediate when decoding \[\[[@​abonander](https://togithub.com/abonander)]] - integer decoding will now loudly error on overflow instead of silently truncating. - some usages of the query!() macros might change an i32 to an i64. - \[[#​3252]]: fix `#[derive(sqlx::Type)]` in Postgres \[\[[@​abonander](https://togithub.com/abonander)]] - Manual implementations of PgHasArrayType for enums will conflict with the generated one. Delete the manual impl or add `#[sqlx(no_pg_array)]` where conflicts occur. - Type equality for PgTypeInfo is now schema-aware. - \[[#​3329]]: fix: correct handling of arrays of custom types in Postgres \[\[[@​abonander](https://togithub.com/abonander)]] - Potential breaking change: `PgTypeInfo::with_name()` infers types that start with `_` to be arrays of the un-prefixed type. Wrap type names in quotes to bypass this behavior. - \[[#​3356]]: breaking: fix name collision in `FromRow`, return `Error::ColumnDecode` for `TryFrom` errors \[\[[@​abonander](https://togithub.com/abonander)]] - Breaking behavior change: errors with `#[sqlx(try_from = "T")]` now return `Error::ColumnDecode` instead of `Error::ColumnNotFound`. - Breaking because `#[sqlx(default)]` on an individual field or the struct itself would have previously suppressed the error. This doesn't seem like good behavior as it could result in some potentially very difficult bugs. - Instead, create a wrapper implementing `From` and apply the default explicitly. - \[[#​3337]]: allow rename with rename_all (close [#​2896](https://togithub.com/launchbadge/sqlx/issues/2896)) \[\[[@​DirectorX](https://togithub.com/DirectorX)]] - Changes the precedence of `#[sqlx(rename)]` and `#[sqlx(rename_all)]` to match the expected behavior (`rename` wins). - \[[#​3285]]: fix: use correct names for sslmode options \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]] - Changes the output of `ConnectOptions::to_url_lossy()` to match what parsing expects. ##### Added - \[[#​2917]]: Add Debug impl for PgRow \[\[[@​g-bartoszek](https://togithub.com/g-bartoszek)]] - \[[#​3113]]: feat: new derive feature flag \[\[[@​saiintbrisson](https://togithub.com/saiintbrisson)]] - \[[#​3154]]: feat: add `MySqlTime`, audit `mysql::types` for panics \[\[[@​abonander](https://togithub.com/abonander)]] - \[[#​3188]]: feat(cube): support postgres cube \[\[[@​jayy-lmao](https://togithub.com/jayy-lmao)]] - \[[#​3244]]: feat: support `NonZero*` scalar types \[\[[@​AlphaKeks](https://togithub.com/AlphaKeks)]] - \[[#​3260]]: feat: Add set_update_hook on SqliteConnection \[\[[@​gridbox](https://togithub.com/gridbox)]] - \[[#​3291]]: feat: support the Postgres Bool type for the Any driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]] - \[[#​3293]]: Add LICENSE-\* files to crates \[\[[@​LecrisUT](https://togithub.com/LecrisUT)]] - \[[#​3303]]: add array support for NonZeroI\* in postgres \[\[[@​JohannesIBK](https://togithub.com/JohannesIBK)]] - \[[#​3311]]: Add example on how to use Transaction as Executor \[\[[@​Lachstec](https://togithub.com/Lachstec)]] - \[[#​3343]]: Add support for PostgreSQL HSTORE data type \[\[[@​KobusEllis](https://togithub.com/KobusEllis)]] ##### Changed - \[[#​2652]]: MySQL: Remove collation compatibility check for strings \[\[[@​alu](https://togithub.com/alu)]] - \[[#​2960]]: Removed `Send` trait bound from argument binding \[\[[@​bobozaur](https://togithub.com/bobozaur)]] - \[[#​2970]]: refactor: lift type mappings into driver crates \[\[[@​abonander](https://togithub.com/abonander)]] - \[[#​3148]]: Bump libsqlite3-sys to v0.28 \[\[[@​NfNitLoop](https://togithub.com/NfNitLoop)]] - Note: version bumps to `libsqlite3-sys` are not considered breaking changes as per our semver guarantees. - \[[#​3265]]: perf: box `MySqlConnection` to reduce sizes of futures \[\[[@​stepantubanov](https://togithub.com/stepantubanov)]] - \[[#​3352]]: chore:added a testcase for `sqlx migrate add ...` \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]] - \[[#​3340]]: ci: Add job to check that sqlx builds with its declared minimum dependencies \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]] ##### Fixed - \[[#​2702]]: Constrain cyclic associated types to themselves \[\[[@​BadBastion](https://togithub.com/BadBastion)]] - \[[#​2954]]: Fix several inter doc links \[\[[@​ralpha](https://togithub.com/ralpha)]] - \[[#​3073]]: feat(logging): Log slow acquires from connection pool \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]] - \[[#​3137]]: SqliteConnectOptions::filename() memory fix ([#​3136](https://togithub.com/launchbadge/sqlx/issues/3136)) \[\[[@​hoxxep](https://togithub.com/hoxxep)]] - \[[#​3138]]: PostgreSQL Bugfix: Ensure connection is usable after failed COPY inside a transaction \[\[[@​feikesteenbergen](https://togithub.com/feikesteenbergen)]] - \[[#​3146]]: fix(sqlite): delete unused `ConnectionHandleRaw` type \[\[[@​abonander](https://togithub.com/abonander)]] - \[[#​3162]]: Drop urlencoding dependency \[\[[@​paolobarbolini](https://togithub.com/paolobarbolini)]] - \[[#​3165]]: Bump deps that do not need code changes \[\[[@​GnomedDev](https://togithub.com/GnomedDev)]] - \[[#​3167]]: fix(ci): use `docker compose` instead of `docker-compose` \[\[[@​abonander](https://togithub.com/abonander)]] - \[[#​3172]]: fix: Option decoding in any driver \[\[[@​pxp9](https://togithub.com/pxp9)]] - \[[#​3173]]: fix(postgres) : int type conversion while decoding \[\[[@​RaghavRox](https://togithub.com/RaghavRox)]] - \[[#​3190]]: Update time to 0.3.36 \[\[[@​BlackSoulHub](https://togithub.com/BlackSoulHub)]] - \[[#​3191]]: Fix unclean TLS shutdown \[\[[@​levkk](https://togithub.com/levkk)]] - \[[#​3194]]: Fix leaking connections in fetch_optional ([#​2647](https://togithub.com/launchbadge/sqlx/issues/2647)) \[\[[@​danjpgriffin](https://togithub.com/danjpgriffin)]] - \[[#​3216]]: security: bump rustls to 0.21.11 \[\[[@​toxeus](https://togithub.com/toxeus)]] - \[[#​3230]]: fix: sqlite pragma order for auto_vacuum \[\[[@​jasonish](https://togithub.com/jasonish)]] - \[[#​3233]]: fix: get_filename should not consume self \[\[[@​jasonish](https://togithub.com/jasonish)]] - \[[#​3234]]: fix(ci): pin Rust version, ditch unmaintained actions \[\[[@​abonander](https://togithub.com/abonander)]] - \[[#​3236]]: fix: resolve `path` ownership problems when using `sqlx_macros_unstable` \[\[[@​lily-mosquitoes](https://togithub.com/lily-mosquitoes)]] - \[[#​3254]]: fix: hide `sqlx_postgres::any` \[\[[@​Zarathustra2](https://togithub.com/Zarathustra2)]] - \[[#​3266]]: ci: MariaDB - add back 11.4 and add 11.5 \[\[[@​grooverdan](https://togithub.com/grooverdan)]] - \[[#​3267]]: ci: syntax fix \[\[[@​grooverdan](https://togithub.com/grooverdan)]] - \[[#​3271]]: docs(sqlite): fix typo - unixtime() -> unixepoch() \[\[[@​joelkoen](https://togithub.com/joelkoen)]] - \[[#​3276]]: Invert boolean for `migrate` error message. ([#​3275](https://togithub.com/launchbadge/sqlx/issues/3275)) \[\[[@​nk9](https://togithub.com/nk9)]] - \[[#​3279]]: fix Clippy errors \[\[[@​abonander](https://togithub.com/abonander)]] - \[[#​3288]]: fix: sqlite update_hook char types \[\[[@​jasonish](https://togithub.com/jasonish)]] - \[[#​3297]]: Pass the `persistent` query setting when preparing queries with the `Any` driver \[\[[@​etorreborre](https://togithub.com/etorreborre)]] - \[[#​3298]]: Track null arguments in order to provide the appropriate type when converting them. \[\[[@​etorreborre](https://togithub.com/etorreborre)]] - \[[#​3312]]: doc: Minor rust docs fixes \[\[[@​SrGesus](https://togithub.com/SrGesus)]] - \[[#​3327]]: chore: fixed one usage of `select_input_type!()` being unhygenic \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]] - \[[#​3328]]: fix(ci): comment not separated from other characters \[\[[@​hamirmahal](https://togithub.com/hamirmahal)]] - \[[#​3341]]: refactor: Resolve cargo check warnings in postgres examples \[\[[@​iamjpotts](https://togithub.com/iamjpotts)]] - \[[#​3346]]: fix(postgres): don't panic if `M` or `C` Notice fields are not UTF-8 \[\[[@​YgorSouza](https://togithub.com/YgorSouza)]] - \[[#​3350]]: fix:the `json`-feature should activate `sqlx-postgres?/json` as well \[\[[@​CommanderStorm](https://togithub.com/CommanderStorm)]] - \[[#​3353]]: fix: build script new line at eof \[\[[@​Zarthus](https://togithub.com/Zarthus)]] - (no PR): activate `clock` and `std` features of `workspace.dependencies.chrono`. [#​2482]: https://togithub.com/launchbadge/sqlx/pull/2482 [#​2652]: https://togithub.com/launchbadge/sqlx/pull/2652 [#​2697]: https://togithub.com/launchbadge/sqlx/pull/2697 [#​2702]: https://togithub.com/launchbadge/sqlx/pull/2702 [#​2736]: https://togithub.com/launchbadge/sqlx/pull/2736 [#​2869]: https://togithub.com/launchbadge/sqlx/pull/2869 [#​2917]: https://togithub.com/launchbadge/sqlx/pull/2917 [#​2940]: https://togithub.com/launchbadge/sqlx/pull/2940 [#​2954]: https://togithub.com/launchbadge/sqlx/pull/2954 [#​2960]: https://togithub.com/launchbadge/sqlx/pull/2960 [#​2970]: https://togithub.com/launchbadge/sqlx/pull/2970 [#​2973]: https://togithub.com/launchbadge/sqlx/pull/2973 [#​3064]: https://togithub.com/launchbadge/sqlx/pull/3064 [#​3073]: https://togithub.com/launchbadge/sqlx/pull/3073 [#​3113]: https://togithub.com/launchbadge/sqlx/pull/3113 [#​3123]: https://togithub.com/launchbadge/sqlx/pull/3123 [#​3126]: https://togithub.com/launchbadge/sqlx/pull/3126 [#​3130]: https://togithub.com/launchbadge/sqlx/pull/3130 [#​3137]: https://togithub.com/launchbadge/sqlx/pull/3137 [#​3138]: https://togithub.com/launchbadge/sqlx/pull/3138 [#​3146]: https://togithub.com/launchbadge/sqlx/pull/3146 [#​3148]: https://togithub.com/launchbadge/sqlx/pull/3148 [#​3154]: https://togithub.com/launchbadge/sqlx/pull/3154 [#​3162]: https://togithub.com/launchbadge/sqlx/pull/3162 [#​3165]: https://togithub.com/launchbadge/sqlx/pull/3165 [#​3167]: https://togithub.com/launchbadge/sqlx/pull/3167 [#​3172]: https://togithub.com/launchbadge/sqlx/pull/3172 [#​3173]: https://togithub.com/launchbadge/sqlx/pull/3173 [#​3181]: https://togithub.com/launchbadge/sqlx/pull/3181 [#​3184]: https://togithub.com/launchbadge/sqlx/pull/3184 [#​3188]: https://togithub.com/launchbadge/sqlx/pull/3188 [#​3190]: https://togithub.com/launchbadge/sqlx/pull/3190 [#​3191]: https://togithub.com/launchbadge/sqlx/pull/3191 [#​3194]: https://togithub.com/launchbadge/sqlx/pull/3194 [#​3216]: https://togithub.com/launchbadge/sqlx/pull/3216 [#​3230]: https://togithub.com/launchbadge/sqlx/pull/3230 [#​3233]: https://togithub.com/launchbadge/sqlx/pull/3233 [#​3234]: https://togithub.com/launchbadge/sqlx/pull/3234 [#​3236]: https://togithub.com/launchbadge/sqlx/pull/3236 [#​3244]: https://togithub.com/launchbadge/sqlx/pull/3244 [#​3252]: https://togithub.com/launchbadge/sqlx/pull/3252 [#​3254]: https://togithub.com/launchbadge/sqlx/pull/3254 [#​3260]: https://togithub.com/launchbadge/sqlx/pull/3260 [#​3265]: https://togithub.com/launchbadge/sqlx/pull/3265 [#​3266]: https://togithub.com/launchbadge/sqlx/pull/3266 [#​3267]: https://togithub.com/launchbadge/sqlx/pull/3267 [#​3271]: https://togithub.com/launchbadge/sqlx/pull/3271 [#​3276]: https://togithub.com/launchbadge/sqlx/pull/3276 [#​3279]: https://togithub.com/launchbadge/sqlx/pull/3279 [#​3285]: https://togithub.com/launchbadge/sqlx/pull/3285 [#​3288]: https://togithub.com/launchbadge/sqlx/pull/3288 [#​3291]: https://togithub.com/launchbadge/sqlx/pull/3291 [#​3293]: https://togithub.com/launchbadge/sqlx/pull/3293 [#​3297]: https://togithub.com/launchbadge/sqlx/pull/3297 [#​3298]: https://togithub.com/launchbadge/sqlx/pull/3298 [#​3303]: https://togithub.com/launchbadge/sqlx/pull/3303 [#​3311]: https://togithub.com/launchbadge/sqlx/pull/3311 [#​3312]: https://togithub.com/launchbadge/sqlx/pull/3312 [#​3327]: https://togithub.com/launchbadge/sqlx/pull/3327 [#​3328]: https://togithub.com/launchbadge/sqlx/pull/3328 [#​3329]: https://togithub.com/launchbadge/sqlx/pull/3329 [#​3337]: https://togithub.com/launchbadge/sqlx/pull/3337 [#​3340]: https://togithub.com/launchbadge/sqlx/pull/3340 [#​3341]: https://togithub.com/launchbadge/sqlx/pull/3341 [#​3343]: https://togithub.com/launchbadge/sqlx/pull/3343 [#​3346]: https://togithub.com/launchbadge/sqlx/pull/3346 [#​3350]: https://togithub.com/launchbadge/sqlx/pull/3350 [#​3352]: https://togithub.com/launchbadge/sqlx/pull/3352 [#​3353]: https://togithub.com/launchbadge/sqlx/pull/3353 [#​3356]: https://togithub.com/launchbadge/sqlx/pull/3356
--- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/toeverything/AFFiNE). --- Cargo.lock | 198 +++++++++++++++++++++++++++++++---------------------- Cargo.toml | 2 +- 2 files changed, 117 insertions(+), 83 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 3fbc2b79c5fb7..3ca273827a5f0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -155,6 +155,12 @@ version = "0.21.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" +[[package]] +name = "base64" +version = "0.22.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" + [[package]] name = "base64ct" version = "1.6.0" @@ -243,9 +249,12 @@ checksum = "514de17de45fdb8dc022b1a7975556c53c86f9f0aa5f534b98977b171857c2c9" [[package]] name = "cc" -version = "1.0.100" +version = "1.1.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c891175c3fb232128f48de6590095e59198bbeb8620c310be349bfc3afd12c7b" +checksum = "50d2eb3cd3d1bf4529e31c215ee6f93ec5a3d536d9f578f93d9d33ee19562932" +dependencies = [ + "shlex", +] [[package]] name = "cfg-if" @@ -267,6 +276,15 @@ dependencies = [ "windows-targets 0.52.5", ] +[[package]] +name = "concurrent-queue" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4ca0197aee26d1ae37445ee532fefce43251d24cc7c166799f4d46817f1d3973" +dependencies = [ + "crossbeam-utils", +] + [[package]] name = "const-oid" version = "0.9.6" @@ -353,7 +371,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "edb49164822f3ee45b17acd4a208cfc1251410cf0cad9a833234c9890774dd9f" dependencies = [ "quote", - "syn 2.0.68", + "syn", ] [[package]] @@ -388,7 +406,7 @@ checksum = "67e77553c4162a157adbf834ebae5b415acbecbeafc7a74b0e886657506a7611" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn", ] [[package]] @@ -453,9 +471,14 @@ dependencies = [ [[package]] name = "event-listener" -version = "2.5.3" +version = "5.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0206175f82b8d6bf6652ff7d71a1e27fd2e4efde587fd368662814d6ec1d9ce0" +checksum = "6032be9bd27023a771701cc49f9f053c751055f71efb2e0ae5c15809093675ba" +dependencies = [ + "concurrent-queue", + "parking", + "pin-project-lite", +] [[package]] name = "fancy-regex" @@ -660,21 +683,18 @@ dependencies = [ [[package]] name = "hashlink" -version = "0.8.4" +version = "0.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e8094feaf31ff591f651a2664fb9cfd92bba7a60ce3197265e9482ebe753c8f7" +checksum = "6ba4ff7128dee98c7dc9794b6a411377e1404dba1c97deb8d1a55297bd25d8af" dependencies = [ "hashbrown 0.14.5", ] [[package]] name = "heck" -version = "0.4.1" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" -dependencies = [ - "unicode-segmentation", -] +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" [[package]] name = "hermit-abi" @@ -875,9 +895,9 @@ dependencies = [ [[package]] name = "libsqlite3-sys" -version = "0.27.0" +version = "0.30.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf4e226dcd58b4be396f7bd3c20da8fdee2911400705297ba7d2d7cc2c30f716" +checksum = "2e99fb7a497b1e3339bc746195567ed8d3e24945ecd636e3619d20b9de9e9149" dependencies = [ "cc", "pkg-config", @@ -1037,7 +1057,7 @@ dependencies = [ "napi-derive-backend", "proc-macro2", "quote", - "syn 2.0.68", + "syn", ] [[package]] @@ -1052,7 +1072,7 @@ dependencies = [ "quote", "regex", "semver", - "syn 2.0.68", + "syn", ] [[package]] @@ -1182,6 +1202,12 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39" +[[package]] +name = "parking" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bb813b8af86854136c6922af0598d719255ecb2179515e6e7730d468f05c9cae" + [[package]] name = "parking_lot" version = "0.12.3" @@ -1459,31 +1485,42 @@ dependencies = [ [[package]] name = "rustls" -version = "0.21.12" +version = "0.23.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e" +checksum = "c58f8c84392efc0a126acce10fa59ff7b3d2ac06ab451a33f2741989b806b044" dependencies = [ + "once_cell", "ring", + "rustls-pki-types", "rustls-webpki", - "sct", + "subtle", + "zeroize", ] [[package]] name = "rustls-pemfile" -version = "1.0.4" +version = "2.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c" +checksum = "196fe16b00e106300d3e45ecfcb764fa292a535d7326a29a5875c579c7417425" dependencies = [ - "base64", + "base64 0.22.1", + "rustls-pki-types", ] +[[package]] +name = "rustls-pki-types" +version = "1.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc0a2ce646f8655401bb81e7927b812614bd5d91dbc968696be50603510fcaf0" + [[package]] name = "rustls-webpki" -version = "0.101.7" +version = "0.102.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" +checksum = "8e6b52d4fda176fd835fdc55a835d4a89b8499cad995885a21149d5ad62f852e" dependencies = [ "ring", + "rustls-pki-types", "untrusted", ] @@ -1520,16 +1557,6 @@ version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" -[[package]] -name = "sct" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" -dependencies = [ - "ring", - "untrusted", -] - [[package]] name = "semver" version = "1.0.23" @@ -1553,7 +1580,7 @@ checksum = "24008e81ff7613ed8e5ba0cfaf24e2c2f1e5b8a0495711e44fcd4882fca62bcf" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn", ] [[package]] @@ -1568,6 +1595,18 @@ dependencies = [ "serde", ] +[[package]] +name = "serde_urlencoded" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd" +dependencies = [ + "form_urlencoded", + "itoa", + "ryu", + "serde", +] + [[package]] name = "sha1" version = "0.10.6" @@ -1609,6 +1648,12 @@ dependencies = [ "lazy_static", ] +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + [[package]] name = "signal-hook-registry" version = "1.4.2" @@ -1642,6 +1687,9 @@ name = "smallvec" version = "1.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3c5e1a9a646d36c3599cd173a41282daf47c44583ad367b8e6837255952e5c67" +dependencies = [ + "serde", +] [[package]] name = "smol_str" @@ -1693,9 +1741,9 @@ dependencies = [ [[package]] name = "sqlx" -version = "0.7.4" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c9a2ccff1a000a5a59cd33da541d9f2fdcd9e6e8229cc200565942bff36d0aaa" +checksum = "fcfa89bea9500db4a0d038513d7a060566bfc51d46d1c014847049a45cce85e8" dependencies = [ "sqlx-core", "sqlx-macros", @@ -1706,11 +1754,10 @@ dependencies = [ [[package]] name = "sqlx-core" -version = "0.7.4" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "24ba59a9342a3d9bab6c56c118be528b27c9b60e490080e9711a04dccac83ef6" +checksum = "d06e2f2bd861719b1f3f0c7dbe1d80c30bf59e76cf019f07d9014ed7eefb8e08" dependencies = [ - "ahash", "atoi", "byteorder", "bytes", @@ -1724,6 +1771,7 @@ dependencies = [ "futures-intrusive", "futures-io", "futures-util", + "hashbrown 0.14.5", "hashlink", "hex", "indexmap", @@ -1749,22 +1797,22 @@ dependencies = [ [[package]] name = "sqlx-macros" -version = "0.7.4" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4ea40e2345eb2faa9e1e5e326db8c34711317d2b5e08d0d5741619048a803127" +checksum = "2f998a9defdbd48ed005a89362bd40dd2117502f15294f61c8d47034107dbbdc" dependencies = [ "proc-macro2", "quote", "sqlx-core", "sqlx-macros-core", - "syn 1.0.109", + "syn", ] [[package]] name = "sqlx-macros-core" -version = "0.7.4" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5833ef53aaa16d860e92123292f1f6a3d53c34ba8b1969f152ef1a7bb803f3c8" +checksum = "3d100558134176a2629d46cec0c8891ba0be8910f7896abfdb75ef4ab6f4e7ce" dependencies = [ "dotenvy", "either", @@ -1780,7 +1828,7 @@ dependencies = [ "sqlx-mysql", "sqlx-postgres", "sqlx-sqlite", - "syn 1.0.109", + "syn", "tempfile", "tokio", "url", @@ -1788,12 +1836,12 @@ dependencies = [ [[package]] name = "sqlx-mysql" -version = "0.7.4" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ed31390216d20e538e447a7a9b959e06ed9fc51c37b514b46eb758016ecd418" +checksum = "936cac0ab331b14cb3921c62156d913e4c15b74fb6ec0f3146bd4ef6e4fb3c12" dependencies = [ "atoi", - "base64", + "base64 0.22.1", "bitflags 2.5.0", "byteorder", "bytes", @@ -1831,12 +1879,12 @@ dependencies = [ [[package]] name = "sqlx-postgres" -version = "0.7.4" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7c824eb80b894f926f89a0b9da0c7f435d27cdd35b8c655b114e58223918577e" +checksum = "9734dbce698c67ecf67c442f768a5e90a49b2a4d61a9f1d59f73874bd4cf0710" dependencies = [ "atoi", - "base64", + "base64 0.22.1", "bitflags 2.5.0", "byteorder", "chrono", @@ -1870,9 +1918,9 @@ dependencies = [ [[package]] name = "sqlx-sqlite" -version = "0.7.4" +version = "0.8.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b244ef0a8414da0bed4bb1910426e890b19e5e9bccc27ada6b797d05c55ae0aa" +checksum = "a75b419c3c1b1697833dd927bdc4c6545a620bc1bbafabd44e1efbe9afcd337e" dependencies = [ "atoi", "chrono", @@ -1886,10 +1934,10 @@ dependencies = [ "log", "percent-encoding", "serde", + "serde_urlencoded", "sqlx-core", "tracing", "url", - "urlencoding", ] [[package]] @@ -1909,17 +1957,6 @@ version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0d0208408ba0c3df17ed26eb06992cb1a1268d41b2c0e12e65203fbe3972cee5" -[[package]] -name = "syn" -version = "1.0.109" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" -dependencies = [ - "proc-macro2", - "quote", - "unicode-ident", -] - [[package]] name = "syn" version = "2.0.68" @@ -1966,7 +2003,7 @@ checksum = "46c3384250002a6d5af4d114f2845d37b57521033f30d5c3f46c4d70e1197533" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn", ] [[package]] @@ -1986,7 +2023,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c314e7ce51440f9e8f5a497394682a57b7c323d0f4d0a6b1b13c429056e0e234" dependencies = [ "anyhow", - "base64", + "base64 0.21.7", "bstr", "fancy-regex", "lazy_static", @@ -2035,7 +2072,7 @@ checksum = "693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn", ] [[package]] @@ -2069,7 +2106,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn", ] [[package]] @@ -2173,12 +2210,6 @@ dependencies = [ "percent-encoding", ] -[[package]] -name = "urlencoding" -version = "2.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "daf8dba3b7eb870caf1ddeed7bc9d2a049f3cfdfae7cb521b087cc33ae4c49da" - [[package]] name = "uuid" version = "1.10.0" @@ -2251,7 +2282,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.68", + "syn", "wasm-bindgen-shared", ] @@ -2273,7 +2304,7 @@ checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -2286,9 +2317,12 @@ checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96" [[package]] name = "webpki-roots" -version = "0.25.4" +version = "0.26.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1" +checksum = "bd7c23921eeb1713a4e851530e9b9756e4fb0e89978582942612524cf09f01cd" +dependencies = [ + "rustls-pki-types", +] [[package]] name = "whoami" @@ -2558,7 +2592,7 @@ checksum = "15e934569e47891f7d9411f1a451d947a60e000ab3bd24fbb970f000387d1b3b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index 9307cad17f86b..5f29f879c6f67 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -18,7 +18,7 @@ rand = "0.8" serde = "1" serde_json = "1" sha3 = "0.10" -sqlx = { version = "0.7", default-features = false, features = ["chrono", "macros", "migrate", "runtime-tokio", "sqlite", "tls-rustls"] } +sqlx = { version = "0.8", default-features = false, features = ["chrono", "macros", "migrate", "runtime-tokio", "sqlite", "tls-rustls"] } tiktoken-rs = "0.5" tokio = "1.37" uuid = "1.8"